# ------------------------------- # Malwarebytes AdwCleaner 7.1.0.0 # ------------------------------- # Build: 04-12-2018 # Database: 2018-04-11.1 # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 04-13-2018 # Duration: 00:00:54 # OS: Windows 10 Pro # Scanned: 40609 # Detected: 175 ***** [ Services ] ***** PUP.Optional.JetMedia NativeDesktopMediaService PUP.Optional.Legacy mweshieldup PUP.Optional.Legacy mweshield ***** [ Folders ] ***** Adware.Yelloader C:\Users\Gert Jan \AppData\Roaming\notepad3k Adware.Yelloader C:\Users\Gert Jan \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\notepad3k PUP.Adware.Heuristic C:\ProgramData\{6EDC6FC7-212C-1} PUP.Adware.Heuristic C:\ProgramData\{4F930FD6-412C-1} PUP.Adware.Heuristic C:\ProgramData\{3E36720B-712C-1} PUP.Adware.Heuristic C:\ProgramData\{3BFE1EE3-712C-1} PUP.Adware.Heuristic C:\ProgramData\{25B20D3C-712C-0} PUP.Adware.Heuristic C:\ProgramData\{1F7B43A0-612C-0} PUP.Adware.Heuristic C:\ProgramData\{1EF357A1-612C-0} PUP.Adware.Heuristic C:\ProgramData\{1BA95240-212C-0} PUP.Adware.Heuristic C:\ProgramData\68BC8E78 PUP.Adware.Heuristic C:\ProgramData\3CF86374-7D71-1 PUP.Adware.Heuristic C:\ProgramData\3CF86374-7BA7-0 PUP.Adware.Heuristic C:\ProgramData\3CF86374-7B41-0 PUP.Adware.Heuristic C:\ProgramData\3CF86374-79F3-0 PUP.Adware.Heuristic C:\ProgramData\3CF86374-7941-1 PUP.Adware.Heuristic C:\ProgramData\3CF86374-74E5-1 PUP.Adware.Heuristic C:\ProgramData\3CF86374-6E21-0 PUP.Adware.Heuristic C:\ProgramData\3CF86374-6E05-0 PUP.Adware.Heuristic C:\ProgramData\3CF86374-6C77-0 PUP.Adware.Heuristic C:\ProgramData\3CF86374-6A57-0 PUP.Adware.Heuristic C:\ProgramData\3CF86374-6407-0 PUP.Adware.Heuristic C:\ProgramData\3CF86374-6271-1 PUP.Adware.Heuristic C:\ProgramData\3CF86374-6017-1 PUP.Adware.Heuristic C:\ProgramData\3CF86374-5ED7-0 PUP.Adware.Heuristic C:\ProgramData\3CF86374-5E53-0 PUP.Adware.Heuristic C:\ProgramData\3CF86374-59E7-0 PUP.Adware.Heuristic C:\ProgramData\3CF86374-55A7-1 PUP.Adware.Heuristic C:\ProgramData\3CF86374-5411-1 PUP.Adware.Heuristic C:\ProgramData\3CF86374-51E1-0 PUP.Adware.Heuristic C:\ProgramData\3CF86374-4E55-1 PUP.Adware.Heuristic C:\ProgramData\3CF86374-4D01-0 PUP.Adware.Heuristic C:\ProgramData\3CF86374-4787-0 PUP.Adware.Heuristic C:\ProgramData\3CF86374-4737-1 PUP.Adware.Heuristic C:\ProgramData\3CF86374-4685-1 PUP.Adware.Heuristic C:\ProgramData\3CF86374-4561-1 PUP.Adware.Heuristic C:\ProgramData\3CF86374-42B7-0 PUP.Adware.Heuristic C:\ProgramData\3CF86374-42A7-0 PUP.Adware.Heuristic C:\ProgramData\3CF86374-4105-0 PUP.Adware.Heuristic C:\ProgramData\3CF86374-3D63-1 PUP.Adware.Heuristic C:\ProgramData\3CF86374-3CC3-0 PUP.Adware.Heuristic C:\ProgramData\3CF86374-3BF1-0 PUP.Adware.Heuristic C:\ProgramData\3CF86374-38A3-1 PUP.Adware.Heuristic C:\ProgramData\3CF86374-3793-0 PUP.Adware.Heuristic C:\ProgramData\3CF86374-3635-0 PUP.Adware.Heuristic C:\ProgramData\3CF86374-35E7-1 PUP.Adware.Heuristic C:\ProgramData\3CF86374-3471-0 PUP.Adware.Heuristic C:\ProgramData\3CF86374-3447-0 PUP.Adware.Heuristic C:\ProgramData\3CF86374-3155-1 PUP.Adware.Heuristic C:\ProgramData\3CF86374-2F53-0 PUP.Adware.Heuristic C:\ProgramData\3CF86374-2917-1 PUP.Adware.Heuristic C:\ProgramData\3CF86374-2713-0 PUP.Adware.Heuristic C:\ProgramData\3CF86374-2235-1 PUP.Adware.Heuristic C:\ProgramData\3CF86374-2043-1 PUP.Adware.Heuristic C:\ProgramData\3CF86374-2027-1 PUP.Adware.Heuristic C:\ProgramData\3CF86374-17D7-0 PUP.Adware.Heuristic C:\ProgramData\3CF86374-14E5-1 PUP.Adware.Heuristic C:\ProgramData\3CF86374-1423-1 PUP.Adware.Heuristic C:\ProgramData\3CF86374-1315-0 PUP.Adware.Heuristic C:\ProgramData\3CF86374-1077-0 PUP.Adware.Heuristic C:\ProgramData\3CF86374-0C37-1 PUP.Adware.Heuristic C:\ProgramData\3CF86374-08C3-0 PUP.Adware.Heuristic C:\ProgramData\3CF86374-0887-1 PUP.Adware.Heuristic C:\ProgramData\3CF86374-06D7-1 PUP.Adware.Heuristic C:\ProgramData\3CF86374-0545-1 PUP.Adware.Heuristic C:\ProgramData\3CF86374-04C5-1 PUP.Adware.Heuristic C:\ProgramData\3CF86374-03C7-0 PUP.Adware.Heuristic C:\ProgramData\3CF86374-0195-1 PUP.Adware.Heuristic C:\ProgramData\3CF86374-0185-1 PUP.Adware.Heuristic C:\ProgramData\39E0E970-5FE1-0 PUP.Adware.Heuristic C:\ProgramData\39E0E970-5581-1 PUP.Adware.Heuristic C:\ProgramData\39E0E970-5141-1 PUP.Adware.Heuristic C:\ProgramData\39E0E970-5063-1 PUP.Adware.Heuristic C:\ProgramData\39E0E970-45A3-0 PUP.Adware.Heuristic C:\ProgramData\39E0E970-2607-0 PUP.Adware.Heuristic C:\ProgramData\39E0E970-22C1-0 PUP.Adware.Heuristic C:\ProgramData\39E0E970-2241-1 PUP.Adware.Heuristic C:\ProgramData\39E0E970-1267-0 PUP.Optional.AdvancedSystemCare C:\ProgramData\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare C:\Users\Gert Jan \AppData\LocalLow\IObit\Advanced SystemCare PUP.Optional.JetMedia C:\ProgramData\Jetmedia PUP.Optional.JetMedia C:\Program Files\Jetmedia PUP.Optional.Legacy C:\ProgramData\IObit\ASCDownloader PUP.Optional.Mail.Ru C:\ProgramData\Mail.Ru PUP.Optional.Mail.Ru C:\Program Files (x86)\Mail.Ru PUP.Optional.Mail.Ru C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Mail.Ru PUP.Optional.Mail.Ru C:\Users\Gert Jan \AppData\Local\Mail.Ru PUP.Optional.MyWebShield C:\Program Files\My Web Shield PUP.Optional.OneSystemCare C:\Users\Gert Jan \AppData\Roaming\OneSystemCare PUP.Optional.SmartApplicationController C:\Program Files (x86)\Smart Application Controller PUP.Optional.SmartApplicationController C:\Users\Gert Jan \AppData\Roaming\Smart Application Controller ***** [ Files ] ***** PUP.Optional.AdvancedSystemCare C:\Windows\System32\REGISTRYDEFRAGBOOTTIME.EXE PUP.Optional.Legacy C:\Users\Gert Jan \Favorites\Mail.Ru ????? - ????????? ??? ???????!.url PUP.Optional.Legacy C:\Users\Gert Jan \Favorites\Mail.Ru.url PUP.Optional.MyWebShield C:\Windows\System32\drivers\mwescontroller.sys PUP.Optional.OpenDownloadManager C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Manager.lnk ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** PUP.Optional.JetMedia C:\Windows\System32\Tasks\Checker64 PUP.Optional.OneSystemCare C:\Windows\System32\Tasks\OneSystemCare Task ***** [ Registry ] ***** Adware.DNSUnlocker HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 Adware.NeoBar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} Adware.NeoBar HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} Adware.NeoBar HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} Adware.NeoBar HKLM\Software\Wow6432Node\Classes\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} Adware.NeoBar HKLM\Software\Classes\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} Adware.Yelloader HKCU\Software\Microsoft\Windows\CurrentVersion\Run|notepad3k Adware.Yelloader HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\notepad3k Adware.Yelloader HKCU\Software\notepad3k PUP.Adware.Heuristic HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68bc8e78} PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\RealTimeProtector PUP.Optional.AdvancedSystemCare HKCU\Software\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IOBIT\ASC PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B} PUP.Optional.AdvancedSystemCare HKLM\Software\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B} PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99} PUP.Optional.AdvancedSystemCare HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99} PUP.Optional.DNSUnlocker HKLM\Software\Wow6432Node\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E PUP.Optional.DNSUnlocker HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E PUP.Optional.JetMedia HKLM\Software\Wow6432Node\Jetmedia PUP.Optional.JetMedia HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Checker64 PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced SystemCare 10 PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\mweshield PUP.Optional.Legacy HKLM\Software\mweshield PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{D5397E85-8AF4-414B-90FC-9F4244CD46FA} PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{D5397E85-8AF4-414B-90FC-9F4244CD46FA} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{CCA2A357-CCB4-41C9-B6F5-4F202B8CDC82} PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{CCA2A357-CCB4-41C9-B6F5-4F202B8CDC82} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{B910D9A1-9F21-484A-8650-82250DABF38E} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{B910D9A1-9F21-484A-8650-82250DABF38E} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{B28F9114-243E-4046-B173-11825352D18A} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{B28F9114-243E-4046-B173-11825352D18A} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\{C81BED3B-31BD-491F-813D-78EFC2638CE1} PUP.Optional.Legacy HKLM\Software\Classes\AppID\{C81BED3B-31BD-491F-813D-78EFC2638CE1} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\{3E0DB45B-9FCC-4064-B48C-080BD03A99A4} PUP.Optional.Legacy HKLM\Software\Classes\AppID\{3E0DB45B-9FCC-4064-B48C-080BD03A99A4} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{35F4BB37-03C5-41DE-85AF-7C301390C7EC} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099} PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c981894e-c8ac-4446-86a5-f810d9994235}|NameServer - "82.163.143.176" PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c981894e-c8ac-4446-86a5-f810d9994235}|DhcpNameServer - "82.163.143.176" PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c06f4903-413e-49d6-8880-dff800db7ddb}|NameServer - "82.163.143.176" PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c06f4903-413e-49d6-8880-dff800db7ddb}|DhcpNameServer - "82.163.143.176" PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{777ebc06-dfd8-4c3a-88f5-ada87c45f4c3}|NameServer - "82.163.143.176" PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5cf2ef7c-b538-43f3-8cad-ec8c87273ecd}|NameServer - "82.163.143.176" PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5cf2ef7c-b538-43f3-8cad-ec8c87273ecd}|DhcpNameServer - "82.163.143.176" PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\Tcpip\Parameters|NameServer - "82.163.143.176" PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c981894e-c8ac-4446-86a5-f810d9994235}|NameServer - "82.163.142.178" PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c06f4903-413e-49d6-8880-dff800db7ddb}|NameServer - "82.163.142.178" PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{777ebc06-dfd8-4c3a-88f5-ada87c45f4c3}|NameServer - "82.163.142.178" PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5cf2ef7c-b538-43f3-8cad-ec8c87273ecd}|NameServer - "82.163.142.178" PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\Tcpip\Parameters|NameServer - "82.163.142.178" PUP.Optional.Mail.Ru HKCU\Software\AppDataLow\Software\Mail.Ru PUP.Optional.Mail.Ru HKU\S-1-5-18\Software\Mail.Ru PUP.Optional.Mail.Ru HKCU\Software\Mail.Ru PUP.Optional.Mail.Ru HKU\.DEFAULT\Software\Mail.Ru PUP.Optional.Mail.Ru HKLM\Software\Wow6432Node\Mail.Ru PUP.Optional.Mail.Ru HKCU\Software\Mozilla\NativeMessagingHosts\ru.mail.go.ext_info_host PUP.Optional.Mail.Ru HKCU\Software\Google\Chrome\NativeMessagingHosts\ru.mail.go.ext_info_host PUP.Optional.Mail.Ru HKLM\Software\Classes\IESearchPlugin.MailRuBHO PUP.Optional.OneSystemCare HKCU\Software\One System Care PUP.Optional.OneSystemCare HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneSystemCare Task ***** [ Chromium (and derivatives) ] ***** PUP.Optional.Mail.Ru ?????????? ???????? Mail.Ru PUP.Optional.Mail.Ru ???????? ???????? Mail.Ru PUP.Optional.Mail.Ru ????? Mail.Ru ***** [ Chromium URLs ] ***** PUP.Optional.Legacy http://mail.ru/cnt/10445?gp=843051 PUP.Optional.Legacy http://mail.ru/cnt/10445?gp=843051 ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########