Adware Helpers

Posted: January 4, 2013
Threat Metric
Threat Level: 2/10
Infected PCs 11,849,440

Adware Helpers Description

A heuristic label for PC threats often associated with Potentially Unwanted Programs and some low-level types of threats, Adware Helpers may be seen accompanying many types of applications that usually (but not always) are installed with your direct or indirect consent. Adware Helpers may be installed through software-bundling applications that include install routines for two or more unrelated products, with unwanted adware, search hijackers and other PUPs often being installed with as little attention drawn to them as possible. While Adware Helpers are not major security risks, SpywareRemove.com malware experts consider the regular removal of Adware Helpers with anti-malware utilities to be a good practice for maintaining the optimal performance of your computer.

The Trouble with Tracking Down All the Adware Helpers

The classification of Adware Helper is used for files that are common components of various types of adware, browser hijackers, Potentially Unwanted Programs and other applications that are considered nuisances more than major security threats. Adware Helpers usually are named to look like the files of any number of unrelated legitimate programs, and often double down on this disguise by using the folders of other applications for concealment. Most Adware Helpers are dynamic link library or executable (EXE) files with names that reference third-party browser add-ons like BrowserProtect.

Malware experts also warn that Conduit-based browser toolbars also have a close relationship with the Adware Helpers family. Conduit toolbars are marketed with a variety of ostensible benefits, but their major functions almost always crystallize around hijacking the homepage and/or search engine settings of your default Web browsers. Attempting to uninstall Conduit toolbars usually will not delete the associated Adware Helpers files, and your browser settings may remain hijacked until additional solutions are enacted.

Helping Yourself to an Easy Way out of Adware Helpers

Since one of the defining traits of Adware Helpers malware is its tendency to use misleading file names and file locations, manual deletion may be an unnecessary risk way of removing Adware Helpers that runs the risk of causing harm to innocent software. A safe removal of Adware Helpers should be doable most easily by using anti-malware applications to scan your computer and delete any files related to the Adware Helpers' Potentially Unwanted Programs and toolbars.

Families of PUPs closely-aligned to Adware Helpers often are updated regularly and tend to create new members on an almost weekly basis. Because newly-updated threat has a possibility to avoid being detected by outdated security software, updating your software before scanning your computer should be considered particularly important when removing Adware Helpers. However, SpywareRemove.com malware analysts consider updating software regularly to be a good safety practice regardless of all other factors – since outdated software is responsible for a huge variety of security exploits that could be used in attacks against your PC.

Aliases


VBS/Agent.NSW!tr.dldr [Fortinet]Trojan.Amonetize.9614 [DrWeb]VBS/TrojanDownloader.Agent.NSWDropped:Application.Downloader.YWWin32/Trojan.89fTrojan.MSIL.Agent.77Pakes2_c.BIVB [AVG]Adware/Linkury [Fortinet]PUA.MSIL.Toolbar [Ikarus]Adware.Agent.33792.E[h]Trojan.Adware.Linkury.6TR/Zusy.33792.15W32/Trojan.WRMN-5068Generic PUA AO (PUA) [Sophos]Gen:Variant.Adware.Linkury [F-Secure]
More aliases (658)

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Adware Helpers may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%PROGRAMFILES%\askpartnernetwork\toolbar\apnmcp.exe\apnmcp.exe File name: apnmcp.exe
Size: 194.63 KB (194632 bytes)
MD5: 7a7397d866f7b3654dc279f612f7915b
Detection count: 29,302
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\askpartnernetwork\toolbar\apnmcp.exe\
Group: Malware file
Last Updated: September 30, 2020
%PROGRAMFILES(x86)%\Smart Application Controller\smappscontroller.exe\smappscontroller.exe File name: smappscontroller.exe
Size: 9.68 MB (9682688 bytes)
MD5: 0737725ccaf3e39321a07f699b092c16
Detection count: 24,203
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\Smart Application Controller\smappscontroller.exe\
Group: Malware file
Last Updated: September 26, 2020
%PROGRAMFILES%\askpartnernetwork\toolbar\ars2-tmg\passport.dll\passport.dll File name: passport.dll
Size: 10.82 KB (10824 bytes)
MD5: 668702acdfab101d36c168d817720b20
Detection count: 7,837
File type: Dynamic link library
Mime Type: unknown/dll
Path: %PROGRAMFILES%\askpartnernetwork\toolbar\ars2-tmg\passport.dll\
Group: Malware file
Last Updated: September 30, 2020
%ALLUSERSPROFILE%\updater\check-update.exe\check-update.exe File name: check-update.exe
Size: 635.56 KB (635568 bytes)
MD5: 95cdac39d14fb5a33dae199cc414c36c
Detection count: 4,951
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\updater\check-update.exe\
Group: Malware file
Last Updated: June 26, 2020
%PROGRAMFILES(x86)%\vlc updater\vlc-updater.exe\vlc-updater.exe File name: vlc-updater.exe
Size: 360.78 KB (360784 bytes)
MD5: 6312dbb5b688c3a9e6ffa2f8b76c0de5
Detection count: 3,429
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\vlc updater\vlc-updater.exe\
Group: Malware file
Last Updated: September 27, 2020
%WINDIR%\woehptunafhkdu.boehp\woehptunafhkdu.boehp File name: woehptunafhkdu.boehp
Size: 736.76 KB (736768 bytes)
MD5: 7121d807de3d9bd0ab0b11f07cb88b6c
Detection count: 2,583
Mime Type: unknown/boehp
Path: %WINDIR%\woehptunafhkdu.boehp\
Group: Malware file
Last Updated: June 26, 2020
%SYSTEMDRIVE%\users\steven\appdata\local\microsoft\windows\office\documents\365\alphapassive.msi\alphapassive.msi File name: alphapassive.msi
Size: 249.85 KB (249856 bytes)
MD5: ddf9bf09f6aa5a7726863448c53d5c14
Detection count: 1,162
File type: Windows Installer Package
Mime Type: unknown/msi
Path: %SYSTEMDRIVE%\users\steven\appdata\local\microsoft\windows\office\documents\365\alphapassive.msi\
Group: Malware file
Last Updated: August 30, 2020
%SYSTEMDRIVE%\users\asus\appdata\roaming\e0vjqp0vu4q\tpyx55wl4yl.exe\tpyx55wl4yl.exe File name: tpyx55wl4yl.exe
Size: 504.94 KB (504943 bytes)
MD5: cf50771b0c37efb1b18b932c5e6de455
Detection count: 974
File type: Executable File
Mime Type: unknown/exe
Path: %SYSTEMDRIVE%\users\asus\appdata\roaming\e0vjqp0vu4q\tpyx55wl4yl.exe\
Group: Malware file
Last Updated: June 26, 2020
%SYSTEMDRIVE%\users\pablo_000\appdata\roaming\crmsvc\crmsvc.exe\crmsvc.exe File name: crmsvc.exe
Size: 1.41 MB (1411584 bytes)
MD5: 1b738db8087a83d31afce54d3ddfa746
Detection count: 761
File type: Executable File
Mime Type: unknown/exe
Path: %SYSTEMDRIVE%\users\pablo_000\appdata\roaming\crmsvc\crmsvc.exe\
Group: Malware file
Last Updated: June 26, 2020
%PROGRAMFILES(x86)%\name\9180135.exe\9180135.exe File name: 9180135.exe
Size: 1.02 MB (1024000 bytes)
MD5: 51181fc0f1d99d95c5bffc0f0aa22378
Detection count: 691
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\name\9180135.exe\
Group: Malware file
Last Updated: June 26, 2020
%PROGRAMFILES%\em43zsg403\em43zsg40.exe\em43zsg40.exe File name: em43zsg40.exe
Size: 856.57 KB (856576 bytes)
MD5: 4fb6e7664f0495d7abf9dc2bfc4b6ce2
Detection count: 529
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\em43zsg403\em43zsg40.exe\
Group: Malware file
Last Updated: June 26, 2020
QW1.exe File name: QW1.exe
Size: 502.71 KB (502715 bytes)
MD5: 864f9b8a42f237540d2a7212db86e66f
Detection count: 361
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: September 6, 2020
%WINDIR%\243124d579b30a70cae52a7ca1d43b0d.dll\243124d579b30a70cae52a7ca1d43b0d.dll File name: 243124d579b30a70cae52a7ca1d43b0d.dll
Size: 1.15 MB (1150464 bytes)
MD5: 697b339a848572dd37ad98c9e01d5f5a
Detection count: 136
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\243124d579b30a70cae52a7ca1d43b0d.dll\
Group: Malware file
Last Updated: June 26, 2020
C:\Users\Arjun Singh\AppData\Local\Temp\DhYimEoQU\DhYimEoQU.exe File name: DhYimEoQU.exe
Size: 959.47 KB (959472 bytes)
MD5: 1492f048f848431fd781fbd14a452916
Detection count: 98
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\Arjun Singh\AppData\Local\Temp\DhYimEoQU\
Group: Malware file
Last Updated: June 3, 2020
C:\Users\sandy\AppData\Local\Temp\wxkYiwjjA\wxkYiwjjA.exe File name: wxkYiwjjA.exe
Size: 633.64 KB (633642 bytes)
MD5: 2bf25ffa3ca8fad7cb506b274db42b59
Detection count: 89
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\sandy\AppData\Local\Temp\wxkYiwjjA\
Group: Malware file
Last Updated: October 16, 2018
c:\windows\ztrmzgjmnznkzjqwzjy.exe File name: ztrmzgjmnznkzjqwzjy.exe
Size: 1.95 MB (1952768 bytes)
MD5: 3ee6b3c07c13d026288a2774770b658a
Detection count: 82
File type: Executable File
Mime Type: unknown/exe
Path: c:\windows\
Group: Malware file
Last Updated: May 6, 2020
%APPDATA%\5hcvenwe0kx\d2ux3kihyef.exe File name: d2ux3kihyef.exe
Size: 926.5 KB (926502 bytes)
MD5: 19891b485469fef4e8dabdca4a36f293
Detection count: 56
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\5hcvenwe0kx\
Group: Malware file
Last Updated: April 30, 2020
%USERPROFILE%\Downloads\SolidWorks_2017_SP0_Full_Premium_Multilanguage_x64_2016_Torrent_Download.exe File name: SolidWorks_2017_SP0_Full_Premium_Multilanguage_x64_2016_Torrent_Download.exe
Size: 571.11 KB (571119 bytes)
MD5: a3f95284c63ccd1c5605b1c09cb6c09b
Detection count: 52
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Downloads\
Group: Malware file
Last Updated: May 12, 2020
C:\Users\Elian\AppData\Local\Temp\nsh5129.tmp File name: nsh5129.tmp
Size: 1.16 MB (1163776 bytes)
MD5: 8a19ba332898c8eea92763628d7f1210
Detection count: 47
File type: Temporary File
Mime Type: unknown/tmp
Path: C:\Users\Elian\AppData\Local\Temp\
Group: Malware file
Last Updated: February 23, 2020
%SYSTEMDRIVE%\Users\DORMITORIO\Downloads\hd_video_player_1172686355.exe\hd_video_player_1172686355.exe File name: hd_video_player_1172686355.exe
Size: 1.56 MB (1560517 bytes)
MD5: 80d205f44881647930b8d098b63ceb0f
Detection count: 19
File type: Executable File
Mime Type: unknown/exe
Path: %SYSTEMDRIVE%\Users\DORMITORIO\Downloads\hd_video_player_1172686355.exe\
Group: Malware file
Last Updated: August 2, 2020

More files

Registry Modifications


The following newly produced Registry Values are:

File name without pathAdult Dating.icobig_bang_empire.lnkBigFarm.lnkchrome-extension_beceginmcfcielpokhpefakdcneaabfo_0.localstoragehttp_q2u3z6t7.ssl.hwcdn.net_0.localstoragehttp_q2u3z6t7.ssl.hwcdn.net_0.localstorage-journalhttp_tvoy-million.co_0.localstoragehttp_tvoy-million.co_0.localstorage-journallove.bengalflorican[1].xmlQWiget.lnkRelieveStressPaint.lnkstatic.cmptch[1].xmltweakcube[1].jsWin iPhone X.icownzipservice.exewww.adnetworkperformance[1].xmlwww.analyticwbb[1].xmlDirectory%ALLUSERSPROFILE%\19a87fa1ec024bbcbb41931263354405%ALLUSERSPROFILE%\28341ff220e0446c9fff27c4493d622e%ALLUSERSPROFILE%\Application Data\19a87fa1ec024bbcbb41931263354405%ALLUSERSPROFILE%\Application Data\28341ff220e0446c9fff27c4493d622e%ALLUSERSPROFILE%\Application Data\bProtectorForWindows%ALLUSERSPROFILE%\Application Data\bzughXCIBIxiSQVB%ALLUSERSPROFILE%\Application Data\GuaGua%ALLUSERSPROFILE%\Application Data\haeha%ALLUSERSPROFILE%\Application Data\MySampleService%ALLUSERSPROFILE%\Application Data\QuestBrwSearch%ALLUSERSPROFILE%\Application Data\xpekMjRorgkcLnVB%ALLUSERSPROFILE%\bProtectorForWindows%ALLUSERSPROFILE%\bzughXCIBIxiSQVB%ALLUSERSPROFILE%\devnull%ALLUSERSPROFILE%\GuaGua%ALLUSERSPROFILE%\haeha%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Shop More%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Smart Application Controller%ALLUSERSPROFILE%\MySampleService%ALLUSERSPROFILE%\NetworkHostTask%ALLUSERSPROFILE%\Pader%ALLUSERSPROFILE%\QuestBrwSearch%ALLUSERSPROFILE%\RarMemory%ALLUSERSPROFILE%\sigmatechrvp%ALLUSERSPROFILE%\xpekMjRorgkcLnVB%APPDATA%\adgad%APPDATA%\adgjd%APPDATA%\adhad%APPDATA%\aehad%APPDATA%\aehae%appdata%\AffiliatedUpdate%APPDATA%\AzigcWig%APPDATA%\behbe%appdata%\beibe%APPDATA%\bfibe%APPDATA%\bfibf%appdata%\browser assistant%APPDATA%\cfibf%APPDATA%\cficf%APPDATA%\cfjcf%APPDATA%\cgjcf%APPDATA%\devnull%APPDATA%\dgadg%APPDATA%\dgjcg%APPDATA%\dgjdg%APPDATA%\dhadg%APPDATA%\digitalsite%appdata%\direct game uni installer%APPDATA%\ehadh%APPDATA%\ehaeh%APPDATA%\ehbeh%APPDATA%\eibei%APPDATA%\fibei%APPDATA%\Fibfi%APPDATA%\ficfi%APPDATA%\fjcfi%APPDATA%\fjcfj%APPDATA%\Fusion_ld%APPDATA%\Fusion_ld2%APPDATA%\gadga%APPDATA%\gadgj%APPDATA%\Geunfy%APPDATA%\gjcfj%APPDATA%\gjcgj%APPDATA%\gjdgj%APPDATA%\hadga%APPDATA%\hadha%APPDATA%\haeha%APPDATA%\hbehb%APPDATA%\ibehb%APPDATA%\ibeib%APPDATA%\ibfib%APPDATA%\icfic%APPDATA%\jcfic%APPDATA%\jcgjc%APPDATA%\jdgjc%appdata%\kpdown%APPDATA%\lockhomepage%appdata%\MagicSearch%APPDATA%\Microsoft\Windows\Start Menu\Programs\Shop More%APPDATA%\My-top-apps%appdata%\NqVCodec%APPDATA%\PotPlayerFus%APPDATA%\SaaYaa%APPDATA%\SchedTaskSetup%APPDATA%\ScreenMaker2%APPDATA%\ShopMore%APPDATA%\SimpleNotepad%appdata%\Smart Application Controller%APPDATA%\spi%appdata%\topsadon%APPDATA%\TrailerWatch%APPDATA%\tweakcube3%appdata%\UpdaterEX%APPDATA%\UpdateServ%APPDATA%\VooUpdate%appdata%\wssvchost%appdata%\Xeeedxi%COMMONPROGRAMFILES%\Roraccoon%COMMONPROGRAMFILES(x86)%\alphalabtle%COMMONPROGRAMFILES(x86)%\Roraccoon%COMMONPROGRAMFILES(x86)%\womanhydafo%LOCALAPPDATA%\AdService%LOCALAPPDATA%\adworld%LOCALAPPDATA%\BrowserHelper%LOCALAPPDATA%\brsrv%LOCALAPPDATA%\geckof%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\akacaahohfbbdgglkahhnobeigdeciab%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\akoefpoebeaikfcpoghppjcnhklffcjm%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\beceginmcfcielpokhpefakdcneaabfo%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\ecfpnbgianoaiocjciahnkfognimimhf%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\eghdmifgjdoojlnpfflnpoeiebapknda%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\faiaabbemgpndkgpjljhmjahkbpoopfp%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\gmddfjhfjgbmabkihepijkanhmlooajl%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\hkmchnencjegegndmipmfejhipafelid%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\knbdkcpkcpmiakimkhhmlgkjmchgahil%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\phpimijlgpmombeojojagjijabpmfleb%LOCALAPPDATA%\Host Service%LOCALAPPDATA%\HttpFilter%LOCALAPPDATA%\Mojorojo%LOCALAPPDATA%\monotype%LOCALAPPDATA%\OneClick%LOCALAPPDATA%\packagest%LOCALAPPDATA%\ShdUpdate%LOCALAPPDATA%\TECHP-Browser%LOCALAPPDATA%\TrailerWatch%LOCALAPPDATA%\unityp%LOCALAPPDATA%\WhiteClick%LOCALAPPDATA%\Win_update%LOCALAPPDATA%\xmarin%LOCALAPPDATA%\xpon%LOCALAPPDATA%\{57B961E5-7311-0D5D-1E89-28B53AE1D42D}%PROGRAMFILES%\applica%PROGRAMFILES%\awda%PROGRAMFILES%\CKCpTyVyQIE%PROGRAMFILES%\clipandbuy%PROGRAMFILES%\Clteyghuwph%PROGRAMFILES%\Corteli%programfiles%\dataflow%PROGRAMFILES%\devnull%PROGRAMFILES%\EatPizza%PROGRAMFILES%\fileassociationmanager%PROGRAMFILES%\Ghostery Storage Server%PROGRAMFILES%\GoogleTranslateForChrome%PROGRAMFILES%\GoogleTranslateForOpera%PROGRAMFILES%\GoogleTranslator%PROGRAMFILES%\guagua%PROGRAMFILES%\Icoon%PROGRAMFILES%\IDO%PROGRAMFILES%\InstallX%PROGRAMFILES%\jetstrmedia%PROGRAMFILES%\meirenli%programfiles%\Micrasoft%PROGRAMFILES%\Miped\QWiget%PROGRAMFILES%\name%PROGRAMFILES%\NbbDohHftPUn%PROGRAMFILES%\ndfs%PROGRAMFILES%\Phagege%PROGRAMFILES%\Qagr%PROGRAMFILES%\QuestBrwSearch%PROGRAMFILES%\RemindMessage%PROGRAMFILES%\rZdaClXBU%PROGRAMFILES%\SGPSA%PROGRAMFILES%\Shop More%PROGRAMFILES%\Smart Application Controller%PROGRAMFILES%\TweakCube3%PROGRAMFILES%\Vittalia%PROGRAMFILES%\VVSN%PROGRAMFILES%\W3i%PROGRAMFILES%\wannenginput%PROGRAMFILES%\wannengzip%PROGRAMFILES%\Windows7Master%PROGRAMFILES%\zaabzoubi%PROGRAMFILES%\ZDE5YjFmMGQxMDdkNz%PROGRAMFILES(x86)%\applica%PROGRAMFILES(x86)%\awda%PROGRAMFILES(x86)%\CKCpTyVyQIE%PROGRAMFILES(x86)%\clipandbuy%PROGRAMFILES(x86)%\Clteyghuwph%PROGRAMFILES(x86)%\Corteli%programfiles(x86)%\dataflow%PROGRAMFILES(x86)%\devnull%PROGRAMFILES(x86)%\EatPizza%PROGRAMFILES(x86)%\fileassociationmanager%PROGRAMFILES(X86)%\Gebac%PROGRAMFILES(x86)%\Ghostery Storage Server%PROGRAMFILES(x86)%\GoogleTranslateForChrome%PROGRAMFILES(x86)%\GoogleTranslateForOpera%PROGRAMFILES(x86)%\GoogleTranslator%PROGRAMFILES(x86)%\guagua%PROGRAMFILES(x86)%\Icoon%PROGRAMFILES(x86)%\IDO%PROGRAMFILES(x86)%\InstallX%PROGRAMFILES(x86)%\jetstrmedia%PROGRAMFILES(x86)%\meirenli%programfiles(x86)%\Micrasoft%PROGRAMFILES(x86)%\Miped\QWiget%PROGRAMFILES(x86)%\Mozilla Firefox\distribution\bundles\{9746ad1f-7f2a-4bc8-a61c-2f73d969472d}%PROGRAMFILES(x86)%\name%PROGRAMFILES(x86)%\NbbDohHftPUn%PROGRAMFILES(x86)%\ndfs%PROGRAMFILES(x86)%\oPKmscYuxO%PROGRAMFILES(x86)%\Phagege%PROGRAMFILES(x86)%\programs%PROGRAMFILES(x86)%\Programz\Programz%PROGRAMFILES(x86)%\QuestBrwSearch%PROGRAMFILES(x86)%\RemindMessage%PROGRAMFILES(x86)%\rZdaClXBU%PROGRAMFILES(x86)%\SGPSA%PROGRAMFILES(x86)%\Shop More%PROGRAMFILES(x86)%\Smart Application Controller%PROGRAMFILES(x86)%\smartinline%PROGRAMFILES(x86)%\TweakCube3%PROGRAMFILES(X86)%\Vittalia%PROGRAMFILES(x86)%\VVSN%PROGRAMFILES(x86)%\W3i%PROGRAMFILES(x86)%\wannenginput%PROGRAMFILES(x86)%\wannengzip%PROGRAMFILES(x86)%\Windows7Master%PROGRAMFILES(x86)%\zaabzoubi%TEMP%\Fusion_ld%TEMP%\Fusion_ld2%TEMP%\PotPlayerFus%USERPROFILE%\AppData\LocalLow\Flagfox%USERPROFILE%\Configuración local\Datos de programa\OneClick%USERPROFILE%\Configurações Locais\Dados de aplicativos\OneClick%USERPROFILE%\Local Settings\Application Data\AdService%UserProfile%\Local Settings\Application Data\BrowserHelper%USERPROFILE%\Local Settings\Application Data\geckof%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik%USERPROFILE%\Local Settings\Application Data\Host Service%USERPROFILE%\Local Settings\Application Data\Mojorojo%USERPROFILE%\Local Settings\Application Data\monotype%USERPROFILE%\Local Settings\Application Data\OneClick%USERPROFILE%\Local Settings\Application Data\packagest%UserProfile%\Local Settings\Application Data\ShdUpdate%USERPROFILE%\Local Settings\Application Data\unityp%USERPROFILE%\Local Settings\Application Data\Win_update%USERPROFILE%\Local Settings\Application Data\xmarin%USERPROFILE%\Local Settings\Application Data\xpon%windir%\cpuessentials/165271%WINDIR%\CpuEssentials\165271%WINDIR%\CpuEssentials\16841%WINDIR%\cWinInfos\16610%WINDIR%\cWinInfos\168271%WINDIR%\Microsoft.NET\assembly\GAC_MSIL\WhiteClick%windir%\multisessions\1612262%windir%\superex%WINDIR%\system32\config\systemprofile\appdata\local\WhiteClick%WINDIR%\SystemNode%WINDIR%\syswow64\config\systemprofile\appdata\local\WhiteClick%WINDIR%\Syswow64\config\systemprofile\AppData\Roaming\lockhomepage%WINDIR%\SysWOW64\CpuHeatMapping\16641%WINDIR%\SysWOW64\CpuHeatMapping\168302%WINDIR%\WinEssentials/516%WINDIR%\WinInfos\16610%WINDIR%\WinKit%WINDIR%\xBoosterHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}119adworldadsAmazon assistant 1.0Amazon assistant 2.0AppHelperApplicaASbdrawCorteli File Checkerdisk genius 2.02Ebayssistant 1.0ExtensionGoogleTranslatefarmer 1.0Gebac_is1Host ServiceLook Picture ToolMagicSearchNavigatorNetStreampro 1.0Programz 1.03QWiget 1.0.1ShopMoresoundplay 3.0telezillaTrailerWatchTweakCube3Windows7MasterYahooassistant 1.0{0D447139-C8C5-4061-8B4A-0FBE91965131}{1fd06d23-1810-464b-b9c5-b92c28776962}_is1{27097E83-0712-446C-821A-C2DBB0C1CDE1}{2C1A121C-292F-460D-BA62-3B9886D0DE46}_is1{42F8C402-22B5-42FC-BB6C-88BF4BE304E5}_is1{6C044E1B-C2BD-4B47-9913-40407FA5854E}{78CA4ACE-D7CF-418B-B212-8E51822B566E}{A6AE177E-D46B-4463-AA69-B9F818E0DC4A}_is1{d35e5e88-e5b8-447f-b6f4-66bc7aa638d1}{DFAA6F11-C27B-4EC0-83AE-3AC5B124A899}{F4139563-A744-450D-89B3-94C19B0A5DAF}Registry keySoftware\5c55da8cbc3ab845Software\AppDataLow\Software\FlagfoxSoftware\Ashampoo\Ashampoo Gadge It\THIS IS WIIIGET!SOFTWARE\Classes\AppID\Flagfox.DLLSOFTWARE\Classes\Flagfox.QTimeCpioSOFTWARE\Classes\Flagfox.QTimeCpio.1SOFTWARE\Classes\Installer\Products\931744D05C8C1604B8A4F0EB19691513SOFTWARE\Classes\Installer\Products\ECA4AC87FC7DB8142B21E81528B265E6SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\srv.desk-top-app.infoSoftware\CoinisRevShareSOFTWARE\Cpu Heat MappingSoftware\DEF001SOFTWARE\devnull\NetAdapterSoftware\FlagfoxSoftware\GabPathSoftware\GamesLOL AiTempSoftware\Google\Chrome\PreferenceMACs\Default\extensions.settings\phpimijlgpmombeojojagjijabpmflebSoftware\InstallPathSoftware\MagicSearchSOFTWARE\meirenliSoftware\Microsoft\Internet Explorer\Approved Extensions\{BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24}Software\Microsoft\Internet Explorer\DOMStorage\adnetworkperformance.comSoftware\Microsoft\Internet Explorer\DOMStorage\analyticwbb.comSoftware\Microsoft\Internet Explorer\DOMStorage\bengalflorican.comSoftware\Microsoft\Internet Explorer\DOMStorage\cmptch.comSoftware\Microsoft\Internet Explorer\DOMStorage\davebestdeals.comSoftware\Microsoft\Internet Explorer\DOMStorage\love.bengalflorican.comSoftware\Microsoft\Internet Explorer\DOMStorage\pstatic.davebestdeals.comSoftware\Microsoft\Internet Explorer\DOMStorage\static.cmptch.comSoftware\Microsoft\Internet Explorer\DOMStorage\static.donation-tools.orgSoftware\Microsoft\Internet Explorer\DOMStorage\www.adnetworkperformance.comSoftware\Microsoft\Internet Explorer\DOMStorage\www.analyticwbb.comSoftware\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\adworld.exeSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\ExploreMedia.exeSOFTWARE\Microsoft\Tracing\CpuEssentials_RASAPI32SOFTWARE\Microsoft\Tracing\CpuEssentials_RASMANCSSOFTWARE\Microsoft\Tracing\CpuHeatMapping_RASAPI32SOFTWARE\Microsoft\Tracing\CpuHeatMapping_RASMANCSSOFTWARE\Microsoft\Tracing\Smad_RASMANCSSOFTWARE\Microsoft\Windows NodeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AtiwedomSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CheckControllerUpdatesUASOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LengegrawowardSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PherpghtSOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\AdServiceGroupSOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\AdsServiceGroupSOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24}Software\Microsoft\Windows\CurrentVersion\Run\ShopMoreSoftware\Microsoft\Windows\CurrentVersion\Run\THIS IS WIIIGET!SOFTWARE\REALISTIC MEDIA INC.Software\RuanMei\TweakCube3Software\SaaYaaSoftware\SetupCompanySoftware\ShopMoreSoftware\Windows7MasterSoftware\WizzlabsSOFTWARE\Wow6432Node\Classes\AppID\Flagfox.DLLSOFTWARE\Wow6432Node\Cpu EssentialsSOFTWARE\Wow6432Node\Cpu Heat MappingSOFTWARE\Wow6432Node\devnull\NetAdapterSOFTWARE\Wow6432Node\meirenliSOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\ExploreMedia.exeSOFTWARE\Wow6432Node\Microsoft\Windows NodeSOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\AdServiceGroupSOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\AdsServiceGroupSOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24}SOFTWARE\Wow6432Node\RuanMei\TweakCube3Software\Wow6432Node\Windows7MasterSYSTEM\ControlSet001\services\AdServiceSYSTEM\ControlSet001\services\AdsServiceSYSTEM\ControlSet001\services\BokvunnuSYSTEM\ControlSet001\services\CitdhwaSYSTEM\ControlSet001\services\Corteli File CheckerSYSTEM\ControlSet001\services\Ghostery Storage ServerSYSTEM\ControlSet001\services\HNServiceSYSTEM\ControlSet001\Services\My Sample ServiceSYSTEM\ControlSet001\services\Windows NodeSYSTEM\ControlSet001\services\zigipyroSYSTEM\ControlSet002\services\AdServiceSYSTEM\ControlSet002\services\AdsServiceSYSTEM\ControlSet002\services\BokvunnuSYSTEM\ControlSet002\services\CitdhwaSYSTEM\ControlSet002\services\Corteli File CheckerSYSTEM\ControlSet002\services\Ghostery Storage ServerSYSTEM\ControlSet002\services\HNServiceSYSTEM\ControlSet002\Services\My Sample ServiceSYSTEM\ControlSet002\services\Windows NodeSYSTEM\ControlSet002\services\zigipyroSYSTEM\CurrentControlSet\services\AdServiceSYSTEM\CurrentControlSet\services\AdsServiceSYSTEM\CurrentControlSet\services\BokvunnuSYSTEM\CurrentControlSet\services\CitdhwaSYSTEM\CurrentControlSet\services\Corteli File CheckerSYSTEM\CurrentControlSet\Services\CpuHeatMappingSYSTEM\CurrentControlSet\services\Ghostery Storage ServerSYSTEM\CurrentControlSet\services\HNServiceSYSTEM\CurrentControlSet\Services\My Sample ServiceSYSTEM\CurrentControlSet\services\Windows NodeSYSTEM\CurrentControlSet\services\zigipyroCookies.adfox.ruluid1.docplayer.ruFexchange.bitcoin.comget-express-vpn.comupaidonlinesites.comfonlineRegexp file mask%ALLUSERSPROFILE%\Application Data\beleza.exe%ALLUSERSPROFILE%\arros.vbs%ALLUSERSPROFILE%\beleza.exe%ALLUSERSPROFILE%\Microsoft Frame\Windows-Frame.exe%ALLUSERSPROFILE%\updater\check-update.exe%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Shortcut to Primary output from Start (Active).lnk%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\WindowsDefenderUpdate.exe%APPDATA%\Microsoft\WindowsDefenderUpdate.exe%APPDATA%\NotepadApp\Notices.exe%APPDATA%\ServiceControl\svcctl.exe%APPDATA%\SNDA\SDUpdate\SDDUpdateSvc.dll%APPDATA%\TextEditor\Daemon\TextEditor.exe%APPDATA%\WindowsDefenderUpdate.exe%LOCALAPPDATA%\dsisetup[NUMBERS].exe%LOCALAPPDATA%\intmanager\int.exe%LOCALAPPDATA%\nmorok.dll%LOCALAPPDATA%\Programs\GEN\GEN.exe%LOCALAPPDATA%\scinfo\scinfo.exe%LOCALAPPDATA%\Unify3D\WebPlayer\Unify3DWebPlayerUpdate.exe%LOCALAPPDATA%\updt.js%LOCALAPPDATA%\wupdate\wupdate.exe%PROGRAMFILES%\AdBlocker\AdBlockerService.exe%PROGRAMFILES%\AdBlocker\Service.WinServiceHost.exe%PROGRAMFILES%\FastWeb\config_ns1.dat%PROGRAMFILES%\FastWeb\fastweb.exe%PROGRAMFILES%\rsp.exe%PROGRAMFILES%\SoftUpgrade\softup.exe%PROGRAMFILES%\Windows Service\service.exe%PROGRAMFILES(x86)%\AdBlocker\AdBlockerService.exe%PROGRAMFILES(x86)%\AdBlocker\Service.WinServiceHost.exe%PROGRAMFILES(x86)%\FastWeb\config_ns1.dat%PROGRAMFILES(x86)%\FastWeb\fastweb.exe%PROGRAMFILES(x86)%\IeAdsBlocker.dll%PROGRAMFILES(x86)%\rsp.exe%PROGRAMFILES(x86)%\SoftUpgrade\softup.exe%PROGRAMFILES(x86)%\Windows Service\service.exe%TEMP%\AmazonShoppingAssistant.exe%TEMP%\DMR\dmr_[NUMBERS].exe%TEMP%\UuU.uUu%TEMP%\VirusRemover.exe%TEMP%\whiteclick[RANDOM CHARACTERS].exe%TEMP%\XVD.exe%TEMP%\XxX.xXx%USERPROFILE%\appinfo.exe%USERPROFILE%\Documents\opinion\opinion.exe%USERPROFILE%\Downloads\[RANDOM CHARACTERS] [RANDOM CHARACTERS] Neverwinter.ico%USERPROFILE%\Downloads\Play Crossout.ico%USERPROFILE%\Downloads\Play Warframe.ico%USERPROFILE%\Downloads\This computer is BLOCKED[RANDOM CHARACTERS]%USERPROFILE%\Local Settings\Application Data\dsisetup[NUMBERS].exe%USERPROFILE%\Local Settings\Application Data\wupdate\wupdate.exe%WINDIR%\AdBlock.exe%WINDIR%\Provider32\Provider.dll%WINDIR%\system32\drivers\geckof.sys%WINDIR%\system32\drivers\packagest.sys%WINDIR%\system32\drivers\unityp.sys%WINDIR%\System32\Tasks\CheckControllerUpdatesUA%WINDIR%\System32\Tasks\Microsoft\Windows\DeviceSettings\Kergedomclujers%WINDIR%\System32\Tasks\newspagesnethowknowsm[RANDOM CHARACTERS]%WINDIR%\System32\Tasks\newstop5orgwnorsm[RANDOM CHARACTERS]%WINDIR%\System32\Tasks\PPI Update%WINDIR%\System32\Tasks\ShopMore[NUMBERS]%WINDIR%\systwin.exe%WINDIR%\Tasks\PPI Update.jobCLSID{01F45309-5DDE-36CD-B0E6-C9B4BED4752B}{198A2D6D-5D0E-4C79-9416-AA889D7CA7A6}{27C942C5-C8BC-3CA5-AE2E-991157272004}{354DF0BE-BE17-48C2-A4F7-BC51531779BC}{361474FA-43A4-7088-66F5-BED6EB5500C1}{44CB13F1-7D39-3519-958E-C7F88D27E4F5}{4DA424B1-5AD8-3EA8-B023-96DAB08B716B}{4E22700E-7CA9-30A1-9687-4CC130BB6388}{616B5130-44B2-3A0B-A4D3-483417633159}{66EBAC84-2D58-FD6A-7D99-20491A619549}{87E1A3FC-FED3-3FF7-A11C-8443C6251976}{9EBCA256-0416-39AD-889D-824BD3171B53}{B6D84C58-041F-4216-9905-2D1E9742B524}{BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24}{C35B7206-62EB-F808-5475-18A6FDE7DD94}{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}

Additional Information

The following cookies were detected:
ww7.greefl.com
Home Malware Programs Adware Adware Helpers

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.