Adware Helpers

Adware Helpers Description

Adware Helpers is an adware infection that affects computers running the Windows OS and is poorly protected from Potentially Unwanted Programs. There are several ways in which Adware Helpers may enter a computer automatically. Once installed, Adware Helpers may make various potentially unsafe changes to the affected computer, changing its settings and attempting to expose the computer user to low quality marketing or advertising material. Once Adware Helpers is installed, Adware Helpers may make the affected computer nearly impossible to use due to the many intrusive symptoms and myriad of problems that may be associated with Adware Helpers and similar adware threats. Because of this, computer users should get the partnership of a meritorious anti-malware tool to remove Adware Helpers immediately from the affected computer.

Adware Helpers May Make Unwanted Changes to Your PC Settings

There are several problems associated with Adware Helpers. Adware Helpers is considered much more harmful than other adware infections due to the level of the symptoms associated with this adware infection. Adware Helpers uses an inordinately high number of files to install itself on the affected computer and, at the moment of this writing, is distributed globally, affecting computers in countries all around the world. Malware experts found several symptoms that may be caused by an Adware Helpers infection:

  1. Adware Helpers may cause unwanted changes to a computer's settings.
  2. Adware Helpers may cause severe performance problems on the affected computer. Computers affected by Adware Helpers can get stuck frequently or freeze. In some cases, Adware Helpers may damage to the affected computer's boot sector which may be linked to Adware Helpers or to other threat that is also associated with this adware infection.
  3. Adware Helpers may change your Web browser settings, decreasing your security and making it more vulnerable to other forms of threats.
  4. Adware Helpers may change your Web browser's homepage and default search engine, exposing computer users to unwanted websites and advertising material as soon as they launch their Web browser.
  5. Adware Helpers may redirect search results and other browser activity, forcing computer users to visit websites associated with Adware Helpers repeatedly.
  6. Adware Helpers may cause your Web browser to display pop-up advertisements, suspicious error messages, fake system alerts and pop-up windows containing potentially unsafe websites or online content that may expose your computer to other types of threats.

Aliases: VBS/Agent.NSW!tr.dldr [Fortinet], Trojan.Amonetize.9614 [DrWeb], VBS/TrojanDownloader.Agent.NSW [ESET-NOD32], Dropped:Application.Downloader.YW [MicroWorld-eScan], Gen:Variant.Adware.Linkury.6 (B) [Emsisoft], PE:Malware.RDM.30!5.24[F1] [Rising], Trojan.Zusy!1pv7GOI04ao [Agnitum], ADW_LINKURY [TrendMicro-HouseCall], a variant of MSIL/Toolbar.Linkury.AH potentially u [ESET-NOD32], Trojan.Win32.Zusy.dwsxkp [NANO-Antivirus], Adware ( 004cf0c81 ) [K7GW], RDN/Generic.dx [McAfee], Gen:Variant.Adware.Linkury.6 [MicroWorld-eScan], Gen:Variant.Adware.Linkury [F-Secure] and Generic PUA AO (PUA) [Sophos].

Do You Suspect Your PC May Be Infected with Adware Helpers & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Adware Helpers as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

File System Details

Adware Helpers creates the following file(s):
# File Name Size MD5 Detection Count
1 %SystemDrive%monitorsvc.exe 34,244 8717fa628a749175a7ef127df2c012fc 18,053
2 %PROGRAMFILES(x86)%\globalUpdate\Update\GoogleUpdate.exe 68,608 d858ba2ee718b1db1ced20646e641d08 15,433
3 %PROGRAMFILES(x86)%\Web Protect\PCProtect.exe 1,265,608 c231bea86e6ec4c6510c99de9dd6d6fa 11,783
4 %APPDATA%\DSite\UpdateProc\UpdateTask.exe 94,208 ec63f649f7090f885ebd4770ffb92fcb 10,836
5 %PROGRAMFILES%\Update Software\winclient32.exe 639,488 10b2a4f40e30705469ceabaf5acc3e7b 9,711
6 %ALLUSERSPROFILE%\Rabatt-Finder\DFService.exe 141,312 f884ade2532330098dd3076cb46d0f2e 9,517
7 %APPDATA%\FLV Player Packages\uninstaller.exe 1,114,624 8c7fb9078a63b7e5e899e7a2dbb0db53 9,092
8 %LOCALAPPDATA%contentagent.exe 108,032 802aff4c0ccd0cbe2c9d8ca84b7c5ec9 7,654
9 %LOCALAPPDATA%\patch_tmp\regCheck.vbs 420 54e3a82208f75fdf5e09d32bda2854df 6,532
10 %ALLUSERSPROFILE%\WindowsMangerProtect\ProtectWindowsManager.exe 528,896 397b966bbca15d72ae702fdf31d02f99 6,389
11 %PROGRAMFILES(x86)%\ToolsAssist\toolserv.exe 202,872 7068d0dc90fd95505a2beef5c2f6320e 6,177
12 %PROGRAMFILES(x86)%\IGS\OptimizerMonitor.exe 1,820,240 2171440404e15e6a48eecccdffe88bfc 6,014
13 %PROGRAMFILES%\Driver LM\lmservice.exe 308,248 344532a56f8563b23e5855e498423d9f 5,658
14 %PROGRAMFILES%\test\Bind.exe 503,808 5004e1d136deaa741edf41310ac07f54 5,451
15 %ALLUSERSPROFILE%\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe 2,402,840 83de1aba61074da70f5011d28610b18d 5,283
More files

Registry Details

Adware Helpers creates the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}
SP_289822ec
DProtect
SP_eea72b4f
bi_uninstaller
flash-Enhancer
Anti-phishing Domain Advisor
KeepMySettingsX
onekit
webprotect
Search Protection
DigitalSites
Digital Sites
{8B5E8E15-7229-4C46-887A-27E1F62AC7FC}
wincheck
IGS
PC Helper
Eppink
SU
{5F189DF5-2D05-472B-9091-84D9848AE48B}{6ea8c3d5}
{2A73A982-4B8B-4895-AC8A-63D71EFC85C4}_is1
{9563BC59-9556-4805-8CD4-886781779D8D}
DigitalSite
{C9AE19A8-4589-460C-9685-74467F26FE77}_is1
{AD427252-C069-49F6-A0DC-C3235CF6576D}
bdraw
Explorer 2.01
AppHelper
TweakCube3
Windows7Master
Programz 1.03
{d35e5e88-e5b8-447f-b6f4-66bc7aa638d1}
NetStream
Host Service
TrailerWatch
{A6AE177E-D46B-4463-AA69-B9F818E0DC4A}_is1
SuperEx
{78CA4ACE-D7CF-418B-B212-8E51822B566E}
119
QWiget 1.0.1
Corteli File Checker
ExtensionGoogleTranslate
adworldads
ShopMore
Amazon assistant 1.0
Amazon assistant 2.0
disk genius 2.02
farmer 1.0
pro 1.0
soundplay 3.0
HKEY..\..\..\..{RegistryKeys}
Software\DataMngr_Toolbar
Software\AppDataLow\SProtector
SOFTWARE\Wow6432Node\SProtector
System\CurrentControlSet\Services\BrowserDefendert
SOFTWARE\Classes\BP.Gate
SOFTWARE\Classes\BP.Gate.1
Wow6432Node\AppID\BpSvc.exe
SOFTWARE\Classes\Wow6432Node\AppID\BpSvc.exe
SOFTWARE\Wow6432Node\Classes\AppID\BpSvc.exe
SOFTWARE\Wow6432Node\Microsoft\Tracing\BpSvc_RASAPI32
SOFTWARE\Wow6432Node\Microsoft\Tracing\BpSvc_RASMANCS
BP.Gate
Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert
SOFTWARE\Wow6432Node\SP Global
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{698F7917-EA67-4A3E-B05A-E6D890F0F756}
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{698F7917-EA67-4A3E-B05A-E6D890F0F756}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
SOFTWARE\Wow6432Node\eSafeSecControl
SOFTWARE\Wow6432Node\Microsoft\Tracing\eGdpSvc_RASAPI32
SOFTWARE\Wow6432Node\Microsoft\Tracing\eGdpSvc_RASMANCS
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SP_289822ec
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain, value: {3EF43C6D-66A8-4DE7-90E2-5E83B20FCA5A}
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BitGuard
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DProtect
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18ACCF02-6F5E-42B0-BF9D-0FB925E0D2F3}
Software\Microsoft\Internet Explorer\Approved Extensions, value: {4D2D3B0F-69BE-477A-90F5-FDDB05357975}
Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Software\Microsoft\Internet Explorer\TabbedBrowsing, value: bProtectNewTabPageShow
Software\Microsoft\Internet Explorer\TabbedBrowsing, value: bProtectShowTabsWelcome
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B6ADE8B-21B9-4BB3-B499-F384C51AB3D4}
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B6ADE8B-21B9-4BB3-B499-F384C51AB3D4}
SOFTWARE\SP Global
SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SP_eea72b4f
SYSTEM\ControlSet002\services\WsysSvc
SYSTEM\ControlSet001\services\WsysSvc
SYSTEM\CurrentControlSet\services\WsysSvc
SYSTEM\ControlSet001\services\srvBrowserProtect
SYSTEM\ControlSet002\services\srvBrowserProtect
SYSTEM\CurrentControlSet\services\srvBrowserProtect
SOFTWARE\Microsoft\Tracing\srvBrowserProtect_RASMANCS
SYSTEM\ControlSet002\services\eventlog\Application\SrvBrowserProtect
SYSTEM\CurrentControlSet\services\eventlog\Application\SrvBrowserProtect
SYSTEM\CurrentControlSet\services\DPService
SYSTEM\ControlSet001\services\Level Quality Watcher
CurrentControlSet\services\Level Quality Watcher
SOFTWARE\Wow6432Node\Microsoft\Tracing\ProtectedSearch_RASMANCS
SOFTWARE\Wow6432Node\Microsoft\Tracing\ProtectedSearch_RASAPI32
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C00D5AE-5D31-4B57-B6A4-CF91C31A7568}
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C00D5AE-5D31-4B57-B6A4-CF91C31A7568}
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7396ABDF-60A0-453C-823B-5076EC9BD2B6}
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7396ABDF-60A0-453C-823B-5076EC9BD2B6}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{e81a9dc1}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{cfb41c29}
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{cfb41c29}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736}
SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736}
SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions, value: ext@flash-Enhancer.com
SOFTWARE\AmiExt\flash-Enhancer
SOFTWARE\Wow6432Node\flash-Enhancer
SOFTWARE\flash-Enhancer
SOFTWARE\Google\Chrome\Extensions\ehmnjgkmbpbohelngpclcdhgochdeoej
SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ehmnjgkmbpbohelngpclcdhgochdeoej
Software\Microsoft\Internet Explorer\Approved Extensions, value: {5A60B6BB-FA81-4EFA-AB9C-A820E2143736}
Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FDC3E31-DCA1-4105-A73B-AC93A6D41522}
Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
SOFTWARE\Microsoft\Windows\CurrentVersion\Run, value: Anti-phishing Domain Advisor
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run, value: Anti-phishing Domain Advisor
AmiBs.Installer
AmiBs.Installer.1
SOFTWARE\Classes\AmiBs.Installer
SOFTWARE\Classes\AmiBs.Installer.1
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\S-46480778
SOFTWARE\eSafeSecControl
SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1369A8F-D862-4E5F-A4A5-9332C390E1C9}
SYSTEM\ControlSet001\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
SYSTEM\ControlSet001\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
SYSTEM\ControlSet002\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
SYSTEM\ControlSet002\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
SOFTWARE\SearchModule
SOFTWARE\Wow6432Node\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtectAll
SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtectAll
Software\SecurityUpdatesService
SOFTWARE\Wow6432Node\SecurityUpdatesService
SYSTEM\ControlSet001\services\eventlog\Application\srvProtectExtension
SYSTEM\CurrentControlSet\services\srvProtectExtension
SYSTEM\CurrentControlSet\services\eventlog\Application\srvProtectExtension
SYSTEM\ControlSet002\services\srvProtectExtension
SYSTEM\ControlSet002\services\eventlog\Application\srvProtectExtension
SYSTEM\ControlSet001\services\srvProtectExtension
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce, value: SpUninstallCleanUp
SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, value: SpUninstallCleanUp
Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION, value: FrameworkEngine.exe
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION, value: FrameworkEngine.exe
SOFTWARE\Wow6432Node\ChromeHelper
SOFTWARE\Wow6432Node\ZUpdater\ChromeHelperUpdt.exe
SOFTWARE\ChromeHelper
SOFTWARE\ZUpdater\ChromeHelperUpdt.exe
SYSTEM\ControlSet001\services\ChromeHelperUpdt
SYSTEM\ControlSet001\services\eventlog\Application\ChromeHelper
SYSTEM\ControlSet002\services\ChromeHelperUpdt
SYSTEM\ControlSet002\services\eventlog\Application\ChromeHelper
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run, value: ChromeHelper
SOFTWARE\Microsoft\Windows\CurrentVersion\Run, value: ChromeHelper
SYSTEM\CurrentControlSet\services\globalUpdatem
SYSTEM\CurrentControlSet\services\globalUpdate
SYSTEM\ControlSet002\services\globalUpdatem
SYSTEM\ControlSet002\services\globalUpdate
SYSTEM\ControlSet001\services\globalUpdatem
SOFTWARE\GlobalUpdate
SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
SOFTWARE\Wow6432Node\InstallIQ
SOFTWARE\InstallIQ
Software\Guard
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KeepMySettingsX
SOFTWARE\Classes\TinyBHO.TinyBHO.1
SOFTWARE\Classes\TinyBHO.TinyBHO
TinyBHO.TinyBHO
TinyBHO.TinyBHO.1
Software\Vittalia
Software\Adorika
Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION, value: onekit.exe
Software\Microsoft\Windows\CurrentVersion\Run, value: onekit
SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\onekit
Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION, value: webprotect.exe
AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Wow6432Node\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Wow6432Node\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
SOFTWARE\Wow6432Node\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
SOFTWARE\Wow6432Node\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION, value: dsrsetup.exe
SOFTWARE\Classes\62c9ccffad834deab5e0fd5cd3afeb390064969.Sandbox.1
SOFTWARE\Classes\62c9ccffad834deab5e0fd5cd3afeb390064969.Sandbox
SOFTWARE\Classes\62c9ccffad834deab5e0fd5cd3afeb390064969.BHO.1
SOFTWARE\Classes\62c9ccffad834deab5e0fd5cd3afeb390064969.BHO
SOFTWARE\Classes\1939a99c624f4eaca59892d3b6f85dc90065777.Sandbox.1
SOFTWARE\Classes\1939a99c624f4eaca59892d3b6f85dc90065777.Sandbox
62c9ccffad834deab5e0fd5cd3afeb390064969.Sandbox
62c9ccffad834deab5e0fd5cd3afeb390064969.BHO.1
62c9ccffad834deab5e0fd5cd3afeb390064969.BHO
1939a99c624f4eaca59892d3b6f85dc90065777.Sandbox.1
1939a99c624f4eaca59892d3b6f85dc90065777.Sandbox
1939a99c624f4eaca59892d3b6f85dc90065777.BHO.1
1939a99c624f4eaca59892d3b6f85dc90065777.BHO
Software\PowerPack
SOFTWARE\Classes\acbd1a6003650132bc69097ae66452fd0063167.Sandbox.1
SOFTWARE\Classes\acbd1a6003650132bc69097ae66452fd0063167.Sandbox
SOFTWARE\Classes\acbd1a6003650132bc69097ae66452fd0063167.BHO.1
SOFTWARE\Classes\acbd1a6003650132bc69097ae66452fd0063167.BHO
acbd1a6003650132bc69097ae66452fd0063167.Sandbox.1
Software\Microsoft\Windows\CurrentVersion\RunOnce, value: DigitalSites
SYSTEM\CurrentControlSet\services\rcores
SYSTEM\ControlSet001\services\rcores
Software\CoinisRS
SYSTEM\CurrentControlSet\services\RGMUpdater
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run, value: WinCheck
SOFTWARE\Microsoft\Windows\CurrentVersion\Run, value: WinCheck
SYSTEM\CurrentControlSet\services\stdmfpam
SYSTEM\ControlSet002\services\stdmfpam
SYSTEM\ControlSet001\services\stdmfpam
SYSTEM\CurrentControlSet\services\0f07085f
SYSTEM\ControlSet002\services\0f07085f
SYSTEM\ControlSet001\services\0f07085f
SYSTEM\CurrentControlSet\services\YouTubeDownload_A3
SYSTEM\ControlSet002\services\YouTubeDownload_A3
SYSTEM\ControlSet001\services\YouTubeDownload_A3
SYSTEM\CurrentControlSet\services\BasementDuste
SYSTEM\ControlSet002\services\BasementDuster
SYSTEM\ControlSet001\services\BasementDuster
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avayvaxxvae
SOFTWARE\Wow6432Node\AdGazelle
SOFTWARE\AdGazelle
SOFTWARE\Classes\CCLLib.LSPLogic.1
SOFTWARE\Classes\CCLLib.LSPLogic
SOFTWARE\Classes\CCLLib.DataTableHolder.1
SOFTWARE\Classes\CCLLib.DataTableHolder
SOFTWARE\Classes\CCLLib.DataTableFields.1
SOFTWARE\Classes\CCLLib.DataTableFields
SOFTWARE\Classes\CCLLib.DataTable.1
SOFTWARE\Classes\CCLLib.DataContainer.1
SOFTWARE\Classes\CCLLib.DataContainer
SOFTWARE\Classes\AppID\CCL.exe
SOFTWARE\Wow6432Node\Classes\AppID\CCL.exe
SOFTWARE\Microsoft\Tracing\netengine_RASMANCS
SOFTWARE\Wow6432Node\Microsoft\Tracing\netengine_RASMANCS
SOFTWARE\Microsoft\Tracing\netengine_RASAPI32
SOFTWARE\Wow6432Node\Microsoft\Tracing\netengine_RASAPI32
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NetEngine
SYSTEM\CurrentControlSet\services\eventlog\Application\mailUpdate
SYSTEM\ControlSet001\services\eventlog\Application\mailUpdate
SYSTEM\ControlSet002\services\eventlog\Application\mailUpdate
SYSTEM\ControlSet001\services\mailUpdate
SYSTEM\ControlSet002\services\mailUpdate
SYSTEM\CurrentControlSet\services\mailUpdate
Software\Microsoft\Windows\CurrentVersion\Run, value: SmartCpx
Software\InstalledBrowserExtensions\InstallMonetizer
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites
SOFTWARE\Wow6432Node\NtIObits
SOFTWARE\NtIObits
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures, value: Digital Sites.job
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures, value: Digital Sites.job.fp
SOFTWARE\Wow6432Node\WombatUpdater
SOFTWARE\Wow6432Node\AdvertisingSupport
SOFTWARE\AdvertisingSupport
Software\DarwenDLM
Software\Microsoft\Windows\CurrentVersion\Run, value: Ruspromocode
SOFTWARE\Classes\Wow6432Node\AppID\globalupdate.exe
SOFTWARE\Classes\AppID\globalupdate.exe
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\globalupdate.exe
Software\ClkApp
SYSTEM\ControlSet001\Services\globalUpdatem1d10f2050332831
SYSTEM\ControlSet002\Services\globalUpdatem1d10f2050332831
SYSTEM\CurrentControlSet\Services\globalUpdatem1d10f2050332831
SOFTWARE\Microsoft\Internet Explorer\DOMStorage\reduxmediia.com
SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{CA0DF057-06C5-4F84-8873-ED224BC7EAC5}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{CA0DF057-06C5-4F84-8873-ED224BC7EAC5}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1856E30A-A850-4C21-B291-7A78109529D2}
SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1856E30A-A850-4C21-B291-7A78109529D2}
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Protected Search
SOFTWARE\ProtectedSearch
Software\Microsoft\Internet Explorer\DOMStorage\foxi69.tlscdn.com
Software\Microsoft\Internet Explorer\DOMStorage\n149adserv.com
Software\Microsoft\Internet Explorer\DOMStorage\tlscdn.com
Software\Microsoft\Internet Explorer\DOMStorage\spdse.com
Software\Microsoft\Internet Explorer\DOMStorage\go.combosoftwareplace.com
Software\Microsoft\Internet Explorer\DOMStorage\combosoftwareplace.com
Software\Microsoft\Internet Explorer\DOMStorage\www.donation-tools.org
Software\Microsoft\Internet Explorer\DOMStorage\donation-tools.org
Software\Microsoft\Internet Explorer\DOMStorage\downloadappsoft.com
Software\ICSW1.14
SOFTWARE\Wow6432Node\qingfengrili
Software\Wow6432Node\Ultimate-Discounter
Software\Ultimate-Discounter
SOFTWARE\Microsoft\Tracing\OfferInstaller_RASMANCS
SOFTWARE\Microsoft\Tracing\OfferInstaller_RASAPI32
SOFTWARE\Wow6432Node\MaxPower
SOFTWARE\MaxPower
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION, value: ExploreMedia.exe
SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION, value: ExploreMedia.exe
SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\srv.desk-top-app.info
Software\CoinisRevShare
Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
Software\Microsoft\Internet Explorer\DOMStorage\adnetworkperformance.com
Software\Microsoft\Internet Explorer\DOMStorage\analyticwbb.com
Software\Microsoft\Internet Explorer\DOMStorage\www.analyticwbb.com
Software\Microsoft\Internet Explorer\DOMStorage\bengalflorican.com
Software\Microsoft\Internet Explorer\DOMStorage\love.bengalflorican.com
SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
Software\SaaYaa
Software\Windows7Master
Software\DEF001
SOFTWARE\WOW6432NODE\CLASSES\ComBHO.ComHits.1
SOFTWARE\WOW6432NODE\CLASSES\ComBHO.ComHits
SOFTWARE\CLASSES\ComBHO.ComHits
SOFTWARE\CLASSES\ComBHO.ComHits.1
SOFTWARE\CLASSES\WOW6432NODE\d0b010a837c4bca8721b47d659cc6f42f47b9269c577db8dff50a035d60bcb8a.DynamicNS
SOFTWARE\CLASSES\WOW6432NODE\b667448f6ef2f19ff9fc147631a2abac4cf6be1db273ee03bc81ca5961b41a20.DynamicNS
SOFTWARE\CLASSES\WOW6432NODE\9de277fd0e23e8713f69233dda13f6f66d293875b46f18980c2c56ebfd856585.DynamicNS
SOFTWARE\WOW6432NODE\CLASSES\b667448f6ef2f19ff9fc147631a2abac4cf6be1db273ee03bc81ca5961b41a20.DynamicNS
SOFTWARE\WOW6432NODE\CLASSES\9de277fd0e23e8713f69233dda13f6f66d293875b46f18980c2c56ebfd856585.DynamicNS
SOFTWARE\WOW6432NODE\CLASSES\8d20b37c5590facd824616ce33fd866b4b710417a1b2e77e4e41a6b7e6d014ff.DynamicNS
SOFTWARE\WOW6432NODE\CLASSES\4b67666a027aca68fb7775bd9e941454ffa949c29c227581739eed24861877a8.DynamicNS
SOFTWARE\CLASSES\d0b010a837c4bca8721b47d659cc6f42f47b9269c577db8dff50a035d60bcb8a.DynamicNS
SOFTWARE\CLASSES\b667448f6ef2f19ff9fc147631a2abac4cf6be1db273ee03bc81ca5961b41a20.DynamicNS
SOFTWARE\CLASSES\9de277fd0e23e8713f69233dda13f6f66d293875b46f18980c2c56ebfd856585.DynamicNS
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24}
SOFTWARE\Classes\Flagfox.QTimeCpio.1
SOFTWARE\Classes\Flagfox.QTimeCpio
SOFTWARE\Classes\AppID\Flagfox.DLL
Software\Microsoft\Internet Explorer\Approved Extensions, value: {BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24}
Software\AppDataLow\Software\Flagfox
Software\Flagfox
SOFTWARE\Microsoft\Tracing\CpuHeatMapping_RASAPI32
SOFTWARE\Microsoft\Tracing\CpuHeatMapping_RASMANCS
SYSTEM\ControlSet001\services\downyoadupdownloacyi
SYSTEM\ControlSet002\services\downyoadupdownloacyi
SYSTEM\CurrentControlSet\services\downyoadupdownloacyi
SYSTEM\ControlSet001\services\zigipyro
SYSTEM\ControlSet002\services\zigipyro
SYSTEM\CurrentControlSet\services\zigipyro
SOFTWARE\Cpu Essentials
SOFTWARE\Wow6432Node\Cpu Essentials
SOFTWARE\Cpu Heat Mapping
SOFTWARE\Wow6432Node\Cpu Heat Mapping
SOFTWARE\Microsoft\Tracing\CpuEssentials_RASAPI32
SOFTWARE\Classes\gharries.rousers.1
SYSTEM\ControlSet001\services\Pozlurgh
SOFTWARE\Classes\exegeses.divans.1
SOFTWARE\Classes\exegeses.divans
Software\Wow6432Node\Microsoft\Pyyxva
Software\Microsoft\Pyyxva
SYSTEM\CurrentControlSet\services\Bokvunnu
Software\Wow6432Node\GabPath
Software\GabPath
SYSTEM\CurrentControlSet\services\Citdhwa
SYSTEM\ControlSet002\services\Citdhwa
SYSTEM\ControlSet001\services\Citdhwa
SOFTWARE\Classes\overfar.schusses.1
SOFTWARE\Classes\overfar.schusses
SYSTEM\CurrentControlSet\services\Ghostery Storage Server
Software\Pig Move Search
Software\5c55da8cbc3ab845
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lengegrawoward
Software\Microsoft\Internet Explorer\DOMStorage\static.donation-tools.org
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Atiwedom
SOFTWARE\Classes\Installer\Products\931744D05C8C1604B8A4F0EB19691513
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost, value: AdServiceGroup
SYSTEM\ControlSet001\services\AdService
SYSTEM\ControlSet002\services\AdService
SYSTEM\CurrentControlSet\services\AdService
SOFTWARE\Classes\Installer\Products\ECA4AC87FC7DB8142B21E81528B265E6
Software\Microsoft\Internet Explorer\DOMStorage\davebestdeals.com
Software\Microsoft\Internet Explorer\DOMStorage\pstatic.davebestdeals.com
SYSTEM\CurrentControlSet\services\AdsService
Software\Microsoft\Windows\CurrentVersion\Run, value: THIS IS WIIIGET!
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost, value: AdsServiceGroup
SYSTEM\ControlSet001\Services\My Sample Service
SYSTEM\ControlSet002\Services\My Sample Service
SYSTEM\CurrentControlSet\services\HNService
Software\Ashampoo\Ashampoo Gadge It\THIS IS WIIIGET!
SOFTWARE\Wow6432Node\Microsoft\Windows Node
SYSTEM\ControlSet001\services\Corteli File Checker
SYSTEM\ControlSet002\services\Corteli File Checker
SYSTEM\CurrentControlSet\services\Corteli File Checker
SYSTEM\ControlSet001\services\Windows Node
SYSTEM\ControlSet002\services\Windows Node
SYSTEM\CurrentControlSet\services\Windows Node
Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION, value: adworld.exe
SOFTWARE\Microsoft\Tracing\Smad_RASMANCS
Software\Wow6432Node\ShopMore
Software\ShopMore
The following CLSID's were found:
HKEY..\..\{CLSID Path}
{0138cdef-7d93-42f5-8c1a-f4f5207cf322}
{034EC334-7EBB-4454-927A-2F990A865461}
{03771AEF-400D-4A13-B712-25878EC4A3F5}
{06AE0757-F2D4-4C24-82CB-92E7282DC8BC}
{0C06DED8-1DEE-4D68-9495-5846648765A0}
{0C6E2C39-8147-42C9-8CB6-3E36CD0E207F}
{198A2D6D-5D0E-4C79-9416-AA889D7CA7A6}
{1BA1D78B-44F6-4BA9-8E92-D59CC41C31BB}
{27C942C5-C8BC-3CA5-AE2E-991157272004}
{34BE6615-ADA0-46D1-9457-ABE77C82B0AD}
{354DF0BE-BE17-48C2-A4F7-BC51531779BC}
{361474FA-43A4-7088-66F5-BED6EB5500C1}
{37E94D8E-C983-4499-A7EC-E3E2DD43FD47}
{3E95B6B5-FE92-476C-AACA-0D0B00212097}
{44CB13F1-7D39-3519-958E-C7F88D27E4F5}
{45C43BA8-14A8-4FD2-989B-1A099132B191}
{48D6B22C-BE31-471F-B880-BE2E44117636}
{49648CB7-2B09-4225-8316-C079D1E70869}
{4BC8B2D6-45DA-47B6-B5C0-D59ABB4B499B}
{513EEBEC-206E-4F41-96B8-E26C3487E484}
{5C5DC941-A41A-4483-ABC2-8A37B7ABCEC7}
{616B5130-44B2-3A0B-A4D3-483417633159}
{66EBAC84-2D58-FD6A-7D99-20491A619549}
{6D4506CE-F855-4657-AA38-DB6B1F733982}
{8ACEBA70-A083-4E98-83A6-149F0CF3B840}
{97F5DB5C-4DCA-40D1-931E-02C8D4D7AF16}
{9B871243-2983-495D-9FEB-D7059D0E8056}
{9EBCA256-0416-39AD-889D-824BD3171B53}
{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
{AA4981EB-4C9A-405A-8A25-8FF5E6128185}
{B13AB362-94AF-4A8B-9765-8E6458A2931A}
{BA72D4C4-FA3E-47B1-88AD-052C61814435}
{BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24}
{C35B7206-62EB-F808-5475-18A6FDE7DD94}
{CAEBCA7A-5DCB-4642-8BC6-43CEA5D8C9A8}
{CF06EC6B-5D30-4596-A29C-9AB1F81DF7BE}
{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
{D1661A59-E9D3-4603-8822-2FBEADA5E097}
{D7E7D1A0-49E4-41BF-80C1-10E27BB23A83}
{D870A4EF-8B63-4271-9470-EC65DDAECEB3}
{D974494C-E62C-4D18-B502-7A6CE063580A}
{DC1AE971-FAA7-441C-8BE6-96BF0F12B765}
{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
{E309D526-009C-490B-9BB1-CF9D525F6854}
{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
{E7B662E7-A4FC-41D3-8644-C9918DD08ACA}
{EAB5257A-1FB3-474C-9B42-231F52622E72}
{F4AF8651-EB16-49AD-A755-69E46B244A1B}
{FCD37022-EFE0-4777-9611-1B45E82658E9}
{fdef0b65-0747-45ac-bc0c-917a788ae628}

More Details on Adware Helpers

The following cookies were found:
  • ww7.greefl.com

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their PC with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

One Comment

  • ralph palmer:
    4 years ago Reply

    help is needed. nothing works for me. have been tryiing all I know for three days.I was told it would be easy to get rid of safe search. not true.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

Comment (1)
By GoldSparrow in Adware
Threat Scorecard
?
The ESL Threat Scorecard is an assessment report that is given to every malware threat that has been collected and analyzed through our Malware Research Center. The ESL Threat Scorecard evaluates and ranks each threat by using several metrics such as trends, incidents and severity over time.

In addition to the effective scoring for each threat, we are able to interpret anonymous geographic data to list the top three countries infected with a particular threat. The data used for the ESL Threat Scorecard is updated daily and displayed based on trends for a 30-day period. The ESL Threat Scorecard is a useful tool for a wide array of computer users from end users seeking a solution to remove a particular threat or security experts pursuing analysis and research data on emerging threats.

Each of the fields listed on the ESL Threat Scorecard, containing a specific value, are as follows:

Ranking: The current ranking of a particular threat among all the other threats found on our malware research database.

Threat Level: The level of threat a particular PC threat could have on an infected computer. The threat level is based on a particular threat's behavior and other risk factors. We rate the threat level as low, medium or high. The different threat levels are discussed in the SpyHunter Risk Assessment Model.

Infected PCs: The number of confirmed and suspected cases of a particular threat detected on infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter's Spyware Scanner.

% Change: The daily percent change in the frequency of infected PCs of a specific threat. The formula for percent changes results from current trends of a specific threat. An increase in the rankings of a specific threat yields a recalculation of the percentage of its recent gain. When a specific threat's ranking decreases, the percentage rate reflects its recent decline. For a specific threat remaining unchanged, the percent change remains in its current state. The % Change data is calculated and displayed in three different date ranges, in the last 24 hours, 7 days and 30 days. Next to the percentage change is the trend movement a specific malware threat does, either upward or downward, in the rankings. Each level of movement is color coded: a green up-arrow (∧) indicates a rise, a red down-arrow (∨) indicates a decline, and a brown equal symbol (=) indicates no change or plateaued.

Top 3 Countries Infected: Lists the top three countries a particular threat has targeted the most over the past month. This data allows PC users to track the geographic distribution of a particular threat throughout the world.
Ranking: 1
Threat Level: 2
Infected PCs: 3,233,988
% Change 30 Days:
0%
7 Days:
-1%
1 Day:
-5%
Top 3 Countries Infected: Georgia, Lithuania, Sweden