Adware Helpers

Adware Helpers Description

Type: Adware

Adware Helpers is an adware infection that affects computers running the Windows OS and is poorly protected from Potentially Unwanted Programs. There are several ways in which Adware Helpers may enter a computer automatically. Once installed, Adware Helpers may make various potentially unsafe changes to the affected computer, changing its settings and attempting to expose the computer user to low quality marketing or advertising material. Once Adware Helpers is installed, Adware Helpers may make the affected computer nearly impossible to use due to the many intrusive symptoms and myriad of problems that may be associated with Adware Helpers and similar adware threats. Because of this, computer users should get the partnership of a meritorious anti-malware tool to remove Adware Helpers immediately from the affected computer.

Adware Helpers May Make Unwanted Changes to Your PC Settings

There are several problems associated with Adware Helpers. Adware Helpers is considered much more harmful than other adware infections due to the level of the symptoms associated with this adware infection. Adware Helpers uses an inordinately high number of files to install itself on the affected computer and, at the moment of this writing, is distributed globally, affecting computers in countries all around the world. Malware experts found several symptoms that may be caused by an Adware Helpers infection:

  1. Adware Helpers may cause unwanted changes to a computer's settings.
  2. Adware Helpers may cause severe performance problems on the affected computer. Computers affected by Adware Helpers can get stuck frequently or freeze. In some cases, Adware Helpers may damage to the affected computer's boot sector which may be linked to Adware Helpers or to other threat that is also associated with this adware infection.
  3. Adware Helpers may change your Web browser settings, decreasing your security and making it more vulnerable to other forms of threats.
  4. Adware Helpers may change your Web browser's homepage and default search engine, exposing computer users to unwanted websites and advertising material as soon as they launch their Web browser.
  5. Adware Helpers may redirect search results and other browser activity, forcing computer users to visit websites associated with Adware Helpers repeatedly.
  6. Adware Helpers may cause your Web browser to display pop-up advertisements, suspicious error messages, fake system alerts and pop-up windows containing potentially unsafe websites or online content that may expose your computer to other types of threats.

Aliases

15 security vendors flagged this file as malicious.

Anti-Virus Software Detection
Fortinet VBS/Agent.NSW!tr.dldr
DrWeb Trojan.Amonetize.9614
AVG Pakes2_c.BIVB
Fortinet Adware/Linkury
Ikarus PUA.MSIL.Toolbar
Sophos Generic PUA AO (PUA)
F-Secure Gen:Variant.Adware.Linkury
McAfee RDN/Generic.dx
Fortinet Riskware/GameBox
Ikarus PUA.GameBox
Antiy-AVL GrayWare[AdWare]/Win32.BrowseFox.bz
McAfee Artemis!1E27FB144AEC
AVG Generic_r.TZ
GData Win32.Adware.Graftor.B
DrWeb Adware.Boxore.5

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Adware Helpers

File System Details

Adware Helpers creates the following file(s):
Expand All | Collapse All
# File Name MD5 Detection Count
1 apnmcp.exe 7a7397d866f7b3654dc279f612f7915b 14,729
2 smappscontroller.exe 0737725ccaf3e39321a07f699b092c16 10,669
3 he92324.exe 43154f0af9b3d690e6562c16141944e5 7,434
4 rgAm6.exe 39b3f88b49546d163a04900f625138b9 7,215
5 passport.dll 668702acdfab101d36c168d817720b20 4,033
6 check-update.exe 95cdac39d14fb5a33dae199cc414c36c 2,172
7 vlc-updater.exe 6312dbb5b688c3a9e6ffa2f8b76c0de5 2,072
8 woehptunafhkdu.boehp 7121d807de3d9bd0ab0b11f07cb88b6c 1,103
9 alphapassive.msi ddf9bf09f6aa5a7726863448c53d5c14 562
10 tpyx55wl4yl.exe cf50771b0c37efb1b18b932c5e6de455 417
11 cugigwbq3n3.exe 1f6a196c13f56a297645eec5b68e8e90 414
12 crmsvc.exe 1b738db8087a83d31afce54d3ddfa746 325
13 9180135.exe 51181fc0f1d99d95c5bffc0f0aa22378 297
14 em43zsg40.exe 4fb6e7664f0495d7abf9dc2bfc4b6ce2 227
15 LWR.exe 864f9b8a42f237540d2a7212db86e66f 203
16 243124d579b30a70cae52a7ca1d43b0d.dll 697b339a848572dd37ad98c9e01d5f5a 58
17 DhYimEoQU.exe 1492f048f848431fd781fbd14a452916 42
18 YzA4ZDlhNTBjOTRkN.exe 3ee6b3c07c13d026288a2774770b658a 38
19 wxkYiwjjA.exe 2bf25ffa3ca8fad7cb506b274db42b59 38
20 Wondershare_Streaming_Audio_Recorder_v2.3.5.0_Full_Crack.exe a3f95284c63ccd1c5605b1c09cb6c09b 26
21 d2ux3kihyef.exe 19891b485469fef4e8dabdca4a36f293 24
22 Y2E0NWI1ZGVlMTE1Z.exe 8a19ba332898c8eea92763628d7f1210 21
23 257596.exe 9a82e5d731f3a07c1493d806b5ed74ae 20
24 k7s7v5bgfdhnycw.exe 6b7748e77ad639f16b9dfb7e74553d4a 19
25 hd_video_player_1172686355.exe 80d205f44881647930b8d098b63ceb0f 10
26 AdService.dll e3c1f1ce01d339e2f49ffd66332d8eef 2
27 ffproductupdater.exe 72c6efa543c19cb46d18a5a770f7a3df 1
28 instloffer.exe 619efdbf4c7ef6147551a50d1bd40e69 1
More files

Registry Details

Adware Helpers creates the following registry entry or registry entries:
CLSID
{01F45309-5DDE-36CD-B0E6-C9B4BED4752B}
{198A2D6D-5D0E-4C79-9416-AA889D7CA7A6}
{27C942C5-C8BC-3CA5-AE2E-991157272004}
{354DF0BE-BE17-48C2-A4F7-BC51531779BC}
{361474FA-43A4-7088-66F5-BED6EB5500C1}
{44CB13F1-7D39-3519-958E-C7F88D27E4F5}
{4DA424B1-5AD8-3EA8-B023-96DAB08B716B}
{4E22700E-7CA9-30A1-9687-4CC130BB6388}
{616B5130-44B2-3A0B-A4D3-483417633159}
{66EBAC84-2D58-FD6A-7D99-20491A619549}
{87E1A3FC-FED3-3FF7-A11C-8443C6251976}
{9EBCA256-0416-39AD-889D-824BD3171B53}
{B6D84C58-041F-4216-9905-2D1E9742B524}
{BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24}
{C35B7206-62EB-F808-5475-18A6FDE7DD94}
{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}
Cookies
.adfox.ruluid1
.docplayer.ru
Fexchange.bitcoin.com
get-express-vpn.com
upaidonlinesites.comfonline
Directory
%ALLUSERSPROFILE%\19a87fa1ec024bbcbb41931263354405
%ALLUSERSPROFILE%\28341ff220e0446c9fff27c4493d622e
%ALLUSERSPROFILE%\Application Data\19a87fa1ec024bbcbb41931263354405
%ALLUSERSPROFILE%\Application Data\28341ff220e0446c9fff27c4493d622e
%ALLUSERSPROFILE%\Application Data\bProtectorForWindows
%ALLUSERSPROFILE%\Application Data\bzughXCIBIxiSQVB
%ALLUSERSPROFILE%\Application Data\GuaGua
%ALLUSERSPROFILE%\Application Data\haeha
%ALLUSERSPROFILE%\Application Data\MySampleService
%ALLUSERSPROFILE%\Application Data\QuestBrwSearch
%ALLUSERSPROFILE%\Application Data\xpekMjRorgkcLnVB
%ALLUSERSPROFILE%\bProtectorForWindows
%ALLUSERSPROFILE%\bzughXCIBIxiSQVB
%ALLUSERSPROFILE%\devnull
%ALLUSERSPROFILE%\GuaGua
%ALLUSERSPROFILE%\haeha
%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Shop More
%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Smart Application Controller
%ALLUSERSPROFILE%\MySampleService
%ALLUSERSPROFILE%\NetworkHostTask
%ALLUSERSPROFILE%\Pader
%ALLUSERSPROFILE%\QuestBrwSearch
%ALLUSERSPROFILE%\RarMemory
%ALLUSERSPROFILE%\sigmatechrvp
%ALLUSERSPROFILE%\xpekMjRorgkcLnVB
%APPDATA%\adgad
%APPDATA%\adgjd
%APPDATA%\adhad
%APPDATA%\aehad
%APPDATA%\aehae
%appdata%\AffiliatedUpdate
%APPDATA%\AzigcWig
%APPDATA%\behbe
%appdata%\beibe
%APPDATA%\bfibe
%APPDATA%\bfibf
%appdata%\browser assistant
%APPDATA%\cfibf
%APPDATA%\cficf
%APPDATA%\cfjcf
%APPDATA%\cgjcf
%APPDATA%\devnull
%APPDATA%\dgadg
%APPDATA%\dgjcg
%APPDATA%\dgjdg
%APPDATA%\dhadg
%APPDATA%\digitalsite
%appdata%\direct game uni installer
%APPDATA%\ehadh
%APPDATA%\ehaeh
%APPDATA%\ehbeh
%APPDATA%\eibei
%APPDATA%\fibei
%APPDATA%\Fibfi
%APPDATA%\ficfi
%APPDATA%\fjcfi
%APPDATA%\fjcfj
%APPDATA%\Fusion_ld
%APPDATA%\Fusion_ld2
%APPDATA%\gadga
%APPDATA%\gadgj
%APPDATA%\Geunfy
%APPDATA%\gjcfj
%APPDATA%\gjcgj
%APPDATA%\gjdgj
%APPDATA%\hadga
%APPDATA%\hadha
%APPDATA%\haeha
%APPDATA%\hbehb
%APPDATA%\ibehb
%APPDATA%\ibeib
%APPDATA%\ibfib
%APPDATA%\icfic
%APPDATA%\jcfic
%APPDATA%\jcgjc
%APPDATA%\jdgjc
%appdata%\kpdown
%APPDATA%\lockhomepage
%appdata%\MagicSearch
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Shop More
%APPDATA%\My-top-apps
%appdata%\NqVCodec
%APPDATA%\PotPlayerFus
%APPDATA%\SaaYaa
%APPDATA%\SchedTaskSetup
%APPDATA%\ScreenMaker2
%APPDATA%\ShopMore
%APPDATA%\SimpleNotepad
%appdata%\Smart Application Controller
%APPDATA%\spi
%appdata%\topsadon
%APPDATA%\TrailerWatch
%APPDATA%\tweakcube3
%appdata%\UpdaterEX
%APPDATA%\UpdateServ
%appdata%\valerie
%APPDATA%\VooUpdate
%appdata%\wssvchost
%appdata%\Xeeedxi
%COMMONPROGRAMFILES%\Roraccoon
%COMMONPROGRAMFILES(x86)%\alphalabtle
%COMMONPROGRAMFILES(x86)%\Roraccoon
%COMMONPROGRAMFILES(x86)%\womanhydafo
%LOCALAPPDATA%\AdService
%LOCALAPPDATA%\adworld
%LOCALAPPDATA%\BrowserHelper
%LOCALAPPDATA%\brsrv
%LOCALAPPDATA%\geckof
%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\eghdmifgjdoojlnpfflnpoeiebapknda
%LOCALAPPDATA%\Host Service
%LOCALAPPDATA%\HttpFilter
%LOCALAPPDATA%\Mojorojo
%LOCALAPPDATA%\monotype
%LOCALAPPDATA%\OneClick
%LOCALAPPDATA%\packagest
%LOCALAPPDATA%\ShdUpdate
%LOCALAPPDATA%\TECHP-Browser
%LOCALAPPDATA%\TrailerWatch
%LOCALAPPDATA%\unityp
%LOCALAPPDATA%\WhiteClick
%LOCALAPPDATA%\whiteclick llc
%LOCALAPPDATA%\Win_update
%LOCALAPPDATA%\xmarin
%LOCALAPPDATA%\xpon
%LOCALAPPDATA%\{57B961E5-7311-0D5D-1E89-28B53AE1D42D}
%PROGRAMFILES%\applica
%PROGRAMFILES%\awda
%PROGRAMFILES%\CKCpTyVyQIE
%PROGRAMFILES%\clipandbuy
%PROGRAMFILES%\Clteyghuwph
%PROGRAMFILES%\Corteli
%programfiles%\dataflow
%PROGRAMFILES%\devnull
%PROGRAMFILES%\EatPizza
%PROGRAMFILES%\fileassociationmanager
%PROGRAMFILES%\Ghostery Storage Server
%PROGRAMFILES%\GoogleTranslateForChrome
%PROGRAMFILES%\GoogleTranslateForOpera
%PROGRAMFILES%\GoogleTranslator
%PROGRAMFILES%\guagua
%PROGRAMFILES%\Icoon
%PROGRAMFILES%\IDO
%PROGRAMFILES%\InstallX
%PROGRAMFILES%\jetstrmedia
%PROGRAMFILES%\meirenli
%programfiles%\Micrasoft
%PROGRAMFILES%\Miped\QWiget
%PROGRAMFILES%\name
%PROGRAMFILES%\NbbDohHftPUn
%PROGRAMFILES%\ndfs
%PROGRAMFILES%\Phagege
%programfiles%\PriceKiteke
%PROGRAMFILES%\Qagr
%PROGRAMFILES%\QuestBrwSearch
%PROGRAMFILES%\RemindMessage
%PROGRAMFILES%\rZdaClXBU
%PROGRAMFILES%\SGPSA
%PROGRAMFILES%\Shop More
%PROGRAMFILES%\Smart Application Controller
%PROGRAMFILES%\TmtkControl
%PROGRAMFILES%\TweakCube3
%PROGRAMFILES%\Vittalia
%PROGRAMFILES%\VVSN
%PROGRAMFILES%\W3i
%PROGRAMFILES%\wannenginput
%PROGRAMFILES%\wannengzip
%PROGRAMFILES%\Windows7Master
%PROGRAMFILES%\zaabzoubi
%PROGRAMFILES%\ZDE5YjFmMGQxMDdkNz
%PROGRAMFILES(x86)%\applica
%PROGRAMFILES(x86)%\awda
%PROGRAMFILES(x86)%\CKCpTyVyQIE
%PROGRAMFILES(x86)%\clipandbuy
%PROGRAMFILES(x86)%\Clteyghuwph
%PROGRAMFILES(x86)%\Corteli
%programfiles(x86)%\dataflow
%PROGRAMFILES(x86)%\devnull
%PROGRAMFILES(x86)%\EatPizza
%PROGRAMFILES(x86)%\fileassociationmanager
%PROGRAMFILES(X86)%\Gebac
%PROGRAMFILES(x86)%\Ghostery Storage Server
%PROGRAMFILES(x86)%\GoogleTranslateForChrome
%PROGRAMFILES(x86)%\GoogleTranslateForOpera
%PROGRAMFILES(x86)%\GoogleTranslator
%PROGRAMFILES(x86)%\guagua
%PROGRAMFILES(x86)%\Icoon
%PROGRAMFILES(x86)%\IDO
%PROGRAMFILES(x86)%\InstallX
%PROGRAMFILES(x86)%\jetstrmedia
%PROGRAMFILES(x86)%\meirenli
%programfiles(x86)%\Micrasoft
%PROGRAMFILES(x86)%\Miped\QWiget
%PROGRAMFILES(x86)%\Mozilla Firefox\distribution\bundles\{9746ad1f-7f2a-4bc8-a61c-2f73d969472d}
%PROGRAMFILES(x86)%\name
%PROGRAMFILES(x86)%\NbbDohHftPUn
%PROGRAMFILES(x86)%\ndfs
%PROGRAMFILES(x86)%\oPKmscYuxO
%PROGRAMFILES(x86)%\Phagege
%PROGRAMFILES(x86)%\programs
%PROGRAMFILES(x86)%\Programz\Programz
%PROGRAMFILES(x86)%\QuestBrwSearch
%PROGRAMFILES(x86)%\RemindMessage
%PROGRAMFILES(x86)%\rZdaClXBU
%PROGRAMFILES(x86)%\SGPSA
%PROGRAMFILES(x86)%\Shop More
%PROGRAMFILES(x86)%\Smart Application Controller
%PROGRAMFILES(x86)%\smartinline
%PROGRAMFILES(x86)%\TmtkControl
%PROGRAMFILES(x86)%\TweakCube3
%PROGRAMFILES(X86)%\Vittalia
%PROGRAMFILES(x86)%\VVSN
%PROGRAMFILES(x86)%\W3i
%PROGRAMFILES(x86)%\wannenginput
%PROGRAMFILES(x86)%\wannengzip
%PROGRAMFILES(x86)%\Windows7Master
%PROGRAMFILES(x86)%\zaabzoubi
%TEMP%\Fusion_ld
%TEMP%\Fusion_ld2
%TEMP%\PotPlayerFus
%USERPROFILE%\AppData\LocalLow\Flagfox
%USERPROFILE%\Configuración local\Datos de programa\OneClick
%USERPROFILE%\Configurações Locais\Dados de aplicativos\OneClick
%USERPROFILE%\Local Settings\Application Data\AdService
%UserProfile%\Local Settings\Application Data\BrowserHelper
%USERPROFILE%\Local Settings\Application Data\geckof
%USERPROFILE%\Local Settings\Application Data\Host Service
%USERPROFILE%\Local Settings\Application Data\Mojorojo
%USERPROFILE%\Local Settings\Application Data\monotype
%USERPROFILE%\Local Settings\Application Data\OneClick
%USERPROFILE%\Local Settings\Application Data\packagest
%UserProfile%\Local Settings\Application Data\ShdUpdate
%USERPROFILE%\Local Settings\Application Data\unityp
%USERPROFILE%\Local Settings\Application Data\Win_update
%USERPROFILE%\Local Settings\Application Data\xmarin
%USERPROFILE%\Local Settings\Application Data\xpon
%windir%\cpuessentials/165271
%WINDIR%\CpuEssentials\165271
%WINDIR%\CpuEssentials\16841
%WINDIR%\cWinInfos\16610
%WINDIR%\cWinInfos\168271
%WINDIR%\Microsoft.NET\assembly\GAC_MSIL\WhiteClick
%windir%\multisessions\1612262
%windir%\superex
%WINDIR%\system32\config\systemprofile\appdata\local\WhiteClick
%WINDIR%\SystemNode
%WINDIR%\syswow64\config\systemprofile\appdata\local\WhiteClick
%WINDIR%\Syswow64\config\systemprofile\AppData\Roaming\lockhomepage
%WINDIR%\SysWOW64\CpuHeatMapping\16641
%WINDIR%\SysWOW64\CpuHeatMapping\168302
%WINDIR%\WinEssentials/516
%WINDIR%\WinInfos\16610
%WINDIR%\WinKit
%WINDIR%\xBooster
File name without path
Adult Dating.ico
big_bang_empire.lnk
BigFarm.lnk
http_digimatic.biz_0.localstorage
http_q2u3z6t7.ssl.hwcdn.net_0.localstorage
http_q2u3z6t7.ssl.hwcdn.net_0.localstorage-journal
http_tvoy-million.co_0.localstorage
http_tvoy-million.co_0.localstorage-journal
love.bengalflorican[1].xml
QWiget.lnk
RelieveStressPaint.lnk
static.cmptch[1].xml
tweakcube[1].js
Win iPhone X.ico
wnzipservice.exe
www.adnetworkperformance[1].xml
www.analyticwbb[1].xml
Regexp file mask
%ALLUSERSPROFILE%\Application Data\beleza.exe
%ALLUSERSPROFILE%\arros.vbs
%ALLUSERSPROFILE%\beleza.exe
%ALLUSERSPROFILE%\Microsoft Frame\Windows-Frame.exe
%ALLUSERSPROFILE%\updater\check-update.exe
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Shortcut to Primary output from Start (Active).lnk
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\WindowsDefenderUpdate.exe
%APPDATA%\Microsoft\WindowsDefenderUpdate.exe
%APPDATA%\NotepadApp\Notices.exe
%APPDATA%\ServiceControl\svcctl.exe
%APPDATA%\SNDA\SDUpdate\SDDUpdateSvc.dll
%APPDATA%\TextEditor\Daemon\TextEditor.exe
%APPDATA%\WindowsDefenderUpdate.exe
%LOCALAPPDATA%\dsisetup[NUMBERS].exe
%LOCALAPPDATA%\intmanager\int.exe
%LOCALAPPDATA%\nmorok.dll
%LOCALAPPDATA%\Programs\GEN\GEN.exe
%LOCALAPPDATA%\scinfo\scinfo.exe
%LOCALAPPDATA%\Unify3D\WebPlayer\Unify3DWebPlayerUpdate.exe
%LOCALAPPDATA%\updt.js
%LOCALAPPDATA%\wupdate\wupdate.exe
%PROGRAMFILES%\AdBlocker\AdBlockerService.exe
%PROGRAMFILES%\AdBlocker\Service.WinServiceHost.exe
%PROGRAMFILES%\FastWeb\config_ns1.dat
%PROGRAMFILES%\FastWeb\fastweb.exe
%PROGRAMFILES%\rsp.exe
%PROGRAMFILES%\SoftUpgrade\softup.exe
%PROGRAMFILES%\Windows Service\service.exe
%PROGRAMFILES(x86)%\AdBlocker\AdBlockerService.exe
%PROGRAMFILES(x86)%\AdBlocker\Service.WinServiceHost.exe
%PROGRAMFILES(x86)%\FastWeb\config_ns1.dat
%PROGRAMFILES(x86)%\FastWeb\fastweb.exe
%PROGRAMFILES(x86)%\IeAdsBlocker.dll
%PROGRAMFILES(x86)%\rsp.exe
%PROGRAMFILES(x86)%\SoftUpgrade\softup.exe
%PROGRAMFILES(x86)%\Windows Service\service.exe
%TEMP%\AmazonShoppingAssistant.exe
%TEMP%\DMR\dmr_[NUMBERS].exe
%TEMP%\UuU.uUu
%TEMP%\VirusRemover.exe
%TEMP%\whiteclick[RANDOM CHARACTERS].exe
%TEMP%\XVD.exe
%TEMP%\XxX.xXx
%USERPROFILE%\appinfo.exe
%USERPROFILE%\Documents\opinion\opinion.exe
%USERPROFILE%\Downloads\[RANDOM CHARACTERS] [RANDOM CHARACTERS] Neverwinter.ico
%USERPROFILE%\Downloads\Play Crossout.ico
%USERPROFILE%\Downloads\Play Warframe.ico
%USERPROFILE%\Downloads\This computer is BLOCKED[RANDOM CHARACTERS]
%USERPROFILE%\Local Settings\Application Data\dsisetup[NUMBERS].exe
%USERPROFILE%\Local Settings\Application Data\wupdate\wupdate.exe
%WINDIR%\AdBlock.exe
%WINDIR%\Provider32\Provider.dll
%WINDIR%\system32\drivers\geckof.sys
%WINDIR%\system32\drivers\packagest.sys
%WINDIR%\system32\drivers\unityp.sys
%WINDIR%\System32\Tasks\CheckControllerUpdatesUA
%WINDIR%\System32\Tasks\Microsoft\Windows\DeviceSettings\Kergedomclujers
%WINDIR%\System32\Tasks\newspagesnethowknowsm[RANDOM CHARACTERS]
%WINDIR%\System32\Tasks\newstop5orgwnorsm[RANDOM CHARACTERS]
%WINDIR%\System32\Tasks\PPI Update
%WINDIR%\System32\Tasks\ShopMore[NUMBERS]
%WINDIR%\systwin.exe
%WINDIR%\Tasks\PPI Update.job
Registry key
Software\5c55da8cbc3ab845
Software\AppDataLow\Software\Flagfox
Software\Ashampoo\Ashampoo Gadge It\THIS IS WIIIGET!
SOFTWARE\Classes\AppID\Flagfox.DLL
SOFTWARE\Classes\Flagfox.QTimeCpio
SOFTWARE\Classes\Flagfox.QTimeCpio.1
SOFTWARE\Classes\Installer\Products\931744D05C8C1604B8A4F0EB19691513
SOFTWARE\Classes\Installer\Products\ECA4AC87FC7DB8142B21E81528B265E6
SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\srv.desk-top-app.info
Software\CoinisRevShare
SOFTWARE\Cpu Heat Mapping
Software\DEF001
SOFTWARE\devnull\NetAdapter
Software\Flagfox
Software\GabPath
Software\GamesLOL AiTemp
Software\InstallPath
Software\MagicSearch
SOFTWARE\MaxPower
SOFTWARE\meirenli
Software\Microsoft\Internet Explorer\Approved Extensions\{BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24}
Software\Microsoft\Internet Explorer\DOMStorage\adnetworkperformance.com
Software\Microsoft\Internet Explorer\DOMStorage\analyticwbb.com
Software\Microsoft\Internet Explorer\DOMStorage\bengalflorican.com
Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
Software\Microsoft\Internet Explorer\DOMStorage\davebestdeals.com
Software\Microsoft\Internet Explorer\DOMStorage\love.bengalflorican.com
Software\Microsoft\Internet Explorer\DOMStorage\pstatic.davebestdeals.com
Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
Software\Microsoft\Internet Explorer\DOMStorage\static.donation-tools.org
Software\Microsoft\Internet Explorer\DOMStorage\www.adnetworkperformance.com
Software\Microsoft\Internet Explorer\DOMStorage\www.analyticwbb.com
Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\adworld.exe
SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\ExploreMedia.exe
SOFTWARE\Microsoft\Tracing\CpuEssentials_RASAPI32
SOFTWARE\Microsoft\Tracing\CpuEssentials_RASMANCS
SOFTWARE\Microsoft\Tracing\CpuHeatMapping_RASAPI32
SOFTWARE\Microsoft\Tracing\CpuHeatMapping_RASMANCS
SOFTWARE\Microsoft\Tracing\OfferInstaller_RASAPI32
SOFTWARE\Microsoft\Tracing\OfferInstaller_RASMANCS
SOFTWARE\Microsoft\Tracing\Smad_RASMANCS
SOFTWARE\Microsoft\Windows Node
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Atiwedom
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CheckControllerUpdatesUA
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lengegrawoward
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pherpght
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\AdServiceGroup
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\AdsServiceGroup
SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24}
Software\Microsoft\Windows\CurrentVersion\Run\ShopMore
Software\Microsoft\Windows\CurrentVersion\Run\THIS IS WIIIGET!
SOFTWARE\REALISTIC MEDIA INC.
Software\RuanMei\TweakCube3
Software\SaaYaa
Software\SetupCompany
Software\ShopMore
Software\Ultimate-Discounter
Software\Windows7Master
Software\Wizzlabs
SOFTWARE\Wow6432Node\Classes\AppID\Flagfox.DLL
SOFTWARE\Wow6432Node\Cpu Essentials
SOFTWARE\Wow6432Node\Cpu Heat Mapping
SOFTWARE\Wow6432Node\devnull\NetAdapter
SOFTWARE\Wow6432Node\MaxPower
SOFTWARE\Wow6432Node\meirenli
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\ExploreMedia.exe
SOFTWARE\Wow6432Node\Microsoft\Windows Node
SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\AdServiceGroup
SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\AdsServiceGroup
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24}
SOFTWARE\Wow6432Node\RuanMei\TweakCube3
Software\Wow6432Node\Windows7Master
SYSTEM\ControlSet001\services\AdService
SYSTEM\ControlSet001\services\AdsService
SYSTEM\ControlSet001\services\Bokvunnu
SYSTEM\ControlSet001\services\Citdhwa
SYSTEM\ControlSet001\services\Corteli File Checker
SYSTEM\ControlSet001\services\Ghostery Storage Server
SYSTEM\ControlSet001\services\HNService
SYSTEM\ControlSet001\Services\My Sample Service
SYSTEM\ControlSet001\services\Windows Node
SYSTEM\ControlSet001\services\zigipyro
SYSTEM\ControlSet002\services\AdService
SYSTEM\ControlSet002\services\AdsService
SYSTEM\ControlSet002\services\Bokvunnu
SYSTEM\ControlSet002\services\Citdhwa
SYSTEM\ControlSet002\services\Corteli File Checker
SYSTEM\ControlSet002\services\Ghostery Storage Server
SYSTEM\ControlSet002\services\HNService
SYSTEM\ControlSet002\Services\My Sample Service
SYSTEM\ControlSet002\services\Windows Node
SYSTEM\ControlSet002\services\zigipyro
SYSTEM\CurrentControlSet\services\AdService
SYSTEM\CurrentControlSet\services\AdsService
SYSTEM\CurrentControlSet\services\Bokvunnu
SYSTEM\CurrentControlSet\services\Citdhwa
SYSTEM\CurrentControlSet\services\Corteli File Checker
SYSTEM\CurrentControlSet\Services\CpuHeatMapping
SYSTEM\CurrentControlSet\services\Ghostery Storage Server
SYSTEM\CurrentControlSet\services\HNService
SYSTEM\CurrentControlSet\Services\My Sample Service
SYSTEM\CurrentControlSet\services\Windows Node
SYSTEM\CurrentControlSet\services\zigipyro
Uninstaller
119
adworldads
Amazon assistant 1.0
Amazon assistant 2.0
AppHelper
Applica
AS
bdraw
Corteli File Checker
disk genius 2.02
Ebayssistant 1.0
ExtensionGoogleTranslate
farmer 1.0
Gebac_is1
Host Service
Look Picture Tool
MagicSearch
Navigator
NetStream
pro 1.0
Programz 1.03
QWiget 1.0.1
ShopMore
soundplay 3.0
telezilla
TrailerWatch
TweakCube3
Windows7Master
Yahooassistant 1.0
{0D447139-C8C5-4061-8B4A-0FBE91965131}
{1fd06d23-1810-464b-b9c5-b92c28776962}_is1
{27097E83-0712-446C-821A-C2DBB0C1CDE1}
{2C1A121C-292F-460D-BA62-3B9886D0DE46}_is1
{42F8C402-22B5-42FC-BB6C-88BF4BE304E5}_is1
{6C044E1B-C2BD-4B47-9913-40407FA5854E}
{78CA4ACE-D7CF-418B-B212-8E51822B566E}
{A6AE177E-D46B-4463-AA69-B9F818E0DC4A}_is1
{AD427252-C069-49F6-A0DC-C3235CF6576D}
{C9AE19A8-4589-460C-9685-74467F26FE77}_is1
{d35e5e88-e5b8-447f-b6f4-66bc7aa638d1}
{DFAA6F11-C27B-4EC0-83AE-3AC5B124A899}
{F4139563-A744-450D-89B3-94C19B0A5DAF}

More Details on Adware Helpers

The following cookies were found:
  • ww7.greefl.com

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

One Comment

  • ralph palmer:
    7 years ago Reply

    help is needed. nothing works for me. have been tryiing all I know for three days.I was told it would be easy to get rid of safe search. not true.

Comment (1)
By GoldSparrow in Adware
Threat Scorecard
Ranking: 2
Threat Level: 20 % (Normal)
Infected Computers: 9,537,192
First Seen: January 4, 2013
Last Seen: June 1, 2022
OS(es) Affected: Windows