# AdwCleaner v6.043 - Logfile created 21/02/2017 at 10:18:11 # Updated on 27/01/2017 by Malwarebytes # Database : 2017-02-20.3 [Server] # Operating System : Windows 10 Home (X64) # Username : HU Dylan - DESKTOP-PVLPE67 # Running from : C:\Users\HU Dylan\Downloads\adwcleaner_6.043.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** Service Found: WinSAPSvc Service Found: Archer Service Found: ed2kidle Service Found: iThemes5 Service Found: Stuhoph ***** [ Folders ] ***** Folder Found: C:\Program Files (x86)\WinSnare(4.1.0) Folder Found: C:\Program Files (x86)\WinSnare(4.1.3) Folder Found: C:\Users\HU Dylan\AppData\Roaming\cacaoweb Folder Found: C:\Users\HU Dylan\AppData\Roaming\WinSAPSvc Folder Found: C:\Users\HU Dylan\AppData\Roaming\winsapsvc Folder Found: C:\Users\HU Dylan\AppData\Roaming\aMule Folder Found: C:\Users\HU Dylan\AppData\Roaming\WinSnare Folder Found: C:\Users\HU Dylan\AppData\Roaming\Climofabech Folder Found: C:\Users\HU Dylan\AppData\Roaming\CLIMOFABECH Folder Found: C:\Users\HU Dylan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC Folder Found: C:\ProgramData\WinSAPSvc Folder Found: C:\ProgramData\winsapsvc Folder Found: C:\ProgramData\Application Data\WinSAPSvc Folder Found: C:\ProgramData\Application Data\winsapsvc Folder Found: C:\Program Files (x86)\WinArcher Folder Found: C:\Program Files (x86)\winarcher Folder Found: C:\Program Files (x86)\Drecaward Client Folder Found: C:\Program Files (x86)\MIO Folder Found: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\Tencent Folder Found: C:\Users\HU Dylan\AppData\Roaming\WinSnare Folder Found: C:\Program Files (x86)\MIO ***** [ Files ] ***** File Found: C:\Users\HU Dylan\Downloads\cacaoweb.exe File Found: C:\Users\HU Dylan\Desktop\cacaoweb.exe File Found: C:\Program Files (x86)\Common Files\SERVICES\ITHEMES.DLL ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** No infected shortcut found. ***** [ Scheduled Tasks ] ***** Task Found: Milimili Task Found: Drecaward Client Task Found: Niiseclajuent ***** [ Registry ] ***** Key Found: HKU\.DEFAULT\Software\jhdbca Key Found: HKU\S-1-5-21-2191782336-4012611912-442011344-1001\Software\cacaoweb Key Found: HKU\S-1-5-21-2191782336-4012611912-442011344-1001\Software\PRODUCTSETUP Key Found: HKU\S-1-5-21-2191782336-4012611912-442011344-1001\Software\csastats Key Found: HKU\S-1-5-21-2191782336-4012611912-442011344-1001\Software\ICSW1.23 Key Found: HKU\S-1-5-21-2191782336-4012611912-442011344-1001\Software\MICROSOFT\wewewe Key Found: HKU\S-1-5-21-2191782336-4012611912-442011344-1001\Software\WinSnare Key Found: HKU\S-1-5-18\Software\jhdbca Key Found: HKCU\Software\cacaoweb Key Found: HKCU\Software\PRODUCTSETUP Key Found: HKCU\Software\csastats Key Found: HKCU\Software\ICSW1.23 Key Found: HKCU\Software\MICROSOFT\wewewe Key Found: HKCU\Software\WinSnare Key Found: HKLM\SOFTWARE\trotuxSoftware Key Found: HKLM\SOFTWARE\ScreenShot Key Found: HKLM\SOFTWARE\jhdbca Key Found: HKLM\SOFTWARE\WinArcher Key Found: HKLM\SOFTWARE\Ckafoyanerqeent Key Found: HKLM\SOFTWARE\dozuent.exe Key Found: HKLM\SOFTWARE\Suvosh Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2EFFD4E-D098-4845-9D56-DE75BEB35913} Key Found: [x64] HKCU\Software\cacaoweb Key Found: [x64] HKCU\Software\PRODUCTSETUP Key Found: [x64] HKCU\Software\csastats Key Found: [x64] HKCU\Software\ICSW1.23 Key Found: [x64] HKCU\Software\MICROSOFT\wewewe Key Found: [x64] HKCU\Software\WinSnare Key Found: [x64] HKLM\SOFTWARE\jhdbca Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\duba.com Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.duba.com Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\azlyrics.com Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.azlyrics.com Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\azlyrics.com Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.azlyrics.com Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\duba.com Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.duba.com Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\azlyrics.com Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.azlyrics.co Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\azlyrics.com Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.azlyrics.com Value Found: HKU\S-1-5-21-2191782336-4012611912-442011344-1001\Software\Microsoft\Windows\CurrentVersion\Run [cacaoweb] Value Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [cacaoweb] Value Found: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [cacaoweb] Key Found: HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9 Value Found: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc] Value Found: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx] Value Found: HKLM\SYSTEM\CurrentControlSet\Services\Themes [DependOnService] Value Found: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [Stuhoph] ***** [ Web browsers ] ***** No malicious Firefox based browser items found. No malicious Chromium based browser items found. ************************* C:\AdwCleaner\AdwCleaner[S0].txt - [6642 Bytes] - [21/02/2017 10:18:11] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6715 Bytes] ##########