Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/31/17
Scan Time: 4:30 PM
Logfile: Smi1524.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.75
Update Package Version: 1.0.1394
License: Free

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DARK-TOP\client

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 455489
Time Elapsed: 24 min, 42 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 1
Adware.Elex, C:\USERS\CLIENT\APPDATA\ROAMING\WINSNARE\WINSNARE.DLL, Quarantined, [305], [360752],1.0.1394

Registry Key: 21
PUP.Optional.MyWebShield, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\mwescontroller, Delete-on-Reboot, [642], [326162],1.0.1394
PUP.Optional.ContentDefender, HKLM\SOFTWARE\CLASSES\INTERFACE\{B910D9A1-9F21-484A-8650-82250DABF38E}, Delete-on-Reboot, [8569], [169993],1.0.1394
PUP.Optional.ContentDefender, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B910D9A1-9F21-484A-8650-82250DABF38E}, Delete-on-Reboot, [8569], [169993],1.0.1394
PUP.Optional.ContentDefender, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B910D9A1-9F21-484A-8650-82250DABF38E}, Delete-on-Reboot, [8569], [169993],1.0.1394
PUP.Optional.ContentDefender, HKLM\SOFTWARE\CLASSES\TYPELIB\{D5397E85-8AF4-414B-90FC-9F4244CD46FA}, Delete-on-Reboot, [8569], [169993],1.0.1394
PUP.Optional.ContentDefender, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{D5397E85-8AF4-414B-90FC-9F4244CD46FA}, Delete-on-Reboot, [8569], [169993],1.0.1394
PUP.Optional.ContentDefender, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D5397E85-8AF4-414B-90FC-9F4244CD46FA}, Delete-on-Reboot, [8569], [169993],1.0.1394
Adware.Elex.SHHKRST, HKLM\SOFTWARE\CLASSES\CLSID\{8A132438-0E32-11E7-9F40-64006A5CFC23}, Delete-on-Reboot, [357], [370022],1.0.1394
Adware.Elex.SHHKRST, HKLM\SOFTWARE\CLASSES\CLSID\{8A132438-0E32-11E7-9F40-64006A5CFC23}\InprocServer32, Delete-on-Reboot, [357], [370022],1.0.1394
Adware.Elex, HKLM\SOFTWARE\jhtrsq, Delete-on-Reboot, [305], [363186],1.0.1394
Trojan.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5C576EAA-9539-493C-A959-1536E3AE6CBF}, Delete-on-Reboot, [822], [356692],1.0.1394
Adware.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B559140C-3609-4E1C-BC4D-552027829F6D}, Delete-on-Reboot, [305], [364093],1.0.1394
Adware.Elex, HKLM\SOFTWARE\WOW6432NODE\jhtrsq, Delete-on-Reboot, [305], [363186],1.0.1394
PUP.Optional.Trotux, HKLM\SOFTWARE\WOW6432NODE\trotuxSoftware, Delete-on-Reboot, [420], [182848],1.0.1394
Adware.Elex, HKLM\SOFTWARE\WOW6432NODE\{84416237-6490-494D-9AD6-4994DD978971}, Delete-on-Reboot, [305], [375406],1.0.1394
PUP.Optional.Ghokswa.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\FirefoxU, Delete-on-Reboot, [891], [306582],1.0.1394
PUP.Optional.MyWebShield, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\mweshieldup, Delete-on-Reboot, [642], [326218],1.0.1394
PUP.Optional.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinSAPSvc, Delete-on-Reboot, [15], [339887],1.0.1394
Adware.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinSnare, Delete-on-Reboot, [305], [360760],1.0.1394
Adware.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Milimili, Delete-on-Reboot, [305], [364096],1.0.1394
Adware.Elex, HKU\S-1-5-18\SOFTWARE\jhtrsq, Delete-on-Reboot, [305], [363194],1.0.1394

Registry Value: 7
Adware.Elex.SHHKRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS|{8A132438-0E32-11E7-9F40-64006A5CFC23}, Delete-on-Reboot, [357], [370022],1.0.1394
Adware.Elex.SHHKRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ENABLESHELLEXECUTEHOOKS, Delete-on-Reboot, [357], [-1],0.0.0
Adware.Elex.SHHKRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ENABLESHELLEXECUTEHOOKS, Delete-on-Reboot, [357], [-1],0.0.0
Trojan.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5C576EAA-9539-493C-A959-1536E3AE6CBF}|PATH, Delete-on-Reboot, [822], [356692],1.0.1394
Adware.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B559140C-3609-4E1C-BC4D-552027829F6D}|PATH, Delete-on-Reboot, [305], [364093],1.0.1394
PUP.Optional.Ghokswa.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\FirefoxU|IMAGEPATH, Delete-on-Reboot, [891], [306582],1.0.1394
PUP.Optional.MyWebShield, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\mweshieldup|IMAGEPATH, Delete-on-Reboot, [642], [326218],1.0.1394

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 5
PUP.Optional.FakeFFProfile, C:\Users\client\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\fwpv1mw6.default-1465661669590, Delete-on-Reboot, [2790], [363173],1.0.1394
PUP.Optional.FakeFFProfile, C:\Users\client\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles, Delete-on-Reboot, [2790], [363173],1.0.1394
PUP.Optional.FakeFFProfile, C:\USERS\CLIENT\APPDATA\ROAMING\Mozilla\Firefox\naweriweentcofise, Delete-on-Reboot, [2790], [363173],1.0.1394
Adware.Elex, C:\USERS\CLIENT\APPDATA\ROAMING\WinSAPSvc, Delete-on-Reboot, [305], [375592],1.0.1394
Adware.Elex, C:\USERS\CLIENT\APPDATA\ROAMING\WinSnare, Delete-on-Reboot, [305], [360752],1.0.1394

File: 34
Adware.Elex, C:\USERS\CLIENT\APPDATA\ROAMING\WINSNARE\WINSNARE.DLL, Delete-on-Reboot, [305], [360752],1.0.1394
PUP.Optional.MyWebShield, C:\WINDOWS\SYSTEM32\DRIVERS\MWESCONTROLLER.SYS, Delete-on-Reboot, [642], [326162],1.0.1394
Adware.Elex.SHHKRST, C:\USERS\CLIENT\APPDATA\ROAMING\VAZISEFIZCH\ANHETIONLANODOM.DLL, Delete-on-Reboot, [357], [370022],1.0.1394
PUP.Optional.FakeFFProfile, C:\Users\client\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\fwpv1mw6.default-1465661669590\prefs.js, Delete-on-Reboot, [2790], [363173],1.0.1394
PUP.Optional.FakeFFProfile, C:\Users\client\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\fwpv1mw6.default-1465661669590\profiles.ini, Delete-on-Reboot, [2790], [363173],1.0.1394
PUP.Optional.FakeFFProfile, C:\Users\client\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\fwpv1mw6.default-1465661669590\search-metadata.json, Delete-on-Reboot, [2790], [363173],1.0.1394
PUP.Optional.FakeFFProfile, C:\Users\client\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\fwpv1mw6.default-1465661669590\search.json.mozlz4, Delete-on-Reboot, [2790], [363173],1.0.1394
PUP.Optional.Elex, C:\USERS\CLIENT\APPDATA\ROAMING\FIREFOX\FIREFOX\PROFILES\FWPV1MW6.DEFAULT-1465661669590\PREFS.JS, Replaced, [15], [335679],1.0.1394
PUP.Optional.Elex, C:\USERS\CLIENT\APPDATA\ROAMING\FIREFOX\FIREFOX\PROFILES\FWPV1MW6.DEFAULT-1465661669590\PREFS.JS, Replaced, [15], [335679],1.0.1394
PUP.Optional.Elex, C:\USERS\CLIENT\APPDATA\ROAMING\FIREFOX\FIREFOX\PROFILES\FWPV1MW6.DEFAULT-1465661669590\PREFS.JS, Replaced, [15], [335679],1.0.1394
PUP.Optional.Elex, C:\USERS\CLIENT\APPDATA\ROAMING\FIREFOX\FIREFOX\PROFILES\FWPV1MW6.DEFAULT-1465661669590\PREFS.JS, Replaced, [15], [335679],1.0.1394
PUP.Optional.Elex, C:\USERS\CLIENT\APPDATA\ROAMING\FIREFOX\FIREFOX\PROFILES\FWPV1MW6.DEFAULT-1465661669590\PREFS.JS, Replaced, [15], [335679],1.0.1394
PUP.Optional.Elex, C:\USERS\CLIENT\APPDATA\ROAMING\FIREFOX\FIREFOX\PROFILES\FWPV1MW6.DEFAULT-1465661669590\PREFS.JS, Replaced, [15], [335679],1.0.1394
PUP.Optional.Trotux, C:\USERS\CLIENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWPV1MW6.DEFAULT-1465661669590\PREFS.JS, Replaced, [420], [302758],1.0.1394
PUP.Optional.Trotux, C:\USERS\CLIENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWPV1MW6.DEFAULT-1465661669590\PREFS.JS, Replaced, [420], [302758],1.0.1394
PUP.Optional.Trotux, C:\USERS\CLIENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWPV1MW6.DEFAULT-1465661669590\PREFS.JS, Replaced, [420], [302758],1.0.1394
PUP.Optional.Trotux, C:\USERS\CLIENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWPV1MW6.DEFAULT-1465661669590\PREFS.JS, Replaced, [420], [302758],1.0.1394
PUP.Optional.Trotux, C:\USERS\CLIENT\APPDATA\ROAMING\PROFILES\GROSISEARASE.DEFAULT\SEARCHPLUGINS\PXBKUWBA.XML, Delete-on-Reboot, [420], [324483],1.0.1394
PUP.Optional.Trotux, C:\USERS\CLIENT\APPDATA\ROAMING\PROFILES\GROSISEARASE.DEFAULT\PREFS.JS, Replaced, [420], [324486],1.0.1394
PUP.Optional.Trotux, C:\USERS\CLIENT\APPDATA\ROAMING\PROFILES\GROSISEARASE.DEFAULT\PREFS.JS, Replaced, [420], [324486],1.0.1394
PUP.Optional.Trotux, C:\USERS\CLIENT\APPDATA\ROAMING\PROFILES\GROSISEARASE.DEFAULT\PREFS.JS, Replaced, [420], [324486],1.0.1394
PUP.Optional.Trotux, C:\USERS\CLIENT\APPDATA\ROAMING\PROFILES\GROSISEARASE.DEFAULT\PREFS.JS, Replaced, [420], [324486],1.0.1394
PUP.Optional.Trotux, C:\USERS\CLIENT\APPDATA\ROAMING\PROFILES\GROSISEARASE.DEFAULT\PREFS.JS, Replaced, [420], [324486],1.0.1394
PUP.Optional.Trotux, C:\USERS\CLIENT\APPDATA\ROAMING\PROFILES\GROSISEARASE.DEFAULT\PREFS.JS, Replaced, [420], [324486],1.0.1394
PUP.Optional.Trotux, C:\USERS\CLIENT\APPDATA\ROAMING\PROFILES\GROSISEARASE.DEFAULT\PREFS.JS, Replaced, [420], [324486],1.0.1394
Adware.Elex, C:\USERS\CLIENT\APPDATA\LOCAL\TEMP\~BK8367.TMP, Delete-on-Reboot, [305], [350504],1.0.1394
Adware.Elex, C:\USERS\CLIENT\APPDATA\LOCAL\TEMP\1\YACQQ.EXE, Delete-on-Reboot, [305], [350504],1.0.1394
RiskWare.DontStealOurSoftware, C:\USERS\CLIENT\APPDATA\LOCAL\TEMP\99807531\MALWAREBYTES PREMIUM V3.0.6.1469 FINAL   CRACK  _L.EXE, Delete-on-Reboot, [902], [77940],1.0.1394
RiskWare.DontStealOurSoftware, C:\USERS\CLIENT\APPDATA\LOCAL\TEMP\RAR$EXA0.063\MALWAREBYTES.PREMIUM.V3.0.6.1469.DC.01.03.2017.FINAL.MULTILINGUAL-P2P\MALWAREBYTES ANTI-MALWARE_V3_CONSOLE_KEYGEN_V1.0_DFOX_URET.RAR, Delete-on-Reboot, [902], [353537],1.0.1394
RiskWare.DontStealOurSoftware, C:\USERS\CLIENT\APPDATA\LOCAL\TEMP\RAR$EXA0.063\MALWAREBYTES.PREMIUM.V3.0.6.1469.DC.01.03.2017.FINAL.MULTILINGUAL-P2P\MALWAREBYTES_ANTI-MALWARE_KEYGEN_V1.5_URET.RAR, Delete-on-Reboot, [902], [77941],1.0.1394
RiskWare.DontStealOurSoftware, C:\USERS\CLIENT\APPDATA\LOCAL\TEMP\RAR$EXA0.038\MALWAREBYTES_ANTI-MALWARE_KEYGEN_V1.5_URET.EXE, Delete-on-Reboot, [902], [77941],1.0.1394
RiskWare.DontStealOurSoftware, C:\USERS\CLIENT\APPDATA\LOCAL\TEMP\RAR$EXA0.908\MALWAREBYTES_ANTI-MALWARE_KEYGEN_V1.5_URET.EXE, Delete-on-Reboot, [902], [77941],1.0.1394
RiskWare.Tool.HCK, C:\USERS\CLIENT\DOWNLOADS\KRT_5.0.0.112.RAR, Delete-on-Reboot, [2562], [69818],1.0.1394
Adware.Elex, C:\WINDOWS\SYSTEM32\TASKS\MILIMILI, Delete-on-Reboot, [305], [364099],1.0.1394

Physical Sector: 0
(No malicious items detected)


(end)