# AdwCleaner v6.045 - Logfile created 14/04/2017 at 19:46:40 # Updated on 28/03/2017 by Malwarebytes # Database : 2017-04-13.1 [Local] # Operating System : Windows 10 Pro (X64) # Username : Paull - DESKTOP-RPI8QGR # Running from : C:\Users\Paull\Desktop\adwcleaner_6.045.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** Service Found: surfeasyvpn ***** [ Folders ] ***** Folder Found: C:\Users\Paull\AppData\Local\jawego Folder Found: C:\Users\Paull\AppData\Local\Jawego\PC Protector Plus Folder Found: C:\Users\Paull\AppData\Roaming\Browser-Security Folder Found: C:\Users\Paull\AppData\Roaming\cacaoweb Folder Found: C:\Users\Paull\AppData\Roaming\ParetoLogic Folder Found: C:\Users\Paull\AppData\Roaming\Event Monitor Folder Found: C:\Users\Paull\AppData\Roaming\PCPRJ Folder Found: C:\Users\Paull\AppData\Roaming\jawego Folder Found: C:\Users\Paull\AppData\Roaming\PARETOLOGIC Folder Found: C:\Users\Paull\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic Folder Found: C:\Users\Paull\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PARETOLOGIC Folder Found: C:\Program Files\ByteFence Folder Found: C:\ProgramData\ParetoLogic Folder Found: C:\ProgramData\lavasoft\web companion Folder Found: C:\ProgramData\PARETOLOGIC Folder Found: C:\ProgramData\Application Data\ParetoLogic Folder Found: C:\ProgramData\Application Data\lavasoft\web companion Folder Found: C:\ProgramData\Application Data\PARETOLOGIC Folder Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion Folder Found: C:\Program Files (x86)\ParetoLogic Folder Found: C:\Program Files (x86)\PARETOLOGIC Folder Found: C:\Program Files (x86)\Common Files\ParetoLogic Folder Found: C:\Program Files (x86)\Common Files\PARETOLOGIC Folder Found: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\LavasoftTcpService Folder Found: C:\Users\Paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd Folder Found: C:\Users\Paull\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej ***** [ Files ] ***** File Found: C:\WINDOWS\SysNative\LavasoftTcpService64.dll File Found: C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini File Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk File Found: C:\WINDOWS\SysWOW64\lavasofttcpservice.dll File Found: C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini File Found: C:\Users\Paull\AppData\Roaming\Mozilla\Firefox\Profiles\5wlf72ip.default\searchplugins\yahoo-lavasoft.xml ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** No infected shortcut found. ***** [ Scheduled Tasks ] ***** Task Found: PC Health Advisor Task Found: PC Health Advisor Defrag Task Found: LaunchPreSignup ***** [ Registry ] ***** Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1 Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1 Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1 Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1 Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1 Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1 Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1 Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController Key Found: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1 Key Found: HKLM\SOFTWARE\Classes\uus3url-pl Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1 Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1 Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1 Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1 Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1 Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1 Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1 Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController Key Found: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1 Key Found: [x64] HKLM\SOFTWARE\Classes\uus3url-pl Key Found: HKLM\SOFTWARE\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB} Key Found: HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9} Key Found: HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4} Key Found: HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D} Key Found: HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD} Key Found: HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519} Key Found: HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF} Key Found: HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890} Key Found: HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057} Key Found: HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\Software\cacaoweb Key Found: HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\Software\Jawego Key Found: HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\Software\ParetoLogic Key Found: HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\Software\PRODUCTSETUP Key Found: HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\Software\PC Key Found: HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\Software\Lavasoft\Web Companion Key Found: HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\Software\csastats Key Found: HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\Software\Event Monitor Key Found: HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\Software\ICSW1.22 Key Found: HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\Software\PCPRJ Key Found: HKCU\Software\cacaoweb Key Found: HKCU\Software\Jawego Key Found: HKCU\Software\ParetoLogic Key Found: HKCU\Software\PRODUCTSETUP Key Found: HKCU\Software\PC Key Found: HKCU\Software\Lavasoft\Web Companion Key Found: HKCU\Software\csastats Key Found: HKCU\Software\Event Monitor Key Found: HKCU\Software\ICSW1.22 Key Found: HKCU\Software\PCPRJ Key Found: HKLM\SOFTWARE\ByteFence Key Found: HKLM\SOFTWARE\Jawego Key Found: HKLM\SOFTWARE\ParetoLogic Key Found: HKLM\SOFTWARE\PC Key Found: HKLM\SOFTWARE\Lavasoft\Web Companion Key Found: HKLM\SOFTWARE\Event Monitor Key Found: HKLM\SOFTWARE\PCPRJ Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser-Security Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winsearch Key Found: [x64] HKCU\Software\cacaoweb Key Found: [x64] HKCU\Software\Jawego Key Found: [x64] HKCU\Software\ParetoLogic Key Found: [x64] HKCU\Software\PRODUCTSETUP Key Found: [x64] HKCU\Software\PC Key Found: [x64] HKCU\Software\Lavasoft\Web Companion Key Found: [x64] HKCU\Software\csastats Key Found: [x64] HKCU\Software\Event Monitor Key Found: [x64] HKCU\Software\ICSW1.22 Key Found: [x64] HKCU\Software\PCPRJ Key Found: [x64] HKLM\SOFTWARE\ByteFence Data Found: HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://fr.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://fr.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10118__161230__yaie Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://fr.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10118__161230__yaie Data Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dmontlsfs_16_27¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3 Key Found: HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com Value Found: HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\Software\Microsoft\Windows\CurrentVersion\Run [cacaoweb] Value Found: HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [cacaoweb] Value Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [cacaoweb] Value Found: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [cacaoweb] Value Found: HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion] Value Found: HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Web Companion] Value Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion] Value Found: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion] Value Found: HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [safe_urls768] Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Key Found: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Key Found: HKLM\SOFTWARE\Classes\AppID\LavasoftTcpService.exe Key Found: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd Key Found: [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd Key Found: HKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej Key Found: HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej Key Found: [x64] HKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej Key Found: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej ***** [ Web browsers ] ***** Firefox pref Found: [C:\Users\Paull\AppData\Roaming\Mozilla\Firefox\Profiles\5wlf72ip.default\prefs.js] - "browser.newtab.url" - "hxxps://fr.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ Firefox pref Found: [C:\Users\Paull\AppData\Roaming\Mozilla\Firefox\Profiles\5wlf72ip.default\prefs.js] - "browser.newtabpage.url" - "hxxps://fr.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ Firefox pref Found: [C:\Users\Paull\AppData\Roaming\Mozilla\Firefox\Profiles\5wlf72ip.default\prefs.js] - "browser.startup.homepage" - "hxxps://fr.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0 Chrome pref Found: [C:\Users\Paull\AppData\Local\Chromium\User Data\Default\Web data] - yahoo! powered Chrome pref Found: [C:\Users\Paull\AppData\Local\Chromium\User Data\Default\Secure Preferences] - hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_nrssi_16_25¶m1=1¶m2=f%3D7%26b%3 Chrome pref Found: [C:\Users\Paull\AppData\Local\Chromium\User Data\Default\Secure Preferences ] - fcfenmboojpjinhpgggodefccipikbpd Chrome pref Found: [C:\Users\Paull\AppData\Local\Chromium\User Data\Default\Secure Preferences ] - pilplloabdedfmialnfchjomjmpjcoej Chrome pref Found: [C:\Users\Paull\AppData\Local\Chromium\User Data\Default\Secure Preferences ] - hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_nrssi_16_25¶m1=1¶m2=f%3D1%26b% Chrome pref Found: [C:\Users\Paull\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com Chrome pref Found: [C:\Users\Paull\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com Chrome pref Found: [C:\Users\Paull\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - fcfenmboojpjinhpgggodefccipikbpd Chrome pref Found: [C:\Users\Paull\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - pilplloabdedfmialnfchjomjmpjcoej ************************* C:\AdwCleaner\AdwCleaner[S0].txt - [14748 Bytes] - [14/04/2017 19:29:46] C:\AdwCleaner\AdwCleaner[S1].txt - [14479 Bytes] - [14/04/2017 19:46:40] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [14553 Bytes] ##########