# AdwCleaner 7.0.1.0 - Logfile created on Wed Aug 02 19:48:07 2017 # Updated on 2017/05/08 by Malwarebytes # Running on Windows 8.1 (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** Deleted: C:\Users\Benjamin\AppData\Roaming\cacaoweb Deleted: C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 Deleted: C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F} ***** [ Files ] ***** Deleted: C:\Users\All Users\Desktop\PC Scan & Repair by Reimage.lnk Deleted: C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk Deleted: C:\Users\Benjamin\Downloads\ReimageRepair.exe Deleted: C:\Users\Benjamin\Downloads\cacaoweb.exe Deleted: C:\Users\Benjamin\Desktop\cacaoweb.exe Deleted: C:\Windows\Reimage.ini Deleted: C:\Windows\Temp\reimage.log Deleted: C:\Users\Benjamin\AppData\Local\Temp\reimage.log Deleted: C:\Users\Benjamin\AppData\Local\Temp\ReimagePackage.exe Deleted: C:\Windows\SysNative\drivers\EsgScanner.sys ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted: ReimageUpdater Deleted: Reimage Reminder ***** [ Registry ] ***** Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{66699576-1F73-40CC-9BC9-D455C816E46B}C:\users\benjamin\appdata\roaming\cacaoweb\cacaoweb.exe Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{D06D28C5-F293-40A0-90A3-E4F2E6F51516}C:\users\benjamin\appdata\roaming\cacaoweb\cacaoweb.exe Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{8CCE4AF6-9908-4AD4-B59C-63571217CD51}C:\users\benjamin\desktop\cacaoweb.exe Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{E73EBE94-0B3A-4C44-9040-40E874348F04}C:\users\benjamin\desktop\cacaoweb.exe Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{06D0B5FB-AF6F-4F68-BEE1-C803C6D40AF4}C:\users\benjamin\appdata\roaming\cacaoweb\cacaoweb.exe Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{C82855A8-9711-4F07-9549-8204A2B0475F}C:\users\benjamin\appdata\roaming\cacaoweb\cacaoweb.exe Deleted: [Key] - HKU\S-1-5-21-249751736-1960304294-1742026601-1002\Software\Corez Deleted: [Key] - HKCU\Software\Corez Deleted: [Key] - HKLM\SOFTWARE\MaxPower Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484} Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4} Deleted: [Key] - HKCU\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{58124A0B-DC32-4180-9BFF-E0E21AE34026} Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7} Deleted: [Value] - HKU\S-1-5-21-249751736-1960304294-1742026601-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cacaoweb Deleted: [Value] - HKU\S-1-5-21-249751736-1960304294-1742026601-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|WindApp Deleted: [Value] - HKU\S-1-5-21-249751736-1960304294-1742026601-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Selection Tools Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{977AE9CC-AF83-45E8-9E03-E2798216E2D5} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair Deleted: [Key] - HKU\S-1-5-21-249751736-1960304294-1742026601-1002\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief. Deleted: [Key] - HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief. Deleted: [Key] - HKLM\SOFTWARE\Reimage Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe Deleted: [Key] - HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_ Deleted: [Key] - HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_ Deleted: [Key] - HKU\S-1-5-21-249751736-1960304294-1742026601-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Crossrider Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{4AEC2270-2E5F-40C8-BE5A-E5A5264714C0} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{62163814-0C94-4DC3-BA99-5E9E2420C914} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{68AEA825-D48B-4A56-87F0-6FCE988A2C48} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7AF435BC-80A9-466E-938B-32E4482EBD65} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{85CEBABD-A775-41E2-8B67-FE06104F06ED} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{AE92A5AB-E575-4487-BCC0-96D333E5346C} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{CDB85458-AE08-4106-B699-B946FF4A61CD} Deleted: [Key] - HKU\S-1-5-21-249751736-1960304294-1742026601-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Crossrider ***** [ Firefox (and derivatives) ] ***** Plugin deleted: cacaoweb - http://www.cacaoweb.org/ ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [10087 B] - [2017/8/2 19:9:34] C:/AdwCleaner/AdwCleaner[S1].txt - [10125 B] - [2017/8/2 19:21:42] C:/AdwCleaner/AdwCleaner[S2].txt - [10193 B] - [2017/8/2 19:35:22] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########