# AdwCleaner v6.045 - Logfile created 06/04/2017 at 15:18:25 # Updated on 28/03/2017 by Malwarebytes # Database : 2017-04-04.2 [Local] # Operating System : Windows 10 Home (X64) # Username : mrpho - LAPTOP-A2FGROR1 # Running from : C:\Users\mrpho\Desktop\adwcleaner_6.045.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** Service Found: Apps_Cfg Service Found: Kyubey Service Found: Fenghtchiqesy Service Found: clean ***** [ Folders ] ***** Folder Found: C:\Users\mrpho\AppData\Local\8E5CD68F-1456867229-8344-B6FD-2C600CF5C2DC Folder Found: C:\Users\mrpho\AppData\Local\Host App Service Folder Found: C:\Users\mrpho\AppData\Local\Footper Folder Found: C:\Users\mrpho\AppData\Roaming\Tencent Folder Found: C:\Users\mrpho\AppData\Roaming\WinSAPSvc Folder Found: C:\Users\mrpho\AppData\Roaming\WinSnare Folder Found: C:\Users\mrpho\AppData\Roaming\Kyubey Folder Found: C:\Program Files\DriverSetupUtility Folder Found: C:\Program Files\Common Files\Tencent Folder Found: C:\Users\mrpho\AppData\Local\VirtualStore\Program Files (x86)\Tencent Folder Found: C:\ProgramData\DriverSetupUtility Folder Found: C:\ProgramData\Application Data\DriverSetupUtility Folder Found: C:\Program Files (x86)\Footper Folder Found: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Tencent Folder Found: C:\Users\mrpho\AppData\Local\app Folder Found: C:\Users\mrpho\AppData\Local\Host App Service Folder Found: C:\Program Files (x86)\Firefox Folder Found: C:\Users\Default\AppData\Local\Host App Service Folder Found: C:\Users\Public\Pokki Folder Found: C:\Users\mrpho\AppData\Roaming\WinSnare Folder Found: C:\Users\mrpho\AppData\Roaming\Firefox Folder Found: C:\Users\mrpho\AppData\Local\Firefox ***** [ Files ] ***** File Found: C:\WINDOWS\SysNative\drivers\TAOAccelerator64.sys File Found: C:\WINDOWS\SysNative\drivers\TFsFltX64.sys File Found: C:\WINDOWS\SysNative\drivers\TAOKernelEx64.sys File Found: C:\Yeabeats Browser.lnk File Found: C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat File Found: C:\ProgramData\webad.xml File Found: C:\ProgramData\Application Data\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat File Found: C:\ProgramData\Application Data\webad.xml File Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk File Found: C:\WINDOWS\SysWOW64\drivers\TsFltMgr.sys File Found: C:\WINDOWS\SysWOW64\drivers\TS888x64.sys File Found: C:\Users\Default\Desktop\App Explorer.lnk File Found: C:\Users\Public\Documents\temp.dat File Found: C:\Users\Public\Documents\report.dat ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** No infected shortcut found. ***** [ Scheduled Tasks ] ***** Task Found: {5C9B75DE-DA8D-49FA-9BD8-E61B673FACB6} Task Found: App Explorer Task Found: Software Update Application Task Found: Milimili ***** [ Registry ] ***** Key Found: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService Key Found: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService Key Found: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare Key Found: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare Key Found: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\googlechromeupservice Key Found: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\googlechromeupservice Key Found: HKLM\SOFTWARE\Classes\Amazon1ButtonBrowserHelper.Amazon1ButtonBHO Key Found: HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.Amazon1ButtonRuntime Key Found: HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.AmazonRuntimeServer Key Found: HKLM\SOFTWARE\Classes\AmazonAppIE.AppGateway Key Found: HKLM\SOFTWARE\Classes\AmazonAppIE.GadgetGateway Key Found: HKLM\SOFTWARE\Classes\metnsd Key Found: HKLM\SOFTWARE\Classes\PCMgrRepairIEExtensions Key Found: HKLM\SOFTWARE\Classes\qmbfile Key Found: HKLM\SOFTWARE\Classes\QMContextScan.QMContextScanMenu Key Found: HKLM\SOFTWARE\Classes\QMContextScan.QMContextScanMenu.1 Key Found: HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu Key Found: HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu.1 Key Found: HKLM\SOFTWARE\Classes\qmgcfiles Key Found: HKLM\SOFTWARE\Classes\qpakfile Key Found: HKLM\SOFTWARE\Classes\QQPCMgr.qbox Key Found: [x64] HKLM\SOFTWARE\Classes\Amazon1ButtonBrowserHelper.Amazon1ButtonBHO Key Found: [x64] HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.Amazon1ButtonRuntime Key Found: [x64] HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.AmazonRuntimeServer Key Found: [x64] HKLM\SOFTWARE\Classes\AmazonAppIE.AppGateway Key Found: [x64] HKLM\SOFTWARE\Classes\AmazonAppIE.GadgetGateway Key Found: [x64] HKLM\SOFTWARE\Classes\metnsd Key Found: [x64] HKLM\SOFTWARE\Classes\PCMgrRepairIEExtensions Key Found: [x64] HKLM\SOFTWARE\Classes\qmbfile Key Found: [x64] HKLM\SOFTWARE\Classes\QMContextScan.QMContextScanMenu Key Found: [x64] HKLM\SOFTWARE\Classes\QMContextScan.QMContextScanMenu.1 Key Found: [x64] HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu Key Found: [x64] HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu.1 Key Found: [x64] HKLM\SOFTWARE\Classes\qmgcfiles Key Found: [x64] HKLM\SOFTWARE\Classes\qpakfile Key Found: [x64] HKLM\SOFTWARE\Classes\QQPCMgr.qbox Key Found: HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1} Key Found: HKLM\SOFTWARE\Classes\AppID\{1E9BD312-7C8C-4422-906D-897F6D7714F2} Key Found: HKLM\SOFTWARE\Classes\AppID\{7A30415C-ABEE-4674-B64B-4CA145EEB0CA} Key Found: HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64} Key Found: HKLM\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E} Key Found: HKLM\SOFTWARE\Classes\CLSID\{29B6CFD5-0064-411A-8C42-9890C83F9921} Key Found: HKLM\SOFTWARE\Classes\CLSID\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1} Key Found: HKLM\SOFTWARE\Classes\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8} Key Found: HKLM\SOFTWARE\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} Key Found: HKLM\SOFTWARE\Classes\CLSID\{6557DB6C-EFE1-45AC-92A6-FBB1554B7502} Key Found: HKLM\SOFTWARE\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450} Key Found: HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E} Key Found: HKLM\SOFTWARE\Classes\Interface\{D4801E96-E7A1-45F6-B124-7A36DFB40B81} Key Found: HKLM\SOFTWARE\Classes\Interface\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1} Key Found: HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{35627C7C-DB28-4772-9A6F-7607FFCBF9FF} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{445E3964-15B0-472A-95F4-6242DD2EA066} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{593BE60A-1C6A-44F9-946D-A5EAB2D53511} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{C049F583-D724-4BAB-8F47-F13BCA41B808} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} Value Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{63332668-8CE1-445D-A5EE-25929176714E}] Key Found: HKU\.DEFAULT\Software\PopWnd Key Found: HKU\.DEFAULT\Software\UpgSvr Key Found: HKU\S-1-5-21-1594818643-2914223070-3406231903-1001\Software\PRODUCTSETUP Key Found: HKU\S-1-5-21-1594818643-2914223070-3406231903-1001\Software\Host App Service Key Found: HKU\S-1-5-21-1594818643-2914223070-3406231903-1001\Software\AutoTime Key Found: HKU\S-1-5-21-1594818643-2914223070-3406231903-1001\Software\PopWnd Key Found: HKU\S-1-5-21-1594818643-2914223070-3406231903-1001\Software\UpgSvr Key Found: HKU\S-1-5-21-1594818643-2914223070-3406231903-1001\Software\Footper Key Found: HKU\S-1-5-21-1594818643-2914223070-3406231903-1001\Software\deskapp Key Found: HKU\S-1-5-21-1594818643-2914223070-3406231903-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service Key Found: HKU\S-1-5-18\Software\PopWnd Key Found: HKU\S-1-5-18\Software\UpgSvr Key Found: HKCU\Software\PRODUCTSETUP Key Found: HKCU\Software\Host App Service Key Found: HKCU\Software\AutoTime Key Found: HKCU\Software\PopWnd Key Found: HKCU\Software\UpgSvr Key Found: HKCU\Software\Footper Key Found: HKCU\Software\deskapp Key Found: HKLM\SOFTWARE\SimpleFiles Key Found: HKLM\SOFTWARE\ScreenShot Key Found: HKLM\SOFTWARE\startpageing123Software Key Found: HKLM\SOFTWARE\Footper Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6DCCCD3-520D-4485-B642-FCC136CE12C3} Key Found: [x64] HKCU\Software\PRODUCTSETUP Key Found: [x64] HKCU\Software\Host App Service Key Found: [x64] HKCU\Software\AutoTime Key Found: [x64] HKCU\Software\PopWnd Key Found: [x64] HKCU\Software\UpgSvr Key Found: [x64] HKCU\Software\Footper Key Found: [x64] HKCU\Software\deskapp Key Found: [x64] HKLM\SOFTWARE\InterSect Alliance Key Found: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6} Key Found: HKLM\SOFTWARE\Classes\Installer\Features\3DCCCD6BD02558446B24CF1C63EC213C Key Found: HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C Key Found: HKLM\SOFTWARE\Classes\Installer\Products\3DCCCD6BD02558446B24CF1C63EC213C Key Found: HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C Key Found: [x64] HKLM\SOFTWARE\Classes\Installer\Features\3DCCCD6BD02558446B24CF1C63EC213C Key Found: [x64] HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C Key Found: [x64] HKLM\SOFTWARE\Classes\Installer\Products\3DCCCD6BD02558446B24CF1C63EC213C Key Found: [x64] HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com Key Found: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com Value Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [SpaceSoundPro] Value Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [HomePageHelper] Value Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [LightGate] Value Found: HKU\S-1-5-21-1594818643-2914223070-3406231903-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [msiql] Key Found: HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE Key Found: HKLM\SOFTWARE\MozillaPlugins\@qq.com/QQPCMgr Key Found: HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\QMContextUninstall Key Found: HKEY_CLASSES_ROOT\Folder\ShellEx\ContextMenuHandlers\QMContextUninstall Key Found: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.qq.qmchext Key Found: HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\QMContextScan Key Found: HKLM\SOFTWARE\Classes\AppID\QMContextScan.DLL Key Found: HKLM\SOFTWARE\Classes\AppID\QMContextUninstall.DLL Key Found: HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\QMContextScan Key Found: HKLM\SOFTWARE\Classes\.qbox Key Found: HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan Key Found: HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextUninstall Key Found: HKEY_CLASSES_ROOT\.qmgc Key Found: HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL Value Found: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc] Value Found: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx] Value Found: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubedZLGroupEx] Value Found: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubZLGroEx] Key Found: HKCU\SOFTWARE\Classes\ChromeHTML Key Found: HKCU\SOFTWARE\Clients\StartMenuInternet\ChromeHTML ***** [ Web browsers ] ***** No malicious Firefox based browser items found. Chrome pref Found: [C:\Users\mrpho\AppData\Local\Google\Chrome\User Data\Default\Web data] - startpageing123.com Chrome pref Found: [C:\Users\mrpho\AppData\Local\Google\Chrome\User Data\Default\Web data] - startpageing123 ************************* C:\AdwCleaner\AdwCleaner[S0].txt - [15418 Bytes] - [06/04/2017 15:04:25] C:\AdwCleaner\AdwCleaner[S1].txt - [15379 Bytes] - [06/04/2017 15:08:00] C:\AdwCleaner\AdwCleaner[S2].txt - [14881 Bytes] - [06/04/2017 15:18:25] ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [14955 Bytes] ##########