~ ZHPCleaner v2015.6.24.282 by Nicolas Coolman (2015\06\24) ~ Run by LeonardStern (Administrator) (26/06/2015 15:44:09) ~ Site : http://www.nicolascoolman.fr ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Repair ~ Report : C:\Users\LeonardStern\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\LeonardStern\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Deactivate ~ Boot Mode : Normal (Normal boot) ~ Windows 7, 64-bit Service Pack 1 (Build 7601) ---\\ Services (8) DELETED : cherimoya (Adware.Shopper) DELETED : mailUpdate (PUP.MailUpdate) CLOSED : IHProtect Service (Adware.AgentODR) CLOSED : WindowsMangerProtect (PUP.Fuyu) CLOSED : lumywewy (Heuristic.Salus) CLOSED : insvc_1.10.0.14 (Heuristic.Optional) CLOSED : 61f76811-bdfc-40ef-a7e6-83623e1d92c3 (PUP.Shopperz) CLOSED : OmniAddrService (PUP.Sogou) ---\\ Browser internet (21) DELETED Firefox: [ed85vjtk.default] URL HomePage : hxxp://www.mystartsearch.com/?type=hp&ts=1435325256&z=86d7a9fe09cb9f83b6e4985g1z2cewe[...] (PUP.StartSearch) DELETED: [ed85vjtk.default] - user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine"); (PUP.SearchEngine) DELETED: [ed85vjtk.default] - user_pref("browser.search.searchengine.uid", "APPLEXHDDXHTS545050A7E362_TNS5193THJPU5HHJPU5HX"); (PUP.SearchEngine) DELETED: [ed85vjtk.default] - user_pref("extensions.FindRight.aul", "1395106426844"); (Adware.Sambreel) DELETED: [ed85vjtk.default] - user_pref("extensions.FindRight.irl", true); (Adware.Sambreel) DELETED: [ed85vjtk.default] - user_pref("extensions.FindRight.is", "isgiwhFR"); (Adware.Sambreel) DELETED: [ed85vjtk.default] - user_pref("extensions.FindRight.ug", "F0FE47FA-7ADD-42EF-9A7E-B3A12DEACAD0"); (Adware.Sambreel) DELETED: [ed85vjtk.default] - user_pref("extensions.PodoWeb.is", "thin"); (Adware.Sambreel) DELETED: [ed85vjtk.default] - user_pref("extensions.PodoWeb.ug", "cb73072d-2c66-ef30-1305-1d10a3c28306"); (Adware.Sambreel) DELETED: [ed85vjtk.default] - user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.5317[...] (PUP.Monetization) DELETED: [ed85vjtk.default] - user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.5317[...] (Adware.CrossRider) MOVED file: C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll [Tencent - QQMail plugin for WebKit #1.0.0.22] (Adware.TencentAddressBar) [97634B8C614FF96A2ED71BACEEAA1BCE] MOVED file: C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll [Tencent Technology (Shenzhen) Company Limited - Tencent FTN plug-in] (Adware.TencentAddressBar) [78DCFA73D5E54FA106985084D128A5C3] REPLACED Chrome Secure Preferences: "hxxp://start.mysearchdial.com/?f=1&a=dsites0301&cd=2XzuyEtN2Y1L1Qzu0AzzzzyC0D0DzyzzzztB0C0B0A0C0EzytN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2StDtB0ByEtAtAzyyDtGzzzyzy0CtGtDtA0ByDtG0E0E0AtDtGyD0DyD0F0F0DzztA0B0ByC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByBtCyE0AtA0EyCtGzy0EyEyEtG0Azyzz0EtG0B0FyDyBtGyB0AyCyDtDtAyEyEyByB0AtD2Q&cr=1081481208&ir=" (PUP.MySearchDial) REPLACED Chrome Secure Preferences: "hxxp://www.sweet-page.com/?type=hp&ts=1406554298&from=cor&uid=APPLEXHDDXHTS545050A7E362_TNS5193THJPU5HHJPU5HX" (PUP.SweetPage) REPLACED Chrome Secure Preferences: "hxxp://www.istartsurf.com/?type=hp&ts=1408264395&from=smt&uid=APPLEXHDDXHTS545050A7E362_TNS5193THJPU5HHJPU5HX" (PUP.IsStart) REPLACED Chrome Secure Preferences: "hxxp://websearch.calcitapp.info/" (PUP.CalcitApp) REPLACED Chrome Secure Preferences: "hxxp://myhome.vi-view.com/?type=hp&ts=1421280471&from=cor&uid=APPLEXHDDXHTS545050A7E362_TNS5193THJPU5HHJPU5HX" (Hijacker.MyhomeViview) REPLACED Chrome Secure Preferences: "hxxp://www.mystartsearch.com/?type=hp&ts=1422397314&from=smt&uid=APPLEXHDDXHTS545050A7E362_TNS5193THJPU5HHJPU5HX" (PUP.StartSearch) REPLACED Chrome Secure Preferences: "hxxp://www.mystartsearch.com/?type=hppp&ts=1422397351&from=smt&uid=APPLEXHDDXHTS545050A7E362_TNS5193THJPU5HHJPU5HX" (PUP.StartSearch) DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : ] (Hijacker.Proxy) ---\\ Hosts file (1) ~ The hosts file is legitimate (23) ---\\ Scheduled automatic tasks. (0) ~ No malicious items found. ---\\ Explorer ( File, Folder) (112) MOVED file: C:\Users\LeonardStern\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\??QQ.lnk [Bad : E:\Program Files (x86)\Tencent\QQ\QQProtect\Bin\QQProtect.exe] (Adware.TencentAddressBar) MOVED file: C:\Users\LeonardStern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [Bad : C:\Users\LeonardStern\AppData\Local\SmartWeb\SmartWebHelper.exe] (PUP.SmartWebSearch) MOVED file: C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll [Tencent - QQMail plugin for WebKit #1.0.0.22] (Adware.TencentAddressBar) MOVED file: C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll [Tencent Technology (Shenzhen) Company Limited - Tencent FTN plug-in] (Adware.TencentAddressBar) MOVED file: C:\Windows\System32\drivers\cherimoya.sys [Cherimoya Ltd - Cherimoya Ltd] (Adware.Shopper) MOVED file: C:\Program Files (x86)\MiuiTab\ProtectService.exe [XTab system - ProtectSvc.exe] (Adware.AgentODR) MOVED file: C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [DTools LIMITED - Windows DTools] (PUP.Fuyu) MOVED file: C:\Users\LeonardStern\AppData\Roaming\5BA99D4B-1429018124-50F5-A457-03B54361EEE9\knsc9A15.tmp (Heuristic.Salus) MOVED file: C:\Program Files\shopperz\Qqbvgtgao.exe (PUP.Shopperz) MOVED file: C:\Program Files\shopperz\Qqbvgtgao64.exe (PUP.Shopperz) MOVED file: C:\Windows\Tasks\789c24d7-b520-4824-83ac-9bc2fbb7f58b-11.job (Adware.CrossRider) MOVED file: C:\Windows\Tasks\789c24d7-b520-4824-83ac-9bc2fbb7f58b-3.job (Adware.CrossRider) MOVED file: C:\Windows\Tasks\789c24d7-b520-4824-83ac-9bc2fbb7f58b-6.job (Adware.CrossRider) MOVED file: C:\Windows\Tasks\789c24d7-b520-4824-83ac-9bc2fbb7f58b-7.job (Adware.CrossRider) MOVED file: C:\Windows\Prefetch\SOGOUCLOUD.EXE-AE6B6D40.pf (PUP.Sogou) MOVED file: C:\Windows\Prefetch\SOGOUCOMMGR.EXE-D0744C53.pf (PUP.Sogou) MOVED file: C:\Windows\Prefetch\SOGOUEXE.EXE-F4F2B499.pf (PUP.Sogou) MOVED file: C:\Windows\Prefetch\SOGOUSMARTINFO.EXE-40FEF6A4.pf (PUP.Sogou) MOVED file: C:\Windows\Prefetch\TENCENTDL.EXE-CE7E3EFE.pf (Adware.TencentAddressBar) MOVED file: C:\Windows\System32\Drivers\TAOAccelerator64.sys [Tencent - ????-TAO????????] (Adware.TencentAddressBar) MOVED file: C:\Windows\Installer\18376784.msi [Boxore OU - Windows Installer XML Toolset (3.8.1128.0)] (Adware.Boxore) MOVED file: C:\Windows\Installer\59e71ed.msi [QwertyBox Team - Windows Installer XML (3.7.1224.0)] (PUP.FrameFox) MOVED file: C:\Users\LeonardStern\Desktop\Continue AnySend Installation.lnk (PUP.ASPackage) MOVED file: C:\Users\LeonardStern\AppData\Local\Temp\comh.359596\goopdate.dll [globalUpdate - globalUpdate Update] (PUP.GlobalUpdate) MOVED file: C:\Users\LeonardStern\AppData\Local\Temp\comh.359596\goopdateres_en.dll [globalUpdate - globalUpdate Update Resource DLL] (PUP.GlobalUpdate) MOVED file: C:\Users\LeonardStern\AppData\Local\Temp\comh.359596\npglobalupdateUpdate4.dll [globalUpdate - globalUpdate Update] (PUP.GlobalUpdate) MOVED file: C:\Users\LeonardStern\AppData\Local\Temp\comh.359596\psmachine.dll [globalUpdate - globalUpdate Update] (PUP.GlobalUpdate) MOVED file: C:\Users\LeonardStern\AppData\Local\Temp\comh.359596\psuser.dll [globalUpdate - globalUpdate Update] (PUP.GlobalUpdate) MOVED file: C:\Users\LeonardStern\AppData\Local\Temp\nsf3F52.tmp\Qqygtaoxqn.exe [iCinema - I - Cinema Installer] (Adware.CrossRider) MOVED file: C:\Users\LeonardStern\AppData\Local\Temp\DwlTempFolder\temp.exe [iCinema - I - Cinema Installer] (Adware.CrossRider) MOVED file: C:\Users\LeonardStern\AppData\Local\Temp\comh.359596\globalupdate.exe [globalUpdate - globalUpdate Update] (PUP.GlobalUpdate) MOVED file: C:\Users\LeonardStern\AppData\Local\Temp\comh.359596\globalupdateBroker.exe [globalUpdate - globalUpdate Update] (PUP.GlobalUpdate) MOVED file: C:\Users\LeonardStern\AppData\Local\Temp\comh.359596\globalupdateCrashHandler.exe [globalUpdate - globalUpdate Update] (PUP.GlobalUpdate) MOVED file: C:\Users\LeonardStern\AppData\Local\Temp\comh.359596\globalupdateOnDemand.exe [globalUpdate - globalUpdate Update] (PUP.GlobalUpdate) MOVED file: C:\Users\LeonardStern\AppData\Local\Temp\SogouPinyin.ini (PUP.Sogou) MOVED file: C:\Users\LeonardStern\AppData\Local\Temp\Uninstall.exe [Copyright 2013 - ] (PUP.Optional) MOVED file: C:\Windows\Installer\{DE778E8E-5286-41FF-A85E-D41A6384DD83}\Boxore.ico (Adware.Boxore) MOVED folder: C:\Users\LeonardStern\AppData\Roaming\5BA99D4B-1429018124-50F5-A457-03B54361EEE9 (Heuristic.Salus) MOVED folder: C:\Users\LeonardStern\AppData\Roaming\5BA99D4B-1435222433-50F5-A457-03B54361EEE9 (Heuristic.Salus) MOVED folder: C:\Program Files (x86)\20e9fa4b-8227-4bcd-8827-13f438cdc295 (Adware.CrossRider) MOVED folder: C:\Program Files (x86)\d538d838-a1c1-43ce-b0a7-27f8b8c572ec (Adware.CrossRider) MOVED folder: C:\Program Files (x86)\ff8380ce-0ebd-460b-b253-ec193a0107c8 (Adware.CrossRider) MOVED folder: C:\Program Files (x86)\FastSearch (PUP.FastSearch) MOVED folder: C:\Program Files (x86)\gmsd_fr_002020012 (Adware.CrossRider) MOVED folder: C:\Program Files (x86)\gmsd_fr_005010012 (Adware.CrossRider) MOVED folder^: C:\Program Files (x86)\gmsd_fr_005010013 (Adware.CrossRider) MOVED folder: C:\Program Files (x86)\Infonaut_1.10.0.14 (PUP.Infonaut) MOVED folder: C:\Program Files (x86)\mbot_fr_014010012 (Adware.CrossRider) MOVED folder: C:\Program Files (x86)\MiuiTab (PUP.MiuiTab) MOVED folder^: C:\Program Files (x86)\SogouInput (PUP.Sogou) MOVED folder: C:\Program Files (x86)\version08SpeedCheck (PUP.SpeedCheck) MOVED folder^: C:\Program Files\shopperz (PUP.Shopperz) MOVED folder: C:\ProgramData\IHProtectUpDate (Adware.AgentODR) MOVED folder: C:\ProgramData\InstallMate (PUP.Tarma) MOVED folder: C:\ProgramData\MailUpdate (PUP.MailUpdate) MOVED folder: C:\ProgramData\WindowsMangerProtect (PUP.Fuyu) MOVED folder: C:\ProgramData\SogouPY (PUP.Sogou) MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP (Adware.GamesDesktop) MOVED folder: C:\Users\LeonardStern\AppData\Roaming\MailUpdate (PUP.MailUpdate) MOVED folder: C:\Users\LeonardStern\AppData\Roaming\mystartsearch (PUP.StartSearch) MOVED folder: C:\Users\LeonardStern\AppData\Roaming\SogouMobileTool (PUP.Sogou) MOVED folder: C:\Users\LeonardStern\Documents\Optimizer Pro (PUP.OptimizerPro) MOVED folder: C:\Users\LeonardStern\Documents\Tencent Files (Adware.TencentAddressBar) MOVED folder^: C:\Users\LeonardStern\AppData\LocalLow\SmartWeb (PUP.SmartWebSearch) MOVED folder^: C:\Users\LeonardStern\AppData\LocalLow\SogouPY (PUP.Sogou) MOVED folder: C:\Users\LeonardStern\AppData\LocalLow\SogouPY.users (PUP.Sogou) MOVED folder: C:\Users\LeonardStern\AppData\Local\globalUpdate (PUP.GlobalUpdate) MOVED folder^: C:\Users\LeonardStern\AppData\Local\gmsd_fr_005010013 (Adware.CrossRider) MOVED folder^: C:\Users\LeonardStern\AppData\Local\SmartWeb (PUP.SmartWebSearch) MOVED folder: C:\Program Files (x86)\Software (Adware.Boxore) MOVED folder: C:\ProgramData\Software (Adware.Boxore) MOVED folder: C:\Windows\Installer\MSI112B.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSI157.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSI1B78.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSI36AA.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSI45B8.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSI5B1D.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSI5D02.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSI60CA.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSI6454.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSI74C9.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSI76FB.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSI7DEF.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSI7F18.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSI811C.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSI887D.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSI8DFA.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSI926D.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSI9829.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSI9952.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSI9A6C.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSIA76.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSIC390.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSIC55B.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSICE32.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSICFF8.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSID1CD.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSIDAF2.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSIDF0E.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSIE027.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSIE84B.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSIE994.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSIEAEC.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSIEE08.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSIEF41.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSIF04C.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSIF378.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSIF721.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSIF879.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSIF9D2.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSIFA00.tmp- (Empty) MOVED folder: C:\Windows\Installer\MSIFC72.tmp- (Empty) ---\\ Registry ( Key, Value, Data) (214) DELETED value: [X64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions\\{72a94386-d7dd-4032-86b6-e013e104f0ab} [C:\Program Files\shopperz\Firefox] (PUP.Shopperz) DELETED value: [X64] HKLM\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions\\{72a94386-d7dd-4032-86b6-e013e104f0ab} [C:\Program Files\shopperz\Firefox] (PUP.Shopperz) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@qq.com/npAndroidAssistant [Tencent, Inc.] (Adware.TencentAddressBar) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@qq.com/npqscall [] (Adware.TencentAddressBar) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@qq.com/QQMiniDLPlugin [Tencent] (Adware.TencentAddressBar) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@qq.com/QQPCMgr [Tencent] (Adware.TencentAddressBar) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@qq.com/QQPhotoDrawEx [QQPhotoDrawEx] (Adware.TencentAddressBar) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@qq.com/QzoneMusic [npQzoneMusic] (Adware.TencentAddressBar) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10 [globalUpdate] (PUP.GlobalUpdate) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4 [globalUpdate] (PUP.GlobalUpdate) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@tencent.com/npQQMailWebKit,version=1.0.0.1 [] (Adware.TencentAddressBar) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@tencent.com/nptxftnWebKit,version=1.0.0.1 [] (Adware.TencentAddressBar) DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72a94386-d7dd-4032-86b6-e013e104f0ab} [shopperz Helper] (PUP.Shopperz) DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} [TSWebMon] (Adware.TencentAddressBar) DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{72a94386-d7dd-4032-86b6-e013e104f0ab} [] (PUP.Shopperz) DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72a94386-d7dd-4032-86b6-e013e104f0ab} [] (PUP.Shopperz) DELETED key*: [X64] HKLM\Software\Classes\CLSID\{72a94386-d7dd-4032-86b6-e013e104f0ab} [shopperz] (PUP.Shopperz) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{72a94386-d7dd-4032-86b6-e013e104f0ab} [shopperz] (PUP.Shopperz) DELETED key*: [X64] HKLM\Software\Classes\CLSID\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} [?????????] (Adware.TencentAddressBar) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72a94386-d7dd-4032-86b6-e013e104f0ab} [shopperz Helper] (PUP.Shopperz) DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\cherimoya [C:\Windows\System32\drivers\cherimoya.sys (Not File)] (Adware.Shopper) DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\mailUpdate [C:\ProgramData\MailUpdate\mailUpdate.exe (Not File)] (PUP.MailUpdate) DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service [C:\Program Files (x86)\MiuiTab\ProtectService.exe (Not File)] (Adware.AgentODR) DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect [C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (Not File)] (PUP.Fuyu) DELETED key*: HKCU\SOFTWARE\Follow Rules [] (Adware.Sambreel) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Follow Rules [] (Adware.Sambreel) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\SearchProtect [] (Adware.Sambreel) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Currentversion\Uninstall\SearchProtect [] (Adware.Sambreel) DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\lumywewy [C:\Users\LeonardStern\AppData\Roaming\5BA99D4B-1429018124-50F5-A457-03B54361EEE9\knsc9A15.tmp (Not File)] (Heuristic.Salus) DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\moruxefo [C:\Users\LeonardStern\AppData\Roaming\5BA99D4B-1429018124-50F5-A457-03B54361EEE9\jnsl85B4.tmp (Not File)] (Heuristic.Salus) DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\xoperoze [C:\Users\LeonardStern\AppData\Roaming\5BA99D4B-1435222433-50F5-A457-03B54361EEE9\jnso7B17.tmp (Not File)] (Heuristic.Salus) DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\zedepory [C:\Users\LeonardStern\AppData\Roaming\5BA99D4B-1435222433-50F5-A457-03B54361EEE9\hnsi909B.tmp (Not File)] (Heuristic.Salus) DELETED key*: HKCU\Software\I - Cinema-nv [] (Adware.CrossRider) DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902282} [CrossriderApp0049082.Sandbox] (Adware.CrossRider) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\I - Cinema-nv [] (Adware.CrossRider) DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\insvc_1.10.0.14 ["C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe" (Not File)] (Heuristic.Optional) DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\61f76811-bdfc-40ef-a7e6-83623e1d92c3 ["C:\Program Files\shopperz\Iijahl.exe" (Not File)] (PUP.Shopperz) DELETED key: [X64] HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service [C:\Program Files (x86)\MiuiTab\ProtectService.exe (Not File)] (Adware.AgentODR) DELETED key: [X64] HKLM\SYSTEM\CurrentControlSet\Services\mailUpdate [C:\ProgramData\MailUpdate\mailUpdate.exe (Not File)] (PUP.MailUpdate) DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\OmniAddrService ["C:\Program Files (x86)\SogouInput\Components\AddressSearch\OmniAddr\OmniAddrService.exe" /Service (Not File)] (PUP.Sogou) DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\SogouUpdate ["C:\Program Files (x86)\SogouInput\7.5.0.5550\SogouUpdate.exe" (Not File)] (PUP.Sogou) DELETED key: [X64] HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect [C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (Not File)] (PUP.Fuyu) DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ QQPCTray ["C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16066.216\QQPCTray.exe" /regrun (Not File)] (Adware.TencentAddressBar) DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fst_fr_53 [] (Adware.FreeSoftToday) DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\shopperz [C:\Program Files\shopperz\Qqbvgtgao.exe (Not File)] (PUP.Shopperz) DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\shopperz64 [C:\Program Files\shopperz\Qqbvgtgao64.exe (Not File)] (PUP.Shopperz) DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SogouCloud [C:\Program Files (x86)\SogouInput\7.5.0.5242\SogouCloud.exe (Not File)] (PUP.Sogou) DELETED key*: HKEY_USERS\S-1-5-21-322297252-72643094-3168166444-1000\Software\APN PIP [] (Toolbar.Agent) DELETED key*: HKEY_USERS\S-1-5-21-322297252-72643094-3168166444-1000\Software\AskPartnerNetwork [] (Toolbar.AskBar) DELETED key*: HKEY_USERS\S-1-5-21-322297252-72643094-3168166444-1000\Software\HomeTab [] (PUP.CertifiedToolbar) DELETED key: HKEY_USERS\S-1-5-21-322297252-72643094-3168166444-1000\Software\I - Cinema-nv [] (Adware.CrossRider) DELETED key*: HKEY_USERS\S-1-5-21-322297252-72643094-3168166444-1000\Software\Linkey [] (PUP.LinkeySearch) DELETED key*: HKEY_USERS\S-1-5-21-322297252-72643094-3168166444-1000\Software\SearchProtectWS [] (PUP.SearchProtect) DELETED key*: HKEY_USERS\S-1-5-21-322297252-72643094-3168166444-1000\Software\SimplyTech [] (PUP.SimplyTech) DELETED key*: HKEY_USERS\S-1-5-21-322297252-72643094-3168166444-1000\Software\Tencent [] (Adware.TencentAddressBar) DELETED key*: HKEY_USERS\S-1-5-21-322297252-72643094-3168166444-1000\Software\TNT2 [] (Adware.TidyNetwork) DELETED key*: HKEY_USERS\S-1-5-21-322297252-72643094-3168166444-1000\Software\Tutorials [] (PUP.AgenceExclusive) DELETED key*: HKEY_USERS\S-1-5-21-322297252-72643094-3168166444-1000\Software\TutoTag [] (PUP.AgenceExclusive) DELETED key*: HKEY_USERS\S-1-5-21-322297252-72643094-3168166444-1000\Software\WajIEnhance [] (PUP.Wajam) DELETED key*: HKEY_USERS\S-1-5-21-322297252-72643094-3168166444-1000\Software\WajIntEnhance [] (Adware.Multiplug) DELETED key*: HKEY_USERS\S-1-5-21-322297252-72643094-3168166444-1000\Software\Classes\Tencent [] (Adware.TencentAddressBar) DELETED key: HKCU\Software\APN PIP [] (Toolbar.Agent) DELETED key: HKCU\Software\AskPartnerNetwork [] (Toolbar.AskBar) DELETED key: HKCU\Software\HomeTab [] (PUP.CertifiedToolbar) DELETED key: HKCU\Software\Linkey [] (PUP.LinkeySearch) DELETED key: HKCU\Software\SearchProtectWS [] (PUP.SearchProtect) DELETED key: HKCU\Software\SimplyTech [] (PUP.SimplyTech) DELETED key: HKCU\Software\Tencent [] (Adware.TencentAddressBar) DELETED key: HKCU\Software\TNT2 [] (Adware.TidyNetwork) DELETED key*: HKCU\Software\Tutorials [] (PUP.AgenceExclusive) DELETED key: HKCU\Software\TutoTag [] (PUP.AgenceExclusive) DELETED key: HKCU\Software\WajIEnhance [] (PUP.Wajam) DELETED key: HKCU\Software\WajIntEnhance [] (Adware.Multiplug) DELETED key*: HKCU\Software\AppDataLow\Software\SmartWeb [] (PUP.SmartWebSearch) DELETED key*: HKCU\Software\AppDataLow\Software\SpeedCheck [] (PUP.SpeedCheck) DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\GUPlayer [GUPlayer (remove only)] (PUP.GUPlayer) DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP [] (Adware.IMBooster) DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar [] (Adware.IMBooster) DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey [] (PUP.LinkeySearch) DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect [] (PUP.SearchProtect) DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com [] (PUP.Vosteran) DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance [] (Adware.Multiplug) DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B5D5DBD-C857-4377-A755-06E50B4AC2B0} [C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192 (Not File)] (Adware.TencentAddressBar) DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{639B74F1-0594-432C-97C8-68C8C17A1E1D} [C:\Program Files (x86)\Tencent\QQPhoneManager (Not File)] (Adware.TencentAddressBar) DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\shoppingate.info [1324247] (PUP.ShoppinGate) DELETED key*: HKCU\Software\Mozilla\Extends [] (PUP.FastStart) DELETED key*: [X64] HKLM\SOFTWARE\Classes\BoBrowsHTM.DU4YAQO2LVDTXEBQHGUGOXUTYM [BoBrowser HTML Document] (PUP.BoBrowser) DELETED key*: [X64] HKLM\SOFTWARE\Classes\Duuqu.OneClickCtrl.9 [Duuqu Update Plugin] (PUP.FrameFox) DELETED key*: [X64] HKLM\SOFTWARE\Classes\Duuqu.OneClickProcessLauncherMachine [Duuqu.OneClickProcessLauncher] (PUP.FrameFox) DELETED key*: [X64] HKLM\SOFTWARE\Classes\Duuqu.OneClickProcessLauncherMachine.1.0 [Duuqu.OneClickProcessLauncher] (PUP.FrameFox) DELETED key*: [X64] HKLM\SOFTWARE\Classes\Duuqu.Update3WebControl.3 [Duuqu Update Plugin] (PUP.FrameFox) DELETED key*: [X64] HKLM\SOFTWARE\Classes\DuuquUpdate.CoCreateAsync [CoCreateAsync] (PUP.FrameFox) DELETED key*: [X64] HKLM\SOFTWARE\Classes\DuuquUpdate.CoCreateAsync.1.0 [CoCreateAsync] (PUP.FrameFox) DELETED key*: [X64] HKLM\SOFTWARE\Classes\DuuquUpdate.CoreClass [Duuqu Update Core Class] (PUP.FrameFox) DELETED key*: [X64] HKLM\SOFTWARE\Classes\DuuquUpdate.CoreClass.1 [Duuqu Update Core Class] (PUP.FrameFox) DELETED key*: [X64] HKLM\SOFTWARE\Classes\DuuquUpdate.CoreMachineClass [Duuqu Update Core Class] (PUP.FrameFox) DELETED key*: [X64] HKLM\SOFTWARE\Classes\DuuquUpdate.CoreMachineClass.1 [Duuqu Update Core Class] (PUP.FrameFox) DELETED key*: [X64] HKLM\SOFTWARE\Classes\DuuquUpdate.CredentialDialogMachine [DuuquUpdate CredentialDialog] (PUP.FrameFox) DELETED key*: [X64] HKLM\SOFTWARE\Classes\DuuquUpdate.CredentialDialogMachine.1.0 [DuuquUpdate CredentialDialog] (PUP.FrameFox) DELETED key*: [X64] HKLM\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassMachine [Duuqu Update Broker Class Factory] (PUP.FrameFox) DELETED key*: [X64] HKLM\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassMachine.1.0 [Duuqu Update Broker Class Factory] (PUP.FrameFox) DELETED key*: [X64] HKLM\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassMachineFallback [Duuqu Update Legacy On Demand] (PUP.FrameFox) DELETED key*: [X64] HKLM\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassMachineFallback.1.0 [Duuqu Update Legacy On Demand] (PUP.FrameFox) DELETED key*: [X64] HKLM\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassSvc [Duuqu Update Legacy On Demand] (PUP.FrameFox) DELETED key*: [X64] HKLM\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassSvc.1.0 [Duuqu Update Legacy On Demand] (PUP.FrameFox) DELETED key*: [X64] HKLM\SOFTWARE\Classes\DuuquUpdate.ProcessLauncher [Duuqu Update Process Launcher Class] (PUP.FrameFox) DELETED key*: [X64] HKLM\SOFTWARE\Classes\DuuquUpdate.ProcessLauncher.1.0 [Duuqu Update Process Launcher Class] (PUP.FrameFox) DELETED key*: [X64] HKLM\SOFTWARE\Classes\DuuquUpdate.Update3WebMachine [Duuqu Update Broker Class Factory] (PUP.FrameFox) DELETED key*: [X64] HKLM\SOFTWARE\Classes\DuuquUpdate.Update3WebMachine.1.0 [Duuqu Update Broker Class Factory] (PUP.FrameFox) DELETED key*: [X64] HKLM\SOFTWARE\Classes\DuuquUpdate.Update3WebMachineFallback [DuuquUpdate Update3Web] (PUP.FrameFox) DELETED key*: [X64] HKLM\SOFTWARE\Classes\DuuquUpdate.Update3WebMachineFallback.1.0 [DuuquUpdate Update3Web] (PUP.FrameFox) DELETED key*: [X64] HKLM\SOFTWARE\Classes\DuuquUpdate.Update3WebSvc [DuuquUpdate Update3Web] (PUP.FrameFox) DELETED key*: [X64] HKLM\SOFTWARE\Classes\DuuquUpdate.Update3WebSvc.1.0 [DuuquUpdate Update3Web] (PUP.FrameFox) DELETED key*: [X64] HKLM\SOFTWARE\Classes\Extension.Akgceyy [shopperz] (PUP.Shopperz) DELETED key*: [X64] HKLM\SOFTWARE\Classes\Extension.Akgceyy.1 [shopperz] (PUP.Shopperz) DELETED key*: [X64] HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10 [globalUpdate Update Plugin] (PUP.GlobalUpdate) DELETED key*: [X64] HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine [globalUpdate.OneClickProcessLauncher] (PUP.GlobalUpdate) DELETED key*: [X64] HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0 [globalUpdate.OneClickProcessLauncher] (PUP.GlobalUpdate) DELETED key*: [X64] HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4 [globalUpdate Update Plugin] (PUP.GlobalUpdate) DELETED key*: [X64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync [CoCreateAsync] (PUP.GlobalUpdate) DELETED key*: [X64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0 [CoCreateAsync] (PUP.GlobalUpdate) DELETED key*: [X64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass [Google Update Core Class] (PUP.GlobalUpdate) DELETED key*: [X64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1 [Google Update Core Class] (PUP.GlobalUpdate) DELETED key*: [X64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine [GoogleUpdate CredentialDialog] (PUP.GlobalUpdate) DELETED key*: [X64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0 [GoogleUpdate CredentialDialog] (PUP.GlobalUpdate) DELETED key*: [X64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine [Google Update Broker Class Factory] (PUP.GlobalUpdate) DELETED key*: [X64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0 [Google Update Broker Class Factory] (PUP.GlobalUpdate) DELETED key*: [X64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback [Google Update Legacy On Demand] (PUP.GlobalUpdate) DELETED key*: [X64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0 [Google Update Legacy On Demand] (PUP.GlobalUpdate) DELETED key*: [X64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher [Google Update Process Launcher Class] (PUP.GlobalUpdate) DELETED key*: [X64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0 [Google Update Process Launcher Class] (PUP.GlobalUpdate) DELETED key*: [X64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine [Google Update Broker Class Factory] (PUP.GlobalUpdate) DELETED key*: [X64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0 [Google Update Broker Class Factory] (PUP.GlobalUpdate) DELETED key*: [X64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback [GoogleUpdate Update3Web] (PUP.GlobalUpdate) DELETED key*: [X64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0 [GoogleUpdate Update3Web] (PUP.GlobalUpdate) DELETED key*: [X64] HKLM\SOFTWARE\Classes\Linkey.Linkey [Linkey Class] (PUP.LinkeySearch) DELETED key*: [X64] HKLM\SOFTWARE\Classes\SoftwareUpdate.OnDemandCOMClassSvc [Google Update Legacy On Demand] (Adware.Boxore) DELETED key*: [X64] HKLM\SOFTWARE\Classes\SoftwareUpdate.OnDemandCOMClassSvc.1.0 [Google Update Legacy On Demand] (Adware.Boxore) DELETED key*: [X64] HKLM\SOFTWARE\Classes\SoftwareUpdate.Update3WebSvc [SoftwareUpdate Update3Web] (Adware.Boxore) DELETED key*: [X64] HKLM\SOFTWARE\Classes\SoftwareUpdate.Update3WebSvc.1.0 [SoftwareUpdate Update3Web] (Adware.Boxore) DELETED key*: [X64] HKLM\SOFTWARE\Classes\Tencent [TencentProtocol] (Adware.TencentAddressBar) DELETED key*: [X64] HKLM\Software\Classes\Installer\Products\E8E877ED6825FF148AE54DA13648DD38 [Boxore Client] (Adware.Boxore) DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\mailUpdate [] (PUP.MailUpdate) DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect [] (PUP.Fuyu) DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windesk Winsearch [C:\Program Files (x86)\WindeskWinsearch\Windesk Winsearch.exe (Not File)] (PUP.WindeskWinsearch) DELETED key*: [X64] HKLM\SOFTWARE\shopperz [] (PUP.Shopperz) DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{72a94386-d7dd-4032-86b6-e013e104f0ab}_is1 [shopperz] (PUP.Shopperz) DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DuuquUpdate.exe [] (PUP.FrameFox) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\AskPartnerNetwork [] (Toolbar.AskBar) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Conduit [] (PUP.Conduit) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\FFPluginHp [] (PUP.SweetSearch) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\GAMESDESKTOP [] (Adware.GamesDesktop) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\I - Cinema [] (Adware.CrossRider) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\IHProtect [] (Adware.AgentODR) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Iminent [] (Adware.IMBooster) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Infonaut_1.10.0.14 [] (PUP.Infonaut) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\mystartsearchSoftware [] (PUP.StartSearch) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\searchult [] (PUP.Optional) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\shopperz [] (PUP.Shopperz) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\SupDp [] (Adware.SupTab) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\supTab [] (Adware.SupTab) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\supWindowsMangerProtect [] (PUP.Fuyu) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Tencent [] (Adware.TencentAddressBar) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Tutorials [] (PUP.AgenceExclusive) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\WajIntEnhance [] (Adware.Multiplug) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\6E1E8992-6A77-55A8-645A-F8EF44941540 [SpeedCheck-software] (PUP.SpeedCheck) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_fr_005010013_is1 [GAMESDESKTOP] (Adware.CrossRider) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP [] (Adware.IMBooster) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar [] (Adware.IMBooster) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Infonaut_1.10.0.14 [Infonaut] (PUP.Infonaut) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Linkey [] (PUP.LinkeySearch) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall [mystartsearch] (PUP.StartSearch) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb [SoftBrain Technologies Ltd.] (PUP.SmartWebSearch) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage [] (Adware.Downware) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com [] (PUP.Vosteran) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance [] (Adware.Multiplug) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\upgmsd_fr_005010013_RASAPI32 [] (Adware.CrossRider) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\upgmsd_fr_005010013_RASMANCS [] (Adware.CrossRider) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16EE6530-8649-4F42-A9E4-F6A3295AF975} [C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16066.216\ (Not File)] (Adware.TencentAddressBar) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1FA39976-7194-44E8-8DD9-A9781D289934} [E:\Program Files (x86)\Tencent\QQ\Plugin\Com.Tencent.QQPet\bin\QQPet (Not File)] (Adware.TencentAddressBar) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298} [C:\Program Files (x86)\globalUpdate\Update (Not File)] (PUP.GlobalUpdate) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} [C:\Program Files (x86)\globalUpdate\Update\1.3.25.0 (Not File)] (PUP.GlobalUpdate) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E8A77722-17C3-451a-88D0-D5F01DA120AE} [C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic (Not File)] (Adware.TencentAddressBar) DELETED key*: [X64] HKLM\Software\Classes\Installer\Features\E8E877ED6825FF148AE54DA13648DD38 [] (Adware.Boxore) DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{53D2405C-48AB-4C8A-8F59-CE0610F13BBC} [QQShellExtension Class] (Adware.TencentAddressBar) DELETED key: [X64] HKLM\SOFTWARE\Classes\CLSID\{53D2405C-48AB-4C8A-8F59-CE0610F13BBC}\InprocServer32 [E:\Program Files (x86)\Tencent\QQ\ShellExt\QQShellExt64.dll (Not File)] (Adware.TencentAddressBar) DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{5D639F05-2181-4B58-A850-9F7E5C79D5DE} [QQShellExtension64 Class] (Adware.TencentAddressBar) DELETED key: [X64] HKLM\SOFTWARE\Classes\CLSID\{5D639F05-2181-4B58-A850-9F7E5C79D5DE}\InprocServer32 [C:\Program Files (x86)\Tencent\QQ\Bin\QQShellExt64.dll (Not File)] (Adware.TencentAddressBar) DELETED key: [X64] HKLM\SOFTWARE\Classes\CLSID\{72a94386-d7dd-4032-86b6-e013e104f0ab}\InprocServer32 [C:\Program Files\shopperz\Chaae64.dll (Not File)] (PUP.Shopperz) DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{754DF2CE-51E8-4895-B53C-6381418B84AE} [QQ Master Extention] (Adware.TencentAddressBar) DELETED key: [X64] HKLM\SOFTWARE\Classes\CLSID\{754DF2CE-51E8-4895-B53C-6381418B84AE}\InprocServer32 [C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16066.216\plugins\FileSmash\QMSoftExt64.dll (Not File)] (Adware.TencentAddressBar) DELETED key: [X64] HKLM\SOFTWARE\Classes\CLSID\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}\InprocServer32 [C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16066.216\TSWebMon64.dat (Not File)] (Adware.TencentAddressBar) DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6} [PCMgr Garbage Cleaner ShellExtension] (Adware.TencentAddressBar) DELETED key: [X64] HKLM\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}\InprocServer32 [C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16066.216\QMGCShellExt64.dll (Not File)] (Adware.TencentAddressBar) DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9} [QMContextUninstallMenu Class] (Adware.TencentAddressBar) DELETED key: [X64] HKLM\SOFTWARE\Classes\CLSID\{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}\InprocServer32 [C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16066.216\QMContextUninstall64.dll (Not File)] (Adware.TencentAddressBar) DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{D4801E96-E7A1-45F6-B124-7A36DFB40B81} [PSFactoryBuffer] (Adware.TencentAddressBar) DELETED key: [X64] HKLM\SOFTWARE\Classes\CLSID\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}\InprocServer32 [C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16066.216\QMContextUninstall64.dll (Not File)] (Adware.TencentAddressBar) DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1} [PSFactoryBuffer] (Adware.TencentAddressBar) DELETED key: [X64] HKLM\SOFTWARE\Classes\CLSID\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}\InprocServer32 [C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16066.216\QMContextScan64.dll (Not File)] (Adware.TencentAddressBar) DELETED value: HKLM64\Software\Classes\.htm\OpenWithProgIDs\\BoBrowsHTM.DU4YAQO2LVDTXEBQHGUGOXUTYM [] (PUP.BoBrowser) DELETED value: HKLM64\Software\Classes\.html\OpenWithProgIDs\\BoBrowsHTM.DU4YAQO2LVDTXEBQHGUGOXUTYM [] (PUP.BoBrowser) DELETED value: HKLM64\Software\Classes\.shtml\OpenWithProgIDs\\CRSBRWSHTML [] (PUP.CrossBrowse) DELETED value: HKLM64\Software\Classes\.shtml\OpenWithProgIDs\\BoBrowsHTM.DU4YAQO2LVDTXEBQHGUGOXUTYM [] (PUP.BoBrowser) DELETED value: HKLM64\Software\Classes\.webp\OpenWithProgIDs\\CRSBRWSHTML [] (PUP.CrossBrowse) DELETED value: HKLM64\Software\Classes\.webp\OpenWithProgIDs\\BoBrowsHTM.DU4YAQO2LVDTXEBQHGUGOXUTYM [] (PUP.BoBrowser) DELETED value: HKLM64\Software\Classes\.xht\OpenWithProgIDs\\CRSBRWSHTML [] (PUP.CrossBrowse) DELETED value: HKLM64\Software\Classes\.xht\OpenWithProgIDs\\BoBrowsHTM.DU4YAQO2LVDTXEBQHGUGOXUTYM [] (PUP.BoBrowser) DELETED value: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_2B165AB03F77E1D91BB48B007185A90D ["C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window] (PUP.CrossBrowse) DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\shopperz [C:\Program Files\shopperz\Qqbvgtgao.exe] (PUP.Shopperz) DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\shopperz64 [C:\Program Files\shopperz\Qqbvgtgao64.exe] (PUP.Shopperz) DELETED value: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\SmartWeb [C:\Users\LeonardStern\AppData\Local\SmartWeb\SmartWebHelper.exe] (PUP.SmartWeb) DELETED value: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_fr_005010013 ["C:\Program Files (x86)\gmsd_fr_005010013\gmsd_fr_005010013.exe"] (Adware.CrossRider) DELETED value: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\upgmsd_fr_005010013.exe [C:\Users\LeonardStern\AppData\Local\gmsd_fr_005010013\upgmsd_fr_005010013.exe -runonce] (Adware.CrossRider) ---\\ Result of repair ~ Repair carried out successfully ~ Browser not found (Opera Software) ~ The system has been restarted. ---\\ Statistics ~ Items scanned : 1222 ~ Items found : 0 ~ Items cancelled : 0 ~ Items repaired : 363 End of clean at 15:50:49 =================== ZHPCleaner-[R]-26062015-15_50_49.txt ZHPCleaner-[S]-26062015-15_43_11.txt