Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unwanted Program Taking Up Cpu and Chrome Popups


  • Please log in to reply
11 replies to this topic

#1 Flameikorn

Flameikorn

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 14 June 2016 - 11:10 PM

I made a stupid mistake of installing a rom from a shady website. I uninstalled the program as well as all of the programs it brought with it, but a remaining .exe roaming file is taking up all of my cpu and making all my programs really slow, as well as having chrome popups making using the internet a lot harder

Edited by Platypus, 14 June 2016 - 11:30 PM.
Moved to more appropriate forum


BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:43 AM

Posted 15 June 2016 - 02:53 PM

Scan & Clean With Ads Fix

 

  • Disable Windows Defender & Antivirus Prior To Running This Tool!!
  • Save Ads Fix to your desktop.
  • Right Click & Run As Administrator.
  • You will then be prompted to install Certificates.
  • Install then click OK.
  • Right Click & Run As Administrator Again.
  • Click Options then select Unlock the deletion.
  • Then click on clean.

Reset Host File

 

 

  • Click here to download RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.
  • Click on Restaurer, then click OK at the prompt.
  • This will restore the default host file.
  • Next Click on Creer Un Rapport.
  • This will open a logfile, post that in your next reply.

 

 

Pre_Scan

 

Please download Pre_Scan.

Save it to your desktop.

Disable your antivirus, and windows defender.

Close All open work Pre_Scan will close all processes to run.

Right Click Run as Admin.

Allow completion, when it completes the program will reboot your machine and open a log.

Please post that log here in your next reply.

 

 

 

9-Lab Scan.

 

  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon  run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean 
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.


#3 Flameikorn

Flameikorn
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 15 June 2016 - 05:21 PM

-|x| RstHosts v2.0 - Rapport créé le 15/06/2016 à 18:15:04
-|x| Système d'exploitation : Windows 8 (64 bits)
-|x| Nom d'utilisateur : Owner - PC (Administrateur)

-|x|- Informations -|x|-

Emplacement : C:\windows\System32\drivers\etc\hosts
Attribut(s) : RASH
Propriétaire : Administrators - BUILTIN
Taille : 89 bytes
Date de création : 26/07/2012 - 01:26:52
Date de modification : 15/06/2016 - 18:15:02
Date de dernier accès : 15/06/2016 - 18:15:02

-|x|- Contenu du fichier -|x|-

# Fichier Hosts créé par RstHosts

127.0.0.1 localhost
::1 localhost

-|x|- E.O.F - C:\RstHosts.txt - 591 bytes -|x|-

#4 Flameikorn

Flameikorn
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 15 June 2016 - 05:23 PM

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 6_13.06.2016.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 17:26:22

Updated 13/06/2016 | 18.25 by g3n-h@ckm@n
Contact : http://www.sosvirus.net/
Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html

[Owner (Administrator)] - [PC]
SID = S-1-5-21-4212428726-1541662022-3676039007-1001

Boot: Normal boot
System : Windows 8 (64 bits) Core
ProcessorNameString : Intel® Core™ i3-2130 CPU @ 3.40GHz
Identifier : Intel64 Family 6 Model 42 Stepping 7

Memory RAM = Total (MB) : 4072 | Free (MB) : 3063
Pagefile = Total (MB) : 6414 | Free (MB) : 5255
Virtual = Total (MB) : 4194 | Free (MB) : 3980

¤¤¤¤¤¤¤¤¤¤ # Components of starting up

C:\windows\Setup\Scripts\SetupComplete.cmd

¤¤¤¤¤¤¤¤¤¤¤ # Drives

D:\-> [Fixed] | [Recovery Image] | Total : 19.36 Go | Free : 2.39 Go -> NTFS [SATA]
C:\-> [Fixed] | [OS] | Total : 910.24 Go | Free : 382.9 Go -> NTFS [SATA]

¤¤¤¤¤¤¤¤¤¤ # Windows updates

Last detection : 2016-06-15 01:42:23
Downloaded last ones : 2016-06-15 01:47:52
Installed last ones : 2016-06-14 13:47:02
Next search : 2016-06-15 23:14:24

Microsoft : +

Windows 8.1 not installed !!!


¤¤¤¤¤¤¤¤¤¤ # Sessions

C:\windows\system32\config\systemprofile
C:\Windows\ServiceProfiles\LocalService
C:\Windows\ServiceProfiles\NetworkService
C:\Users\Owner
C:\Users\Jack
C:\Users\Guest

Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [15.06.2016 @ 17_22_24])
To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore

¤¤¤¤¤¤¤¤¤¤ # Browsers

IE : 10.0.9200.17377 (© Microsoft Corporation.)
FF : 47.0.0.5999 (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 51.0.2704.84 (Copyright 2015 Google Inc.)

¤¤¤¤¤¤¤¤¤¤ # FlashPlayer

ActiveX : 19.0.0.185
Plugin : 20.0.0.235
WMI : /!\
WU: Windows Update Service [Manual(3)] = stopped
AS: Windows Defender [Manual(3)] = stopped
FW: Windows FireWall Service [Auto(2)] = Running

¤¤¤¤¤¤¤¤¤¤ # Stopped processes

1068 | [Owner : |Parent : 564] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.2.9200.16384) = C:\windows\System32\spoolsv.exe
1240 | [Owner : SYSTEM |Parent : 564] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.7.4.0) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1280 | [Owner : SYSTEM |Parent : 564] - (.Apple Inc. - MobileDeviceService.) - (17.364.0.22) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1380 | [Owner : SYSTEM |Parent : 564] - (.Apple Inc. - Bonjour Service.) - (3.0.0.10) = C:\Program Files\Bonjour\mDNSResponder.exe
1416 | [Owner : SYSTEM |Parent : 564] - (.Microsoft Corporation - Updates Skype Click to Call.) - (8.3.0.9150) = C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
1480 | [Owner : NETWORK SERVICE |Parent : 564] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) - (8.3.0.9150) = C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
1524 | [Owner : SYSTEM |Parent : 564] - (. - .) - (0.0.0.0) = C:\Users\Owner\AppData\Roaming\Rikfootov\Rikfootov.exe
1592 | [Owner : LOCAL SERVICE |Parent : 932] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (6.2.9200.16384) = C:\windows\System32\dasHost.exe
1760 | [Owner : SYSTEM |Parent : 564] - (.Intel® Corporation - Intel® Capability Licensing Service Interface.) - (1.24.388.1) = C:\Program Files\Intel\iCLS Client\HeciServer.exe
1780 | [Owner : SYSTEM |Parent : 564] - (.Intel Corporation - Intel® Dynamic Application Loader Host Interface.) - (8.1.0.1252) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
1880 | [Owner : SYSTEM |Parent : 564] - (. - Reason Core Security Bundle Protection.) - (0.4.3.0) = C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
1948 | [Owner : SYSTEM |Parent : 564] - (.Reason Software Company Inc. - Reason Core Security Engine Service.) - (1.1.2.0) = C:\Program Files\Reason\Security\rsEngineSvc.exe
3056 | [Owner : |Parent : 564] - (.Microsoft Corporation - Microsoft Software Protection Platform Service.) - (6.2.9200.16693) = C:\windows\System32\sppsvc.exe
668 | [Owner : SYSTEM |Parent : 564] - (.Hewlett-Packard Company - HP Support Assistant Service.) - (7.0.33.2) = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
2948 | [Owner : SYSTEM |Parent : 564] - (.Intel Corporation - Intel® ME Service.) - (8.1.0.1256) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2748 | [Owner : SYSTEM |Parent : 564] - (.Intel Corporation - Local Manageability Service.) - (8.1.0.1252) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
2876 | [Owner : SYSTEM |Parent : 564] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.9200.16578) = C:\windows\System32\SearchIndexer.exe
1848 | [Owner : SYSTEM |Parent : 564] - (.Intel Corporation - User Notification Service.) - (8.1.0.1252) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
224 | [Owner : SYSTEM |Parent : 564] - (.Apple Inc. - iPodService Module (64-bit).) - (12.1.3.6) = C:\Program Files\iPod\bin\iPodService.exe
4896 | [Owner : SYSTEM |Parent : 564] - (.Hi-Rez Studios - HiPatchService.) - (4.1.5.9) = C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
2172 | [Owner : Owner |Parent : 564] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.2.9200.16547) = C:\windows\System32\taskhostex.exe
5348 | [Owner : Owner |Parent : 3092] - (.Microsoft Corporation - Windows Explorer.) - (6.2.9200.16628) = C:\windows\explorer.exe
6032 | [Owner : Owner |Parent : 4648] - (.DotC United Inc - MPC Browser Protect Module for X64.) - (3.4.9883.323) = C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe
1892 | [Owner : Owner |Parent : 5348] - (.Apple Inc. - iTunesHelper.) - (12.1.3.6) = C:\Program Files\iTunes\iTunesHelper.exe
5744 | [Owner : Owner |Parent : 5348] - (.Spotify Ltd - SpotifyWebHelper.) - (1.0.28.87) = C:\Users\Owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe
3132 | [Owner : Owner |Parent : 5348] - (.MY.COM B.V. - MY.COM GAME CENTER.) - (3.0.182.33874) = C:\Users\Owner\AppData\Local\MyComGames\MyComGames.exe
1736 | [Owner : Owner |Parent : 880] - (.Nico Mak Computing - File Association Helper.) - (2.0.41.28319) = C:\Program Files\WinZip\FAH\FAHWindow64.exe
2652 | [Owner : Owner |Parent : 5348] - (.WinZip Computing, S.L. - WinZip Preloader.) - (19.5.11477.0) = C:\Program Files\WinZip\WzPreloader.exe
4064 | [Owner : Owner |Parent : 5996] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) - (1.7.4.0) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
5472 | [Owner : Owner |Parent : 5996] - (.Oracle Corporation - Java™ Update Scheduler.) - (2.1.67.1) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3864 | [Owner : Owner |Parent : 5348] - (.Google Inc. - Google Chrome.) - (51.0.2704.84) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
4840 | [Owner : Owner |Parent : 3864] - (.Google Inc. - Google Chrome.) - (51.0.2704.84) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
4548 | [Owner : Owner |Parent : 820] - (.Microsoft Corporation - Task Scheduler Engine.) - (6.2.9200.16420) = C:\windows\System32\taskeng.exe
6060 | [Owner : Owner |Parent : 5348] - (. - .) - (2.0.0.0) = C:\Users\Owner\Desktop\rsthosts_2.0.exe
4884 | [Owner : Owner |Parent : 6060] - (.Microsoft Corporation - Notepad.) - (6.2.9200.17434) = C:\windows\SysWOW64\notepad.exe

¤¤¤¤¤¤¤¤¤¤ # Winlogon user


¤¤¤¤¤¤¤¤¤¤ # Winlogon machine

Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : C:\windows\system32\userinit.exe, -> C:\windows\SYSWOW64\userinit.exe,

¤¤¤¤¤¤¤¤¤¤ # SafeBoot

Safeboot Keys are O.K

Alternate shell is OK !



Repaired : [HKLM | Minimal\WinMgmt] : -> Service
Repaired : [HKLM | Minimal\BasicDisplay.sys] : Driver -> Service
Repaired : [HKLM | Minimal\BasicRender.sys] : Driver -> Service
Repaired : [HKLM | Minimal\dxgkrnl.sys] : Driver -> Service
Repaired : [HKLM | Minimal\FsDepends.sys] : Driver -> Service
Repaired : [HKLM | Minimal\vga.sys] : -> Driver
Repaired : [HKLM | Minimal\vgasave.sys] : -> Driver



Repaired : [HKLM | Network\WinMgmt] : -> Service
Repaired : [HKLM | Network\vga.sys] : -> Driver
Repaired : [HKLM | Network\vgasave.sys] : -> Driver

¤¤¤¤¤¤¤¤¤¤ # IFEO


¤¤¤¤¤¤¤¤¤¤ # Mountpoints2



¤¤¤¤¤¤¤¤¤¤ # Windows

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

¤¤¤¤¤¤¤¤¤¤ # Security center




¤¤¤¤¤¤¤¤¤¤ # Services

Service : WINMGMT : Restored

Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : -> 0
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] : -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] : -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : 0 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 4 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\windefend]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2

¤¤¤¤¤¤¤¤¤¤ # Internet Explorer


¤¤¤¤¤¤¤¤¤¤ # reparsepoint



¤¤¤¤¤¤¤¤¤¤ # Offsets


¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry

Deleted service : Adobe Licensing Console

Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4212428726-1541662022-3676039007-1001\$IB4QG96.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4212428726-1541662022-3676039007-1006\$I0U3TEV.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4212428726-1541662022-3676039007-1006\$I3GM96G.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4212428726-1541662022-3676039007-1006\$I7DVVLA.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4212428726-1541662022-3676039007-1006\$ITR4WSJ.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4212428726-1541662022-3676039007-1006\$IX0VQHE.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4212428726-1541662022-3676039007-1006\$R7DVVLA.exe
Deleted : HKU\S-1-5-21-4212428726-1541662022-3676039007-1001\Software\(null)
Deleted : HKU\S-1-5-21-4212428726-1541662022-3676039007-1001\Software\osu!
Deleted : HKU\S-1-5-21-4212428726-1541662022-3676039007-1001\Software\Nico Mak Computing
Deleted : HKLM\Software\5da059a482fd494db3f252126fbc3d5b
Deleted : HKLM\Software\Nico Mak Computing
Deleted : HKLM\Software\WOW6432Node\5da059a482fd494db3f252126fbc3d5b
Deleted : HKLM\Software\WOW6432Node\Nico Mak Computing

Moved to quarantine successfully : C:\ProgramData\SMRResults322.dat
Moved to quarantine successfully : C:\ProgramData\smp2.exe
Moved to quarantine successfully : C:\Users\Owner\AppData\Roaming\Rikfootov
Moved to quarantine successfully : C:\Users\Owner\AppData\Roaming\WebApp

¤¤¤¤¤¤¤¤¤¤ # ADS


Prefetch -> cleaned


D:\ : Vaccinated (Vaccin created by Pre_Scan)

���������� | Hidden files

~ [Drive D:] : Hidden : 19 | Restored : 19
~ [Drive C:] : Hidden : 3 | Restored : 3
~ [Program Files] : Hidden : 9 | Restored : 9
~ [Users] : Hidden : 2 | Restored : 2
~ [Pictures] : Hidden : 5 | Restored : 5
~ [Windows] : Hidden : 457 | Restored : 194
~ [AppData] : Hidden : 20 | Restored : 20


¤¤¤¤¤¤¤¤¤¤ # Drives

Disk: 0 Size=954G
Pos MBRndx Type/Name Size Active Hide Start Sector Sectors
--- ------ ---------- ---- ------ ---- ------------ ------------
0 0 EE-UNKNWN 21.0T No No 1 294,967,295

¤¤¤¤¤¤¤¤¤¤

Repaired : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1
Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : -> 1

End : 18:07:11


¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 239
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 6_13.06.2016.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 17:26:22

Updated 13/06/2016 | 18.25 by g3n-h@ckm@n
Contact : http://www.sosvirus.net/
Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html

[Owner (Administrator)] - [PC]
SID = S-1-5-21-4212428726-1541662022-3676039007-1001

Boot: Normal boot
System : Windows 8 (64 bits) Core
ProcessorNameString : Intel® Core™ i3-2130 CPU @ 3.40GHz
Identifier : Intel64 Family 6 Model 42 Stepping 7

Memory RAM = Total (MB) : 4072 | Free (MB) : 3063
Pagefile = Total (MB) : 6414 | Free (MB) : 5255
Virtual = Total (MB) : 4194 | Free (MB) : 3980

¤¤¤¤¤¤¤¤¤¤ # Components of starting up

C:\windows\Setup\Scripts\SetupComplete.cmd

¤¤¤¤¤¤¤¤¤¤¤ # Drives

D:\-> [Fixed] | [Recovery Image] | Total : 19.36 Go | Free : 2.39 Go -> NTFS [SATA]
C:\-> [Fixed] | [OS] | Total : 910.24 Go | Free : 382.9 Go -> NTFS [SATA]

¤¤¤¤¤¤¤¤¤¤ # Windows updates

Last detection : 2016-06-15 01:42:23
Downloaded last ones : 2016-06-15 01:47:52
Installed last ones : 2016-06-14 13:47:02
Next search : 2016-06-15 23:14:24

Microsoft : +

Windows 8.1 not installed !!!


¤¤¤¤¤¤¤¤¤¤ # Sessions

C:\windows\system32\config\systemprofile
C:\Windows\ServiceProfiles\LocalService
C:\Windows\ServiceProfiles\NetworkService
C:\Users\Owner
C:\Users\Jack
C:\Users\Guest

Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [15.06.2016 @ 17_22_24])
To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore

¤¤¤¤¤¤¤¤¤¤ # Browsers

IE : 10.0.9200.17377 (© Microsoft Corporation.)
FF : 47.0.0.5999 (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 51.0.2704.84 (Copyright 2015 Google Inc.)

¤¤¤¤¤¤¤¤¤¤ # FlashPlayer

ActiveX : 19.0.0.185
Plugin : 20.0.0.235
WMI : /!\
WU: Windows Update Service [Manual(3)] = stopped
AS: Windows Defender [Manual(3)] = stopped
FW: Windows FireWall Service [Auto(2)] = Running

¤¤¤¤¤¤¤¤¤¤ # Stopped processes

1068 | [Owner : |Parent : 564] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.2.9200.16384) = C:\windows\System32\spoolsv.exe
1240 | [Owner : SYSTEM |Parent : 564] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.7.4.0) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1280 | [Owner : SYSTEM |Parent : 564] - (.Apple Inc. - MobileDeviceService.) - (17.364.0.22) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1380 | [Owner : SYSTEM |Parent : 564] - (.Apple Inc. - Bonjour Service.) - (3.0.0.10) = C:\Program Files\Bonjour\mDNSResponder.exe
1416 | [Owner : SYSTEM |Parent : 564] - (.Microsoft Corporation - Updates Skype Click to Call.) - (8.3.0.9150) = C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
1480 | [Owner : NETWORK SERVICE |Parent : 564] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) - (8.3.0.9150) = C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
1524 | [Owner : SYSTEM |Parent : 564] - (. - .) - (0.0.0.0) = C:\Users\Owner\AppData\Roaming\Rikfootov\Rikfootov.exe
1592 | [Owner : LOCAL SERVICE |Parent : 932] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (6.2.9200.16384) = C:\windows\System32\dasHost.exe
1760 | [Owner : SYSTEM |Parent : 564] - (.Intel® Corporation - Intel® Capability Licensing Service Interface.) - (1.24.388.1) = C:\Program Files\Intel\iCLS Client\HeciServer.exe
1780 | [Owner : SYSTEM |Parent : 564] - (.Intel Corporation - Intel® Dynamic Application Loader Host Interface.) - (8.1.0.1252) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
1880 | [Owner : SYSTEM |Parent : 564] - (. - Reason Core Security Bundle Protection.) - (0.4.3.0) = C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
1948 | [Owner : SYSTEM |Parent : 564] - (.Reason Software Company Inc. - Reason Core Security Engine Service.) - (1.1.2.0) = C:\Program Files\Reason\Security\rsEngineSvc.exe
3056 | [Owner : |Parent : 564] - (.Microsoft Corporation - Microsoft Software Protection Platform Service.) - (6.2.9200.16693) = C:\windows\System32\sppsvc.exe
668 | [Owner : SYSTEM |Parent : 564] - (.Hewlett-Packard Company - HP Support Assistant Service.) - (7.0.33.2) = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
2948 | [Owner : SYSTEM |Parent : 564] - (.Intel Corporation - Intel® ME Service.) - (8.1.0.1256) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2748 | [Owner : SYSTEM |Parent : 564] - (.Intel Corporation - Local Manageability Service.) - (8.1.0.1252) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
2876 | [Owner : SYSTEM |Parent : 564] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.9200.16578) = C:\windows\System32\SearchIndexer.exe
1848 | [Owner : SYSTEM |Parent : 564] - (.Intel Corporation - User Notification Service.) - (8.1.0.1252) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
224 | [Owner : SYSTEM |Parent : 564] - (.Apple Inc. - iPodService Module (64-bit).) - (12.1.3.6) = C:\Program Files\iPod\bin\iPodService.exe
4896 | [Owner : SYSTEM |Parent : 564] - (.Hi-Rez Studios - HiPatchService.) - (4.1.5.9) = C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
2172 | [Owner : Owner |Parent : 564] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.2.9200.16547) = C:\windows\System32\taskhostex.exe
5348 | [Owner : Owner |Parent : 3092] - (.Microsoft Corporation - Windows Explorer.) - (6.2.9200.16628) = C:\windows\explorer.exe
6032 | [Owner : Owner |Parent : 4648] - (.DotC United Inc - MPC Browser Protect Module for X64.) - (3.4.9883.323) = C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe
1892 | [Owner : Owner |Parent : 5348] - (.Apple Inc. - iTunesHelper.) - (12.1.3.6) = C:\Program Files\iTunes\iTunesHelper.exe
5744 | [Owner : Owner |Parent : 5348] - (.Spotify Ltd - SpotifyWebHelper.) - (1.0.28.87) = C:\Users\Owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe
3132 | [Owner : Owner |Parent : 5348] - (.MY.COM B.V. - MY.COM GAME CENTER.) - (3.0.182.33874) = C:\Users\Owner\AppData\Local\MyComGames\MyComGames.exe
1736 | [Owner : Owner |Parent : 880] - (.Nico Mak Computing - File Association Helper.) - (2.0.41.28319) = C:\Program Files\WinZip\FAH\FAHWindow64.exe
2652 | [Owner : Owner |Parent : 5348] - (.WinZip Computing, S.L. - WinZip Preloader.) - (19.5.11477.0) = C:\Program Files\WinZip\WzPreloader.exe
4064 | [Owner : Owner |Parent : 5996] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) - (1.7.4.0) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
5472 | [Owner : Owner |Parent : 5996] - (.Oracle Corporation - Java™ Update Scheduler.) - (2.1.67.1) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3864 | [Owner : Owner |Parent : 5348] - (.Google Inc. - Google Chrome.) - (51.0.2704.84) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
4840 | [Owner : Owner |Parent : 3864] - (.Google Inc. - Google Chrome.) - (51.0.2704.84) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
4548 | [Owner : Owner |Parent : 820] - (.Microsoft Corporation - Task Scheduler Engine.) - (6.2.9200.16420) = C:\windows\System32\taskeng.exe
6060 | [Owner : Owner |Parent : 5348] - (. - .) - (2.0.0.0) = C:\Users\Owner\Desktop\rsthosts_2.0.exe
4884 | [Owner : Owner |Parent : 6060] - (.Microsoft Corporation - Notepad.) - (6.2.9200.17434) = C:\windows\SysWOW64\notepad.exe

¤¤¤¤¤¤¤¤¤¤ # Winlogon user


¤¤¤¤¤¤¤¤¤¤ # Winlogon machine

Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : C:\windows\system32\userinit.exe, -> C:\windows\SYSWOW64\userinit.exe,

¤¤¤¤¤¤¤¤¤¤ # SafeBoot

Safeboot Keys are O.K

Alternate shell is OK !



Repaired : [HKLM | Minimal\WinMgmt] : -> Service
Repaired : [HKLM | Minimal\BasicDisplay.sys] : Driver -> Service
Repaired : [HKLM | Minimal\BasicRender.sys] : Driver -> Service
Repaired : [HKLM | Minimal\dxgkrnl.sys] : Driver -> Service
Repaired : [HKLM | Minimal\FsDepends.sys] : Driver -> Service
Repaired : [HKLM | Minimal\vga.sys] : -> Driver
Repaired : [HKLM | Minimal\vgasave.sys] : -> Driver



Repaired : [HKLM | Network\WinMgmt] : -> Service
Repaired : [HKLM | Network\vga.sys] : -> Driver
Repaired : [HKLM | Network\vgasave.sys] : -> Driver

¤¤¤¤¤¤¤¤¤¤ # IFEO


¤¤¤¤¤¤¤¤¤¤ # Mountpoints2



¤¤¤¤¤¤¤¤¤¤ # Windows

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

¤¤¤¤¤¤¤¤¤¤ # Security center




¤¤¤¤¤¤¤¤¤¤ # Services

Service : WINMGMT : Restored

Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : -> 0
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] : -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] : -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : 0 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 4 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\windefend]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2

¤¤¤¤¤¤¤¤¤¤ # Internet Explorer


¤¤¤¤¤¤¤¤¤¤ # reparsepoint



¤¤¤¤¤¤¤¤¤¤ # Offsets


¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry

Deleted service : Adobe Licensing Console

Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4212428726-1541662022-3676039007-1001\$IB4QG96.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4212428726-1541662022-3676039007-1006\$I0U3TEV.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4212428726-1541662022-3676039007-1006\$I3GM96G.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4212428726-1541662022-3676039007-1006\$I7DVVLA.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4212428726-1541662022-3676039007-1006\$ITR4WSJ.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4212428726-1541662022-3676039007-1006\$IX0VQHE.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4212428726-1541662022-3676039007-1006\$R7DVVLA.exe
Deleted : HKU\S-1-5-21-4212428726-1541662022-3676039007-1001\Software\(null)
Deleted : HKU\S-1-5-21-4212428726-1541662022-3676039007-1001\Software\osu!
Deleted : HKU\S-1-5-21-4212428726-1541662022-3676039007-1001\Software\Nico Mak Computing
Deleted : HKLM\Software\5da059a482fd494db3f252126fbc3d5b
Deleted : HKLM\Software\Nico Mak Computing
Deleted : HKLM\Software\WOW6432Node\5da059a482fd494db3f252126fbc3d5b
Deleted : HKLM\Software\WOW6432Node\Nico Mak Computing

Moved to quarantine successfully : C:\ProgramData\SMRResults322.dat
Moved to quarantine successfully : C:\ProgramData\smp2.exe
Moved to quarantine successfully : C:\Users\Owner\AppData\Roaming\Rikfootov
Moved to quarantine successfully : C:\Users\Owner\AppData\Roaming\WebApp

¤¤¤¤¤¤¤¤¤¤ # ADS


Prefetch -> cleaned


D:\ : Vaccinated (Vaccin created by Pre_Scan)

���������� | Hidden files

~ [Drive D:] : Hidden : 19 | Restored : 19
~ [Drive C:] : Hidden : 3 | Restored : 3
~ [Program Files] : Hidden : 9 | Restored : 9
~ [Users] : Hidden : 2 | Restored : 2
~ [Pictures] : Hidden : 5 | Restored : 5
~ [Windows] : Hidden : 457 | Restored : 194
~ [AppData] : Hidden : 20 | Restored : 20


¤¤¤¤¤¤¤¤¤¤ # Drives

Disk: 0 Size=954G
Pos MBRndx Type/Name Size Active Hide Start Sector Sectors
--- ------ ---------- ---- ------ ---- ------------ ------------
0 0 EE-UNKNWN 21.0T No No 1 294,967,295

¤¤¤¤¤¤¤¤¤¤

Repaired : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1
Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : -> 1

End : 18:07:11


¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 239

#5 Flameikorn

Flameikorn
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 15 June 2016 - 08:11 PM

9-lab Removal Tool 1.0.0.39 BETA
9-lab.com

Database version: 128.39590

Windows 8 (Version 6.2, Build 0, 64-bit Edition)
Internet Explorer 9.10.9200.17607
Owner :: PC

6/15/2016 7:54:39 PM
9lab-log-2016-06-15 (19-54-39).txt

Scan type: Full
Objects scanned: 72019
Time Elapsed: 53 m 9 s

Memory Processes detected: 3
[E5F8E0143A8B64F2ED68674909B14075] Adware.FPL.Gen.vb [(PID:1864) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe]
[1FFA6109931746D9810778F628DF5CDE] Adware.FPL.Gen.vb [(PID:4668) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe]
[5ACE81B129C60E4EA76B09AF3310FA30] Adware.FPL.Gen.vb [(PID:1788) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe]


Registry Keys detected: 85
[E5F8E0143A8B64F2ED68674909B14075] Adware.FPL.Gen.vb [(PID:1864) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe]
[1FFA6109931746D9810778F628DF5CDE] Adware.FPL.Gen.vb [(PID:4668) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe]
[5ACE81B129C60E4EA76B09AF3310FA30] Adware.FPL.Gen.vb [(PID:1788) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe]
Trojan.RMPL.Downloader.vb [HKEY_CURRENT_USER\Software\usyndication.com]
PUP.RPL.SystemOptimizer.sh [HKEY_LOCAL_MACHINE\SOFTWARE\SearchModule\SMUpd]
PUP.RPL.SystemOptimizer.sh [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchModule\SMUpd]
PUP.RPL.SystemOptimizer.sh [HKEY_LOCAL_MACHINE\SOFTWARE\SearchModule\Info]
PUP.RPL.Gen.sm [HKEY_CURRENT_USER\Software\TutoTag]
PUP.RPL.Gen.sm [HKEY_CURRENT_USER\Software\Tutorials\updatetutorialeshp]
PUP.RPL.Gen.sh [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCSUUCDRV]
PUP.RPL.Gen.sh [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}]
PUP.RPL.Gen.sh [HKEY_CURRENT_USER\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}]
PUP.RPL.Gen.sh [HKEY_CURRENT_USER\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}]
Malware.RPL.Gen.bot [HKEY_CURRENT_USER\Software\System Healer]
Adware.RPL.Shopper.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe]
Adware.RPL.Shopper.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}]
Adware.RPL.Shopper.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}]
Adware.RPL.Shopper.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}]
Adware.RPL.Shopper.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}]
Adware.RPL.Shopper.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}]
Adware.RPL.PullUpdate.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}]
Adware.RPL.PullUpdate.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}]
Adware.RPL.Popuper.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}]
Adware.RPL.Popuper.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}]
Adware.RPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MPC]
Adware.RPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Tutorials]
Adware.RPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SUPTAB]
Adware.RPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SUPDP]
Adware.RPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae]
Adware.RPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae]
Adware.RPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9B41579A-1996-42F9-8F84-7B7786818CEF}]
Adware.RPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9B41579A-1996-42F9-8F84-7B7786818CEF}]
Adware.RPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}]
Adware.RPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}]
Adware.RPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}]
Adware.RPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5bad8210-7a65-5974-4b90-e1594613ebe9}]
Adware.RPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{378ae41c-c4af-5e7b-7b4e-6e6acf69a208}]
Adware.RPL.Gen.vb [HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae]
Adware.RPL.Gen.vb [HKEY_CURRENT_USER\Software\Easy Speed Check]
Adware.RPL.Gen.vb [HKEY_CURRENT_USER\Software\ClkApp]
Adware.RPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Flashbeat]
Adware.RPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Flashbeat]
Adware.RPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}]
Adware.RPL.Gen.vb [HKEY_CURRENT_USER\Software\Microsoft\Tinstalls]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.google.oneclickctrl.10]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A6D54287-7939-466A-8579-92546D946C8C}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}]
Adware.RPL.Gen.sm [HKEY_CURRENT_USER\Software\DailyPcClean]
Adware.RPL.Gen.bot [HKEY_LOCAL_MACHINE\SOFTWARE\SearchModule]
Adware.RPL.Gen.bot [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchModule]
Adware.RPL.EoRezo.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}]
Adware.RPL.EoRezo.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8FF10FED-2F0A-4F7F-BE87-B04F1DCD4319}]
Adware.RPL.EoRezo.vb [HKEY_CURRENT_USER\Software\Tutorials]
Adware.RPL.EoRezo.vb [HKEY_CURRENT_USER\Software\Microsoft\otut]
Adware.RPL.DNSKeep.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564]
Adware.RPL.DNSKeep.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1]
Adware.RPL.DNSKeep.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1]
Adware.RPL.Boxore.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}]
Adware.RPL.Agent.vb [HKEY_CURRENT_USER\Software\Browser]
Adware.RMPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176687}]
Adware.RMPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175587}]
Adware.RMPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172287}]
Adware.RMPL.Gen.sm [HKEY_CURRENT_USER\Software\AppDataLow\Software\LyricsWatch]
Adware.RMPL.BrowseFox.vb [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Update Oasis Space]
Adware.UID.PullUpdate.vb [HKEY_CLASSES_ROOT\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}]
Adware.UID.BrowseFox.vb [HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}]
Adware.UID.Gen.vb [HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{378ae41c-c4af-5e7b-7b4e-6e6acf69a208}]
Adware.UID.Gen.vb [HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{5bad8210-7a65-5974-4b90-e1594613ebe9}]
Adware.UID.PullUpdate.vb [HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}]


Registry Values detected: 5
Adware.RPL.Gen.bot [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run webcake desktop]
PUP.RPL.Gen.sh [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Itibiti.exe]
Susp.RMPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run IDSCCOMHBY]
Adware.RMPL.EoRezo.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run dply_en_015020308]
Adware.RMPL.EoRezo.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run ospd_us_037010308]


Service detected: 2
[B66A551D00E41D5416F4CB5497926238] Adware.PL.Gen.vb [MPCKpt HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MPCKpt c:\windows\system32\drivers\mpckpt.sys]
[E5F8E0143A8B64F2ED68674909B14075] Adware.FPL.Gen.vb [MPCProtectService HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MPCProtectService c:\program files (x86)\mpc cleaner\mpcprotectservice.exe]


Files detected: 252
[D41D8CD98F00B204E9800998ECF8427E] Susp.FMPL.Gen.vb [C:\ProgramData\{036f6f4b-412c-1}\BITC828.tmp]
[D41D8CD98F00B204E9800998ECF8427E] Susp.FMPL.Gen.vb [C:\ProgramData\{03e41797-512c-1}\BITC7AA.tmp]
[D41D8CD98F00B204E9800998ECF8427E] Susp.FMPL.Gen.vb [C:\ProgramData\{0cb0ca72-712c-1}\BIT353E.tmp]
[D41D8CD98F00B204E9800998ECF8427E] Susp.FMPL.Gen.vb [C:\ProgramData\{0cb0ca72-712c-1}\BIT36D5.tmp]
[D41D8CD98F00B204E9800998ECF8427E] Susp.FMPL.Gen.vb [C:\ProgramData\{169c3a7d-612c-0}\BIT3AAF.tmp]
[D41D8CD98F00B204E9800998ECF8427E] Susp.FMPL.Gen.vb [C:\ProgramData\{169c3a7d-612c-0}\BIT3AEE.tmp]
[D41D8CD98F00B204E9800998ECF8427E] Susp.FMPL.Gen.vb [C:\ProgramData\{180848c7-112c-0}\BITCA8B.tmp]
[D41D8CD98F00B204E9800998ECF8427E] Susp.FMPL.Gen.vb [C:\ProgramData\{2781b259-412c-0}\BITCADA.tmp]
[5B287F3C0A4A1CA32E844B6934A81992] PUP.FPL.Gen.vb [c:\users\owner\appdata\roaming\Open Download Manager\dlmgrsi.sav]
[91AC94DA29D00C5319C5B64976C93073] PUP.FPL.Gen.vb [c:\users\owner\appdata\roaming\Open Download Manager\downloads.del.sav]
[F6171622AFF435FD0D5316B9A2E7694B] PUP.FPL.Gen.vb [c:\users\owner\appdata\roaming\Open Download Manager\downloads.his.sav]
[E5C728E52CAE455C3F74A7812855B9A7] PUP.FPL.Gen.vb [c:\users\owner\appdata\roaming\Open Download Manager\downloads.sav]
[403D6AC0CC88E1CC9829AC116BBC42C8] PUP.FPL.Gen.vb [c:\users\owner\appdata\roaming\Open Download Manager\groups.sav]
[C7DE32D9724CFFE3E3F3C323F724D029] PUP.FPL.Gen.vb [c:\users\owner\appdata\roaming\Open Download Manager\history.sav]
[7DEA362B3FAC8E00956A4952A3D4F474] PUP.FPL.Gen.vb [c:\users\owner\appdata\roaming\Open Download Manager\schedules.sav]
[4A2CD43FC3C67126D6B4BC5235737F5D] PUP.FPL.Gen.vb [c:\users\owner\appdata\roaming\Open Download Manager\sites.sav]
[A3426EE22360DACD7A464B3276C23817] PUP.FPL.Gen.vb [c:\users\owner\appdata\roaming\Open Download Manager\spider.sav]
[DCBEA815CA0120FB29EF3B478EF259F5] PUP.FPL.Gen.vb [c:\users\owner\appdata\roaming\Open Download Manager\tips.dat]
[7BF3C54F6D4DC3E7AD812C9B5CD208FF] Adware.FPL.Shopper.vb [C:\ProgramData\SearchModule\smhe.js]
[5CE5D24BC5E23C5F9DDC23231AFBA9BC] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Config\Clean.xf]
[62D534BD1D7C5B6DF1E0D17DD26669F6] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Config\DB\as.db]
[D29E223C5FF2CC1461FF323FF1B31F2D] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Config\DB\cf.db]
[1C0FF9FCD0DA4AC70C704FBFB6EE8409] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Config\DB\run.db]
[408F5C0288CF011D079D12F08C939F46] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Config\DB\st.db]
[BDDEDDA92829AC4FC045523D0DED8E3C] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Config\PlugIn.xf]
[379AFD26403CCA7908F4B39C1AD0A86C] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\dbgkpt.dll]
[348D5A284692CB470E36F7BF8CE8F9D0] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Drivers\MPCKpt.inf]
[A859017CA4AABC77692841EAAE414CC0] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\ad_gray.png]
[5275F6F732138C92D760F34E7ED468DF] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\ad_green.png]
[7882080AE0322946B5F82996D036D34F] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\ad_org.png]
[AC99A15F0481A060684D0E5CE3116B7E] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\ad_red.png]
[9C2441C2D0A54243837D1FDF67E61E2D] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\g1.png]
[1951DEBDFD1000CE003D8550012673B1] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\g10.png]
[EA704827CBF5BE9801130156EC03639A] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\g11.png]
[4008142E7693A6E47D0C06738FE43231] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\g12.png]
[DD23E5C042256F882F2C433AA1BD8AC7] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\g2.png]
[8861E397B37F045C13CA7C02E7BF49D0] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\g3.png]
[924C303E33E74BCC83CF18C8C8DDDC91] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\g4.png]
[208FBDCFDBB918F9FD3EFE29B4EBE829] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\g5.png]
[70D1BA68FD581769511C7B41E485C465] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\g6.png]
[E4BD6849A3530B7D72605EC7A02AFA4A] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\g7.png]
[23FB1063B77501FC836079EDEEBF7233] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\g8.png]
[A1D1A9057C8823775B851C96561501F1] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\g9.png]
[6008DE13D74C6BA4BB64FBF5774B1DC8] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\q1.png]
[9A2A4D09B029B931BFAE8292699B61B2] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\q10.png]
[A501A53854709DC4333705BD1B1CC18F] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\q11.png]
[823EBB892C6E40AF5D6970C8F47DEA12] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\q12.png]
[17D0450DB603A8857D645EA02AE22BCB] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\q2.png]
[83790CFE9A4215166AEE934F4059790C] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\q3.png]
[6D4876F701297B9E7742BB61DF090758] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\q4.png]
[AF08FD3D5F4D92FACB9910AC4BCC8060] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\q5.png]
[EE42AE85F26A954D5A291B7EEC0878CE] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\q6.png]
[1477FB466C027B1651B4FB4B9E9B950C] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\q7.png]
[177FBFD0A08D606533FEBAF5228471BF] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\q8.png]
[AF6A98F3EE1FFC3C8D57CE5AB5AC1297] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\q9.png]
[DC565AC423EEF2127E9769C864741C92] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\r1.png]
[C7653713B78B64DA850E4B2577C5CF8D] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\r10.png]
[24C41A93A6BE6253A560C2996E8489A1] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\r11.png]
[DFD5C73B64F1DC6BF361D2A50099BEF7] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\r12.png]
[FDED0E2C6A0D0B3421B9F47BD73E6FA7] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\r2.png]
[70B54E3BBCFE29E4189EC7122E17160F] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\r3.png]
[8B985A65B62053BF3F1FEB5BD770F9D5] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\r4.png]
[EE9AFCAA5802609BF7A6EA00612BEFCE] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\r5.png]
[C0AF46E17CA918B5EB6F650A2ECF39D2] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\r6.png]
[8F9ADC877FC4B8343CE89C309DAE6B03] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\r7.png]
[C0879035FEEBABF1FC23D8B6728A21E2] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\r8.png]
[12E40A86D6B0CDDF2B4C17F03BA6F4CB] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\r9.png]
[389437B30B909F54D8732F356F5AD4F6] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{08DA4B46-E0EB-4B4D-8C8B-558C967AF6C5}.ico]
[FB44DC89394B9C62BF847EE420EAF4B3] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{22A8D5A3-F368-4C6B-BF4D-3C901EBCF242}.ico]
[4C99C7A94CCC0401B32877A8D396BAF0] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{3F9A707D-2C36-4344-8621-B8E4ADC95C18}.ico]
[271FD5EBBF2B3529CD55563AD3E92B57] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{ADC520A9-B4B3-791E-B149-845C11673CB0}.ico]
[FA358A914B67C1CB55EFFDDF59784583] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{CDA529A9-B1B3-793E-B449-845C11673CB5}.ico]
[D4D935BD8F4185EDC8D96901890BA391] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{D8EC46AF-529F-4636-963B-C086429C73DA}.ico]
[88FDC9739107C647A51896B49E9969DB] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{DE37CD8C-DE7B-481F-A676-303ABAFBEE04}.ico]
[88D1D71CF8AB73425730835AF9A19CA1] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{EDA029A1-B5BA-793E-B649-875C18673CC5}.ico]
[91B8D94A275230B05C81EB30F70083D0] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{F154C596-75A9-4028-90E8-9752BD7CA05B}.ico]
[44DB0F1D6E56BC4D9F32ED1BD56CD18A] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{FDA029A2-A5BA-797E-B689-875E18673FC2}.ico]
[93E9954BDFA3B6CD01F35484EBEE5A59] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\toasts_waring.png]
[6B009DFF802CF56DBF9B70800E9796AD] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SgIcon\adcapp.png]
[A26566B8FD8A96B460BAED61EB28062F] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SgIcon\adcweb.png]
[CF263E665B83CAE2E6838C13868FEE59] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SgIcon\block.png]
[F3A1CF93681974CCC498DF7EBA92322A] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SgIcon\home.png]
[D99963D7625164F695FFBF4CC272E182] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SgIcon\ie.png]
[EFF8FD960EC8D7942DEDC0CB07593AC4] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SgIcon\search.png]
[5333B091C58A5BC891617D475D78B978] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\AR_green.png]
[CF5198071DD04BF938CC1BDDE22827F1] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\AR_org.png]
[AE2E8090EDF577796A524EB8F44D0DA4] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\AR_red.png]
[17BE27C67950E991106BBC024E05F151] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\Bp_green.png]
[C1302345CEB9951EAF3A13EAA4294187] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\Bp_org.png]
[580425CC1F504993F3AA0873FF005975] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\Bp_red.png]
[2B8E9998F8F7CC37FEB3F6F5295D62BF] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\SpeedUp_green.png]
[5CA580BE58B8A7DD4E6CE9C76D102A6F] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\SpeedUp_org.png]
[1A0998250CACF93CE31B325D870FE0CF] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\SpeedUp_red.png]
[00F485D4CE397ECCA2FAC01DADD78FA4] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\SVC_green.png]
[98EA5FCC816C3849A1A041BCBBC342E7] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\SVC_org.png]
[D3A7298603AC9CD8438CDB359976279A] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\SVC_red.png]
[E78F05F9E8E00CDAE5F99ED5206A70E1] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\TSK_green.png]
[5A08782DB062D0475A1A7E84D597BCDA] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\TSK_org.png]
[220826E76D0EB5FE08EA2A7235876B54] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\TSK_red.png]
[5E26562E316B48DCE18465408AA90B1B] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\sys_gray.png]
[F72C261C02F81F3DA1F22DFB685B9928] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\sys_green.png]
[E78884D8FC8DABE7C51CB613DF0FC50C] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\sys_org.png]
[0B482CD019D97A3E51679FC7EE63F41F] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\sys_red.png]
[AA402E2DC3B6258A3A97DE6ADD67BB13] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\y1.png]
[249AD65657721A727A68B91F274942EF] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\y10.png]
[B32EB85AFD45E11C66E02BE9DEF5ADCF] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\y11.png]
[7601C244ABE70F09BE608BDADC5AB189] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\y12.png]
[303C8C0D5F0ECEB35D3BD645C505F444] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\y2.png]
[F621954D17A30C63BA5E70DC975CEB76] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\y3.png]
[337BD6CA696DC667B7F24E74784559B8] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\y4.png]
[C2511C80722F5A617BB58443F53885A2] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\y5.png]
[33D4645AC3596BB37635505070B84649] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\y6.png]
[70A8121DFB7142BFC360E30F141FFB1F] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\y7.png]
[CCCD38A5520670BA523564F3D6D59919] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\y8.png]
[6F77AF05729C97169281BC854F96E81C] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Image\y9.png]
[C1EDA860810E6299F690459006E4C655] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest]
[6DE5C66E434A9C1729575763D891C6C2] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Microsoft.VC90.CRT\msvcp90.dll]
[ED9DCAD3ED09038E84DAB95ABA1ED9FB] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Microsoft.VC90.CRT\msvcr90.dll]
[C1EDA860810E6299F690459006E4C655] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Microsoft.VC90.CRT.manifest]
[6DE5C66E434A9C1729575763D891C6C2] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\msvcp90.dll]
[ED9DCAD3ED09038E84DAB95ABA1ED9FB] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\msvcr90.dll]
[F662A70FFDAC83EA36634220CA239F65] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Skin\Cleaner\Lang.xf]
[6A7FF1FE565C50BEDF4C1E24CD695255] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Skin\Cleaner\Skin.xf]
[08171E123E628B26AD654A93226A4300] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Skin\CrashReport\Lang.xf]
[3FA6156C541DA3326844ED6F52D747B5] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Skin\CrashReport\Skin.xf]
[CA9EC8472A74B7464585C26FC5FFD7EA] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Skin\News\Lang.xf]
[088E15D83FF421F4145F231C3D9191FC] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Skin\News\Skin.xf]
[D872D889BFE02A2330283BAA53369A01] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Skin\Tray\Lang.xf]
[8125E165125653A815CDDC043A23088B] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Skin\Tray\Skin.xf]
[0115117F077A55B073EE90E8B1B7182D] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Skin\Uninstall\Lang.xf]
[4231895BCAAEEA2E437569E2FC4DCCBB] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\Skin\Uninstall\Skin.xf]
[D37539A2F11CBF895C0FCFF0A96B0520] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\snh.dll]
[90E98DF6D602E087CF02809EEC04BD8D] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\symsrv.dll]
[D41D8CD98F00B204E9800998ECF8427E] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\symsrv.yes]
[68CECE8C00B8936826B4D3DD8230FAC3] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\wfhxte.dat]
[D41D8CD98F00B204E9800998ECF8427E] Adware.FPL.Gen.vb [C:\Program Files (x86)\MPC Cleaner\ymlct]
[521CEF6D22C3B47E9D4D056A5B609FD9] Adware.FPL.Gen.vb [c:\users\owner\appdata\roaming\MCorp\1147\udpx]
[4A157413B45164B775C7C065D243F714] Adware.FPL.Gen.vb [C:\Program Files (x86)\Easy Speed Check\cwebpage.dll]
[981F71BC1F50CFBE711BF895F4ED0E1B] Adware.FPL.Gen.vb [C:\Program Files (x86)\Easy Speed Check\libcurl.dll]
[A9F8F35CC2CAF8DBA7167B91420A680B] Adware.FPL.Gen.vb [C:\Program Files (x86)\Easy Speed Check\libeay32.dll]
[E2AC23418781F632311513944EDD0A4C] Adware.FPL.Gen.vb [C:\Program Files (x86)\Easy Speed Check\libgcc_s_dw2-1.dll]
[56295C7AFE3F0542D59D12CA955380DB] Adware.FPL.Gen.vb [C:\Program Files (x86)\Easy Speed Check\libidn-11.dll]
[C5E6C6EAEF1C0F4468525BF3375B1D42] Adware.FPL.Gen.vb [C:\Program Files (x86)\Easy Speed Check\libstdc++-6.dll]
[612B2747D39D9EF838AB9EACBC1F6C3A] Adware.FPL.Gen.vb [C:\Program Files (x86)\Easy Speed Check\ssleay32.dll]
[5FF2481C69E5DD4107C44AB42CC27BA2] Adware.FPL.Gen.vb [C:\Program Files (x86)\Easy Speed Check\zlib1.dll]
[D41D8CD98F00B204E9800998ECF8427E] Adware.FPL.Gen.vb [c:\users\jack\appdata\localLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\config.js]
[D41D8CD98F00B204E9800998ECF8427E] Adware.FPL.Gen.vb [c:\users\jack\appdata\localLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\tree.js]
[80BEAE7F78B23412C7EC3F49BA4611BF] Adware.FPL.Gen.vb [C:\Users\Owner\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\config.js]
[06843CE4980FA3721E0F9F8662071E59] Adware.FPL.Gen.vb [C:\Users\Owner\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\tree.js]
[C56A4DFC449C9D05B19AEB0E19161D0D] Adware.FPL.Gen.vb [C:\Users\Owner\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\wlist.js]
[D41D8CD98F00B204E9800998ECF8427E] Adware.FPL.Gen.vb [c:\users\jack\appdata\localLow\Company\Product\1.0\localStorageIE.txt]
[D41D8CD98F00B204E9800998ECF8427E] Adware.FPL.Gen.vb [c:\users\jack\appdata\localLow\Company\Product\1.0\localStorageIE_backup.txt]
[59C4C7E9F188E22B6EEA7BCB090322F1] Adware.FPL.Gen.vb [C:\Users\Owner\AppData\LocalLow\Company\Product\1.0\localStorageIE.txt]
[59C4C7E9F188E22B6EEA7BCB090322F1] Adware.FPL.Gen.vb [C:\Users\Owner\AppData\LocalLow\Company\Product\1.0\localStorageIE_backup.txt]
[1A06BCBF349A8E779A4249826CF702B9] Adware.FMPL.MultiPlug.vb [C:\ProgramData\28341ff220e0446c9fff27c4493d622e\156cf47af0424844b1078c5f30486363]
[0BC672CC8F3C7A5D5BD8A204CABF993B] Adware.FMPL.MultiPlug.vb [C:\ProgramData\BetterPriCeeCHec\6uC7a.dat]
[29DE81A2B313073E31ABFDD0E0D2F4A1] Adware.FMPL.MultiPlug.vb [C:\ProgramData\BetterPriCeeCHec\6uC7a.tlb]
[BB4594B09AE080AF52293AD510595941] Adware.FMPL.Gen.sm [C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DIFxInstallLog.txt]
[4110DEF8799F6B2F3F20B0BEDFF36ECB] Adware.FMPL.Gen.sm [C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7\GEARDIFx.exe]
[1A2E5109C2BB5C68D499E17B83ACB73A] Adware.FMPL.Gen.sm [C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7\x64\DIFxAPI.dll]
[6595C42F53F31EE39592D8D2F98F6E26] Adware.FMPL.Gen.sm [C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7\x64\DifXInst64.exe]
[3BF6607AD5D626BEDFBEC536B66F0BCE] Adware.FMPL.Gen.sm [C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7\x64\DIFxInstallLog.txt]
[498BD12B38B549887D9E856EB734354E] Adware.FMPL.Gen.sm [C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7\x64\GEARAspi.dll]
[5C7B8533FEC9E65368D14965EC4C9D8A] Adware.FMPL.Gen.sm [C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7\x64\GEARAspi64.dll]
[834C766FE011C0090FB4DAF6279A8DF4] Adware.FMPL.Gen.sm [C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7\x64\GEARAspiWDM.inf]
[C7E5945B9C608A2A23E97425A5B91415] Adware.FMPL.Gen.sm [C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7\x64\gearaspiwdmx64.cat]
[8E98D21EE06192492A5671A6144D092F] Adware.FMPL.Gen.sm [C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7\x64\x64\GEARAspiWDM.sys]
[CFB3D8AFEFCD8DD7E733B33304486059] Adware.FMPL.EoRezo.vb [c:\users\jack\appdata\local\ospd_us_037010308\ospd_us_037010308\1.20\cnf.cyl]
[D41D8CD98F00B204E9800998ECF8427E] Adware.PL.Gen.vb [c:\end]
[1DF9C73F892A7113B8DC2CAD7A44DB51] Adware.PL.ELEX.vb [c:\windows\system32\drivers\etc\hp.bak]
[CD3E06A4FF9EC2A9F86BDBD7C25982D2] Adware.MPL.Gen.sm [c:\users\jack\appdata\local\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage]
[D41D8CD98F00B204E9800998ECF8427E] Adware.MPL.Gen.sm [c:\users\jack\appdata\local\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage-journal]
[D2B496A5A201ED5C84CEBF25DF401D96] Adware.MPL.Gen.sm [c:\users\owner\appdata\local\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage]
[D41D8CD98F00B204E9800998ECF8427E] Adware.MPL.Gen.sm [c:\users\owner\appdata\local\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage-journal]
[2178E00B4A45271A7CEA3A38898EF634] Adware.MPL.Gen.sm [c:\users\jack\appdata\local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage]
[D41D8CD98F00B204E9800998ECF8427E] Adware.MPL.Gen.sm [c:\users\jack\appdata\local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal]
[C36BBCDA4848798401FED6E831D4AB22] Adware.MPL.Gen.sm [c:\users\owner\appdata\local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage]
[D41D8CD98F00B204E9800998ECF8427E] Adware.MPL.Gen.sm [c:\users\owner\appdata\local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal]
[24DAF670517A80889890C30C7672C97D] Adware.MPL.Gen.sm [c:\users\owner\appdata\local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage]
[D41D8CD98F00B204E9800998ECF8427E] Adware.MPL.Gen.sm [c:\users\owner\appdata\local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage-journal]
PUP.RPL.Gen.sh [c:\program files (x86)\itibiti soft phone\itibiti.exe]
Susp.RMPL.Gen.vb [c:\program files (x86)\max driver updater\idsccom_hby.exe]
[C383045F736CD03FC3D1F703A33D8B45] Adware.RMPL.EoRezo.vb [c:\program files (x86)\arc\arclauncher.exe]
[9CEF63FDE7A3A91A747CEB26D00FCED3] Malware.Win32.Gen.sm [C:\AdsFix\smss.exe]
[CC8FAC2A16DCCA8D4982887C4EDC66EB] PUP.Gen.vb!c [C:\MyGames\skyforge_mycom\Bin32\GameCenterLight\avadapt.dll]
[044D8F5143E09BDEDCDFB5773075792D] PUP.Gen.vb!c [C:\MyGames\skyforge_mycom\Bin32\GameCenterLight\bigup2.dll]
[AE46B23AB4D77EFDFC65750FF8D9AD2F] PUP.Gen.vb!c [C:\MyGames\skyforge_mycom\Bin32\GameCenterLight\GameCenter@Mail.Ru.exe]
[D486F676414B3510706777636ABD8E17] PUP.Gen.vb!c [C:\MyGames\skyforge_mycom\Bin32\GameCenterLight\gclay.dll]
[0A63C85D51DB4CD9533F97A4A3FF0397] PUP.Gen.vb!c [C:\MyGames\skyforge_mycom\Bin32\GameCenterLight\npdetector.dll]
[EEC4F1144071BFCA5A806222F4B543E4] PUP.Gen.vb!c [C:\MyGames\skyforge_mycom\Bin32\Skyforge.exe]
[9CEF63FDE7A3A91A747CEB26D00FCED3] Malware.Win32.Gen.sm [C:\Pre_Scan\smss.exe]
[CFB807BA9FA824C62EB578712A3EE7FC] Adware.MPC.vb!c [C:\Program Files (x86)\MPC Cleaner\AdbWinApi.dll]
[E37D2A08234398BEA582AEBF4B429F65] Adware.MPC.vb!c [C:\Program Files (x86)\MPC Cleaner\AdbWinUsbApi.dll]
[2BBAA4CBD6217A343972183C3149818A] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\AdcManager.dll]
[74596CE978A123F8B73CB6096E6E5A48] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\AndriodServer.dll]
[EC8E05ED37D52E8B9C1D22C23C1D2280] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\BrowserPlugIn.dll]
[EB13EBA2C9E3F21F6D74785E9D408F7C] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\CeBase.dll]
[A0669F46BDDEE36ABB1391AF7725C5C4] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\Cleaner.dll]
[1BD0F912966F445FF97284062A243BAE] Adware.MPC.vb!c [C:\Program Files (x86)\MPC Cleaner\CrashReport.exe]
[8E4C5BC3515FC776409A2111C9984DF4] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\Database.dll]
[07EE9A1E0D67B32CD5286B6940228363] Adware.WinNT.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\Drivers\MPCBase_32.sys]
[B66A551D00E41D5416F4CB5497926238] Adware.Win64.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\Drivers\MPCKpt.sys]
[45506ED87A85EE4F8B700CE460ED1345] Adware.WinNT.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\Drivers\MPCKpt_vista_32.sys]
[B66A551D00E41D5416F4CB5497926238] Adware.Win64.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\Drivers\MPCKpt_vista_64.sys]
[AA1CF2B02FCFC799DCBC627F5D8F68E8] Adware.WinNT.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\Drivers\MPCKpt_xp_32.sys]
[0B2AF2AAC7B120739F1B51FB7CD213C0] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\Exe\ADC_qd00000.exe]
[1081E2C88AD5C397EEE01874E0ABE53E] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\LogReport.dll]
[E3B8810C471CB89D73577B241DCCD331] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\LpcManager.dll]
[BCB0122D79328CD0A5476BC2E3FEE769] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\MainFrame.dll]
[581D6771D9CC7ED57F55A59CB0359F5C] Adware.MPC.vb!c [C:\Program Files (x86)\MPC Cleaner\Microsoft.VC90.CRT\msvcm90.dll]
[48F673F105553528FA5377ADDE36223B] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\Monitor.dll]
[65BB43F2E4A2636D120FFCA9E1908906] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\MPC.exe]
[85C5D8BE951A768D1531DD5CB730F1E1] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\MPCAutoClean.exe]
[85BD792A88AB1421C76A77FFD3709B18] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\MPCNews.exe]
[E5F8E0143A8B64F2ED68674909B14075] Malware.Win32.Gen.sm [C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe]
[C25D18F683F4E4077302F288ECF13C17] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll]
[824954BA7EBD50C2BA9AC45B61F6515D] Adware.Win64.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\MpcSafeDll64.dll]
[8DC4A78E08DD84DD95BBC132E22D3D08] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\MPCSecurity.exe]
[D8DD061FA04DA14996A8E3393EFC243E] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\MPCSetting.exe]
[1FFA6109931746D9810778F628DF5CDE] Malware.Win32.Gen.sm [C:\Program Files (x86)\MPC Cleaner\MPCTray.exe]
[5ACE81B129C60E4EA76B09AF3310FA30] Adware.Win64.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe]
[581D6771D9CC7ED57F55A59CB0359F5C] Adware.MPC.vb!c [C:\Program Files (x86)\MPC Cleaner\msvcm90.dll]
[941E46955A8435B7E7EB51AA413615E6] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\Report.dll]
[406AF545C31B3C4B06EAAD5D563C729E] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\SafeNavi.dll]
[4486877882DDDDA779A4801C2C395F30] Adware.Win64.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\SafeNavi64.dll]
[C3AAC6161A29AC76F236833B7376CCE1] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\SafeProtect.dll]
[4BC820CFF8DC60FF773A7CAFF30A5CA2] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\SetupFrame.dll]
[5ED0231958077EC44CB892E5C2830A65] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\Support.dll]
[5572618A716381641C7282F39E130393] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\TrayFrame.dll]
[612149A15CD26D946CC63FD3E66F6614] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\Uninstall.exe]
[FD36A62BB61899FD67C53A5E4D2C22C6] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\UninstallFrame.dll]
[EAC8EFD08B8C0797711335680216A057] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\UninstDelete.exe]
[A30118518C84B342430DFDD3AB72676C] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\Update.dll]
[25BCC535C6A4743C4AFCD9703901B474] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\UpdateHost.exe]
[2E4DB3995A6C323CD156F3D5908A8FA8] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\Upgrade.dll]
[3BE14A16D8D958DDEF712958AD306BBD] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\Utility.dll]
[02FE42265764AC705F9E8F04799061FB] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\Web.dll]
[5887A674978CA01678AC389D69A53435] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\WinService.dll]
[35AD5A5EF3564808706ADD6E0946E208] Adware.MPC.vb!c [C:\Program Files (x86)\MPC Cleaner\xadb.exe]
[4E81038C5B2E845C8329F263427B2C71] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\XBus.dll]
[A45290BDC9118DF4FB8835377EEBA7B9] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\XProcessBus.dll]
[CE0A03F692CCE8D88985C7509C62C613] Adware.Win32.Gen.vb!n [C:\Program Files (x86)\MPC Cleaner\XSkin.dll]
[A6C2E2403C806D38F0CCA06BE407622C] Adware.Win32.Gen.lu [C:\ProgramData\1ae647c8\4d494db0.dll]
[0BF0B55064A25285630F2214FB7026D2] Adware.Win32.Gen.vb!n [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC\MPC Cleaner.lnk]
[3064A8682CEF00AC49722B015290A792] Adware.InstallIQ.vb!c [C:\Users\Owner\Desktop\GeekSquad DataBackup\Program Files\My.Freeze.com NetAssistant\NetAssistant.dll]
[0A170D9B50B29C5209248D95417C16DA] Malware.Win32.Gen.486E.sm!ff [C:\Users\Owner\Desktop\rsthosts_2.0.exe]
[83132AF6F851F99BB4E2B151545E3853] Adware.Win32.Gen.vb!n [C:\Users\Public\Desktop\MPC Cleaner.lnk]
[1218AD2429CECF8F00FD51695111A1EC] Adware.Linkury.vb!c [C:\windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll]
[F4F67F2765F573BD72D96437AAB863D6] Malware.Win32.Gen.cs0 [C:\windows\Installer\MSIBD1E.tmp]
[F4F67F2765F573BD72D96437AAB863D6] Malware.Win32.Gen.cs0 [C:\windows\Installer\MSIF55B.tmp]
[B66A551D00E41D5416F4CB5497926238] Adware.Win64.Gen.vb!n [C:\windows\System32\Drivers\MPCKpt.sys]
[BB25F5FAF1D2329CBAD8B763695BC518] Malware.Win32.Gen.sm [C:\windows\Temp\A567.tmp]

#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:43 AM

Posted 16 June 2016 - 03:58 PM

Adware Cleaner Scan.

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

 

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
  •  

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

 

ZHP Scan.

Please download Zhp Cleaner  to your desktop.  Right Click the icon and select run as administrator.

 http://nicolascoolman.com/download/zhpcleaner

 

 

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png

The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.

6QJjV50.png

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 Zemana Scan

 

 

Run a full scan with Zemana AntiMalware!

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply



#7 Flameikorn

Flameikorn
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 19 June 2016 - 06:31 PM

# AdwCleaner v5.200 - Logfile created 19/06/2016 at 19:22:46
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-19.1 [Server]
# Operating system : Windows 10 Home (X64)
# Username : Owner - PC
# Running from : C:\Users\Owner\Downloads\adwcleaner_5.200.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : MPCProtectService
[-] Service Deleted : MPCKpt

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\USTechSupport
[-] Folder Deleted : C:\ProgramData\1ae647c8
[-] Folder Deleted : C:\ProgramData\ac508b44f9149226
[#] Folder Deleted : C:\ProgramData\Application Data\USTechSupport
[#] Folder Deleted : C:\ProgramData\Application Data\1ae647c8
[#] Folder Deleted : C:\ProgramData\Application Data\ac508b44f9149226
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
[#] Folder Deleted : C:\Program Files (x86)\MPC Cleaner
[-] Folder Deleted : C:\Program Files (x86)\Probit Software
[-] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion
[-] Folder Deleted : C:\Program Files (x86)\CleanBrowser
[-] Folder Deleted : C:\Program Files (x86)\Setup Support for Consumer Input DH
[-] Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\MCorp
[-] Folder Deleted : C:\Users\Owner\AppData\Local\speed browser
[-] Folder Deleted : C:\Users\Owner\AppData\LocalLow\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Owner\AppData\Roaming\Probit Software
[-] Folder Deleted : C:\Users\Owner\AppData\Roaming\SmartPCFix
[-] Folder Deleted : C:\Users\Owner\AppData\Roaming\USTechSupport
[-] Folder Deleted : C:\Users\Owner\AppData\Roaming\MCorp
[-] Folder Deleted : C:\Program Files\Common Files\Doobzo
[-] Folder Deleted : C:\Users\Owner\AppData\Local\app
[#] Folder Deleted : C:\Users\Owner\AppData\Roaming\MCorp
[-] Folder Deleted : C:\uninst

***** [ Files ] *****

[-] File Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk
[-] File Deleted : C:\Users\Jack\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_am-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_am-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.eshopcomp.com_0.localstorage
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.eshopcomp.com_0.localstorage-journal
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_land.pckeeper.software_0.localstorage
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_land.pckeeper.software_0.localstorage-journal
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage-journal
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage-journal
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.coupontime00.coupontime.co_0.localstorage
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.coupontime00.coupontime.co_0.localstorage-journal
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_utop.it_0.localstorage
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_utop.it_0.localstorage-journal
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_where-am-i-game.en.softonic.com_0.localstorage
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_where-am-i-game.en.softonic.com_0.localstorage-journal
[#] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[#] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[#] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage
[#] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage-journal
[#] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage
[#] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage-journal
[#] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[#] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[#] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.coupontime00.coupontime.co_0.localstorage
[#] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.coupontime00.coupontime.co_0.localstorage-journal
[#] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_utop.it_0.localstorage
[#] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_utop.it_0.localstorage-journal
[-] File Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage
[-] File Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage-journal
[-] File Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage
[-] File Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage-journal
[-] File Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.coupontime00.coupontime.co_0.localstorage
[-] File Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.coupontime00.coupontime.co_0.localstorage-journal
[-] File Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_utop.it_0.localstorage
[-] File Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_utop.it_0.localstorage-journal
[-] File Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
[#] File Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[#] File Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[#] File Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage
[#] File Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage-journal
[#] File Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage
[#] File Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage-journal
[#] File Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[#] File Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[#] File Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.coupontime00.coupontime.co_0.localstorage
[#] File Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.coupontime00.coupontime.co_0.localstorage-journal
[#] File Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_utop.it_0.localstorage
[#] File Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_utop.it_0.localstorage-journal
[#] File Deleted : C:\WINDOWS\SysNative\drivers\MPCKpt.sys
[-] File Deleted : C:\Users\Owner\AppData\Roaming\appdataFr2.bin

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\Star Wars - The Old Republic.lnk
[-] Shortcut Disinfected : C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[!] Shortcut Not Disinfected : C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk
[-] Shortcut Disinfected : C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\Jack\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[!] Shortcut Not Disinfected : C:\Users\Jack\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk
[-] Shortcut Disinfected : C:\Users\Jack\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Scheduled tasks ] *****

[-] Task Deleted : SMW_P
[-] Task Deleted : SMW_UpdateTask_Time_313835383231343334352d5b554a6c6c5a23572a415534
[-] Task Deleted : {0A087A47-0D7A-7909-0911-7A050978117D}
[-] Task Deleted : {76B5A107-9D16-4357-9564-A647AAD2C725}

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249}
[-] Key Deleted : HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
[-] Value Deleted : HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [SystemCash.exe]
[-] Key Deleted : HKLM\SOFTWARE\6f2325e9-a33e-45a1-911c-f73fbfe3954d
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1ae647c8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.001
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.7z
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.arj
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.bz2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.bzip2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.cab
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.cpio
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.deb
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.dmg
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.fat
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.gz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.gzip
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.hfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.iso
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lha
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lzh
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lzma
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.ntfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.rar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.rpm
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.squashfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.swm
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.taz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tbz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tbz2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tgz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tpz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.txz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.vhd
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.wim
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.xar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.xz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.z
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.zip
[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\iLividSetup-r1631-n-bc.exe
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee
[-] Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee
[-] Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxAutoUpdater
[-] Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxAutoUpdater.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Sample.BrowserHandler
[-] Key Deleted : HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
[-] Key Deleted : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKCU\Software\Define Ext
[-] Key Deleted : HKCU\Software\Probit Software
[-] Key Deleted : HKCU\Software\Snoozer
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\MICROSOFT\IDSC
[-] Key Deleted : HKCU\Software\INSTALLPATH\STATUS
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKLM\SOFTWARE\Define Ext
[-] Key Deleted : HKLM\SOFTWARE\MPC
[-] Key Deleted : HKLM\SOFTWARE\SpeedBrowser
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\SrpnFiles
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
[-] Key Deleted : [x64] HKLM\SOFTWARE\DataHelper
[-] Key Deleted : HKU\.DEFAULT\Software\DefaultTab
[-] Key Deleted : HKU\.DEFAULT\Software\IBUpdaterService
[-] Key Deleted : HKU\.DEFAULT\Software\PennyBee
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[#] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[#] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[#] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[#] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[#] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[#] Data Restored : HKU\S-1-5-21-4212428726-1541662022-3676039007-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[#] Data Restored : HKU\S-1-5-21-4212428726-1541662022-3676039007-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{8A4A6D38-67CE-4EEC-8D79-147B45225B04}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{96590970-9E1C-48A6-A145-FD31EF56619B}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{634D8BC9-8404-458A-A2D3-9697BAD8AE08}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{BED2F9EE-2055-4D0D-987D-1097AFA28CA2}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{2400DFA5-0726-4C82-AD8B-3BE09B8A85B4}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{35B1EF11-DED8-4ECE-A9BD-434161F62682}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{EB767689-F5F4-43F2-8EEC-EB0918820EF9}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{1347C5D6-4EA2-4F78-BFBD-637E08FFA35B}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{04A6FE2A-74A0-442D-A40F-344F8FAB8E71}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{1A4CFF0D-2EFA-4CB9-9C39-65AF0B21D506}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{72379010-BB67-48BF-AEB2-305D6B2B360A}]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{ff7bf1d3-d45d-4fd2-9252-f7d758405e1b} [NameServer]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mpc.am
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bestpriceninja.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\coupontime.co
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pstatic.bestpriceninja.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.coupontime00.coupontime.co
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\utop.it
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bestpriceninja.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\coupontime.co
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.coupontime00.coupontime.co
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\utop.it
[-] Value Deleted : HKU\S-1-5-21-4212428726-1541662022-3676039007-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [DataMgr]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [DataMngr]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [Iminent]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [IminentMessenger]
[-] Value Deleted : HKU\S-1-5-21-4212428726-1541662022-3676039007-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Intermediate]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [Online Vault]
[-] Value Deleted : HKU\S-1-5-21-4212428726-1541662022-3676039007-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [PC Speed Maximizer]
[-] Value Deleted : HKU\S-1-5-21-4212428726-1541662022-3676039007-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [scheck]
[-] Value Deleted : HKU\S-1-5-21-4212428726-1541662022-3676039007-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [SearchProtect]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [SearchProtectAll]
[-] Value Deleted : HKU\S-1-5-21-4212428726-1541662022-3676039007-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [ssync]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt]
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WebCakeUpdaterService
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc

***** [ Web browsers ] *****

[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.ask.com
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : trovi.search
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www-searching.com__
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www-searching.com_
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www-searching.com
[-] [C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.ask.com
[-] [C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www-searching.com_
[-] [C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www-searching.com__
[-] [C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www-searching.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.ask.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www-searching.com_
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www-searching.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [29357 bytes] - [19/06/2016 19:22:46]
C:\AdwCleaner\AdwCleaner[R0].txt - [33464 bytes] - [15/09/2014 15:55:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [33049 bytes] - [15/09/2014 15:56:43]
C:\AdwCleaner\AdwCleaner[S1].txt - [30191 bytes] - [19/06/2016 19:20:02]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [29653 bytes] ##########

#8 Flameikorn

Flameikorn
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 19 June 2016 - 06:36 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x64
Ran by Owner (Administrator) on Sun 06/19/2016 at 19:32:01.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 11

Failed to delete: C:\Program Files (x86)\mpc cleaner (Folder)
Successfully deleted: C:\ProgramData\1450295437.bdinstall.bin (File)
Successfully deleted: C:\ProgramData\1450295563.bdinstall.bin (File)
Successfully deleted: C:\ProgramData\1450296956.bdinstall.bin (File)
Successfully deleted: C:\ProgramData\ammyy (Folder)
Successfully deleted: C:\ProgramData\Start Menu\Programs\mpc (Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{2272DE4A-E8EE-4E6D-B228-E3377971AB5B} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\{2BA4A3FC-6CBE-40A7-9999-0D076ACDD37A} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\Owner\Appdata\LocalLow\company (Folder)
Successfully deleted: C:\WINDOWS\wininit.ini (File)



Registry: 4

Failed to delete: HKLM\SYSTEM\CurrentControlSet\services\MPCKpt (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5CB44711-E30E-47D8-9A96-7C5FF9F131B5} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{5CB44711-E30E-47D8-9A96-7C5FF9F131B5} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/19/2016 at 19:34:36.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#9 Flameikorn

Flameikorn
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 19 June 2016 - 06:50 PM

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool 5.1
Time: 2016_06_19_19_38_15
OS: Windows 10 Home - x64 Bit
Account Name: Owner
Adware Definition: 06172016
Elapsed time: 07:23
Repair Status:- Automatic Done
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1455E3AD-CE6A-4B1C-967A-71FEBF4238B}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33E9BA87-2050-4FDB-A945-323B7BC0EE2A}\ <RegValue:> AppName <RegData:> 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe : 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{34151A4A-437D-410D-B9F-E9B12A2A1284}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3CD2C607-C81A-49B6-AF4E-30E75B335B6}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E64E194-96C9-4A83-A879-48DCF54E844}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3EB7ABE0-3EE1-43F4-8E90-3224C1C41152}\ <RegValue:> AppName <RegData:> 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe : 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{45338F4B-9E3C-418A-9085-2580B84D3A71}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{475D603D-C2F-4E1E-B9DB-5C58C18A60BA}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4E696365-30A-4BBC-A32C-7EE23D2349D}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59E52666-F81C-4079-9DFE-49610A271EF}\ <RegValue:> AppName <RegData:> 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe : 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63ACE502-6818-4F9F-84EC-5A34E0C91330}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6BCC24A1-550A-4C51-9D6D-6A4984D827B2}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{75E1595F-85FF-445A-87FD-4357A3513D}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7ca0a951-96c9-456b-8646-1dc97c025867}\ <RegValue:> AppName <RegData:> Browsers Apps-codedownloader.exe : Browsers Apps-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{88422DC8-8E5C-484E-8A10-44759CFB6D5F}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8A08B8E6-ECFA-4FCD-B3C9-F5A23F72565}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97E07FBB-A6B3-44E8-9035-7045EDD32A4C}\ <RegValue:> AppName <RegData:> 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe : 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{982D7E14-2DB1-404D-BC91-AD9D2437EA76}\ <RegValue:> AppName <RegData:> 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe : 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98F8F5F2-287C-42F4-A680-881645302DBA}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a7110e4d-f672-441c-9381-54e2b76b8178}\ <RegValue:> AppName <RegData:> HQPureV1.8-codedownloader.exe : HQPureV1.8-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2A8420D-63D3-48BF-B1E9-4DC87872E92}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C814E302-D484-4AD6-89B7-EBE3E8655C55}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1B064F7-69A1-4849-8DC6-8297779CFDCD}\ <RegValue:> AppName <RegData:> 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe : 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D4E60220-4D1B-4EA8-913E-9C577EFA1C63}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D6C41DA5-2E51-4BF0-B0F6-6671845A7DD1}\ <RegValue:> AppName <RegData:> 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe : 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D739A33E-D7C5-4322-AF28-2DA2146545E7}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA0C310-3AB9-4549-9B34-65D04674DFBB}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DABA1680-4CDF-4605-BB7-26798B7B404}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E18ED901-5DD3-4FD8-88C4-3E8B1AD556C6}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E79295AC-1C5B-4EBD-AD2C-EA237B225418}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E8F15B07-6D58-4CCF-8F1D-E7A44F4BB33F}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E9FB884F-7547-4DB4-82D1-20A9777D643C}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3BAF732-DB22-4EB7-A594-FCAC98D5A9C2}\ <RegValue:> AppName <RegData:> 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe : 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F736894-5D34-40CA-9A3C-F193933EB8DB}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7ca0a951-96c9-456b-8646-1dc97c025867}\ <RegValue:> AppName <RegData:> Browsers Apps-codedownloader.exe : Browsers Apps-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a7110e4d-f672-441c-9381-54e2b76b8178}\ <RegValue:> AppName <RegData:> HQPureV1.8-codedownloader.exe : HQPureV1.8-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7ca0a951-96c9-456b-8646-1dc97c025867}\ <RegValue:> AppName <RegData:> Browsers Apps-codedownloader.exe : Browsers Apps-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a7110e4d-f672-441c-9381-54e2b76b8178}\ <RegValue:> AppName <RegData:> HQPureV1.8-codedownloader.exe : HQPureV1.8-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1455E3AD-CE6A-4B1C-967A-71FEBF4238B}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33E9BA87-2050-4FDB-A945-323B7BC0EE2A}\ <RegValue:> AppName <RegData:> 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe : 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{34151A4A-437D-410D-B9F-E9B12A2A1284}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3CD2C607-C81A-49B6-AF4E-30E75B335B6}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E64E194-96C9-4A83-A879-48DCF54E844}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3EB7ABE0-3EE1-43F4-8E90-3224C1C41152}\ <RegValue:> AppName <RegData:> 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe : 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{45338F4B-9E3C-418A-9085-2580B84D3A71}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{475D603D-C2F-4E1E-B9DB-5C58C18A60BA}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4E696365-30A-4BBC-A32C-7EE23D2349D}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59E52666-F81C-4079-9DFE-49610A271EF}\ <RegValue:> AppName <RegData:> 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe : 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63ACE502-6818-4F9F-84EC-5A34E0C91330}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6BCC24A1-550A-4C51-9D6D-6A4984D827B2}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{75E1595F-85FF-445A-87FD-4357A3513D}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7ca0a951-96c9-456b-8646-1dc97c025867}\ <RegValue:> AppName <RegData:> Browsers Apps-codedownloader.exe : Browsers Apps-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{88422DC8-8E5C-484E-8A10-44759CFB6D5F}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8A08B8E6-ECFA-4FCD-B3C9-F5A23F72565}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97E07FBB-A6B3-44E8-9035-7045EDD32A4C}\ <RegValue:> AppName <RegData:> 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe : 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{982D7E14-2DB1-404D-BC91-AD9D2437EA76}\ <RegValue:> AppName <RegData:> 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe : 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98F8F5F2-287C-42F4-A680-881645302DBA}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a7110e4d-f672-441c-9381-54e2b76b8178}\ <RegValue:> AppName <RegData:> HQPureV1.8-codedownloader.exe : HQPureV1.8-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2A8420D-63D3-48BF-B1E9-4DC87872E92}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C814E302-D484-4AD6-89B7-EBE3E8655C55}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1B064F7-69A1-4849-8DC6-8297779CFDCD}\ <RegValue:> AppName <RegData:> 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe : 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D4E60220-4D1B-4EA8-913E-9C577EFA1C63}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D6C41DA5-2E51-4BF0-B0F6-6671845A7DD1}\ <RegValue:> AppName <RegData:> 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe : 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D739A33E-D7C5-4322-AF28-2DA2146545E7}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA0C310-3AB9-4549-9B34-65D04674DFBB}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DABA1680-4CDF-4605-BB7-26798B7B404}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E18ED901-5DD3-4FD8-88C4-3E8B1AD556C6}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E79295AC-1C5B-4EBD-AD2C-EA237B225418}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E8F15B07-6D58-4CCF-8F1D-E7A44F4BB33F}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E9FB884F-7547-4DB4-82D1-20A9777D643C}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3BAF732-DB22-4EB7-A594-FCAC98D5A9C2}\ <RegValue:> AppName <RegData:> 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe : 01cb3247-d415-40b4-965f-33f2590ecefa-2.exe-codedownloader.exe

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F736894-5D34-40CA-9A3C-F193933EB8DB}\ <RegValue:> AppName <RegData:> eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe : eb9dca1f-6242-4258-8bad-52f3ec724413-2.exe-codedownloader.exe

[-] Repaired ->> File ->> C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}

[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95}

#10 Flameikorn

Flameikorn
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 19 June 2016 - 07:07 PM

~ ZHPCleaner v2016.6.18.75 by Nicolas Coolman (2016/06/18)
~ Run by Owner (Administrator) (19/06/2016 20:00:10)
~ Site : http://www.nicolascoolman.com
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Owner\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Owner\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 10586)


---\\ Services (1)
CLOSED : MPCProtectService =>.Superfluous.MPCCleaner


---\\ Browser internet (0)
~ No malicious or unnecessary items found.


---\\ Hosts file (0)
~ No malicious or unnecessary items found.


---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\ Explorer ( File, Folder) (12)
MOVED file^: C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [DotC United Inc - MPC Protect Service] =>.Superfluous.MPCCleaner
MOVED file^: C:\Windows\System32\drivers\MPCKpt.sys [DotC United Inc - MPC Driver] =>.Superfluous.MPCCleaner
MOVED file: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.shopeasy00.shopeasy.xyz_0.localstorage =>PUP.Optional.ShopEasy
MOVED file: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.shopeasy00.shopeasy.xyz_0.localstorage-journal =>PUP.Optional.ShopEasy
MOVED file: C:\Documents and Settings\Jack\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage =>.Superfluous.CloudfrontNet
MOVED file: C:\Documents and Settings\Jack\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal =>.Superfluous.CloudfrontNet
MOVED folder^: C:\Program Files (x86)\MPC Cleaner =>.Superfluous.MPCCleaner
MOVED folder: C:\WINDOWS\Installer\MSI2000.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI931F.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID0A8.tmp- =>Empty


---\\ Registry ( Key, Value, Data) (147)
DELETED key^: HKLM\SYSTEM\CurrentControlSet\Services\MPCProtectService [C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe] =>.Superfluous.MPCCleaner
DELETED key^: HKLM\SYSTEM\CurrentControlSet\Services\MPCKpt [C:\Windows\System32\drivers\MPCKpt.sys] =>.Superfluous.MPCCleaner
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{129DFFB4-150-4A5C-B3D6-2E9567291F52} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1455E3AD-CE6A-4B1C-967A-71FEBF4238B} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{154EC709-DF51-40B7-A7E7-E5881961C962} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B63E77D-8B1C-4605-8E60-1E35C8423421} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B7B049C-4ABE-4657-81CD-581ABC23CB7F} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{207EA2FD-892B-493A-A3E6-587443AC24C} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{217F263A-34E5-43C8-92E3-32FAEBB52443} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{23E561F3-A390-4BB0-A7CB-F85DBD82B} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{241800e4-fb00-427f-b73d-bb8f0de0ae52} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24ABBE35-860F-459C-A6E2-E6435AF9EE7} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{295CE59A-CCAB-45EE-B2FC-1C3B2D5E5614} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2969C03-D33E-4311-B773-DB4D6E1E3411} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A4185B9-EB73-43F2-825-6E4BB65DC5} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A966760-F9E9-4A07-AAAE-69DCECC6EDA3} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2B1EDBFF-AFA3-482A-BBCC-D5D1F8893B84} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33E9BA87-2050-4FDB-A945-323B7BC0EE2A} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{34151A4A-437D-410D-B9F-E9B12A2A1284} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{341B0B79-94DF-41C5-B2DE-C274515CF68} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{355851CF-7C1E-4A57-8742-FEAA744E9AD7} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3679DCC3-374B-490B-9AA2-EA28F44A5124} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37AEF6FE-A1F0-48C5-98AC-BFFC20436A47} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37CE81F6-E2D6-4393-90D0-12A91162D81} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3C747FA-987C-41D5-9E73-82F09ABA221C} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3CD2C607-C81A-49B6-AF4E-30E75B335B6} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3CE98E07-E829-432A-A17F-1869F025F4DD} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E0C2EA1-F01-46EF-9FDE-E371AE7878FD} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E64E194-96C9-4A83-A879-48DCF54E844} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3EB7ABE0-3EE1-43F4-8E90-3224C1C41152} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4404BDE0-EF01-4D53-B85F-6A48B21E13A5} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{45338F4B-9E3C-418A-9085-2580B84D3A71} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{475D603D-C2F-4E1E-B9DB-5C58C18A60BA} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B0D8AA4-D1E5-4B70-8E2D-79C7EB4D74D9} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4DE6C3DD-C94F-4D42-8258-D95728FA4185} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4E696365-30A-4BBC-A32C-7EE23D2349D} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{50CA60EA-5259-43A2-A910-99AB7AABE813} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53CF9EFF-948B-4719-8021-52BDEF5E9098} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{555787A2-BDF6-4499-A49B-C85E1BB8AFDB} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5599EE9E-B850-447E-8F3-72E48CDA485} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{586722C1-7781-4C60-9DD-246645C964B6} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59E52666-F81C-4079-9DFE-49610A271EF} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5AF57435-54D9-45D1-A4EC-96E8EBC0A5A7} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60C8909D-BE58-4C5C-931C-AC207F14E1DB} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{626EB014-98AC-4725-A824-AA9B3F3E6145} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63ACE502-6818-4F9F-84EC-5A34E0C91330} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{647A621-93E2-4A81-B013-A3127F1E1CA2} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6624A907-618E-4501-9BAF-B137740C64E} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6AB1B884-FF91-4DD9-BEFA-A4AAF6B6732} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6BCC24A1-550A-4C51-9D6D-6A4984D827B2} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F32DB4C-92CB-40FA-B37E-47D5CA64C897} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F65FE3D-163-4DB7-A081-53B9DD12C94} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F95D2E5-D4F1-4484-A575-182F27622898} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{722BBE79-CBBA-462D-AC83-6718431674A1} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{75E1595F-85FF-445A-87FD-4357A3513D} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7647AA6A-F031-449D-9725-38922D6097D1} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7937AF4C-CE4A-4D9E-AC4E-AD62838E2BE1} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7B9DFB4A-20C7-4B73-ADF7-E8C7A92DFE2} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7ca0a951-96c9-456b-8646-1dc97c025867} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7E22E767-B495-4419-91B3-F32B3DFEADA3} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7E364C66-2093-407D-8525-A23060B9231F} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{86910530-A164-46B1-989E-54534BC96236} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{880E5686-6892-41FA-B43A-8C3951F2542} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{88422DC8-8E5C-484E-8A10-44759CFB6D5F} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8A08B8E6-ECFA-4FCD-B3C9-F5A23F72565} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97C47615-6D01-41AC-B3E4-BB187A585393} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97E07FBB-A6B3-44E8-9035-7045EDD32A4C} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{982D7E14-2DB1-404D-BC91-AD9D2437EA76} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98F5767B-8983-4C85-A431-E077D9CDBBA9} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98F8F5F2-287C-42F4-A680-881645302DBA} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9BB4B6D7-ABBB-44FB-B190-1B8C33A33340} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9E8F03AC-59DB-42BA-98DA-79273164047} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A1321A73-82E1-4914-9079-6573AEC4A054} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a2740140-256a-4b6e-8df2-2a748be58138} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5344EDA-377E-4592-A768-6ABCF2D41E97} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a7110e4d-f672-441c-9381-54e2b76b8178} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA73DA4D-2C73-4FAD-BE12-65223CD27C54} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AE0A49A1-CAD-41FA-BBA9-EBF5229DC13} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B0169128-A1C5-43BF-A4CD-40BEECDD553} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B10559FB-1D06-4C31-8480-EACEDE30326} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B16373CC-F6C8-4C2E-B932-11D5E0FCEF40} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2A8420D-63D3-48BF-B1E9-4DC87872E92} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAA22938-2BC9-4187-8447-134A1BE94AD8} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BC7B18FF-B1A1-4A3E-BECE-5EA23CAAAB50} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BCEF7DC8-D5EF-4C14-889F-DDD7C582E42} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD1AD2B9-AC26-4F08-BECE-B4285296B1E1} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BDD15D96-5018-41AE-B6C5-23291DBD7D76} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF572209-BDFF-472F-A137-211FB552FA63} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFBAD766-EAF3-42AD-A145-6E29AF7FE92} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3DC9233-D101-455D-A7CA-E5DA3B921F29} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3E52FD4-F729-4F2D-8954-4E30E401EBC} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C686DB0A-45FE-4459-B29A-CC76767635} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C814E302-D484-4AD6-89B7-EBE3E8655C55} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA3F9C-B36B-42FB-8C8D-F1EB8221867D} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB28E27C-6E24-4050-8DCA-D42A3BA7CC8D} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D04509E1-A0C-48C3-8BC5-6B4636257DEB} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1AFC1C9-A81B-4D40-BA11-3C54B7F96145} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1B064F7-69A1-4849-8DC6-8297779CFDCD} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D22B11EF-1C5F-405B-9774-DBAB7DD9A3} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D30D544F-C693-49D3-82BC-BA3EB08EC3F2} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D3AEB232-80E7-4B1B-B1E7-6A72CFDD1FED} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D431865B-3CC7-42A9-B817-7ACC5299CC19} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D4E60220-4D1B-4EA8-913E-9C577EFA1C63} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D6C41DA5-2E51-4BF0-B0F6-6671845A7DD1} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D6DAD5C5-1118-4B65-B9D2-713F448158C} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D739A33E-D7C5-4322-AF28-2DA2146545E7} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D859ED37-6CB8-4529-A770-778FE93FBD38} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D8E124C8-E206-4F20-BD8D-F39B8B4BD928} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA0C310-3AB9-4549-9B34-65D04674DFBB} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DABA1680-4CDF-4605-BB7-26798B7B404} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DE2BF3B-C0E8-4DA9-91DF-7113F5A0E} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E18D1BD1-EDA4-487A-B94-9BCA4FB85991} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E18ED901-5DD3-4FD8-88C4-3E8B1AD556C6} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E21A962D-598-483A-9126-45FE8F4B711} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E405FFF2-C6FC-4E5F-9D9A-F192E9941813} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E413C725-FE8D-49C1-AC52-B3A05B4C4E56} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E5A05A7C-CA7C-4B6C-8C8E-DD5060C9D921} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E790B9E5-9668-41B4-907-6A5FBDA36B22} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E79295AC-1C5B-4EBD-AD2C-EA237B225418} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E8F15B07-6D58-4CCF-8F1D-E7A44F4BB33F} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E9FB884F-7547-4DB4-82D1-20A9777D643C} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB3AE85D-C4B6-4887-9C1-7BA85B349EAC} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ECD88DE4-372-4A0F-ABA-05274C52AAE} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF1751D-9DBA-4E83-967F-33D76BA39982} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0BCA944-D693-4F6A-BD4A-6CF53CE185CB} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0FF115B-CA83-44D4-8BD5-A7B7789A1AB} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F14D5A5B-37BC-4336-9389-69D98219D1D9} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3BAF732-DB22-4EB7-A594-FCAC98D5A9C2} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4454BA9-C7FB-477F-977-B7A7C14D119} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F736894-5D34-40CA-9A3C-F193933EB8DB} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F741AE47-5EEA-4E3B-B71C-193CBE31FE63} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC45C24E-FF10-48B9-BCDC-E5864A43C7B} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC7EBA9E-29A6-4EC9-A963-338F3611585} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD26565A-CB63-46BA-AA18-6E40908E87D9} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Oasis Space [] =>PUP.Optional.OasisSpace
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{241800e4-fb00-427f-b73d-bb8f0de0ae52} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7ca0a951-96c9-456b-8646-1dc97c025867} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a2740140-256a-4b6e-8df2-2a748be58138} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a7110e4d-f672-441c-9381-54e2b76b8178} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.] =>Heuristic.Suspect
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7ca0a951-96c9-456b-8646-1dc97c025867} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a2740140-256a-4b6e-8df2-2a748be58138} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a7110e4d-f672-441c-9381-54e2b76b8178} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4E9C1CA-F28B-443B-B66E-B53C6E27220B} [C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE (Not File)] =>PUP.Optional.Datamngr
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{4F622628-7632-4B28-B184-D7BA0CA3273B} [OShellContextMenu Class] =>.Superfluous.WinZipper
DELETED key: [X64] HKLM\SOFTWARE\Classes\CLSID\{4F622628-7632-4B28-B184-D7BA0CA3273B}\InprocServer32 [C:\Program Files (x86)\WinZipper\eshellctx64.dll (Not File)] =>.Superfluous.WinZipper
DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\MyPC Backup.lnk [0x020000000000000000000000] =>PUP.Optional.MyPCBackup


---\\ Summary of the elements found (9)
http://www.nicolascoolman.fr/superfluous-mpccleaner/ =>.Superfluous.MPCCleaner
http://www.nicolascoolman.fr/?p=5145 =>.Superfluous.CloudfrontNet
http://www.nicolascoolman.fr/pup-shopeasy/ =>PUP.Optional.ShopEasy
https://www.nicolascoolman.info/2016/04/30/pup-optional-crossrider/ =>PUP.Optional.CrossRider
http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.OasisSpace
https://www.nicolascoolman.info/2016/04/22/heuristic-suspect/ =>Heuristic.Suspect
http://www.nicolascoolman.fr/?p=270 =>PUP.Optional.Datamngr
http://www.nicolascoolman.fr/?p=5145 =>.Superfluous.WinZipper
http://www.nicolascoolman.fr/?p=316 =>PUP.Optional.MyPCBackup


---\\ Other deletions. (14)
~ Registry Keys Tracing deleted (14)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
~ The system has been restarted.


---\\ Statistics
~ Items scanned : 201
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 160


~ End of clean in 00h02mn39s
~====================
ZHPCleaner-[R]-19062016-20_02_49.txt
ZHPCleaner-[S]-19062016-19_59_59.txt

#11 Flameikorn

Flameikorn
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 19 June 2016 - 08:43 PM


~ ZHPCleaner v2016.6.18.75 by Nicolas Coolman (2016/06/18)
~ Run by Owner (Administrator) (19/06/2016 20:00:10)
~ Site : http://www.nicolascoolman.com
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Owner\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Owner\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 10586)


---\\ Services (1)
CLOSED : MPCProtectService =>.Superfluous.MPCCleaner


---\\ Browser internet (0)
~ No malicious or unnecessary items found.


---\\ Hosts file (0)
~ No malicious or unnecessary items found.


---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\ Explorer ( File, Folder) (12)
MOVED file^: C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [DotC United Inc - MPC Protect Service] =>.Superfluous.MPCCleaner
MOVED file^: C:\Windows\System32\drivers\MPCKpt.sys [DotC United Inc - MPC Driver] =>.Superfluous.MPCCleaner
MOVED file: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.shopeasy00.shopeasy.xyz_0.localstorage =>PUP.Optional.ShopEasy
MOVED file: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.shopeasy00.shopeasy.xyz_0.localstorage-journal =>PUP.Optional.ShopEasy
MOVED file: C:\Documents and Settings\Jack\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage =>.Superfluous.CloudfrontNet
MOVED file: C:\Documents and Settings\Jack\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal =>.Superfluous.CloudfrontNet
MOVED folder^: C:\Program Files (x86)\MPC Cleaner =>.Superfluous.MPCCleaner
MOVED folder: C:\WINDOWS\Installer\MSI2000.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI931F.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID0A8.tmp- =>Empty


---\\ Registry ( Key, Value, Data) (147)
DELETED key^: HKLM\SYSTEM\CurrentControlSet\Services\MPCProtectService [C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe] =>.Superfluous.MPCCleaner
DELETED key^: HKLM\SYSTEM\CurrentControlSet\Services\MPCKpt [C:\Windows\System32\drivers\MPCKpt.sys] =>.Superfluous.MPCCleaner
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{129DFFB4-150-4A5C-B3D6-2E9567291F52} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1455E3AD-CE6A-4B1C-967A-71FEBF4238B} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{154EC709-DF51-40B7-A7E7-E5881961C962} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B63E77D-8B1C-4605-8E60-1E35C8423421} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B7B049C-4ABE-4657-81CD-581ABC23CB7F} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{207EA2FD-892B-493A-A3E6-587443AC24C} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{217F263A-34E5-43C8-92E3-32FAEBB52443} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{23E561F3-A390-4BB0-A7CB-F85DBD82B} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{241800e4-fb00-427f-b73d-bb8f0de0ae52} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24ABBE35-860F-459C-A6E2-E6435AF9EE7} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{295CE59A-CCAB-45EE-B2FC-1C3B2D5E5614} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2969C03-D33E-4311-B773-DB4D6E1E3411} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A4185B9-EB73-43F2-825-6E4BB65DC5} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A966760-F9E9-4A07-AAAE-69DCECC6EDA3} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2B1EDBFF-AFA3-482A-BBCC-D5D1F8893B84} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33E9BA87-2050-4FDB-A945-323B7BC0EE2A} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{34151A4A-437D-410D-B9F-E9B12A2A1284} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{341B0B79-94DF-41C5-B2DE-C274515CF68} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{355851CF-7C1E-4A57-8742-FEAA744E9AD7} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3679DCC3-374B-490B-9AA2-EA28F44A5124} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37AEF6FE-A1F0-48C5-98AC-BFFC20436A47} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37CE81F6-E2D6-4393-90D0-12A91162D81} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3C747FA-987C-41D5-9E73-82F09ABA221C} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3CD2C607-C81A-49B6-AF4E-30E75B335B6} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3CE98E07-E829-432A-A17F-1869F025F4DD} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E0C2EA1-F01-46EF-9FDE-E371AE7878FD} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E64E194-96C9-4A83-A879-48DCF54E844} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3EB7ABE0-3EE1-43F4-8E90-3224C1C41152} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4404BDE0-EF01-4D53-B85F-6A48B21E13A5} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{45338F4B-9E3C-418A-9085-2580B84D3A71} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{475D603D-C2F-4E1E-B9DB-5C58C18A60BA} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B0D8AA4-D1E5-4B70-8E2D-79C7EB4D74D9} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4DE6C3DD-C94F-4D42-8258-D95728FA4185} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4E696365-30A-4BBC-A32C-7EE23D2349D} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{50CA60EA-5259-43A2-A910-99AB7AABE813} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53CF9EFF-948B-4719-8021-52BDEF5E9098} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{555787A2-BDF6-4499-A49B-C85E1BB8AFDB} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5599EE9E-B850-447E-8F3-72E48CDA485} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{586722C1-7781-4C60-9DD-246645C964B6} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59E52666-F81C-4079-9DFE-49610A271EF} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5AF57435-54D9-45D1-A4EC-96E8EBC0A5A7} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60C8909D-BE58-4C5C-931C-AC207F14E1DB} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{626EB014-98AC-4725-A824-AA9B3F3E6145} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63ACE502-6818-4F9F-84EC-5A34E0C91330} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{647A621-93E2-4A81-B013-A3127F1E1CA2} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6624A907-618E-4501-9BAF-B137740C64E} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6AB1B884-FF91-4DD9-BEFA-A4AAF6B6732} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6BCC24A1-550A-4C51-9D6D-6A4984D827B2} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F32DB4C-92CB-40FA-B37E-47D5CA64C897} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F65FE3D-163-4DB7-A081-53B9DD12C94} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F95D2E5-D4F1-4484-A575-182F27622898} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{722BBE79-CBBA-462D-AC83-6718431674A1} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{75E1595F-85FF-445A-87FD-4357A3513D} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7647AA6A-F031-449D-9725-38922D6097D1} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7937AF4C-CE4A-4D9E-AC4E-AD62838E2BE1} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7B9DFB4A-20C7-4B73-ADF7-E8C7A92DFE2} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7ca0a951-96c9-456b-8646-1dc97c025867} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7E22E767-B495-4419-91B3-F32B3DFEADA3} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7E364C66-2093-407D-8525-A23060B9231F} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{86910530-A164-46B1-989E-54534BC96236} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{880E5686-6892-41FA-B43A-8C3951F2542} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{88422DC8-8E5C-484E-8A10-44759CFB6D5F} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8A08B8E6-ECFA-4FCD-B3C9-F5A23F72565} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97C47615-6D01-41AC-B3E4-BB187A585393} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97E07FBB-A6B3-44E8-9035-7045EDD32A4C} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{982D7E14-2DB1-404D-BC91-AD9D2437EA76} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98F5767B-8983-4C85-A431-E077D9CDBBA9} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98F8F5F2-287C-42F4-A680-881645302DBA} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9BB4B6D7-ABBB-44FB-B190-1B8C33A33340} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9E8F03AC-59DB-42BA-98DA-79273164047} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A1321A73-82E1-4914-9079-6573AEC4A054} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a2740140-256a-4b6e-8df2-2a748be58138} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5344EDA-377E-4592-A768-6ABCF2D41E97} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a7110e4d-f672-441c-9381-54e2b76b8178} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA73DA4D-2C73-4FAD-BE12-65223CD27C54} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AE0A49A1-CAD-41FA-BBA9-EBF5229DC13} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B0169128-A1C5-43BF-A4CD-40BEECDD553} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B10559FB-1D06-4C31-8480-EACEDE30326} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B16373CC-F6C8-4C2E-B932-11D5E0FCEF40} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2A8420D-63D3-48BF-B1E9-4DC87872E92} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAA22938-2BC9-4187-8447-134A1BE94AD8} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BC7B18FF-B1A1-4A3E-BECE-5EA23CAAAB50} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BCEF7DC8-D5EF-4C14-889F-DDD7C582E42} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD1AD2B9-AC26-4F08-BECE-B4285296B1E1} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BDD15D96-5018-41AE-B6C5-23291DBD7D76} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF572209-BDFF-472F-A137-211FB552FA63} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFBAD766-EAF3-42AD-A145-6E29AF7FE92} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3DC9233-D101-455D-A7CA-E5DA3B921F29} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3E52FD4-F729-4F2D-8954-4E30E401EBC} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C686DB0A-45FE-4459-B29A-CC76767635} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C814E302-D484-4AD6-89B7-EBE3E8655C55} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA3F9C-B36B-42FB-8C8D-F1EB8221867D} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB28E27C-6E24-4050-8DCA-D42A3BA7CC8D} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D04509E1-A0C-48C3-8BC5-6B4636257DEB} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1AFC1C9-A81B-4D40-BA11-3C54B7F96145} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1B064F7-69A1-4849-8DC6-8297779CFDCD} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D22B11EF-1C5F-405B-9774-DBAB7DD9A3} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D30D544F-C693-49D3-82BC-BA3EB08EC3F2} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D3AEB232-80E7-4B1B-B1E7-6A72CFDD1FED} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D431865B-3CC7-42A9-B817-7ACC5299CC19} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D4E60220-4D1B-4EA8-913E-9C577EFA1C63} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D6C41DA5-2E51-4BF0-B0F6-6671845A7DD1} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D6DAD5C5-1118-4B65-B9D2-713F448158C} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D739A33E-D7C5-4322-AF28-2DA2146545E7} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D859ED37-6CB8-4529-A770-778FE93FBD38} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D8E124C8-E206-4F20-BD8D-F39B8B4BD928} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA0C310-3AB9-4549-9B34-65D04674DFBB} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DABA1680-4CDF-4605-BB7-26798B7B404} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DE2BF3B-C0E8-4DA9-91DF-7113F5A0E} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E18D1BD1-EDA4-487A-B94-9BCA4FB85991} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E18ED901-5DD3-4FD8-88C4-3E8B1AD556C6} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E21A962D-598-483A-9126-45FE8F4B711} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E405FFF2-C6FC-4E5F-9D9A-F192E9941813} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E413C725-FE8D-49C1-AC52-B3A05B4C4E56} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E5A05A7C-CA7C-4B6C-8C8E-DD5060C9D921} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E790B9E5-9668-41B4-907-6A5FBDA36B22} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E79295AC-1C5B-4EBD-AD2C-EA237B225418} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E8F15B07-6D58-4CCF-8F1D-E7A44F4BB33F} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E9FB884F-7547-4DB4-82D1-20A9777D643C} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB3AE85D-C4B6-4887-9C1-7BA85B349EAC} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ECD88DE4-372-4A0F-ABA-05274C52AAE} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF1751D-9DBA-4E83-967F-33D76BA39982} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0BCA944-D693-4F6A-BD4A-6CF53CE185CB} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0FF115B-CA83-44D4-8BD5-A7B7789A1AB} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F14D5A5B-37BC-4336-9389-69D98219D1D9} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3BAF732-DB22-4EB7-A594-FCAC98D5A9C2} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4454BA9-C7FB-477F-977-B7A7C14D119} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F736894-5D34-40CA-9A3C-F193933EB8DB} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F741AE47-5EEA-4E3B-B71C-193CBE31FE63} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC45C24E-FF10-48B9-BCDC-E5864A43C7B} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC7EBA9E-29A6-4EC9-A963-338F3611585} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD26565A-CB63-46BA-AA18-6E40908E87D9} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Oasis Space [] =>PUP.Optional.OasisSpace
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{241800e4-fb00-427f-b73d-bb8f0de0ae52} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7ca0a951-96c9-456b-8646-1dc97c025867} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a2740140-256a-4b6e-8df2-2a748be58138} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a7110e4d-f672-441c-9381-54e2b76b8178} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.] =>Heuristic.Suspect
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7ca0a951-96c9-456b-8646-1dc97c025867} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a2740140-256a-4b6e-8df2-2a748be58138} [C:\Program Files (x86)\Browsers Apps (Not File)] =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a7110e4d-f672-441c-9381-54e2b76b8178} [C:\Program Files (x86)\HQPureV1.8 (Not File)] =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4E9C1CA-F28B-443B-B66E-B53C6E27220B} [C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE (Not File)] =>PUP.Optional.Datamngr
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{4F622628-7632-4B28-B184-D7BA0CA3273B} [OShellContextMenu Class] =>.Superfluous.WinZipper
DELETED key: [X64] HKLM\SOFTWARE\Classes\CLSID\{4F622628-7632-4B28-B184-D7BA0CA3273B}\InprocServer32 [C:\Program Files (x86)\WinZipper\eshellctx64.dll (Not File)] =>.Superfluous.WinZipper
DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\MyPC Backup.lnk [0x020000000000000000000000] =>PUP.Optional.MyPCBackup


---\\ Summary of the elements found (9)
http://www.nicolascoolman.fr/superfluous-mpccleaner/ =>.Superfluous.MPCCleaner
http://www.nicolascoolman.fr/?p=5145 =>.Superfluous.CloudfrontNet
http://www.nicolascoolman.fr/pup-shopeasy/ =>PUP.Optional.ShopEasy
https://www.nicolascoolman.info/2016/04/30/pup-optional-crossrider/ =>PUP.Optional.CrossRider
http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.OasisSpace
https://www.nicolascoolman.info/2016/04/22/heuristic-suspect/ =>Heuristic.Suspect
http://www.nicolascoolman.fr/?p=270 =>PUP.Optional.Datamngr
http://www.nicolascoolman.fr/?p=5145 =>.Superfluous.WinZipper
http://www.nicolascoolman.fr/?p=316 =>PUP.Optional.MyPCBackup


---\\ Other deletions. (14)
~ Registry Keys Tracing deleted (14)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
~ The system has been restarted.


---\\ Statistics
~ Items scanned : 201
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 160


~ End of clean in 00h02mn39s
~====================
ZHPCleaner-[R]-19062016-20_02_49.txt
ZHPCleaner-[S]-19062016-19_59_59.txt

#12 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:43 AM

Posted 19 June 2016 - 09:08 PM

Malwarebytes Scan.

 

We need you to run MalwareBytes to get a log, please download the free version of MalwareBytes HERE

http://data-cdn.mbamupdates.com/web/mbam-setup-2.2.0.1024.exe  Alternate Link.

Save the file to somewhere you can easily find it. Double click the saved file to start the install, accept any security warnings that may appear, and after the install click the new desktop icon to start the program. We need to modify a couple of things with MalwareBytes before we use it so please follow the steps below.

  1. If the dashboard is not already displayed select it.
  2. Then select "Update Now" to get the latest database.

VSKiiIc.jpg

  1. Next we need to change a scanning option, select "Settings" on the main menu, then "Detection and Protection" on the left.
  2. Then select "Scan for rootkits" in the detection options, as well as the other two options already checked.

ZU4W2g2.jpg

  • Now return to Dashboard on the main menu and select "Scan Now" at the bottom of the screen.

nF8dOcq.jpg

  • Allow MalwareBytes to scan your system, it may take some time depending on what you have loaded onto your hard drive.

L8lsasM.jpg

When the scan is finished

  1. Click "Save Results"
  2. Then click on "Text file"

5x4JOvA.jpg

  • A window will then open allowing you to choose a name for the logfile and also allowing you to choose where to save it, save it to the desktop.
  • Please copy and paste the contents of this file in your next post.

 

 

Eset Online Scanner.

 

Eset Scan

Click Me To Download Eset Scan

Disable your antivirus prior to this scan.
 
 esetonlinebtn.png
 

  •  Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

 

Minitoolbox scan.

 

 

Please download Minitoolbox and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Security Check Scan.

 

Download Security Check to your desktop, right click it run as administrator. When the program completes, the tool will automatically open a log file, please post that log here in your next post.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users