Jump to content

Recommended Posts

So after i downloaded a .rar file that i think it would be infected by some kind of virus, my mouse and keyboard started lagging and got some kind of pc freezing after that i tried scanning my computer with tool ( EST NOD32 Antivirus 9 ) i actually found 215 existing threats, i've already deleted all of them and nothing happend at all   

Link to post
Share on other sites

This is my log for the JRT tool

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 7 Professional x64 
Ran by Dream Theater (Administrator) on Wed 03/15/2017 at 23:00:42.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 106 

Failed to delete: C:\Users\Dream Theater\AppData\Roaming\opencandy (Folder) 
Successfully deleted: C:\end (File) 
Successfully deleted: C:\Program Files (x86)\SavePass 1.1 (Folder)
Successfully deleted: C:\ProgramData\13298502821923672528 (Folder) 
Successfully deleted: C:\ProgramData\apn (Folder) 
Successfully deleted: C:\ProgramData\thunder network (Folder) 
Successfully deleted: C:\ProgramData\uncheckit (Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\globalupdate (Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\ysearchutil (Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Roaming\Mozilla\Firefox\Profiles\zein35tr.default\searchplugins\nuesearch.xml (File) 
Successfully deleted: C:\Users\Dream Theater\AppData\Roaming\uncheckit (Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Roaming\zona (Folder) 
Successfully deleted: C:\Users\Public\thunder network (Folder) 
Successfully deleted: C:\Windows\apppatch\custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb (File) 
Successfully deleted: C:\Windows\apppatch\custom\custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb (File) 
Successfully deleted: C:\Windows\system32\Tasks\avaxvyyvyf (Task)
Successfully deleted: C:\Windows\system32\Tasks\f92245d0-166f-489f-b92f-6aae0e433854-1-6 (Task)
Successfully deleted: C:\Windows\system32\Tasks\f92245d0-166f-489f-b92f-6aae0e433854-1-7 (Task)
Successfully deleted: C:\Windows\system32\Tasks\f92245d0-166f-489f-b92f-6aae0e433854-10_user (Task)
Successfully deleted: C:\Windows\system32\Tasks\f92245d0-166f-489f-b92f-6aae0e433854-3 (Task)
Successfully deleted: C:\Windows\system32\Tasks\f92245d0-166f-489f-b92f-6aae0e433854-4 (Task)
Successfully deleted: C:\Windows\system32\Tasks\f92245d0-166f-489f-b92f-6aae0e433854-5 (Task)
Successfully deleted: C:\Windows\system32\Tasks\f92245d0-166f-489f-b92f-6aae0e433854-5_user (Task)
Successfully deleted: C:\Windows\system32\Tasks\f92245d0-166f-489f-b92f-6aae0e433854-6 (Task)
Successfully deleted: C:\Windows\system32\Tasks\f92245d0-166f-489f-b92f-6aae0e433854-7 (Task)
Successfully deleted: C:\Windows\Tasks\f92245d0-166f-489f-b92f-6aae0e433854-1-6.job (Task) 
Successfully deleted: C:\Windows\Tasks\f92245d0-166f-489f-b92f-6aae0e433854-1-7.job (Task) 
Successfully deleted: C:\Windows\Tasks\f92245d0-166f-489f-b92f-6aae0e433854-10_user.job (Task) 
Successfully deleted: C:\Windows\Tasks\f92245d0-166f-489f-b92f-6aae0e433854-3.job (Task) 
Successfully deleted: C:\Windows\Tasks\f92245d0-166f-489f-b92f-6aae0e433854-4.job (Task) 
Successfully deleted: C:\Windows\Tasks\f92245d0-166f-489f-b92f-6aae0e433854-5.job (Task) 
Successfully deleted: C:\Windows\Tasks\f92245d0-166f-489f-b92f-6aae0e433854-5_user.job (Task) 
Successfully deleted: C:\Windows\Tasks\f92245d0-166f-489f-b92f-6aae0e433854-6.job (Task) 
Successfully deleted: C:\Windows\Tasks\f92245d0-166f-489f-b92f-6aae0e433854-7.job (Task) 
Successfully deleted: C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602 (Folder) 
Successfully deleted: C:\Program Files (x86)\uncheckit (Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03N1V9GK (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9UBC5YJR (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AHG62RP1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ATAYKY78 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B3TZD393 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZFDUT8L (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPWLWGBB (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D304R5GX (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZEY8JAZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FO2G2MQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLGMQ7N1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IC0IHHW1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IE87C8NQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J43RKTM2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K33HVFEY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K67DPT79 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KM0DY24W (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW1MNZET (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH94926J (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\POM6HESA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T536SGGY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TFTJ2DJO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM2ONJ8Z (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WKKG8YD1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WLRBFMO1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X8RV0ZGJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YCPT9VWP (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS05D0DP (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YT1OBS96 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZC32N53E (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dream Theater\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLGGB6PM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03N1V9GK (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9UBC5YJR (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AHG62RP1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ATAYKY78 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B3TZD393 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZFDUT8L (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPWLWGBB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D304R5GX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZEY8JAZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FO2G2MQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLGMQ7N1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IC0IHHW1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IE87C8NQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J43RKTM2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K33HVFEY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K67DPT79 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KM0DY24W (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW1MNZET (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH94926J (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\POM6HESA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T536SGGY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TFTJ2DJO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM2ONJ8Z (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WKKG8YD1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WLRBFMO1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X8RV0ZGJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YCPT9VWP (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS05D0DP (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YT1OBS96 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZC32N53E (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLGGB6PM (Temporary Internet Files Folder) 

Deleted the following from C:\Users\Dream Theater\AppData\Roaming\Mozilla\Firefox\Profiles\zein35tr.default\prefs.js
user_pref(extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.monetization_plugin_bundledUrls.value, %7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfil
user_pref(extensions.crossrider.bic, 14db1c34218bc66aa46b77a97c3f7235);

Registry: 13 

Successfully deleted: HKLM\Software\MozillaPlugins\@staging.google.com/globalupdate update;version=10 (Registry Key) 
Successfully deleted: HKLM\Software\MozillaPlugins\@staging.google.com/globalupdate update;version=4 (Registry Key) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\Orbiter (Registry Key) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL (Registry Value) 
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL (Registry Value) 
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page (Registry Value) 
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/15/2017 at 23:02:35.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

And after using the tool ( AdwCleaner ) i had two log's first named C0 and Second named S0

 

This is for the C0

 

# AdwCleaner v6.044 - Logfile created 15/03/2017 at 23:13:56
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-15.2 [Local]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Dream Theater - DREAMTHEATER-PC
# Running from : C:\Users\Dream Theater\Downloads\Programs\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

[-] Service deleted: Orbiter
[-] Service deleted: rtop


***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\0winp0
[-] Folder deleted: C:\ProgramData\BwinpB
[-] Folder deleted: C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
[-] Folder deleted: C:\ProgramData\QwinpQ
[-] Folder deleted: C:\ProgramData\{1202f5ba-d1a5-1e23-1202-2f5bad1ad6eb}
[-] Folder deleted: C:\Users\Dream Theater\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
[-] Folder deleted: C:\Users\Dream Theater\AppData\Local\avaxvyyvyf
[-] Folder deleted: C:\Users\Dream Theater\AppData\Roaming\OpenCandy
[-] Folder deleted: C:\Users\Dream Theater\AppData\Roaming\TSv
[-] Folder deleted: C:\Users\Dream Theater\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
[-] Folder deleted: C:\Users\Dream Theater\AppData\Roaming\Profiles\60vgkeso.default\YourGSearchFinder_br
[-] Folder deleted: C:\ProgramData\ByteFence
[-] Folder deleted: C:\ProgramData\uckt
[#] Folder deleted on reboot: C:\ProgramData\Application Data\ByteFence
[#] Folder deleted on reboot: C:\ProgramData\Application Data\uckt
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uncheckit
[-] Folder deleted: C:\Program Files (x86)\TData
[-] Folder deleted: C:\Program Files (x86)\WinSaber
[#] Folder deleted on reboot: C:\Program Files (x86)\winsaber
[-] Folder deleted: C:\Windows\SysWOW64\_SSpm
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Uncheckit
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
[-] Folder deleted: C:\extensions
[-] Folder deleted: C:\Users\Dream Theater\AppData\Roaming\Profiles\yzzfdyu4.default
[-] Folder deleted: C:\Users\Dream Theater\AppData\Roaming\Profiles\60vgkeso.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com
[-] Folder deleted: C:\Users\Dream Theater\AppData\Roaming\Profiles\60vgkeso.default
[-] Folder deleted: C:\Users\Dream Theater\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh
[-] Folder deleted: C:\Users\Dream Theater\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\fcfenmboojpjinhpgggodefccipikbpd


***** [ Files ] *****

[-] File deleted: C:\Windows\SysNative\LavasoftTcpService64.dll
[-] File deleted: C:\Windows\SysNative\LavasoftTcpServiceOff.ini
[-] File deleted: C:\Windows\SysWOW64\lavasofttcpservice.dll
[-] File deleted: C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
[-] File deleted: C:\Users\Dream Theater\AppData\Roaming\Mozilla\Firefox\Profiles\zein35tr.default\searchplugins\yahoo-lavasoft.xml
[#] File deleted: C:\Users\Dream Theater\AppData\Roaming\Profiles\60vgkeso.default\searchplugins\yahoo-lavasoft.xml


***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Shortcut disinfected: C:\Users\Dream Theater\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut disinfected: C:\Users\Dream Theater\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Shortcut disinfected: C:\Users\Dream Theater\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk


***** [ Scheduled Tasks ] *****

[-] Task deleted: Browser Updater Task(Core)
[-] Task deleted: ByteFence
[-] Task deleted: ByteFence Scan
[-] Task deleted: Browser Updater Task(Core)
[-] Task deleted: UncheckitTaskMN
[-] Task deleted: UncheckitUpdateTaskC
[-] Task deleted: UncheckitUpdateTaskDB


***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\f56d1bdc-f325-4c5c-baa8-0129f5185294
[-] Key deleted: HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
[-] Key deleted: HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
[-] Key deleted: HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
[-] Key deleted: HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
[-] Key deleted: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
[-] Key deleted: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
[-] Key deleted: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
[-] Key deleted: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
[-] Key deleted: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
[-] Key deleted: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
[-] Key deleted: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
[-] Key deleted: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
[-] Key deleted: HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
[-] Key deleted: HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
[-] Key deleted: HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
[-] Key deleted: HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
[-] Key deleted: HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
[-] Key deleted: HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
[-] Key deleted: HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
[-] Key deleted: HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
[-] Key deleted: HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
[-] Key deleted: HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
[-] Key deleted: HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
[-] Key deleted: HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
[-] Key deleted: HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
[-] Key deleted: HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
[-] Key deleted: HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
[-] Key deleted: HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{9C81D00A-3DAA-48AB-90C7-8252119ABB93}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1DA17428-323D-48FF-857C-98CFEE48BFD5}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{30C85A3D-1D96-4589-B63F-91FB7EF45A41}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30C85A3D-1D96-4589-B63F-91FB7EF45A41}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30C85A3D-1D96-4589-B63F-91FB7EF45A41}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key deleted: HKU\.DEFAULT\Software\AskPartnerNetwork
[-] Key deleted: HKU\.DEFAULT\Software\ByteFence
[-] Key deleted: HKU\.DEFAULT\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[-] Key deleted: HKU\.DEFAULT\Software\SavePass 1.1-nv-ie
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key deleted: HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Key deleted: HKU\S-1-5-21-2866893847-1979586631-600242883-1000\Software\APN PIP
[-] Key deleted: HKU\S-1-5-21-2866893847-1979586631-600242883-1000\Software\ByteFence
[-] Key deleted: HKU\S-1-5-21-2866893847-1979586631-600242883-1000\Software\GlobalUpdate
[-] Key deleted: HKU\S-1-5-21-2866893847-1979586631-600242883-1000\Software\SavePass 1.1
[-] Key deleted: HKU\S-1-5-21-2866893847-1979586631-600242883-1000\Software\SavePass1.1
[-] Key deleted: HKU\S-1-5-21-2866893847-1979586631-600242883-1000\Software\zona
[-] Key deleted: HKU\S-1-5-21-2866893847-1979586631-600242883-1000\Software\DC3_FEXEC
[-] Key deleted: HKU\S-1-5-21-2866893847-1979586631-600242883-1000\Software\csastats
[-] Key deleted: HKU\S-1-5-21-2866893847-1979586631-600242883-1000\Software\Uncheckit
[-] Key deleted: HKU\S-1-5-21-2866893847-1979586631-600242883-1000\Software\SavePass 1.1-nv-ie
[-] Key deleted: HKU\S-1-5-21-2866893847-1979586631-600242883-1000\Software\AppDataLow\Software\Crossrider
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AskPartnerNetwork
[#] Key deleted on reboot: HKU\S-1-5-18\Software\ByteFence
[#] Key deleted on reboot: HKU\S-1-5-18\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[#] Key deleted on reboot: HKU\S-1-5-18\Software\SavePass 1.1-nv-ie
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[#] Key deleted on reboot: HKCU\Software\APN PIP
[#] Key deleted on reboot: HKCU\Software\ByteFence
[#] Key deleted on reboot: HKCU\Software\GlobalUpdate
[#] Key deleted on reboot: HKCU\Software\SavePass 1.1
[#] Key deleted on reboot: HKCU\Software\SavePass1.1
[#] Key deleted on reboot: HKCU\Software\zona
[#] Key deleted on reboot: HKCU\Software\DC3_FEXEC
[#] Key deleted on reboot: HKCU\Software\csastats
[#] Key deleted on reboot: HKCU\Software\Uncheckit
[#] Key deleted on reboot: HKCU\Software\SavePass 1.1-nv-ie
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Crossrider
[-] Key deleted: HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Key deleted: HKLM\SOFTWARE\ByteFence
[-] Key deleted: HKLM\SOFTWARE\GlobalUpdate
[-] Key deleted: HKLM\SOFTWARE\ORBTR
[-] Key deleted: HKLM\SOFTWARE\PositiveFinds
[-] Key deleted: HKLM\SOFTWARE\SavePass 1.1
[-] Key deleted: HKLM\SOFTWARE\SPPDCOM
[-] Key deleted: HKLM\SOFTWARE\hohosearchSoftware
[-] Key deleted: HKLM\SOFTWARE\Lavasoft\Web Companion
[-] Key deleted: HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[-] Key deleted: HKLM\SOFTWARE\Uncheckit
[-] Key deleted: HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[-] Key deleted: HKLM\SOFTWARE\SavePass 1.1-nv-ie
[-] Key deleted: HKLM\SOFTWARE\WinSaberSvc
[#] Key deleted on reboot: [x64] HKCU\Software\APN PIP
[#] Key deleted on reboot: [x64] HKCU\Software\ByteFence
[#] Key deleted on reboot: [x64] HKCU\Software\GlobalUpdate
[#] Key deleted on reboot: [x64] HKCU\Software\SavePass 1.1
[#] Key deleted on reboot: [x64] HKCU\Software\SavePass1.1
[#] Key deleted on reboot: [x64] HKCU\Software\zona
[#] Key deleted on reboot: [x64] HKCU\Software\DC3_FEXEC
[#] Key deleted on reboot: [x64] HKCU\Software\csastats
[#] Key deleted on reboot: [x64] HKCU\Software\Uncheckit
[#] Key deleted on reboot: [x64] HKCU\Software\SavePass 1.1-nv-ie
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Crossrider
[-] Key deleted: [x64] HKLM\SOFTWARE\ByteFence
[-] Key deleted: [x64] HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] 
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] 
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] 
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] 
[-] Data restored: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
[-] Data restored: HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command [] "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] 
[-] Key deleted: HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Key deleted: HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
[-] Key deleted: HKLM\SOFTWARE\Classes\Directory\shell\ByteFence Folder Scan
[-] Value deleted: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SVCHOST [ORBTR]
[#] Key deleted on reboot: HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[#] Key deleted on reboot: HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Key deleted: HKLM\SOFTWARE\Classes\*\shell\ByteFence File Scan
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\npdicihegicnhaangkdmcgbjceoemeoo


***** [ Web browsers ] *****

[-] Firefox fake profile cleaned: Profile1
[-] Firefox preferences cleaned: "browser.newtab.url" -  "hxxps://en-maktoob.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10270__160522__yaff"
[-] Firefox preferences cleaned: "browser.newtabpage.url" -  "hxxps://en-maktoob.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10270__160522__yaff"
[-] Firefox preferences cleaned: "browser.startup.homepage" -  "hxxps://en-maktoob.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10270__160522__yaff"
[-] [C:\Users\Dream Theater\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Dream Theater\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Dream Theater\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Deleted: nuesearch
[-] [C:\Users\Dream Theater\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [favicon_url] Deleted: hxxp://www.nuesearch.com/searchfavicon.ico
[-] [C:\Users\Dream Theater\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [extension] Deleted: booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Dream Theater\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [extension] Deleted: fcfenmboojpjinhpgggodefccipikbpd
[-] [C:\Users\Dream Theater\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [extension] Deleted: fhnobihfdnklhoilcilfogdcegekpgfn
[-] [C:\Users\Dream Theater\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [extension] Deleted: flpcjncodpafbgdpnkljologafpionhb
[-] [C:\Users\Dream Theater\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [extension] Deleted: npdicihegicnhaangkdmcgbjceoemeoo
[-] [C:\Users\Dream Theater\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [extension] Deleted: oiokahphinmbmakkehgelkmpolmnbkdh


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [26446 Bytes] - [15/03/2017 23:13:56]
C:\AdwCleaner\AdwCleaner[S0].txt - [33088 Bytes] - [15/03/2017 23:10:18]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [26594 Bytes] ##########
 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.