Jump to content

Recommended Posts

  • Replies 54
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

  • Staff

Lets go ahead and verify your signatures:

Now let's check something. Follow the instructions below.

Download Sigcheck from https://live.sysinternals.com/sigcheck.exe

Make sure it is in your Downloads folder, alongside the Malwarebytes installer from before. (Please place the MB3.x installer also in your downloads folder if not so)

Open a command prompt with Admin Rights

Enter the following commands: 

cd C:\Users\username\Downloads sigcheck * > signatures.txt

This will create the signatures.txt in your downloads folder. Can you please attach that to the next reply.

Link to post
Share on other sites
  • Staff

Please run the following steps:

Press on the Win + R keys, type in mmc.exe and press on Enter.
In the Console, click on the File menu, followed by Add/Remove Snap-in....
In the left list, select Certificates and click on Add to add it to the other side.
In the prompt, select My user account and click on Finish, then on Ok.
Browse under the Certificates - Current User till you reach Untrusted Certificates and click on it.

Please send me a scheenshot of the untrused certificates you have.

Link to post
Share on other sites
  • Staff

Very good.

Now, select all these certificates and delete them (with the Del button or right-click and Delete). Once done, try to install Malwarebytes.

You should be able to install Malwarebytes without issues.

 

Link to post
Share on other sites
  • 2 weeks later...

Let's start by getting a fresh set of logs from FRST (FRST.txt and Addition.txt). So please run a new scan with FRST, and attach both logs here after.

Link to post
Share on other sites

Sorry for the delay. There isn't much left to remove.

Please uninstall Ace Stream Media 3.1.1, which includes an adware module that is enabled a short time after the program is installed on the system.

Once done, run the following FRST fix.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

fixlist.txt

Link to post
Share on other sites

I ran it twice since I was in safe mode the first time and the fix sayd it dident make a restore point, the second one was in normal mode. 

 

Safe mode:

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-06-2017
Ran by Amin (06-06-2017 19:03:21) Run:4
Running from C:\Users\Amin Addow\Desktop
Loaded Profiles: Amin (Available Profiles: defaultuser0 & Amin)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File

FF Extension: (Ace Stream Web Extension) - C:\Users\Amin Addow\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2017-01-31]
FF Plugin HKU\S-1-5-21-941062246-4019233677-694128654-1001: @acestream.net/acestreamplugin,version=3.1.1 -> C:\Users\Amin Addow\AppData\Roaming\ACEStream\player\npace_plugin.dll [2015-08-06] (Innovative Digital Technologies)

CHR StartupUrls: Default -> "hxxp://www.initialsite123.com/?z=b94309e11b793756a600a2cg8z1tczct1m6g4o1tdz&from=icb&uid=3219913727_526057_8E5C3B48&type=hp"
CHR DefaultSearchURL: Default -> hxxp://navsmart.info/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> {searchterms}
CHR HKU\S-1-5-21-941062246-4019233677-694128654-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx

S2 BIT; C:\ProgramData\BIT\BIT.dll [X] <==== ATTENTION

Task: {62ACDF13-E122-4FA6-BF6C-7A35800D8DAC} - \Microsoft\Windows\DeviceSettings\Niculyigerent -> No File <==== ATTENTION
Task: {733CF82A-069B-4652-B94D-DF93D2E99B94} - System32\Tasks\watchdog2 => C:\Windows\System32\Drivers\UMDF\run2.bat [2016-07-28] () <==== ATTENTION

FirewallRules: [TCP Query User{D0414E82-93CC-4189-ACAA-6775475B5463}C:\users\amin addow\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\amin addow\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{7BB7309C-063B-4DEA-B988-C3E9909A6827}C:\users\amin addow\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\amin addow\appdata\roaming\acestream\engine\ace_engine.exe

C:\Program Files\0EBDV8HZKL
C:\ProgramData\agent.1494972023.bdinstall.bin
C:\ProgramData\agent.1495136354.bdinstall.bin
C:\ProgramData\agent.1495136363.bdinstall.bin
C:\ProgramData\agent.1495143774.bdinstall.bin
C:\ProgramData\agent.uninstall.1495030377.bdinstall.bin
C:\ProgramData\agent.update.1494973243.bdinstall.bin
C:\ProgramData\igfxDH.dll
C:\ProgramData\BIT
C:\Users\Amin Addow\AppData\Roaming\ACEStream
C:\Windows\System32\Drivers\UMDF\run2.bat

EmptyTemp:
*****************

Processes closed successfully.
Error: Restore point can only be created in normal mode.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
C:\Users\Amin Addow\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found.
HKU\S-1-5-21-941062246-4019233677-694128654-1001\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.1.1 => key not found. 
C:\Users\Amin Addow\AppData\Roaming\ACEStream\player\npace_plugin.dll => not found.
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
HKU\S-1-5-21-941062246-4019233677-694128654-1001\SOFTWARE\Google\Chrome\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo => key not found. 
HKLM\System\CurrentControlSet\Services\BIT => key removed successfully
BIT => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62ACDF13-E122-4FA6-BF6C-7A35800D8DAC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62ACDF13-E122-4FA6-BF6C-7A35800D8DAC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\DeviceSettings\Niculyigerent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{733CF82A-069B-4652-B94D-DF93D2E99B94} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{733CF82A-069B-4652-B94D-DF93D2E99B94} => key removed successfully
C:\WINDOWS\System32\Tasks\watchdog2 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\watchdog2 => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D0414E82-93CC-4189-ACAA-6775475B5463}C:\users\amin addow\appdata\roaming\acestream\engine\ace_engine.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7BB7309C-063B-4DEA-B988-C3E9909A6827}C:\users\amin addow\appdata\roaming\acestream\engine\ace_engine.exe => value removed successfully
C:\Program Files\0EBDV8HZKL => moved successfully
C:\ProgramData\agent.1494972023.bdinstall.bin => moved successfully
C:\ProgramData\agent.1495136354.bdinstall.bin => moved successfully
C:\ProgramData\agent.1495136363.bdinstall.bin => moved successfully
C:\ProgramData\agent.1495143774.bdinstall.bin => moved successfully
C:\ProgramData\agent.uninstall.1495030377.bdinstall.bin => moved successfully
C:\ProgramData\agent.update.1494973243.bdinstall.bin => moved successfully
C:\ProgramData\igfxDH.dll => moved successfully
C:\ProgramData\BIT => moved successfully
C:\Users\Amin Addow\AppData\Roaming\ACEStream => moved successfully
C:\Windows\System32\Drivers\UMDF\run2.bat => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 12345344 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12741076 B
Java, Flash, Steam htmlcache => 189617822 B
Windows/system/drivers => 10904427 B
Edge => 40013 B
Chrome => 397549463 B
Firefox => 26548922 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 83600 B
systemprofile32 => 867288 B
LocalService => 20564 B
NetworkService => 35108 B
defaultuser0 => 0 B
Amin Addow => 39840973 B

RecycleBin => 13357440 B
EmptyTemp: => 671.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:03:31 ====

 

 

 

Normal mode:

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-06-2017
Ran by Amin (06-06-2017 19:15:04) Run:5
Running from C:\Users\Amin Addow\Desktop
Loaded Profiles: Amin (Available Profiles: defaultuser0 & Amin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File

FF Extension: (Ace Stream Web Extension) - C:\Users\Amin Addow\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2017-01-31]
FF Plugin HKU\S-1-5-21-941062246-4019233677-694128654-1001: @acestream.net/acestreamplugin,version=3.1.1 -> C:\Users\Amin Addow\AppData\Roaming\ACEStream\player\npace_plugin.dll [2015-08-06] (Innovative Digital Technologies)

CHR StartupUrls: Default -> "hxxp://www.initialsite123.com/?z=b94309e11b793756a600a2cg8z1tczct1m6g4o1tdz&from=icb&uid=3219913727_526057_8E5C3B48&type=hp"
CHR DefaultSearchURL: Default -> hxxp://navsmart.info/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> {searchterms}
CHR HKU\S-1-5-21-941062246-4019233677-694128654-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx

S2 BIT; C:\ProgramData\BIT\BIT.dll [X] <==== ATTENTION

Task: {62ACDF13-E122-4FA6-BF6C-7A35800D8DAC} - \Microsoft\Windows\DeviceSettings\Niculyigerent -> No File <==== ATTENTION
Task: {733CF82A-069B-4652-B94D-DF93D2E99B94} - System32\Tasks\watchdog2 => C:\Windows\System32\Drivers\UMDF\run2.bat [2016-07-28] () <==== ATTENTION

FirewallRules: [TCP Query User{D0414E82-93CC-4189-ACAA-6775475B5463}C:\users\amin addow\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\amin addow\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{7BB7309C-063B-4DEA-B988-C3E9909A6827}C:\users\amin addow\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\amin addow\appdata\roaming\acestream\engine\ace_engine.exe

C:\Program Files\0EBDV8HZKL
C:\ProgramData\agent.1494972023.bdinstall.bin
C:\ProgramData\agent.1495136354.bdinstall.bin
C:\ProgramData\agent.1495136363.bdinstall.bin
C:\ProgramData\agent.1495143774.bdinstall.bin
C:\ProgramData\agent.uninstall.1495030377.bdinstall.bin
C:\ProgramData\agent.update.1494973243.bdinstall.bin
C:\ProgramData\igfxDH.dll
C:\ProgramData\BIT
C:\Users\Amin Addow\AppData\Roaming\ACEStream
C:\Windows\System32\Drivers\UMDF\run2.bat

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key not found. 
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
C:\Users\Amin Addow\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found.
HKU\S-1-5-21-941062246-4019233677-694128654-1001\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.1.1 => key not found. 
C:\Users\Amin Addow\AppData\Roaming\ACEStream\player\npace_plugin.dll => not found.
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => not found.
Chrome DefaultSearchKeyword => not found.
HKU\S-1-5-21-941062246-4019233677-694128654-1001\SOFTWARE\Google\Chrome\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo => key not found. 
BIT => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62ACDF13-E122-4FA6-BF6C-7A35800D8DAC} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\DeviceSettings\Niculyigerent => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{733CF82A-069B-4652-B94D-DF93D2E99B94} => key not found. 
C:\WINDOWS\System32\Tasks\watchdog2 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\watchdog2 => key not found. 
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D0414E82-93CC-4189-ACAA-6775475B5463}C:\users\amin addow\appdata\roaming\acestream\engine\ace_engine.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7BB7309C-063B-4DEA-B988-C3E9909A6827}C:\users\amin addow\appdata\roaming\acestream\engine\ace_engine.exe => value not found.
"C:\Program Files\0EBDV8HZKL" => not found.
"C:\ProgramData\agent.1494972023.bdinstall.bin" => not found.
"C:\ProgramData\agent.1495136354.bdinstall.bin" => not found.
"C:\ProgramData\agent.1495136363.bdinstall.bin" => not found.
"C:\ProgramData\agent.1495143774.bdinstall.bin" => not found.
"C:\ProgramData\agent.uninstall.1495030377.bdinstall.bin" => not found.
"C:\ProgramData\agent.update.1494973243.bdinstall.bin" => not found.
"C:\ProgramData\igfxDH.dll" => not found.
"C:\ProgramData\BIT" => not found.
"C:\Users\Amin Addow\AppData\Roaming\ACEStream" => not found.
"C:\Windows\System32\Drivers\UMDF\run2.bat" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 12345344 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7362616 B
Java, Flash, Steam htmlcache => 138240 B
Windows/system/drivers => 7449376 B
Edge => 0 B
Chrome => 16477021 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 830 B
NetworkService => 0 B
defaultuser0 => 0 B
Amin Addow => 13036402 B

RecycleBin => 0 B
EmptyTemp: => 54.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:15:26 ====

Link to post
Share on other sites

Good :) Let's run JRT and AdwCleaner just to sweep for remnants.

iT103hr.pngJunkware Removal Tool (JRT)

  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;

Your next reply(ies) should therefore contain:

  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;

Link to post
Share on other sites

Here they are:

 

JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64 
Ran by Amin (Administrator) on 06.06.2017 at 20.42.44,90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 0 


Registry: 1 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6ADB0154-4781-473A-B1B0-F090C6DD1D01} (Registry Key)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.06.2017 at 20.45.32,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

AdwCleaner clean log:

# AdwCleaner v6.047 - Logfile created 06/06/2017 at 20:53:03
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-06.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Amin - LAPTOP-7EP4QV9A
# Running from : C:\Users\Amin Addow\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Users\Amin Addow\AppData\LocalLow\.acestream
[-] Folder deleted: C:\Users\Amin Addow\AppData\RoAming\.acestream
[-] Folder deleted: C:\Users\Amin Addow\AppData\RoAming\Enigma Software Group
[-] Folder deleted: C:\Program Files\DriverSetupUtility
[-] Folder deleted: C:\Program Files\Enigma Software Group
[-] Folder deleted: C:\_acestream_cache_
[-] Folder deleted: C:\sh4ldr
[-] Folder deleted: C:\ProgramData\DriverSetupUtility
[-] Folder deleted: C:\ProgramData\VideoMemoryDiagnostic
[-] Folder deleted: C:\WINDOWS\SysWOW64\SSL


***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\services\d877ab5a48fbef5f12fbd2d96a1ced20
[-] Key deleted: HKU\S-1-5-21-941062246-4019233677-694128654-1001\Software\Classes\.acestream
[-] Key deleted: HKU\S-1-5-21-941062246-4019233677-694128654-1001\Software\Classes\acestream
[#] Key deleted on reboot: HKCU\Software\Classes\.acestream
[#] Key deleted on reboot: HKCU\Software\Classes\acestream
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\.acestream
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\acestream
[-] Key deleted: HKCU\Software\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
[-] Key deleted: HKU\.DEFAULT\Software\ompndb
[-] Key deleted: HKU\S-1-5-21-941062246-4019233677-694128654-1001\Software\Installer
[-] Key deleted: HKU\S-1-5-21-941062246-4019233677-694128654-1001\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
[-] Key deleted: HKU\S-1-5-21-941062246-4019233677-694128654-1001\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
[-] Key deleted: HKU\S-1-5-21-941062246-4019233677-694128654-1001\Software\PopWnd
[#] Key deleted on reboot: HKU\S-1-5-18\Software\ompndb
[#] Key deleted on reboot: HKCU\Software\Installer
[#] Key deleted on reboot: HKCU\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
[#] Key deleted on reboot: HKCU\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
[#] Key deleted on reboot: HKCU\Software\PopWnd
[-] Key deleted: HKLM\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
[-] Key deleted: HKLM\SOFTWARE\ompndb
[#] Key deleted on reboot: [x64] HKCU\Software\Installer
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
[#] Key deleted on reboot: [x64] HKCU\Software\PopWnd
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
[-] Key deleted: [x64] HKLM\SOFTWARE\ompndb
[-] Key deleted: [x64] HKLM\SOFTWARE\EnigmaSoftwareGroup
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchy
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{24F5E422-6A70-4FAA-8CAD-E23D5DC1DAE6}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD0688A5-FC8B-4E93-A485-CBF606A56D49}
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[-] Value deleted: HKU\S-1-5-21-941062246-4019233677-694128654-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [msiql]
[-] Key deleted: HKCU\Software\Classes\MIME\Database\Content Type\application/x-acestream-plugin
[#] Key deleted on reboot: HKCU\SOFTWARE\Classes\MIME\Database\Content Type\application/x-acestream-plugin
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [BIT]


***** [ Web browsers ] *****

[-] [C:\Users\Amin Addow\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.initialsite123.com/?z=b94309e11b793756a600a2cg8z1tczct1m6g4o1tdz&from=icb&uid=3219913727_526057_8E5C3B48&type=hp


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5347 Bytes] - [06/06/2017 20:53:03]
C:\AdwCleaner\AdwCleaner[S0].txt - [5410 Bytes] - [06/06/2017 20:50:40]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5493 Bytes] ##########
 

Link to post
Share on other sites

Not good. The only way I can stay connected is by a wired connection since the computer won't show me available wireless networks. And the windows button it not working. Only by right-clicking it giving me the list of options.

What do you think we can do?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.