UC Chinese Virus

Collapse
X
Collapse
 
  • Page of 8
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 5 8 template Next
  • Iaro96
    PCHF Member
    • Nov 2016
    • 64
    #16
    Do I do that before running the CCcleaner? I installed it but I’m not sure what is it that I have to do with it.

      Comment

      • Malnutrition
        PCHF Moderator
        • Jul 2016
        • 7041
        #17
        Originally posted by Iaro96
        I installed it but I’m not sure what is it that I have to do with it.
        Ccleaner? I had instructions for you to disable your start up programs with it.

          Comment

          • Malnutrition
            PCHF Moderator
            • Jul 2016
            • 7041
            #18
            If you still have issues with CCleaner, then skip and run the adware cleaning tools. I will provide more detailed information on Ccleaner after those other tools have been ran.

              Comment

              • Iaro96
                PCHF Member
                • Nov 2016
                • 64
                #19
                Alright, will save that for last! Doing the scans. (Again, thank you so much)

                  Comment

                  • Iaro96
                    PCHF Member
                    • Nov 2016
                    • 64
                    #20
                    Ran the AdwClearner. Not really sure what everything is but apparently there were leftovers of the UC thing :cry:
                    [HEADING=1]AdwCleaner v6.030 - Logfile created 28/11/2016 at 12:16:57[/HEADING]
                    [HEADING=1]Updated on 19/10/2016 by Malwarebytes[/HEADING]
                    [HEADING=1]Database : 2016-11-28.2 [Server][/HEADING]
                    [HEADING=1]Operating System : Windows 10 Home (X64)[/HEADING]
                    [HEADING=1]Username : Ivan Reyes Ortega - HOMEPC[/HEADING]
                    [HEADING=1]Running from : C:\Users\Ivan Reyes Ortega\Desktop\Defenses\adwcleaner_6.030.exe[/HEADING]
                    [HEADING=1]Mode: Clean[/HEADING]
                    [HEADING=1]Support : hxxps://www.malwarebytes.com/support[/HEADING]
                    ***** [ Services ] *****

                    [-] Service deleted: Update service

                    ***** [ Folders ] *****

                    [-] Folder deleted: C:\Program Files (x86)\uNiSaleis
                    [-] Folder deleted: C:\Users\Joanne\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\VideoViewer
                    [-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoViewer
                    [-] Folder deleted: C:\Program Files (x86)\VideoViewer
                    [-] Folder deleted: C:\Users\Joanne\AppData\Local\temp
                    [-] Folder deleted: C:\Users\Joanne\AppData\LocalLow\temp
                    [#] Folder deleted on reboot: C:\Users\Ivan Reyes Ortega\AppData\Local\temp
                    [-] Folder deleted: C:\Users\Ivan Reyes Ortega\AppData\LocalLow\temp
                    [-] Folder deleted: C:\Users\Guest\AppData\Local\temp
                    [-] Folder deleted: C:\ProgramData\temp
                    [#] Folder deleted on reboot: C:\ProgramData\Application Data\temp
                    [-] Folder deleted: C:\Program Files (x86)\temp
                    [-] Folder deleted: C:\WINDOWS\temp
                    [-] Folder deleted: C:\ProgramData\9409923304362216177
                    [-] Folder deleted: C:\Users\Joanne\AppData\Local\RegistryDr
                    [-] Folder deleted: C:\Users\Joanne\Documents\RegistryDr
                    [-] Folder deleted: C:\Users\Ivan Reyes Ortega\AppData\Local\eSupport.com
                    [-] Folder deleted: C:\Users\Ivan Reyes Ortega\AppData\Local\VideoConverter
                    [-] Folder deleted: C:\ProgramData\apn
                    [#] Folder deleted on reboot: C:\ProgramData\Application Data\apn
                    [-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
                    [-] Folder deleted: C:\Program Files (x86)\Amazon\ABB
                    [-] Folder deleted: C:\Program Files (x86)\eSupport.com
                    [-] Folder deleted: C:\Program Files (x86)\SecretSauce
                    [-] Folder deleted: C:\Program Files (x86)\TornTV.com
                    [-] Folder deleted: C:\Users\Ivan Reyes Ortega\AppData\Roaming\browsers
                    [-] Folder deleted: C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaapdcjfaomkafnbpoclmfak jianjd

                    ***** [ Files ] *****

                    [-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.eshopcomp.com_0.localstorage
                    [-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.eshopcomp.com_0.localstorage-journal
                    [-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage
                    [-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage-journal
                    [#] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.eshopcomp.com_0.localstorage
                    [#] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.eshopcomp.com_0.localstorage-journal
                    [-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_iris.cnice.mec.es_0.localstorage
                    [-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_iris.cnice.mec.es_0.localstorage-journal
                    [#] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage
                    [#] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage-journal
                    [-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.onclickads.net_0.localstorage
                    [-] File deleted: C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.onclickads.net_0.localstorage-journal

                    ***** [ DLL ] *****

                    ***** [ WMI ] *****

                    ***** [ Shortcuts ] *****

                    ***** [ Scheduled Tasks ] *****

                    ***** [ Registry ] *****

                    [-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML
                    [-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.CRX
                    [-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTM
                    [-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTML
                    [-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.MHT
                    [-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTM
                    [-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTML
                    [-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.WEBP
                    [-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHT
                    [-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHTML
                    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID{0BF85F37-ECD3-462C-8F41-902FD170F42E}
                    [#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Ext\CLSID{0BF85F37-ECD3-462C-8F41-902FD170F42E}
                    [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\WebCommObj.ExtCommObj.WebCom mObj.ExtCommObj
                    [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\WebCommObj.ExtCommObj.WebCom mObj.ExtCommObj.1
                    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID{0ED2BF70-D5F2-4C89-BC03-DD3E771D5388}
                    [#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Ext\CLSID{0ED2BF70-D5F2-4C89-BC03-DD3E771D5388}
                    [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\WebCommunication.WebComObjec t.WebCommunication.WebComObject
                    [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\WebCommunication.WebComObjec t.WebCommunication.WebComObject.1
                    [-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
                    [-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
                    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
                    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
                    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
                    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
                    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
                    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
                    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID{C007DADD-132A-624C-088E-59EE6CF0711F}
                    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
                    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
                    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
                    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
                    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
                    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
                    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib{1112F282-7099-4624-A439-DB29D6551552}
                    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats{88803A01-4125-443B-B869-4062A160CEEA}
                    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings{88803A01-4125-443B-B869-4062A160CEEA}
                    [-] Key deleted: HKU.DEFAULT\Software\AskPartnerNetwork
                    [-] Key deleted: HKU\S-1-5-21-2198469641-46685643-2895634536-1004\Software\1ClickDownload
                    [-] Key deleted: HKU\S-1-5-21-2198469641-46685643-2895634536-1004\Software\eSupport.com
                    [-] Key deleted: HKU\S-1-5-21-2198469641-46685643-2895634536-1004\Software\PRODUCTSETUP
                    [-] Key deleted: HKU\S-1-5-21-2198469641-46685643-2895634536-1004\Software\Softonic
                    [-] Key deleted: HKU\S-1-5-21-2198469641-46685643-2895634536-1004\Software\WEBAPP
                    [-] Key deleted: HKU\S-1-5-21-2198469641-46685643-2895634536-1004\Software\UCBrowserPID
                    [-] Key deleted: HKU\S-1-5-21-2198469641-46685643-2895634536-1004\Software\AppDataLow\Software\Crossrider
                    [#] Key deleted on reboot: HKU\S-1-5-18\Software\AskPartnerNetwork
                    [#] Key deleted on reboot: HKCU\Software\1ClickDownload
                    [#] Key deleted on reboot: HKCU\Software\eSupport.com
                    [#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
                    [#] Key deleted on reboot: HKCU\Software\Softonic
                    [#] Key deleted on reboot: HKCU\Software\WEBAPP
                    [#] Key deleted on reboot: HKCU\Software\UCBrowserPID
                    [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Crossrider
                    [-] Key deleted: HKLM\SOFTWARE\UCBrowserPID
                    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\DriverAgent_is1
                    [#] Key deleted on reboot: [x64] HKCU\Software\1ClickDownload
                    [#] Key deleted on reboot: [x64] HKCU\Software\eSupport.com
                    [#] Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
                    [#] Key deleted on reboot: [x64] HKCU\Software\Softonic
                    [#] Key deleted on reboot: [x64] HKCU\Software\WEBAPP
                    [#] Key deleted on reboot: [x64] HKCU\Software\UCBrowserPID
                    [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Crossrider
                    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
                    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
                    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
                    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
                    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\claro.com.do
                    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\eshopcomp.com
                    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\metrolyrics.com
                    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.eshopcomp. com
                    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
                    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
                    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
                    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
                    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
                    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
                    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\claro.com.do
                    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\eshopcomp.com
                    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\metrolyrics.com
                    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.eshopcomp. com
                    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
                    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
                    [-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run32 [ApnTBMon]
                    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe
                    [-] Value deleted: HKLM\SOFTWARE\RegisteredApplications [UCBrowser]
                    [-] Key deleted: HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionL ist\UCBrowser.exe

                    ***** [ Web browsers ] *****

                    [-] [C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
                    [-] [C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
                    [-] [C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: zapmeta.do
                    [-] [C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: aaaaapdcjfaomkafnbpoclmfakjianjd
                    [-] [C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
                    [-] [C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
                    [-] [C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: aaaaapdcjfaomkafnbpoclmfakjianjd
                    [-] [C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: aol.com
                    [-] [C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: ask.com
                    [-] [C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Profile 1] [extension] Deleted: aaaaapdcjfaomkafnbpoclmfakjianjd
                    [-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
                    [-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
                    [-] [C:\Users\Joanne\AppData\Local\Google\Chrome SxS\User Data\Default\Web data] [Search Provider] Deleted: aol.com
                    [-] [C:\Users\Joanne\AppData\Local\Google\Chrome SxS\User Data\Default\Web data] [Search Provider] Deleted: ask.com

                    :: “Tracing” keys deleted
                    :: Winsock settings cleared

                    C:\AdwCleaner\AdwCleaner[C0].txt - [12945 Bytes] - [28/11/2016 12:16:57]
                    C:\AdwCleaner\AdwCleaner[S0].txt - [12200 Bytes] - [28/11/2016 12:10:21]
                    C:\AdwCleaner\AdwCleaner[S1].txt - [12274 Bytes] - [28/11/2016 12:12:41]

                    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [13167 Bytes] ##########

                      Comment

                      • Malnutrition
                        PCHF Moderator
                        • Jul 2016
                        • 7041
                        #21
                        Originally posted by Iaro96
                        Ran the AdwClearner. Not really sure what everything is but apparently there were leftovers of the UC thing
                        Just keep on going with the other scans, they will tie up all loose ends.

                          Comment

                          • Iaro96
                            PCHF Member
                            • Nov 2016
                            • 64
                            #22
                            Code:
                            Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Home x64 
Ran by Ivan Reyes Ortega (Administrator) on Mon 11/28/2016 at 12:25:22.02
                            File System: 2

                            Successfully deleted: C:\Users\Ivan Reyes Ortega\AppData\Roaming\spi (Folder)
                            Successfully deleted: C:\Program Files (x86)\iobit\driver booster (Folder)

                            Registry: 0
                            Code:
                            Scan was completed on Mon 11/28/2016 at 12:29:53.07
End of JRT log

                              Comment

                              • Malnutrition
                                PCHF Moderator
                                • Jul 2016
                                • 7041
                                #23
                                I am heading out for a while. Once you have ran the other tools, I suggest that you update your programs with Patch My PC

                                  Comment

                                  • Iaro96
                                    PCHF Member
                                    • Nov 2016
                                    • 64
                                    #24

                                    Adware Removal Tool 5.1
                                    Time: 2016_11_28_12_31_59
                                    OS: Windows 10 Home - x64 Bit
                                    Account Name: Ivan Reyes Ortega
                                    Adware Definition: 11262016
                                    Elapsed time: 18:10
                                    Repair Status:- Automatic Done
                                    \\\\\\\\\\\\ Repair Logs \\\\\\\\\\\

                                    [-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{3E2B423A-E6BA-45A1-A02-3C2F64DFA782}\ RegValue: AppName RegData: Torntv V6.0-enabler.exe-codedownloader.exe : Torntv V6.0-enabler.exe-codedownloader.exe

                                    [-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{3E2B423A-E6BA-45A1-A02-3C2F64DFA782}\ RegValue: AppPath RegData: C:\Program Files (x86)\Torntv V6.0 : C:\Program Files (x86)\Torntv V6.0

                                    [-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{858997D-B3B2-4ABD-B581-EBED80281224}\ RegValue: AppName RegData: Torntv V6.0-enabler.exe-helper.exe : Torntv V6.0-enabler.exe-helper.exe

                                    [-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{858997D-B3B2-4ABD-B581-EBED80281224}\ RegValue: AppPath RegData: C:\Program Files (x86)\Torntv V6.0 : C:\Program Files (x86)\Torntv V6.0

                                    [-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{CE6F97C8-7225-4EAF-A234-C9ABCCA960E2}\ RegValue: AppName RegData: Torntv V6.0-enabler.exe-buttonutil64.exe : Torntv V6.0-enabler.exe-buttonutil64.exe

                                    [-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{CE6F97C8-7225-4EAF-A234-C9ABCCA960E2}\ RegValue: AppPath RegData: C:\Program Files (x86)\Torntv V6.0 : C:\Program Files (x86)\Torntv V6.0

                                    [-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{E074ABE1-C73D-4434-95F8-D1EF333663E2}\ RegValue: AppName RegData: Torntv V6.0-enabler.exe-buttonutil.exe : Torntv V6.0-enabler.exe-buttonutil.exe

                                    [-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{E074ABE1-C73D-4434-95F8-D1EF333663E2}\ RegValue: AppPath RegData: C:\Program Files (x86)\Torntv V6.0 : C:\Program Files (x86)\Torntv V6.0

                                    [-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{3E2B423A-E6BA-45A1-A02-3C2F64DFA782}\ RegValue: AppName RegData: Torntv V6.0-enabler.exe-codedownloader.exe : Torntv V6.0-enabler.exe-codedownloader.exe

                                    [-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{3E2B423A-E6BA-45A1-A02-3C2F64DFA782}\ RegValue: AppPath RegData: C:\Program Files (x86)\Torntv V6.0 : C:\Program Files (x86)\Torntv V6.0

                                    [-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{858997D-B3B2-4ABD-B581-EBED80281224}\ RegValue: AppName RegData: Torntv V6.0-enabler.exe-helper.exe : Torntv V6.0-enabler.exe-helper.exe

                                    [-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{858997D-B3B2-4ABD-B581-EBED80281224}\ RegValue: AppPath RegData: C:\Program Files (x86)\Torntv V6.0 : C:\Program Files (x86)\Torntv V6.0

                                    [-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{CE6F97C8-7225-4EAF-A234-C9ABCCA960E2}\ RegValue: AppName RegData: Torntv V6.0-enabler.exe-buttonutil64.exe : Torntv V6.0-enabler.exe-buttonutil64.exe

                                    [-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{CE6F97C8-7225-4EAF-A234-C9ABCCA960E2}\ RegValue: AppPath RegData: C:\Program Files (x86)\Torntv V6.0 : C:\Program Files (x86)\Torntv V6.0

                                    [-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{E074ABE1-C73D-4434-95F8-D1EF333663E2}\ RegValue: AppName RegData: Torntv V6.0-enabler.exe-buttonutil.exe : Torntv V6.0-enabler.exe-buttonutil.exe

                                    [-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{E074ABE1-C73D-4434-95F8-D1EF333663E2}\ RegValue: AppPath RegData: C:\Program Files (x86)\Torntv V6.0 : C:\Program Files (x86)\Torntv V6.0

                                    [-] Repaired ->> File ->> C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Comment

                                      • Iaro96
                                        PCHF Member
                                        • Nov 2016
                                        • 64
                                        #25
                                        ~ ZHPCleaner v2016.11.27.205 by Nicolas Coolman (2016/11/27)
                                        ~ Run by Ivan Reyes Ortega (Administrator) (28/11/2016 13:35:02)
                                        ~ Web: https://www.nicolascoolman.com
                                        ~ Blog: https://www.anti-malware.top
                                        ~ Facebook : ZHP
                                        ~ State version : Version OK
                                        ~ Type : Repair
                                        ~ Report : C:\Users\Ivan Reyes Ortega\Desktop\ZHPCleaner.txt
                                        ~ Quarantine : C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.t xt
                                        ~ UAC : Activate
                                        ~ Boot Mode : Normal (Normal boot)
                                        Windows 10 Home, 64-bit (Build 14393)

                                        —\ Services (0)
                                        ~ No malicious or unnecessary items found.

                                        —\ Browser internet (0)
                                        ~ No malicious or unnecessary items found.

                                        —\ Hosts file (1)
                                        ~ The hosts file is legitimate (21)

                                        —\ Scheduled automatic tasks. (0)
                                        ~ No malicious or unnecessary items found.

                                        —\ Explorer ( File, Folder) (121)
                                        MOVED file: C:\Users\Ivan Reyes Ortega\Desktop\Popcorn Time.lnk Bad : C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe =>.Superfluous.PopcornTime
                                        MOVED file: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [Copyright 2009 - Starter Module] =>.Superfluous.Skillbrains
                                        MOVED file: C:\Windows\Installer\wix{165D8FEC-4FAE-4527-96E7-359A39FF90C4}.SchedServiceConfig.rmi =>.Superfluous.Empty
                                        MOVED file: C:\Windows\Installer\wix{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}.SchedServiceConfig.rmi =>.Superfluous.Empty
                                        MOVED file: C:\Windows\Installer\wix{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}.SchedServiceConfig.rmi =>.Superfluous.Empty
                                        MOVED file: C:\Windows\Installer\wix{3966320F-A37D-496C-A274-2AA985E8A0AE}.SchedServiceConfig.rmi =>.Superfluous.Empty
                                        MOVED file: C:\Windows\Installer\wix{42E1A1AC-597A-4A11-B4B4-F47D5611A68B}.SchedServiceConfig.rmi =>.Superfluous.Empty
                                        MOVED file: C:\Windows\Installer\wix{4F192902-A341-4321-838F-B92E03D44D27}.SchedServiceConfig.rmi =>.Superfluous.Empty
                                        MOVED file: C:\Windows\Installer\wix{5D34B8AF-7FB5-41AC-AEDC-B705FAF8BCAB}.SchedServiceConfig.rmi =>.Superfluous.Empty
                                        MOVED file: C:\Windows\Installer\wix{787136D2-F0F8-4625-AA3F-72D7795AC842}.SchedServiceConfig.rmi =>.Superfluous.Empty
                                        MOVED file: C:\Windows\Installer\wix{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}.SchedServiceConfig.rmi =>.Superfluous.Empty
                                        MOVED file: C:\Windows\Installer\wix{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}.SchedServiceConfig.rmi =>.Superfluous.Empty
                                        MOVED file: C:\Windows\Installer\wix{D1B261D6-EBAE-4129-8EFB-C04E14DCEF6A}.SchedServiceConfig.rmi =>.Superfluous.Empty
                                        MOVED file: C:\Windows\Installer\wix{E247A9DB-7405-4D3A-A447-4C6184A66133}.SchedServiceConfig.rmi =>.Superfluous.Empty
                                        MOVED file: C:\Windows\Installer\wix{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}.SchedServiceConfig.rmi =>.Superfluous.Empty
                                        MOVED file: C:\Users\Ivan Reyes Ortega\Downloads\papers.co-vd32-pattern-lollipop-new-android-version-1920x1080.jpg =>PUP.Optional.Lollipop
                                        MOVED file: C:\Users\Ivan Reyes Ortega\Downloads\papers.co-vk50-android-lollipop-material-design-dark-bw-pattern-1920x1080.jpg =>PUP.Optional.Lollipop
                                        MOVED file: C:\Users\Ivan Reyes Ortega\Downloads\Popcorn-Time-0.3.7.2-Setup.exe [Popcorn Official - Popcorn Time v0.3.7-2 Installer] =>.Superfluous.PopcornTime
                                        MOVED file: C:\Users\Ivan Reyes Ortega\Downloads\PopcornTime-latest.exe [Popcorn Time - Popcorn Time Setup] =>.Superfluous.PopcornTime
                                        MOVED file: C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_popcorntime.io_0.localstorage =>.Superfluous.PopcornTime
                                        MOVED file: C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_popcorntime.io_0.localstorage-journal =>.Superfluous.PopcornTime
                                        MOVED file: C:\Documents and Settings\Joanne\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d23716qn9q7omq.cloudfront.net_0.loca lstorage =>.Superfluous.CloudfrontNet
                                        MOVED file: C:\Documents and Settings\Joanne\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d23716qn9q7omq.cloudfront.net_0.loca lstorage-journal =>.Superfluous.CloudfrontNet
                                        MOVED file: C:\Documents and Settings\Joanne\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_atube-catcher.uptodown.com_0.localstorage =>PUP.Optional.UpToDown
                                        MOVED file: C:\Documents and Settings\Joanne\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_atube-catcher.uptodown.com_0.localstorage-journal =>PUP.Optional.UpToDown
                                        MOVED file: C:\Documents and Settings\Joanne\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_d3l3lkinz3f56t.cloudfront.net_0.local storage =>.Superfluous.CloudfrontNet
                                        MOVED file: C:\Documents and Settings\Joanne\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_d3l3lkinz3f56t.cloudfront.net_0.local storage-journal =>.Superfluous.CloudfrontNet
                                        MOVED file: C:\Documents and Settings\Joanne\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_lp.freegameszonetab.com_0.localstorag e =>PUP.Optional.ScriptHost
                                        MOVED file: C:\Documents and Settings\Joanne\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_lp.freegameszonetab.com_0.localstorag e-journal =>PUP.Optional.ScriptHost
                                        MOVED file: C:\Documents and Settings\Joanne\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_lp.ilividnewtab.com_0.localstorage =>PUP.Optional.Bandoo
                                        MOVED file: C:\Documents and Settings\Joanne\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_lp.ilividnewtab.com_0.localstorage-journal =>PUP.Optional.Bandoo
                                        MOVED file: C:\Documents and Settings\Joanne\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.reimageplus.com_0.localstorage =>.Superfluous.ReimageRepair
                                        MOVED file: C:\Documents and Settings\Joanne\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.reimageplus.com_0.localstorage-journal =>.Superfluous.ReimageRepair
                                        MOVED file*: C:\Users\Ivan Reyes Ortega\AppData\Roaming\PDAppFlex =>Trojan.Elpman
                                        MOVED folder: C:\Program Files (x86)\Popcorn Time =>.Superfluous.PopcornTime
                                        MOVED folder: C:\Program Files (x86)\Skillbrains =>.Superfluous.Skillbrains
                                        MOVED folder: C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time =>.Superfluous.PopcornTime
                                        MOVED folder: C:\Users\Ivan Reyes Ortega\Downloads\PopcornTime =>.Superfluous.PopcornTime
                                        MOVED folder: C:\Users\Ivan Reyes Ortega\AppData\Local\Akamai =>.Superfluous.AkamaiHD
                                        MOVED folder: C:\Users\Ivan Reyes Ortega\AppData\Local\Popcorn Time =>.Superfluous.PopcornTime
                                        MOVED folder: C:\Users\Ivan Reyes Ortega\AppData\Local\Popcorn-Time =>.Superfluous.PopcornTime
                                        MOVED folder: C:\Users\Ivan Reyes Ortega\AppData\Local\PopcornTimeDesktop =>.Superfluous.PopcornTime
                                        MOVED folder: C:\Program Files (x86)\QuickTime =>Riskware.QuickTime
                                        MOVED folder: C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft Toolkit =>HackTool.AutoKMS
                                        MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime =>Riskware.QuickTime
                                        MOVED folder: C:\WINDOWS\Installer\MSI119A.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI136A.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI13EC.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI1555.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI166F.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI1ACE.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI2167.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI2418.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI28B2.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI2D86.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI3123.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI31AA.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI320E.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI3319.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI33E1.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI3424.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI3479.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI36EF.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI401C.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI4174.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI419B.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI4390.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI4C22.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI4E46.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI4F02.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI533B.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI53D8.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI5733.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI580F.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI584E.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI5FB2.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI5FCD.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI6126.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI613A.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI6245.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI6340.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI6CB8.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI6E30.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI6E8A.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI7212.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI7353.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI735B.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI78D2.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI7E9E.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI7F80.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI8EBD.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSI9F17.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSIA0BE.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSIB19E.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSIB5DE.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSIB72D.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSIB840.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSIBDCD.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSIBEB0.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSIBF1E.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSIC133.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSIC223.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSIC393.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSIC64D.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSIC8FB.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSICA93.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSID00C.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSID201.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSID261.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSID422.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSID66F.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSID6A7.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSIDB3C.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSIDC18.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSIDCE8.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSIDDF2.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSIE2B6.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSIEA59.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSIEC1F.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSIF7BD.tmp- =>.Superfluous.Empty
                                        MOVED folder: C:\WINDOWS\Installer\MSIFA3E.tmp- =>.Superfluous.Empty

                                        —\ Registry ( Key, Value, Data) (21)
                                        DELETED key*: HKEY_USERS\S-1-5-21-2198469641-46685643-2895634536-1004\SOFTWARE\Popcorn Time =>.Superfluous.PopcornTime
                                        DELETED key*: HKEY_USERS\S-1-5-21-2198469641-46685643-2895634536-1004\SOFTWARE\PopcornTime =>.Superfluous.PopcornTime
                                        DELETED key*: HKEY_USERS\S-1-5-21-2198469641-46685643-2895634536-1004\SOFTWARE\SkillBrains =>.Superfluous.Skillbrains
                                        DELETED key*: HKEY_USERS.DEFAULT\Software\SkillBrains =>.Superfluous.Skillbrains
                                        DELETED key: HKCU\Software\Popcorn Time =>.Superfluous.PopcornTime
                                        DELETED key: HKCU\Software\PopcornTime =>.Superfluous.PopcornTime
                                        DELETED key: HKCU\Software\SkillBrains =>.Superfluous.Skillbrains
                                        DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uni nstall\Akamai [Akamai Technologies, Inc] =>.Superfluous.AkamaiHD
                                        DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\atwola.com [15] =>.Superfluous.Atwola
                                        DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com [33] =>PUP.Optional.Chatango
                                        DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\glassbottle-a.akamaihd.net [117564] =>PUP.Optional.GlassBottle
                                        DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\soundcloud.com [294] =>PUP.Optional.SoundCloud
                                        DELETED key*: [X64] HKLM\SOFTWARE\Classes\AppID{4D076AB4-7562-427A-B5D2-BD96E19DEE56} [secman] =>PUP.Optional.Camec
                                        DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Skillbrains =>.Superfluous.Skillbrains
                                        DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID{4D076AB4-7562-427A-B5D2-BD96E19DEE56} [secman] =>PUP.Optional.Camec
                                        DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\Popcorn Time_is1 [Popcorn Time] =>.Superfluous.PopcornTime
                                        DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1 [Skillbrains] =>.Superfluous.Skillbrains
                                        DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.] =>Heuristic.Suspect
                                        DELETED value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \QuickTime Task [“C:\Program Files (x86)\QuickTime\QTTask.exe” -atboottime] =>Riskware.QuickTime
                                        DELETED value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \Lightshot [C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe] =>.Superfluous.Skillbrains
                                        DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run\Akamai NetSession Interface [0x020000000000000000000000] =>.Superfluous.AkamaiHD

                                        —\ Summary of the elements found (19)
                                        https://www.anti-malware.top/2016/09...s-popcorntime/ =>.Superfluous.PopcornTime
                                        https://www.anti-malware.top/2016/04...s-skillbrains/ =>.Superfluous.Skillbrains
                                        Blog - Nicolas Coolman =>.Superfluous.Empty
                                        https://www.nicolascoolman.com/fr/adware-lollipop/ =>PUP.Optional.Lollipop
                                        Redirecting... =>.Superfluous.CloudfrontNet
                                        https://www.nicolascoolman.com/fr/re...et_infections/ =>PUP.Optional.UpToDown
                                        https://www.nicolascoolman.com/fr/adware-scripthost/ =>PUP.Optional.ScriptHost
                                        https://www.nicolascoolman.com/fr/adware-bandoo/ =>PUP.Optional.Bandoo
                                        https://www.anti-malware.top/2016/08...reimagerepair/ =>.Superfluous.ReimageRepair
                                        https://www.nicolascoolman.com/fr/re...et_infections/ =>Trojan.Elpman
                                        Blog - Nicolas Coolman =>.Superfluous.AkamaiHD
                                        Redirecting... =>Riskware.QuickTime
                                        https://www.anti-malware.top/2016/05...ktool-autokms/ =>HackTool.AutoKMS
                                        Redirecting... =>.Superfluous.Atwola
                                        https://www.nicolascoolman.com/fr/re...et_infections/ =>PUP.Optional.Chatango
                                        https://www.nicolascoolman.com/fr/pup-glassbottle/ =>PUP.Optional.GlassBottle
                                        https://www.nicolascoolman.com/fr/re...et_infections/ =>PUP.Optional.SoundCloud
                                        https://www.nicolascoolman.com/fr/re...et_infections/ =>PUP.Optional.Camec
                                        Redirecting... =>Heuristic.Suspect

                                        —\ Other deletions. (12)
                                        ~ Registry Keys Tracing deleted (12)
                                        ~ Remove the old reports ZHPCleaner. (0)

                                        —\ Result of repair
                                        ~ Repair carried out successfully
                                        ~ Browser not found (Mozilla Firefox)
                                        ~ Browser not found (Opera Software)

                                        —\ Statistics
                                        ~ Items scanned : 333
                                        ~ Items found : 0
                                        ~ Items cancelled : 0
                                        ~ Items repaired : 142

                                        ~ End of clean in 00h01mn55s
                                        ~====================
                                        ZHPCleaner-[R]-28112016-13_36_57.txt
                                        ZHPCleaner--28112016-13_32_21.txt

                                          Comment

                                          • Iaro96
                                            PCHF Member
                                            • Nov 2016
                                            • 64
                                            #26
                                            The last program (Security Check) was blocked my browser. Saying “Failed - Virus Detected”.
                                            I’m missing that one, and doing Patch My PC. Get to me when you can. Sorry if I’m not being competent enough. Not really experienced on these situations.

                                            ##Update##:
                                            Made a mistake an uninstall Google Chrome… I’m unable to reinstall it.

                                              Comment

                                              • jmarket
                                                PCHF Owner
                                                • Jan 2015
                                                • 7636
                                                #27
                                                Hi there laro96 Go ahead and post the log for Patch My PC
                                                Originally posted by Iaro96
                                                Made a mistake an uninstall Google Chrome… I’m unable to reinstall it.
                                                Does it throw an error?

                                                  Comment

                                                  • Iaro96
                                                    PCHF Member
                                                    • Nov 2016
                                                    • 64
                                                    #28
                                                    Hi, I wasn’t able to run the last scan that Malnutrition gave me. Chrome detected it as a virus. Additionally, after I ran reset my browser, Google Chrome’s icon was acting weird. I uninstalled google chrome to re install it and see if that would fix it. But now I get an error 0x80070005 and the installation fails. Is the virus gone? The situation has gotten a lot better, really thankful. However, I’m still feeling a bit paranoid about the system :unsure:

                                                      Comment

                                                      • jmarket
                                                        PCHF Owner
                                                        • Jan 2015
                                                        • 7636
                                                        #29
                                                        MalwareBytes Scan

                                                        We need you to run MalwareBytes to get a log, please download the free version of MalwareBytes HERE

                                                        http://data-cdn.mbamupdates.com/web/...2.2.0.1024.exe Alternate Link.

                                                        Save the file to somewhere you can easily find it. Double click the saved file to start the install, accept any security warnings that may appear, and after the install click the new desktop icon to start the program. We need to modify a couple of things with MalwareBytes before we use it so please follow the steps below.

                                                        [ol]
                                                        [li]If the dashboard is not already displayed select it.[/li][li]Then select “Update Now” to get the latest database.[/li][/ol]
                                                        [MEDIA=imgur]VSKiiIc[/MEDIA]

                                                        [ol]
                                                        [li]Next we need to change a scanning option, select “Settings” on the main menu, then “Detection and Protection” on the left.[/li][li]Then select “Scan for rootkits” in the detection options, as well as the other two options already checked.[/li][/ol]
                                                        [MEDIA=imgur]ZU4W2g2[/MEDIA]

                                                        [ul]
                                                        [li]Now return to Dashboard on the main menu and select “Scan Now” at the bottom of the screen.[/li][/ul]
                                                        [MEDIA=imgur]nF8dOcq[/MEDIA]

                                                        [ul]
                                                        [li]Allow MalwareBytes to scan your system, it may take some time depending on what you have loaded onto your hard drive.[/li][/ul]
                                                        [MEDIA=imgur]L8lsasM[/MEDIA]

                                                        When the scan is finished

                                                        [ol]
                                                        [li]Click “Save Results”[/li][li]Then click on “Text file”[/li][/ol]
                                                        [MEDIA=imgur]5x4JOvA[/MEDIA]

                                                        [ul]
                                                        [li]A window will then open allowing you to choose a name for the logfile and also allowing you to choose where to save it, save it to the desktop.[/li][li]Please copy and paste the contents of this file in your next post.[/li][/ul]

                                                          Comment

                                                          • Iaro96
                                                            PCHF Member
                                                            • Nov 2016
                                                            • 64
                                                            #30
                                                            I’m unable to see the pictures attached with your post. However, I’ll follow the instructions.

                                                              Comment

                                                              Previous 1 2 3 4 5 8 template Next
                                                              Working...

                                                                We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                                                                By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                                                                I Agree