# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build: 02-15-2021
# Database: 2021-03-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-19-2021
# Duration: 00:01:22
# OS: Windows 7 Professional
# Cleaned: 320
# Failed: 0


***** [ Services ] *****

Deleted ApplicationHosting
Deleted LDrvSvc
Deleted Medlight
Deleted QQPCRTP
Deleted hotnix32

***** [ Folders ] *****

Deleted C:\Program Files (x86)\CINEMAP-1.9CV09.11
Deleted C:\Program Files (x86)\Common Files\Tencent
Deleted C:\Program Files (x86)\RlCzQmKuU
Deleted C:\Program Files (x86)\Tencent
Deleted C:\Program Files (x86)\globalUpdate
Deleted C:\Program Files\Common Files\Tencent
Deleted C:\Program Files\Malware Crusher
Deleted C:\Program Files\NixController
Deleted C:\ProgramData\417A8F3A-0EC1-1
Deleted C:\ProgramData\417A8F3A-1223-1
Deleted C:\ProgramData\417A8F3A-14E1-0
Deleted C:\ProgramData\417A8F3A-2033-1
Deleted C:\ProgramData\417A8F3A-2C91-1
Deleted C:\ProgramData\417A8F3A-4025-0
Deleted C:\ProgramData\417A8F3A-46E3-0
Deleted C:\ProgramData\417A8F3A-4805-0
Deleted C:\ProgramData\676A5D35-00A1-0
Deleted C:\ProgramData\676A5D35-24C1-0
Deleted C:\ProgramData\676A5D35-2B71-1
Deleted C:\ProgramData\676A5D35-41C5-1
Deleted C:\ProgramData\9F673E67
Deleted C:\ProgramData\ApplicationHosting
Deleted C:\ProgramData\DriveTheLife2013
Deleted C:\ProgramData\Medlight
Deleted C:\ProgramData\Medlights
Deleted C:\ProgramData\TXQMPC
Deleted C:\ProgramData\Tencent
Deleted C:\ProgramData\pctonics.com
Deleted C:\ProgramData\yahoochrome_D
Deleted C:\ProgramData\{06AF0BE1-312C-0}
Deleted C:\ProgramData\{07C34B79-612C-0}
Deleted C:\ProgramData\{1D8F7287-612C-0}
Deleted C:\ProgramData\{27AF7BC0-412C-0}
Deleted C:\ProgramData\{36530921-312C-1}
Deleted C:\ProgramData\{624428B2-012C-0}
Deleted C:\ProgramData\{74742680-012C-1}
Deleted C:\Users\PC\AppData\Local\SysassistByHotWheel
Deleted C:\Users\PC\AppData\Local\Temp\Tencent
Deleted C:\Users\PC\AppData\Local\VirtualStore\ProgramData\Tencent
Deleted C:\Users\PC\AppData\Local\XService
Deleted C:\Users\PC\AppData\Local\globalUpdate
Deleted C:\Users\PC\AppData\Roaming\MalwareCrusher.com
Deleted C:\Users\PC\AppData\Roaming\OpenCandy
Deleted C:\Users\PC\AppData\Roaming\SystemHealer
Deleted C:\Users\PC\AppData\Roaming\Tencent
Deleted C:\Users\PC\AppData\Roaming\pctonics.com
Deleted C:\Users\PC\AppData\Roaming\ppslog
Deleted C:\Users\Public\QiYi
Deleted C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
Deleted C:\Windows\Temp\Smartbar
Deleted C:\ppsfile

***** [ Files ] *****

Deleted C:\Users\PC\AppData\Local\Temp\task.vbs
Deleted C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Driver Tonic.lnk
Deleted C:\Windows\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted C:\Windows\SysWOW64\findit.xml
Deleted C:\Windows\System32\drivers\TFsFltX64.sys
Deleted C:\Windows\System32\drivers\TSSKX64.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

Deleted C:\Users\PC\Desktop\dossier karim\Mozilla Firefox.lnk

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\DRIVER TONIC_LOGON
Deleted C:\Windows\System32\Tasks\GLOBALUPDATEUPDATETASKMACHINECORE
Deleted C:\Windows\System32\Tasks\GLOBALUPDATEUPDATETASKMACHINEUA
Deleted C:\Windows\System32\Tasks\PSV_DONG-COM
Deleted C:\Windows\System32\Tasks\PSV_FREETAX
Deleted C:\Windows\System32\Tasks\PSV_GEOHOME
Deleted C:\Windows\System32\Tasks\PSV_ICELAMKIX
Deleted C:\Windows\System32\Tasks\PSV_IN-FIND
Deleted C:\Windows\System32\Tasks\PSV_JOYLAB
Deleted C:\Windows\System32\Tasks\PSV_OVERHOME
Deleted C:\Windows\System32\Tasks\PSV_PHYSLIGHT
Deleted C:\Windows\System32\Tasks\PSV_PLUSLA
Deleted C:\Windows\System32\Tasks\PSV_RONZOZFIND
Deleted C:\Windows\System32\Tasks\PSV_SCOTDOX
Deleted C:\Windows\System32\Tasks\PSV_SOLFLEX
Deleted C:\Windows\System32\Tasks\PSV_SUMITY
Deleted C:\Windows\System32\Tasks\PSV_U-ZUNECO
Deleted C:\Windows\System32\Tasks\PSV_UNAHOLD
Deleted C:\Windows\System32\Tasks\PSV_VAIARANCOF
Deleted C:\Windows\System32\Tasks\PSV_VILLA-NIX
Deleted C:\Windows\System32\Tasks\PSV_ZONDOM
Deleted C:\Windows\Tasks\GLOBALUPDATEUPDATETASKMACHINECORE.JOB
Deleted C:\Windows\Tasks\GLOBALUPDATEUPDATETASKMACHINEUA.JOB

***** [ Registry ] *****

Deleted HKCU\Software\AppDataLow\Software\Crossrider
Deleted HKCU\Software\AppDataLow\Software\QiYi
Deleted HKCU\Software\ArenaHD
Deleted HKCU\Software\GlobalUpdate
Deleted HKCU\Software\HighDefAction
Deleted HKCU\Software\InstalledBrowserExtensions
Deleted HKCU\Software\MICROSOFT\wewewe
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B5D5DBD-C857-4377-A755-06E50B4AC2B0}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{639B74F1-0594-432C-97C8-68C8C17A1E1D}
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{50F4150A-48B2-417A-BE4C-C83F580FB904}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|apphide
Deleted HKCU\Software\PPStream
Deleted HKCU\Software\WidModule
Deleted HKCU\Software\YorkNewCin
Deleted HKCU\Software\csastats
Deleted HKCU\Software\mtMedlight
Deleted HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Deleted HKLM\SOFTWARE\Classes\AppID\globalupdate.exe
Deleted HKLM\SOFTWARE\Classes\Unknown\shell\openas\command|windowsfileopener.Dat
Deleted HKLM\SOFTWARE\Classes\Unknown\shell\opendlg\command|windowsfileopener.Dat
Deleted HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0442E543-1A4C-44FC-952F-278DC1350D8F}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0668C36F-E69F-475E-BDE2-7AE3B7B5A632}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0BDA9604-9C9C-4E93-AB72-D919940B5875}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{240A9D76-5E69-4D12-8087-5F58A17D26F4}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{298D7A83-A7CC-480D-A081-7FF37577CAE9}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{41CCE4CA-F3AC-4EFB-A0EE-CFCAC5C571C1}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{43764840-EFC4-47FA-9DE0-1AB1ED6F3642}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C9D8995-3C3B-4FC5-8B76-C243C0FC5701}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78C0E904-A198-4870-A328-31178974A7D8}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7EBD62FC-1C58-419C-9C95-D53F519EF0D4}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{868BEF7E-00DA-4224-8742-6E8AE6BBEE1B}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DF7A9B9-6185-40E3-8011-9B829C6CA9DD}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9DE8F3B0-6EED-445E-8AB0-62AC34E3028E}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BAB3AC4D-0122-403F-A76F-6F17646A80AB}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1AE6EC4-41D8-41A8-838D-3A00CE032D40}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3F5FAEA-DF57-41A2-9557-01209B5CDBB6}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE74063E-F51E-4163-A1ED-B445C96251A4}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3C0A923-3562-40EC-B7F6-C744E0857073}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB62781C-346E-4568-9171-42D4A74578BD}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0442E543-1A4C-44FC-952F-278DC1350D8F}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0668C36F-E69F-475E-BDE2-7AE3B7B5A632}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BDA9604-9C9C-4E93-AB72-D919940B5875}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{240A9D76-5E69-4D12-8087-5F58A17D26F4}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{298D7A83-A7CC-480D-A081-7FF37577CAE9}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41CCE4CA-F3AC-4EFB-A0EE-CFCAC5C571C1}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43764840-EFC4-47FA-9DE0-1AB1ED6F3642}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5AE574C7-F2C7-4F7D-990A-C2D6C600BACA}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C9D8995-3C3B-4FC5-8B76-C243C0FC5701}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78C0E904-A198-4870-A328-31178974A7D8}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7EBD62FC-1C58-419C-9C95-D53F519EF0D4}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{868BEF7E-00DA-4224-8742-6E8AE6BBEE1B}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DF7A9B9-6185-40E3-8011-9B829C6CA9DD}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DE8F3B0-6EED-445E-8AB0-62AC34E3028E}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7DD5262-8ACD-459C-BF0B-3D8449445A3F}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAB3AC4D-0122-403F-A76F-6F17646A80AB}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1AE6EC4-41D8-41A8-838D-3A00CE032D40}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3F5FAEA-DF57-41A2-9557-01209B5CDBB6}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE74063E-F51E-4163-A1ED-B445C96251A4}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3C0A923-3562-40EC-B7F6-C744E0857073}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB62781C-346E-4568-9171-42D4A74578BD}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Tonic_Logon
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PSV_DONG-COM
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PSV_FREETAX
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PSV_GEOHOME
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PSV_ICELAMKIX
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PSV_IN-FIND
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PSV_JOYLAB
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PSV_OVERHOME
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PSV_PHYSLIGHT
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PSV_PLUSLA
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PSV_RONZOZFIND
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PSV_SCOTDOX
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PSV_SOLFLEX
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PSV_SUMITY
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PSV_U-ZUNECO
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PSV_UNAHOLD
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PSV_VAIARANCOF
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PSV_VILLA-NIX
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PSV_ZONDOM
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA
Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Stpro.exe
Deleted HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
Deleted HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{086F9754-9646-41F8-9283-33A86EB727A6}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{2419C2C6-1B19-44AD-9DCA-8F7EC69CF899}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3F29C776-215E-414E-A6DB-2C4A1AC835D7}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{48774BA2-574E-4CE8-B4A3-31B2A63D4A74}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{52A7FC8E-61FC-4A8D-BBD9-219EFFE1AC06}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{543FF5D7-00F6-4227-A3FF-D6E08E1003BD}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{772A3A61-EF2D-4DD9-98D1-4F1C24EB76C5}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{797B96DC-544C-4B9A-8016-6891FFBC4707}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9D410C37-D447-467B-A36C-70FC5ABE4BF1}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A818064E-5863-45DA-9D72-9040E7E2EDA5}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B24DE6C2-8A9F-4F31-AB73-144E74E783B1}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E5184051-D22B-470A-9B8F-585168CD0BE0}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{EA305527-9A06-47B7-B88E-4065DF532EC9}
Deleted HKLM\Software\ArenaHD
Deleted HKLM\Software\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Deleted HKLM\Software\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Deleted HKLM\Software\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Deleted HKLM\Software\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Deleted HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Classes\Interface\{138F4260-66CA-4F7C-812F-C6EED99B7EC7}
Deleted HKLM\Software\Classes\Interface\{790F2D3B-18EE-40E2-A45E-1FAC13B6AFB8}
Deleted HKLM\Software\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Deleted HKLM\Software\Classes\METNSD
Deleted HKLM\Software\Classes\TypeLib\{8519F1E4-E25B-42B1-B361-0C643F45CF11}
Deleted HKLM\Software\Classes\qmgcfiles
Deleted HKLM\Software\HighDefAction
Deleted HKLM\Software\InstalledBrowserExtensions
Deleted HKLM\Software\Microsoft\Internet Explorer\AboutUrls|Tab
Deleted HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
Deleted HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Wow6432Node\ArenaHD
Deleted HKLM\Software\Wow6432Node\GlobalUpdate
Deleted HKLM\Software\Wow6432Node\HighDefAction
Deleted HKLM\Software\Wow6432Node\InstalledBrowserExtensions
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9f673e67}
Deleted HKLM\Software\Wow6432Node\YorkNewCin
Deleted HKLM\Software\Wow6432Node\\AppDataLow\Software\Crossrider
Deleted HKLM\Software\Wow6432Node\\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\DownloadProxy.EXE
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\globalupdate.exe
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{4C097DF1-0716-4FA1-84A9-025BC1E7B03F}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{754DF2CE-51E8-4895-B53C-6381418B84AE}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{88260EA6-BC91-42DF-ABEF-4A683E8A3C23}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{EC0FA563-E0F2-406F-8659-1E728458A91E}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{8519F1E4-E25B-42B1-B361-0C643F45CF11}
Deleted HKLM\Software\Wow6432Node\\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|QyBrowser.exe
Deleted HKLM\Software\Wow6432Node\\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
Deleted HKLM\Software\Wow6432Node\\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\AboutUrls|Tab
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|AndroidServer.exe
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\App Paths\Stpro.exe
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{754DF2CE-51E8-4895-B53C-6381418B84AE}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted HKLM\Software\Wow6432Node\mtMedlight
Deleted HKLM\Software\YorkNewCin
Deleted HKLM\Software\cGN0b25pY3MuY29t
Deleted HKLM\Software\ddtdu-pr
Deleted HKLM\Software\dtc-pr
Deleted HKLM\Software\scd-pr
Deleted HKLM\Software\wtc-pr
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\Application Hosting
Deleted HKU\.DEFAULT\Environment|SNP
Deleted HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Deleted HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
Deleted HKU\S-1-5-18\Environment|SNP
Deleted HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Deleted HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_

***** [ Chromium (and derivatives) ] *****

Deleted Flixtab Movie Center - jknfnmpagdiiabgnnonllhcdjflganlm
Deleted ???????? - ooebklgpfnbcnpokahmdidgbmlcdepkm

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

Deleted System Table - 143734@modext.tech
Deleted System Table - 214028@modext.tech

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [35583 octets] - [18/03/2021 16:53:26]
AdwCleaner[S01].txt - [35051 octets] - [19/03/2021 08:25:38]
AdwCleaner[S02].txt - [35113 octets] - [19/03/2021 13:15:10]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########