For info: I'm using Windows 10 x64, and always ran CCleaner from my task bar shortcut, so I think it always ran in 64-bit mode. But I never paid any attention to it before so I can't be 100% sure on that. I know it always installed in C:\Program Files\ and not C:\Program Files x86\.
Could someone clarify something for me? When uninstalling CCleaner, does the uninstall process delete the Agomo registry key? The reason I'm asking is because I had updated from version 5.33 to version 5.34 before I knew about the attack. Then when I learned of the attack the first thing I did was uninstall CCleaner. At this point I didn't know about the Agomo registry key or the two trojan dll files or that only the 32-bit exe was infected. I performed full scans with Windows Defender and Malwarebytes and even Spybot S&D and all results were completely clean. I then read this thread and some articles and learned about the Agomo registry key and the dlls. I checked for the registry key and it wasn't there. I also checked for the .dll files and they aren't on my machine either. I know Defender and Malwarebytes never removed them because all scans have been clean.
So is it possible, that I was infected and had the Agomo key in my registry, and uninstalling CCleaner deleted it, or have I never had it in the first place and therefore was never infected?
I've read posts where people have updated to 5.34 and still had the Agomo key left over in their registry. But that's after updating, not a complete uninstall.
If I had known about all this before uninstalling, I would have checked for the registry key and the dll files, and whether or not the app ran in x64 mode, before I uninstalled. But since I didn't, I can't be sure so I'd appreciate if someone could answer these questions for me.
Thanks.