Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix Report


  • This topic is locked This topic is locked
7 replies to this topic

#1 KtrlHeist

KtrlHeist

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 02 January 2017 - 04:24 AM

Hello, 
 
I'm new here.. I had a problem with my computer. it's getting slow recently. I have stumbled upon a possible solution through this link https://www.bleepingcomputer.com/forums/t/509770/conhostexe-and-possibly-sweetpacks/
 
However, Rogue Killer would not finish scanning somewhere nearly in between the process.. so i opted to run the other fixes... 
 
 
The most noticeable result was the ComboFix Report.. I think it found out the registry key where the Rogue Killer was not able to finish...  it seems that the registry pertaining to it is locked?
 
It is somewhere here... let me highlight it for you...
 
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1112869332-939493985-2980015415-1001_Classes\CLSID\{127b51d7-2345-4a63-a694-37e957b39594}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000015e
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-1112869332-939493985-2980015415-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8d,7d,e7,7c,8c,8e,c3,34,c2,c3,8b,eb,8e,35,7f,93,c5,0f,44,85,6c,
   11,5a,8a,86,91,27,9e,9a,a4,5f,eb,12,0f,68,61,3e,73,42,ab,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_24_0_0_186_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_24_0_0_186_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
 
 
OFCOURSE, below is the complete report of the ComboFix..
 
 
ComboFix 16-12-15.01 - killer7 01/02/2017  16:53:21.1.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3575.2121 [GMT 8:00]
Running from: c:\users\killer7\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AV: Norton AntiVirus *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Microsoft Security Essentials *Disabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Norton AntiVirus *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\360Downloads
c:\users\killer7\AppData\Localtransition_c026c3bb9831c43cc7a637076b4a1e04.ini
c:\users\killer7\AppData\Roaming\360SE
c:\users\killer7\AppData\Roaming\360SE\360SE.ini
c:\users\killer7\AppData\Roaming\360SE\360seie6.ini
c:\users\killer7\AppData\Roaming\360SE\apps\1000\1000.png
c:\users\killer7\AppData\Roaming\360SE\apps\1000\app.ico
c:\users\killer7\AppData\Roaming\360SE\apps\1000\app24.ico
c:\users\killer7\AppData\Roaming\360SE\apps\100000747\100000747.png
c:\users\killer7\AppData\Roaming\360SE\apps\100000747\config.ini
c:\users\killer7\AppData\Roaming\360SE\apps\100000747\logo.ico
c:\users\killer7\AppData\Roaming\360SE\apps\100000747\logo.png
c:\users\killer7\AppData\Roaming\360SE\apps\1018\1018.png
c:\users\killer7\AppData\Roaming\360SE\apps\1018\app.ico
c:\users\killer7\AppData\Roaming\360SE\apps\1018\app.ini
c:\users\killer7\AppData\Roaming\360SE\apps\1018\app24.ico
c:\users\killer7\AppData\Roaming\360SE\apps\1018\BankHelper.exe
c:\users\killer7\AppData\Roaming\360SE\apps\1018\banklist.dll
c:\users\killer7\AppData\Roaming\360SE\apps\1018\BankMode.dll
c:\users\killer7\AppData\Roaming\360SE\apps\1018\tip.png
c:\users\killer7\AppData\Roaming\360SE\apps\102028944\102028944.png
c:\users\killer7\AppData\Roaming\360SE\apps\102028944\config.ini
c:\users\killer7\AppData\Roaming\360SE\apps\102028944\logo.ico
c:\users\killer7\AppData\Roaming\360SE\apps\102028944\logo.png
c:\users\killer7\AppData\Roaming\360SE\apps\102043400\102043400.png
c:\users\killer7\AppData\Roaming\360SE\apps\102043400\config.ini
c:\users\killer7\AppData\Roaming\360SE\apps\102043400\logo.ico
c:\users\killer7\AppData\Roaming\360SE\apps\102043400\logo.png
c:\users\killer7\AppData\Roaming\360SE\apps\2000\2000.png
c:\users\killer7\AppData\Roaming\360SE\apps\2000\app.ico
c:\users\killer7\AppData\Roaming\360SE\apps\2000\app.ini
c:\users\killer7\AppData\Roaming\360SE\apps\2000\app24.ico
c:\users\killer7\AppData\Roaming\360SE\apps\2001\2001.png
c:\users\killer7\AppData\Roaming\360SE\apps\2001\app.ico
c:\users\killer7\AppData\Roaming\360SE\apps\2001\app.ini
c:\users\killer7\AppData\Roaming\360SE\apps\2001\app24.ico
c:\users\killer7\AppData\Roaming\360SE\apps\2011\2011.png
c:\users\killer7\AppData\Roaming\360SE\apps\2011\app.ico
c:\users\killer7\AppData\Roaming\360SE\apps\2011\app.ini
c:\users\killer7\AppData\Roaming\360SE\apps\2011\app24.ico
c:\users\killer7\AppData\Roaming\360SE\apps\2022\2022.png
c:\users\killer7\AppData\Roaming\360SE\apps\2022\app.ico
c:\users\killer7\AppData\Roaming\360SE\apps\2022\app.ini
c:\users\killer7\AppData\Roaming\360SE\apps\2022\app24.ico
c:\users\killer7\AppData\Roaming\360SE\apps\2091\2091.png
c:\users\killer7\AppData\Roaming\360SE\apps\2091\app.ico
c:\users\killer7\AppData\Roaming\360SE\apps\2091\app.ini
c:\users\killer7\AppData\Roaming\360SE\apps\2091\app24.ico
c:\users\killer7\AppData\Roaming\360SE\apps\appsi.dll
c:\users\killer7\AppData\Roaming\360SE\apps\Appslocal.ini
c:\users\killer7\AppData\Roaming\360SE\apps\AppsLocal.ver
c:\users\killer7\AppData\Roaming\360SE\apps\AppsServer.ver
c:\users\killer7\AppData\Roaming\360SE\apps\AppStat.ini
c:\users\killer7\AppData\Roaming\360SE\apps\baoku\app.ico
c:\users\killer7\AppData\Roaming\360SE\apps\baoku\app.ini
c:\users\killer7\AppData\Roaming\360SE\apps\baoku\app24.ico
c:\users\killer7\AppData\Roaming\360SE\apps\baoku\baoku.png
c:\users\killer7\AppData\Roaming\360SE\apps\config.ini
c:\users\killer7\AppData\Roaming\360SE\apps\default.ini
c:\users\killer7\AppData\Roaming\360SE\apps\download_temp\lvu1A6C.tmp
c:\users\killer7\AppData\Roaming\360SE\apps\download_temp\lvu5D41.tmp
c:\users\killer7\AppData\Roaming\360SE\apps\download_temp\lvu7BB4.tmp
c:\users\killer7\AppData\Roaming\360SE\apps\download_temp\lvuA2C8.tmp
c:\users\killer7\AppData\Roaming\360SE\apps\ExtFeedWeibo\app.ico
c:\users\killer7\AppData\Roaming\360SE\apps\ExtFeedWeibo\app.ini
c:\users\killer7\AppData\Roaming\360SE\apps\ExtFeedWeibo\app24.ico
c:\users\killer7\AppData\Roaming\360SE\apps\ExtFeedWeibo\ExtFeedWeibo.dll
c:\users\killer7\AppData\Roaming\360SE\apps\ExtFeedWeibo\ExtFeedWeibo.png
c:\users\killer7\AppData\Roaming\360SE\apps\ExtFeedWeibo\sidelogo.png
c:\users\killer7\AppData\Roaming\360SE\apps\ExtShare\app.ico
c:\users\killer7\AppData\Roaming\360SE\apps\ExtShare\app24.ico
c:\users\killer7\AppData\Roaming\360SE\apps\ExtShare\ExtShare.png
c:\users\killer7\AppData\Roaming\360SE\apps\ExtTuan\app.ico
c:\users\killer7\AppData\Roaming\360SE\apps\ExtTuan\app24.ico
c:\users\killer7\AppData\Roaming\360SE\apps\ExtTuan\ExtTuan.png
c:\users\killer7\AppData\Roaming\360SE\apps\ExtWebmail\app.ico
c:\users\killer7\AppData\Roaming\360SE\apps\ExtWebmail\app24.ico
c:\users\killer7\AppData\Roaming\360SE\apps\ExtWebmail\ExtWebMail.png
c:\users\killer7\AppData\Roaming\360SE\apps\ExtYouxi\app.ico
c:\users\killer7\AppData\Roaming\360SE\apps\ExtYouxi\app.ini
c:\users\killer7\AppData\Roaming\360SE\apps\ExtYouxi\app24.ico
c:\users\killer7\AppData\Roaming\360SE\apps\ExtYouxi\ExtYouxi.dll
c:\users\killer7\AppData\Roaming\360SE\apps\ExtYouxi\ExtYouxi.png
c:\users\killer7\AppData\Roaming\360SE\apps\ExtYouxi\GameCenter.dll
c:\users\killer7\AppData\Roaming\360SE\apps\ExtYouxi\QiWan.exe
c:\users\killer7\AppData\Roaming\360SE\apps\ExtYouxi\sqlite3.dll
c:\users\killer7\AppData\Roaming\360SE\apps\maidongxi\app.ico
c:\users\killer7\AppData\Roaming\360SE\apps\maidongxi\app.ini
c:\users\killer7\AppData\Roaming\360SE\apps\maidongxi\app24.ico
c:\users\killer7\AppData\Roaming\360SE\apps\maidongxi\maidongxi.png
c:\users\killer7\AppData\Roaming\360SE\apps\NotifyDown.dll
c:\users\killer7\AppData\Roaming\360SE\apps\recmd.dll
c:\users\killer7\AppData\Roaming\360SE\apps\Recmd2.dll
c:\users\killer7\AppData\Roaming\360SE\apps\recmdinfo.ini
c:\users\killer7\AppData\Roaming\360SE\apps\root.ver
c:\users\killer7\AppData\Roaming\360SE\apps\SEWebAppPlat.exe
c:\users\killer7\AppData\Roaming\360SE\apps\shipin\app.ico
c:\users\killer7\AppData\Roaming\360SE\apps\shipin\app.ini
c:\users\killer7\AppData\Roaming\360SE\apps\shipin\app24.ico
c:\users\killer7\AppData\Roaming\360SE\apps\shipin\shipin.png
c:\users\killer7\AppData\Roaming\360SE\apps\SnapPlugin\app.ico
c:\users\killer7\AppData\Roaming\360SE\apps\SnapPlugin\app24.ico
c:\users\killer7\AppData\Roaming\360SE\apps\SnapPlugin\SnapPlugin.png
c:\users\killer7\AppData\Roaming\360SE\apps\TranslatorPlugin\app.ico
c:\users\killer7\AppData\Roaming\360SE\apps\TranslatorPlugin\app24.ico
c:\users\killer7\AppData\Roaming\360SE\apps\TranslatorPlugin\TranslatorPlugin.png
c:\users\killer7\AppData\Roaming\360SE\apps\UseAppStat.ini
c:\users\killer7\AppData\Roaming\360SE\apps\wanyouxi\app.ico
c:\users\killer7\AppData\Roaming\360SE\apps\wanyouxi\app.ini
c:\users\killer7\AppData\Roaming\360SE\apps\wanyouxi\app24.ico
c:\users\killer7\AppData\Roaming\360SE\apps\wanyouxi\wanyouxi.png
c:\users\killer7\AppData\Roaming\360SE\apps\xiaoshuo\app.ico
c:\users\killer7\AppData\Roaming\360SE\apps\xiaoshuo\app.ini
c:\users\killer7\AppData\Roaming\360SE\apps\xiaoshuo\app24.ico
c:\users\killer7\AppData\Roaming\360SE\apps\xiaoshuo\xiaoshuo.png
c:\users\killer7\AppData\Roaming\360SE\apps\xinwen\app.ico
c:\users\killer7\AppData\Roaming\360SE\apps\xinwen\app.ini
c:\users\killer7\AppData\Roaming\360SE\apps\xinwen\app24.ico
c:\users\killer7\AppData\Roaming\360SE\apps\xinwen\xinwen.png
c:\users\killer7\AppData\Roaming\360SE\apps\yinyue\app.ico
c:\users\killer7\AppData\Roaming\360SE\apps\yinyue\app.ini
c:\users\killer7\AppData\Roaming\360SE\apps\yinyue\app24.ico
c:\users\killer7\AppData\Roaming\360SE\apps\yinyue\yinyue.png
c:\users\killer7\AppData\Roaming\360SE\apps\Youxi\app.ico
c:\users\killer7\AppData\Roaming\360SE\apps\Youxi\app24.ico
c:\users\killer7\AppData\Roaming\360SE\apps\Youxi\Youxi.png
c:\users\killer7\AppData\Roaming\360SE\bin\00.ini
c:\users\killer7\AppData\Roaming\360SE\bin\360dl.dll
c:\users\killer7\AppData\Roaming\360SE\bin\360se.exe
c:\users\killer7\AppData\Roaming\360SE\bin\360SEUP.dll
c:\users\killer7\AppData\Roaming\360SE\bin\360SEUP_DATE.dll
c:\users\killer7\AppData\Roaming\360SE\bin\cloudurls.dat
c:\users\killer7\AppData\Roaming\360SE\bin\doctor.dll
c:\users\killer7\AppData\Roaming\360SE\bin\download.dll
c:\users\killer7\AppData\Roaming\360SE\bin\Favorites\Favorites.dll
c:\users\killer7\AppData\Roaming\360SE\bin\LoginEnrol\360Login.dll
c:\users\killer7\AppData\Roaming\360SE\bin\LoginEnrol\360NetUL.dll
c:\users\killer7\AppData\Roaming\360SE\bin\LoginEnrol\LoginEnrol.dll
c:\users\killer7\AppData\Roaming\360SE\bin\oem.dat
c:\users\killer7\AppData\Roaming\360SE\bin\Pages\newTab.dll
c:\users\killer7\AppData\Roaming\360SE\bin\Pages\newTab2.dll
c:\users\killer7\AppData\Roaming\360SE\bin\Pages\Pages.dll
c:\users\killer7\AppData\Roaming\360SE\bin\pluginbar.dll
c:\users\killer7\AppData\Roaming\360SE\bin\SafeCentral\SafeAddressRes.dll
c:\users\killer7\AppData\Roaming\360SE\bin\SafeCentral\SafeCentral.dll
c:\users\killer7\AppData\Roaming\360SE\bin\SafeCentral\SiteVerifier.dll
c:\users\killer7\AppData\Roaming\360SE\bin\SafeCentral\urllibauth.dat
c:\users\killer7\AppData\Roaming\360SE\bin\SafeCentral\urlproc.dll
c:\users\killer7\AppData\Roaming\360SE\bin\SafeCentral\urlproc.exe
c:\users\killer7\AppData\Roaming\360SE\bin\SafeCentral\urlprocnet.dll
c:\users\killer7\AppData\Roaming\360SE\bin\SafeCentral\wdui2.dll
c:\users\killer7\AppData\Roaming\360SE\bin\safelive.dll
c:\users\killer7\AppData\Roaming\360SE\bin\seext.dll
c:\users\killer7\AppData\Roaming\360SE\bin\sefix.exe
c:\users\killer7\AppData\Roaming\360SE\bin\sesvc.exe
c:\users\killer7\AppData\Roaming\360SE\bin\seup.exe
c:\users\killer7\AppData\Roaming\360SE\bin\Skin\IE6Default.zip
c:\users\killer7\AppData\Roaming\360SE\bin\sqlite3.dll
c:\users\killer7\AppData\Roaming\360SE\bin\suggest.dll
c:\users\killer7\AppData\Roaming\360SE\bin\UnInst360SE.exe
c:\users\killer7\AppData\Roaming\360SE\bin\updateMsg.ini
c:\users\killer7\AppData\Roaming\360SE\bin\Upgrade.ini
c:\users\killer7\AppData\Roaming\360SE\bin\urlquery.dll
c:\users\killer7\AppData\Roaming\360SE\data\360sefav.db
c:\users\killer7\AppData\Roaming\360SE\data\360uyxe.db
c:\users\killer7\AppData\Roaming\360SE\data\Adfilter.dat
c:\users\killer7\AppData\Roaming\360SE\data\adfilter.ini
c:\users\killer7\AppData\Roaming\360SE\data\Blankdata.ini
c:\users\killer7\AppData\Roaming\360SE\data\defsku.dll
c:\users\killer7\AppData\Roaming\360SE\data\DeleteCookieFlag.txt
c:\users\killer7\AppData\Roaming\360SE\data\FaceIcon_Bits.dat
c:\users\killer7\AppData\Roaming\360SE\data\FavouriteBar_Bits.dat
c:\users\killer7\AppData\Roaming\360SE\data\gameurls.dat
c:\users\killer7\AppData\Roaming\360SE\data\guardconfig.ini
c:\users\killer7\AppData\Roaming\360SE\data\history.dat
c:\users\killer7\AppData\Roaming\360SE\data\ico\6f83c9cd9c7e1ffee373d209b9643812.svp
c:\users\killer7\AppData\Roaming\360SE\data\ico\avc.360.cn.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\blog.edomz.com.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\box.anchorfree.net.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\cn.bing.com.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\cz.360.cn.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\ddt.wan.360.cn.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\dgcs.wan.360.cn.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\dh.wan.360.cn.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\exchange.cherrycredits.com.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\exchange.cherrycredits.com.ico.koal
c:\users\killer7\AppData\Roaming\360SE\data\ico\farm.wan.360.cn.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\get3.adobe.com.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\hao.360.cn.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\hero.wan.360.cn.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\mcsd.wan.360.cn.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\me.360.cn.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\plsm.wan.360.cn.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\poker.wan.360.cn.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\rss2search.com.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\se.360.cn.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\search8.taobao.com.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\techbrowsing.com.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\wan.360.cn.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\www.baidu.com.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\www.bing.com.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\www.google.com.hk.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\www.qihoo.com.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\www.renren.com.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\www.searchpeack.com.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\www.sogou.com.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\www.youdao.com.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\wxfy.wan.360.cn.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\yahoo.cn.ico
c:\users\killer7\AppData\Roaming\360SE\data\ico\zqjl.wan.360.cn.ico
c:\users\killer7\AppData\Roaming\360SE\data\IECompat.dat
c:\users\killer7\AppData\Roaming\360SE\data\IEXCompat.dat
c:\users\killer7\AppData\Roaming\360SE\data\newskin.dat
c:\users\killer7\AppData\Roaming\360SE\data\preset.dat
c:\users\killer7\AppData\Roaming\360SE\data\seu.dll
c:\users\killer7\AppData\Roaming\360SE\data\seupdr.dat
c:\users\killer7\AppData\Roaming\360SE\data\Sffix4x2.dat
c:\users\killer7\AppData\Roaming\360SE\data\SkinMisc\ICON_FAVADD.ico
c:\users\killer7\AppData\Roaming\360SE\data\SkinMisc\ICON_FAVSIDEBAR.ico
c:\users\killer7\AppData\Roaming\360SE\data\SkinMisc\ICON_FAVURL.ico
c:\users\killer7\AppData\Roaming\360SE\data\SkinMisc\ICON_SEARCH.ico
c:\users\killer7\AppData\Roaming\360SE\data\SkinMisc\IE6Default_preview.png
c:\users\killer7\AppData\Roaming\360SE\data\SkinUpdate\Preview0.png
c:\users\killer7\AppData\Roaming\360SE\data\SkinUpdate\Preview1.png
c:\users\killer7\AppData\Roaming\360SE\data\SkinUpdate\preview2.png
c:\users\killer7\AppData\Roaming\360SE\data\SkinUpdate\preview3.png
c:\users\killer7\AppData\Roaming\360SE\data\SkinUpdate\Preview4.png
c:\users\killer7\AppData\Roaming\360SE\data\SkinUpdate\update.ini
c:\users\killer7\AppData\Roaming\360SE\data\snapcache\snap.ini
c:\users\killer7\AppData\Roaming\360SE\data\switch.ini
c:\users\killer7\AppData\Roaming\360SE\data\urls.dat
c:\users\killer7\AppData\Roaming\360SE\data\URLTitle.ini
c:\users\killer7\AppData\Roaming\360SE\data\user.dat
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtAddons\ExtStats.ini.cfg
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtAddons\ganzhi.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtBank\bank.dll
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtBank\bank2.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtBank\bank3.dll
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtBank\bankbox.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtBank\bankbox_up.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtBank\banklist.dll
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtBank\bankmode3.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtBank\ExtBank.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtBank\icon\tip.png
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtBank\stat.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtBank\stat_bankbox.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtDoctor\360Doctor.exe
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtDoctor\bhoshield.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtDoctor\doctor.dl_
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtDoctor\doctor.dll
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtDoctor\doctor.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtDoctor\ExtDoctor.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtDoctor\HttpClientW.dll
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtDoctor\rule.dat
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtDoctor\rule.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtDownload\extdownload1.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtDownload\livep.dat
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtLoginMagic\ExtLoginMagic.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtLoginMagic\fromdb.dat
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtProxy\proxy.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtShare\config.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtShare\stat.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtYouxi\360pyx3.db
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtYouxi\adsoft\ExtYouxi_soft2.xml
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtYouxi\app_stat.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtYouxi\BinConfig2.dat
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtYouxi\ExtYouxi.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtYouxi\ExtYouxi_url.xml
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtYouxi\GameCenter.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtYouxi\GameCenter\360WebGames.xml
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtYouxi\GameMode\config.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtYouxi\GameNews\config.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtYouxi\GameNews\news.dat
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtYouxi\icons\astd.ico
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtYouxi\icons\ddt.ico
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtYouxi\icons\frxz.ico
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtYouxi\icons\pl.ico
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtYouxi\icons\sydh.ico
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtYouxi\icons\wan.ico
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtYouxi\icons\wlyx.ico
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtYouxi\icons\wxfy.ico
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtYouxi\icons\zqjl.ico
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtYouxi\promlib.dll
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtYouxi\server\360pyx.db
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtYouxi\server\game_recomm.html
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtYouxi\stat.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtYouxi\ver.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\ExtYouxi\wlist.dat
c:\users\killer7\AppData\Roaming\360SE\extensions\Favorites\Favorites.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\Favorites\Favorites2.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\Favorites\Log\360log_2013_01_04.log
c:\users\killer7\AppData\Roaming\360SE\extensions\Favorites\Log\360log_2013_01_05.log
c:\users\killer7\AppData\Roaming\360SE\extensions\Favorites\Log\360log_2013_01_06.log
c:\users\killer7\AppData\Roaming\360SE\extensions\Favorites\Log\360log_2013_01_07.log
c:\users\killer7\AppData\Roaming\360SE\extensions\Favorites\Log\360log_2013_01_08.log
c:\users\killer7\AppData\Roaming\360SE\extensions\Favorites\Log\360log_2013_01_11.log
c:\users\killer7\AppData\Roaming\360SE\extensions\Favorites\Log\360log_2013_01_17.log
c:\users\killer7\AppData\Roaming\360SE\extensions\Favorites\Quick.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\Favorites\titleopt.dll
c:\users\killer7\AppData\Roaming\360SE\extensions\Favorites\titleopt.dll.bak
c:\users\killer7\AppData\Roaming\360SE\extensions\LoginEnrol\pic\100000002
c:\users\killer7\AppData\Roaming\360SE\extensions\LoginEnrol\pic\100000007
c:\users\killer7\AppData\Roaming\360SE\extensions\LoginEnrol\pic\100000008
c:\users\killer7\AppData\Roaming\360SE\extensions\LoginEnrol\pic\100000018
c:\users\killer7\AppData\Roaming\360SE\extensions\LoginEnrol\pic\100000019
c:\users\killer7\AppData\Roaming\360SE\extensions\LoginEnrol\pic\100000020
c:\users\killer7\AppData\Roaming\360SE\extensions\LoginEnrol\pic\100000021
c:\users\killer7\AppData\Roaming\360SE\extensions\LoginEnrol\pushinfo.xml
c:\users\killer7\AppData\Roaming\360SE\extensions\LoginEnrol\pushupdate.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\LoginEnrol\Quick.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\Pluginbar\data.dll
c:\users\killer7\AppData\Roaming\360SE\extensions\Pluginbar\icon\shouji.ico
c:\users\killer7\AppData\Roaming\360SE\extensions\Pluginbar\icon\youxi.ico
c:\users\killer7\AppData\Roaming\360SE\extensions\Pluginbar\Pluginbar.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\Pluginbar\stat.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\Pluginbar\ver.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\SafeCentral\esimple.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\SafeCentral\SafeCentral.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\SafeCentral\SafeProtect.dat
c:\users\killer7\AppData\Roaming\360SE\extensions\SafeCentral\urllib.dat
c:\users\killer7\AppData\Roaming\360SE\extensions\SafeCentral\urllibauth.dat
c:\users\killer7\AppData\Roaming\360SE\extensions\SafeCentral\urllibw.dat
c:\users\killer7\AppData\Roaming\360SE\extensions\TranslatorPlugin\stat.ini
c:\users\killer7\AppData\Roaming\360SE\extensions\TranslatorPlugin\translate.ini
c:\users\killer7\AppData\Roaming\360SE\Hang\360se_hang.log
c:\users\killer7\AppData\Roaming\360SE\Hang\360se_hang_135765312917274115.dmp
c:\users\killer7\AppData\Roaming\360SE\Hang\360se_hang_1358372698200835.dmp
c:\users\killer7\AppData\Roaming\360SE\login.ini
c:\users\killer7\AppData\Roaming\360SE\module.log
c:\users\killer7\AppData\Roaming\360SE\pd\pd.ini
c:\users\killer7\AppData\Roaming\360SE\seup.ini
c:\users\killer7\AppData\Roaming\360SE\stat.ini
c:\users\killer7\AppData\Roaming\360SE\Update\360cr.zip
c:\users\killer7\AppData\Roaming\360SE\v3update\updatecfg.ini
c:\users\killer7\AppData\Roaming\360SE\v3update\v3download\ExtLoginMagic.dll
c:\users\killer7\AppData\Roaming\360SE\v3update\v3download\ExtYouxi.dll
c:\users\killer7\AppData\Roaming\360SE\v3update\v3download\sefix.exe
c:\users\killer7\AppData\Roaming\360SE\v3update\v3download\UICenter.dll
c:\users\killer7\AppData\Roaming\360SE\WebCache\hao.360.cn.html
c:\users\killer7\AppData\Roaming\baidu\hao123
c:\users\killer7\AppData\Roaming\MSNLIve.exe
c:\windows\system32\~GLH0560.TMP
c:\windows\system32\f0350e57.exe
c:\windows\XSxS
D:\RealPlayer.exe
.
.
(((((((((((((((((((((((((   Files Created from 2016-12-02 to 2017-01-02  )))))))))))))))))))))))))))))))
.
.
2017-01-02 09:01 . 2017-01-02 09:05 -------- d-----w- c:\users\killer7\AppData\Local\temp
2017-01-02 09:01 . 2017-01-02 09:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2017-01-02 08:19 . 2017-01-02 08:23 -------- d-----w- C:\AdwCleaner
2016-12-30 04:24 . 2016-12-30 04:24 -------- d-----w- c:\users\killer7\AppData\Roaming\Apple Computer
2016-12-30 03:58 . 2016-12-30 07:11 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-12-30 03:57 . 2016-12-30 03:57 -------- d-----w- c:\program files\RogueKiller
2016-12-30 03:57 . 2016-12-30 03:57 -------- d-----w- c:\programdata\RogueKiller
2016-12-22 15:35 . 2016-12-22 15:35 -------- d-----w- c:\users\killer7\AppData\Local\Ankama
2016-12-21 13:06 . 2017-01-02 09:05 219072 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-12-21 13:05 . 2016-12-14 04:55 59968 ----a-w- c:\windows\system32\drivers\mbae.sys
2016-12-21 13:02 . 2016-12-21 13:02 -------- d-----w- c:\programdata\Licenses
2016-12-21 13:02 . 2016-12-21 13:02 -------- d-----w- c:\program files\SpywareBlaster
2016-12-20 15:15 . 2016-12-21 13:05 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit
2016-12-20 00:11 . 2016-12-30 03:44 -------- d-----w- c:\users\killer7\AppData\Local\CrashDumps
2016-12-17 12:59 . 2016-12-17 12:59 -------- d-----w- c:\program files\Malwarebytes
2016-12-17 12:59 . 2016-12-17 12:59 -------- d-----w- c:\users\killer7\AppData\Local\Programs
2016-12-15 06:36 . 2016-12-15 06:36 -------- d-----w- c:\users\killer7\.android
2016-12-15 06:36 . 2016-12-16 06:42 -------- d-----w- c:\users\killer7\AppData\Local\Troubleshooter
2016-12-15 06:35 . 2016-12-15 06:35 -------- d-----w- c:\users\killer7\AppData\Local\Macromedia
2016-12-15 06:33 . 2016-12-16 09:24 -------- d-----w- c:\programdata\BlueStacksSetup
2016-12-15 06:32 . 2016-12-22 05:22 -------- d-----w- c:\users\killer7\AppData\Local\Bluestacks
2016-12-11 07:56 . 2016-12-11 07:56 -------- d-----w- c:\users\killer7\AppData\Local\Diagnostics
2016-12-10 01:44 . 2016-12-10 01:44 -------- d-----w- C:\found.001
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-01-02 08:29 . 2016-12-30 03:41 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0FE9796C-379A-4E0B-A2E9-E72004359E8B}\offreg.1040.dll
2017-01-01 06:59 . 2017-01-01 06:59 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0FE9796C-379A-4E0B-A2E9-E72004359E8B}\offreg.1016.dll
2016-12-30 10:40 . 2016-12-30 10:40 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0FE9796C-379A-4E0B-A2E9-E72004359E8B}\offreg.1008.dll
2016-12-30 07:11 . 2016-12-30 07:11 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0FE9796C-379A-4E0B-A2E9-E72004359E8B}\offreg.1032.dll
2016-12-28 15:15 . 2016-12-28 15:15 2786768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{2824BB2A-1DCF-6424-6C30-1C50FAB28DE3}-{24B47A7F-EFF0-78DB-C5B9-13822E4F41B0}-mbamtray.exe
2016-12-28 14:04 . 2016-12-28 14:04 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0FE9796C-379A-4E0B-A2E9-E72004359E8B}\offreg.1028.dll
2016-12-27 12:07 . 2016-12-27 12:07 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0FE9796C-379A-4E0B-A2E9-E72004359E8B}\offreg.1020.dll
2016-12-26 03:51 . 2016-12-26 03:51 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0FE9796C-379A-4E0B-A2E9-E72004359E8B}\offreg.960.dll
2016-12-21 14:07 . 2016-12-21 14:07 2786768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{D2C3C661-2821-1B44-AA75-0B929D14E166}-{03A49610-DD2A-102C-2DE0-C36336DBD2E2}-mbamtray.exe
2016-12-21 14:07 . 2016-12-21 14:07 2786768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{25D83FA9-7311-B515-1C96-B2EC907B3C0B}-{03A49610-DD2A-102C-2DE0-C36336DBD2E2}-mbamtray.exe
2016-12-15 06:27 . 2012-06-21 03:51 802904 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-12-15 06:27 . 2011-07-18 21:28 144472 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-11-10 07:30 . 2016-12-24 10:00 9834504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0FE9796C-379A-4E0B-A2E9-E72004359E8B}\mpengine.dll
2016-11-10 07:30 . 2016-12-17 13:19 9834504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-11-02 06:47 . 2011-06-22 07:49 2522624 ----a-w- c:\windows\system32\dbgeng.dll
2016-10-26 08:29 . 2010-10-27 03:53 407720 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-10-16 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2010-02-10 1713152]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600]
"BigDog303"="c:\windows\VM303_STI.EXE" [2006-01-24 61440]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2016-12-14 2776528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DS3 Tool"=d:\program files\MotioninJoy\ds3\DS3_Tool.exe -mini
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"OscarEditor"="c:\program files\Anti-Vibrate Oscar Editor\OscarEditor.exe" Minimum
"GarenaPlus"="c:\program files\Garena Plus\GarenaMessenger.exe" -autolaunch
"MsgCenterExe"="c:\program files\real\realplayer\update\RealOneMessageCenter.exe"  -osboot
"Steam"="c:\program files\Steam\steam.exe" -silent
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Name of App"=c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe r
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Domino"=c:\windows\Domino.EXE
"BingDesktop"=c:\program files\Microsoft\BingDesktop\BingDesktop.exe /fromkey
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"ShadowPlay"="c:\windows\system32\rundll32.exe" c:\windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe"
"CheckNDISPort_df"=c:\program files\Hostless Modem\SMART BRO\CheckNDISPort_df.exe
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" -hide -runkey
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1307010.005\SYMDS.SYS [x]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1307010.005\SYMEFA.SYS [x]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20120531.001\BHDrvx86.sys [x]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAV\1307010.005\ccSetx86.sys [x]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20120613.007\IDSvix86.sys [x]
R1 MpKsl989b6e83;MpKsl989b6e83;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{82FF5C71-2D50-4224-90BB-2613F35286B5}\MpKsl989b6e83.sys [x]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1307010.005\Ironx86.SYS [x]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAV\1307010.005\SYMNETS.SYS [x]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-12 30312]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.3.117.0\SeaPort.exe [2013-11-10 240288]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [2013-04-14 22112]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-07-30 108032]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-09 81168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2015-11-13 104664]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2016-01-29 292816]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-07-10 4125176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 35328]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 19968]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-12 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-12 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-12 136808]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-12 114280]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2006-04-25 428160]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-02 1343400]
R3 XDva369;XDva369;c:\windows\system32\XDva369.sys [x]
R3 XDva370;XDva370;c:\windows\system32\XDva370.sys [x]
R3 XDva372;XDva372;c:\windows\system32\XDva372.sys [x]
R3 XDva377;XDva377;c:\windows\system32\XDva377.sys [x]
R3 XDva379;XDva379;c:\windows\system32\XDva379.sys [x]
R3 XDva383;XDva383;c:\windows\system32\XDva383.sys [x]
R3 XDva388;XDva388;c:\windows\system32\XDva388.sys [x]
R3 XDva389;XDva389;c:\windows\system32\XDva389.sys [x]
R3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]
R3 XDva392;XDva392;c:\windows\system32\XDva392.sys [x]
R3 XDva393;XDva393;c:\windows\system32\XDva393.sys [x]
R3 XDva394;XDva394;c:\windows\system32\XDva394.sys [x]
R3 XDva397;XDva397;c:\windows\system32\XDva397.sys [x]
R3 XDva398;XDva398;c:\windows\system32\XDva398.sys [x]
R3 XDva399;XDva399;c:\windows\system32\XDva399.sys [x]
R3 XDva400;XDva400;c:\windows\system32\XDva400.sys [x]
R3 XDva401;XDva401;c:\windows\system32\XDva401.sys [x]
R4 ASGT;ASGT;c:\windows\System32\ASGT.exe [2015-05-29 48640]
R4 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-06-27 173192]
R4 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\Giraffic\Veoh_GirafficWatchdog.exe [2012-01-10 2223248]
R4 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [2013-01-10 533288]
R4 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2013-01-10 389928]
S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2017-01-02 219072]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2013-05-22 15672]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2013-01-10 36040]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.3.117.0\BBSvc.exe [2013-11-10 193696]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-06-15 931896]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [2016-11-29 3381200]
S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [2012-10-08 196624]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2013-03-01 36600]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-06-15 1881144]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-06-15 2018360]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-05 39056]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2007-12-11 27648]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-07-23 410768]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2011-12-14 1514304]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-06-15 27704]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-06-15 2905656]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2016-04-14 50744]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-09 394856]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-01-05 37208]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2011-12-12 10064]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-01-11 1119232]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NVSTREAMKMS
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc REG_MULTI_SZ   DiagTrack
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-12-15 07:11 1384792 ----a-w- c:\program files\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2017-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 06:27]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\killer7\AppData\Roaming\Mozilla\Firefox\Profiles\ach3zyc1.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-BlueStacks Agent - c:\program files\Bluestacks\HD-Agent.exe
AddRemove-f0350e57 - c:\windows\system32\f0350e57.exe
AddRemove-Registry Mechanic_is1 - c:\program files\Registry Mechanic\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1112869332-939493985-2980015415-1001_Classes\CLSID\{127b51d7-2345-4a63-a694-37e957b39594}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000015e
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-1112869332-939493985-2980015415-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8d,7d,e7,7c,8c,8e,c3,34,c2,c3,8b,eb,8e,35,7f,93,c5,0f,44,85,6c,
   11,5a,8a,86,91,27,9e,9a,a4,5f,eb,12,0f,68,61,3e,73,42,ab,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_24_0_0_186_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_24_0_0_186_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4828)
c:\windows\system32\scg726.acm
c:\windows\system32\alf2cd.acm
c:\windows\system32\ac3acm.acm
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\1.3.32.7\GoogleCrashHandler.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Microsoft Security Client\MpCmdRun.exe
c:\program files\Microsoft Security Client\MpCmdRun.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
c:\windows\system32\conhost.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2017-01-02  17:12:15 - machine was rebooted
ComboFix-quarantined-files.txt  2017-01-02 09:12
.
Pre-Run: 13,966,630,912 bytes free
Post-Run: 13,968,744,448 bytes free
.
- - End Of File - - C7ADAD2291AFB668B5E91A0AAE48E273
A36C5E4F47E84449FF07ED3517B43A31


Mod Edit

Moved from AII, Combo fix log

NickAu


Edited by NickAu, 02 January 2017 - 04:39 AM.
Mod Edit


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,544 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:02 PM

Posted 02 January 2017 - 10:34 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Lock key found by ComboFix are not necessarily bad.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

Please post the logs for my review.

Wait for further instructions.

#3 KtrlHeist

KtrlHeist
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 06 January 2017 - 08:28 PM

right.. sorry late reply due to work, thanks for not closing the topic.. will follow ur instructions now.. please wait thanks man



#4 KtrlHeist

KtrlHeist
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 06 January 2017 - 08:46 PM

FRST.txt Log report is here man.. See attachment for Addition.txt . .  will come back here after a couple of days..  or tomorrow man.. thank you so much for helping..

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2017
Ran by killer7 (administrator) on ISKIMENI (07-01-2017 09:30:50)
Running from C:\Users\killer7\Desktop\Farbar REcovery Scan Tool
Loaded Profiles: killer7 &  (Available Profiles: killer7 & Guest)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Vimicro) C:\Windows\VM303_STI.EXE
(ZSMCSNAP) C:\Windows\VMSnap3.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.117.0\SeaPort.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\Integrator.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1713152 2010-02-10] (VIA)
HKLM\...\Run: [SSDMonitor] => C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [112600 2010-11-15] (PC Tools)
HKLM\...\Run: [BigDog303] => C:\Windows\VM303_STI.EXE [61440 2006-01-24] (Vimicro)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [VMSnap3] => C:\Windows\VMSnap3.EXE [49152 2006-08-30] (ZSMCSNAP)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKU\S-1-5-21-1112869332-939493985-2980015415-1001\...\Run: [Pando Media Booster] => C:\Program Files\Pando Networks\Media Booster\PMB.exe [3077528 2011-10-17] ()
HKU\S-1-5-21-1112869332-939493985-2980015415-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092613007\...\Run: [Pando Media Booster] => C:\Program Files\Pando Networks\Media Booster\PMB.exe [3077528 2011-10-17] ()
HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-11-14] (Google Inc.)
BootExecute: autocheck autochk * SmartDefragBootTime.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{68CBFD7A-2455-4203-BEF1-CC8A4A140E20}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F4F63C36-DE49-4869-A586-E9B311B3CE4D}: [DhcpNameServer] 192.168.0.1 192.168.0.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1112869332-939493985-2980015415-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1112869332-939493985-2980015415-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092613007\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092612672\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092612867\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\S-1-5-21-1112869332-939493985-2980015415-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1112869332-939493985-2980015415-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=BDT3&ocid=bdtdhp
HKU\S-1-5-21-1112869332-939493985-2980015415-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092613007\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1112869332-939493985-2980015415-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092613007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=BDT3&ocid=bdtdhp
HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
SearchScopes: HKU\S-1-5-21-1112869332-939493985-2980015415-1001 -> {6E3CB35B-45F4-481A-8301-851C6120275F} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7MOOI_en
SearchScopes: HKU\S-1-5-21-1112869332-939493985-2980015415-1001 -> {9AB0D657-129A-4112-91E1-AB901003849A} URL = hxxp://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1112869332-939493985-2980015415-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092613007 -> {6E3CB35B-45F4-481A-8301-851C6120275F} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7MOOI_en
SearchScopes: HKU\S-1-5-21-1112869332-939493985-2980015415-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092613007 -> {9AB0D657-129A-4112-91E1-AB901003849A} URL = hxxp://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-03-06] (RealDownloader)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-28] (Google Inc.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.3.117.0\BingExt.dll [2013-11-10] (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.117.0\BingExt.dll [2013-11-10] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-1112869332-939493985-2980015415-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-1112869332-939493985-2980015415-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1112869332-939493985-2980015415-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092613007 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-1112869332-939493985-2980015415-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092613007 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-28] (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-12] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\killer7\AppData\Roaming\Mozilla\Firefox\Profiles\ach3zyc1.default [2017-01-02]
FF Extension: (Firefox Hotfix) - C:\Users\killer7\AppData\Roaming\Mozilla\Firefox\Profiles\ach3zyc1.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-25]
FF Extension: (z) - C:\Program Files\Mozilla Firefox\extensions\{c49d8d65-ff69-3e8e-26e1-f299236d3c4c} [2012-05-23] [not signed]
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-25] [not signed]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: (DivX Plus Web Player HTML5 &video&) - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-12-23] [not signed]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\IPSFFPlgn => not found
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-05-23] [not signed]
FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-1112869332-939493985-2980015415-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi => not found
FF HKU\S-1-5-21-1112869332-939493985-2980015415-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092613007\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-15] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2010-07-21] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-21] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2011-08-22] (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Reader 3\npnitromozilla.dll [2012-10-08] (Nitro PDF)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-23] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-23] (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-10-17] (Pando Networks)
FF Plugin: @raidcall.en/RCplugin -> C:\Users\killer7\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2013-03-30] (Raidcall)
FF Plugin: @real.com/nppl3260;version=16.0.1.18 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-05-23] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-11-10] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-11-10] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.1.18 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-05-23] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-03-06] (RealDownloader)
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2013-12-19] ( Garena)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1112869332-939493985-2980015415-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\killer7\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-04-10] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1112869332-939493985-2980015415-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-10-17] (Pando Networks)
FF Plugin HKU\S-1-5-21-1112869332-939493985-2980015415-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092613007: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\killer7\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-04-10] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1112869332-939493985-2980015415-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092613007: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-10-17] (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2013-05-23] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2013-05-23] (RealPlayer)
 
Chrome: 
=======
CHR Profile: C:\Users\killer7\AppData\Local\Google\Chrome\User Data\Default [2017-01-07]
CHR Extension: (Google Slides) - C:\Users\killer7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-08]
CHR Extension: (Google Docs) - C:\Users\killer7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-08]
CHR Extension: (Google Drive) - C:\Users\killer7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-08]
CHR Extension: (YouTube) - C:\Users\killer7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-08]
CHR Extension: (Google Sheets) - C:\Users\killer7\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-08]
CHR Extension: (Google Docs Offline) - C:\Users\killer7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-08]
CHR Extension: (DateTime) - C:\Users\killer7\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhcllabimbhlobkincjldkkfgomidake [2016-12-23]
CHR Extension: (RealDownloader) - C:\Users\killer7\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2016-11-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\killer7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-08]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\killer7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2016-11-08]
CHR Extension: (DotA 2 Build Editor Fix) - C:\Users\killer7\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojdobdhdmijopknbgkefkklhdeaegbl [2016-12-26]
CHR Extension: (Gmail) - C:\Users\killer7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-08]
CHR Extension: (Chrome Media Router) - C:\Users\killer7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ASGT; C:\Windows\System32\ASGT.exe [48640 2015-05-29] () [File not signed]
S4 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
S4 cFosSpeedS; C:\Program Files\cFosSpeed\spd.exe [380328 2012-07-02] (cFos Software GmbH)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [931896 2016-06-15] (NVIDIA Corporation)
S4 Giraffic; C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe [2223248 2012-01-11] (Giraffic)
S4 hshld; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [533288 2013-01-11] (AnchorFree Inc.)
S4 HssSrv; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [444712 2013-01-11] (AnchorFree Inc.)
S4 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-01-11] ()
S4 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [389928 2013-01-11] ()
R2 LMS; C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3381200 2016-11-29] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2012-10-08] (Nitro PDF Software)
S3 npggsvc; C:\Windows\system32\GameMon.des [4125176 2011-07-11] (INCA Internet Co., Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2905656 2016-06-15] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2018360 2016-06-15] (NVIDIA Corporation)
R2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2010-10-01] (PC Tools)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1514304 2011-12-14] (TuneUp Software)
R2 UNS; C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 1394hub; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R1 cFosSpeed; C:\Windows\System32\DRIVERS\cfosspeed6.sys [975272 2012-07-02] (cFos Software GmbH)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-06-01] (Symantec Corporation)
S3 GGSAFERDriver; C:\Program Files\Garena Plus\Room\safedrv.sys [22112 2013-04-14] ()
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [36040 2013-01-11] (AnchorFree Inc.)
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [33792 2005-03-09] () [File not signed]
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [219072 2017-01-07] (Malwarebytes)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [81168 2011-01-09] (MotioninJoy)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-17] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27704 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [50744 2016-04-14] (NVIDIA Corporation)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2007-12-11] (Windows ® Codename Longhorn DDK provider)
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [35328 2008-10-24] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [19968 2007-12-03] (Windows ® Codename Longhorn DDK provider)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [59388 2010-04-12] (PowerISO Computing, Inc.) [File not signed]
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2013-05-22] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-10-19] (Duplex Secure Ltd.)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-06-01] (Symantec Corporation)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37208 2013-01-05] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-12-30] ()
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2011-12-12] (TuneUp Software)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1119232 2010-01-11] (VIA Technologies, Inc.)
S3 vmfilter303; C:\Windows\System32\drivers\vmfilter303.sys [428160 2006-04-25] (Vimicro Corporation)
S3 ZSMC303; C:\Windows\System32\Drivers\usbVM303.sys [392122 2006-12-01] (Vimicro Corporation)
S1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20120531.001\BHDrvx86.sys [X]
S3 catchme; \??\C:\Users\killer7\AppData\Local\Temp\catchme.sys [X]
S1 ccSet_NAV; \SystemRoot\system32\drivers\NAV\1307010.005\ccSetx86.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20120613.007\IDSvix86.sys [X]
S1 MpKsl989b6e83; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{82FF5C71-2D50-4224-90BB-2613F35286B5}\MpKsl989b6e83.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120614.032\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120614.032\NAVEX15.SYS [X]
S3 npkcrypt; \??\G:\Ragnarok Online\npkcrypt.sys [X]
S3 SRTSP; \SystemRoot\System32\Drivers\NAV\1307010.005\SRTSP.SYS [X]
S1 SRTSPX; \SystemRoot\system32\drivers\NAV\1307010.005\SRTSPX.SYS [X]
S0 SymDS; system32\drivers\NAV\1307010.005\SYMDS.SYS [X]
S0 SymEFA; system32\drivers\NAV\1307010.005\SYMEFA.SYS [X]
S1 SymIRON; \SystemRoot\system32\drivers\NAV\1307010.005\Ironx86.SYS [X]
S1 SymNetS; \SystemRoot\System32\Drivers\NAV\1307010.005\SYMNETS.SYS [X]
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TFSysMon; system32\drivers\TfSysMon.sys [X]
U2 wuaserv; no ImagePath
S3 XDva369; \??\C:\Windows\system32\XDva369.sys [X]
S3 XDva370; \??\C:\Windows\system32\XDva370.sys [X]
S3 XDva372; \??\C:\Windows\system32\XDva372.sys [X]
S3 XDva377; \??\C:\Windows\system32\XDva377.sys [X]
S3 XDva379; \??\C:\Windows\system32\XDva379.sys [X]
S3 XDva383; \??\C:\Windows\system32\XDva383.sys [X]
S3 XDva388; \??\C:\Windows\system32\XDva388.sys [X]
S3 XDva389; \??\C:\Windows\system32\XDva389.sys [X]
S3 XDva391; \??\C:\Windows\system32\XDva391.sys [X]
S3 XDva392; \??\C:\Windows\system32\XDva392.sys [X]
S3 XDva393; \??\C:\Windows\system32\XDva393.sys [X]
S3 XDva394; \??\C:\Windows\system32\XDva394.sys [X]
S3 XDva397; \??\C:\Windows\system32\XDva397.sys [X]
S3 XDva398; \??\C:\Windows\system32\XDva398.sys [X]
S3 XDva399; \??\C:\Windows\system32\XDva399.sys [X]
S3 XDva400; \??\C:\Windows\system32\XDva400.sys [X]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-07 09:30 - 2017-01-07 09:30 - 00000000 ____D C:\FRST
2017-01-07 09:29 - 2017-01-07 09:30 - 00000000 ____D C:\Users\killer7\Desktop\Farbar REcovery Scan Tool
2017-01-02 17:12 - 2017-01-02 17:12 - 00044883 _____ C:\ComboFix.txt
2017-01-02 16:50 - 2011-06-26 14:45 - 00256000 _____ C:\Windows\PEV.exe
2017-01-02 16:50 - 2010-11-08 01:20 - 00208896 _____ C:\Windows\MBR.exe
2017-01-02 16:50 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-01-02 16:50 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-01-02 16:50 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-01-02 16:50 - 2000-08-31 08:00 - 00098816 _____ C:\Windows\sed.exe
2017-01-02 16:50 - 2000-08-31 08:00 - 00080412 _____ C:\Windows\grep.exe
2017-01-02 16:50 - 2000-08-31 08:00 - 00068096 _____ C:\Windows\zip.exe
2017-01-02 16:48 - 2017-01-02 17:12 - 00000000 ____D C:\Qoobox
2017-01-02 16:48 - 2017-01-02 17:11 - 00000000 ____D C:\Windows\erdnt
2017-01-02 16:46 - 2017-01-02 16:46 - 05659917 ____R (Swearware) C:\Users\killer7\Desktop\ComboFix.exe
2017-01-02 16:34 - 2017-01-02 16:34 - 00005844 _____ C:\Users\killer7\Desktop\JRT.txt
2017-01-02 16:19 - 2017-01-02 16:23 - 00000000 ____D C:\AdwCleaner
2017-01-01 11:00 - 2017-01-01 11:00 - 00003304 ____N C:\bootsqm.dat
2016-12-30 12:24 - 2016-12-30 12:24 - 00000000 ____D C:\Users\killer7\AppData\Roaming\Apple Computer
2016-12-30 11:58 - 2016-12-30 15:11 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-12-30 11:57 - 2016-12-30 11:57 - 03977168 _____ C:\Users\killer7\Downloads\adwcleaner_6.041.exe
2016-12-30 11:57 - 2016-12-30 11:57 - 00001001 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-12-30 11:57 - 2016-12-30 11:57 - 00000000 ____D C:\ProgramData\RogueKiller
2016-12-30 11:57 - 2016-12-30 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-12-30 11:57 - 2016-12-30 11:57 - 00000000 ____D C:\Program Files\RogueKiller
2016-12-27 21:05 - 2016-12-27 21:05 - 00000631 _____ C:\Users\killer7\Desktop\wowowowweeee.txt
2016-12-22 23:35 - 2016-12-22 23:35 - 00000000 ____D C:\Users\killer7\AppData\Local\Ankama
2016-12-21 21:06 - 2017-01-07 08:34 - 00219072 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-21 21:05 - 2016-12-21 21:05 - 00002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-21 21:05 - 2016-12-21 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-21 21:05 - 2016-12-14 12:55 - 00059968 _____ C:\Windows\system32\Drivers\mbae.sys
2016-12-21 21:02 - 2016-12-21 21:02 - 00001037 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2016-12-21 21:02 - 2016-12-21 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2016-12-21 21:02 - 2016-12-21 21:02 - 00000000 ____D C:\ProgramData\Licenses
2016-12-21 21:02 - 2016-12-21 21:02 - 00000000 ____D C:\Program Files\SpywareBlaster
2016-12-21 20:29 - 2016-12-21 20:29 - 00000526 _____ C:\Users\killer7\Desktop\steam lock code.txt
2016-12-20 23:15 - 2016-12-21 21:05 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-12-20 08:16 - 2016-12-20 08:16 - 00032782 _____ C:\Users\killer7\Downloads\IMG_0389.JPG
2016-12-20 08:16 - 2016-12-20 08:16 - 00031666 _____ C:\Users\killer7\Downloads\IMG_0392.JPG
2016-12-20 08:11 - 2016-12-30 11:44 - 00000000 ____D C:\Users\killer7\AppData\Local\CrashDumps
2016-12-17 20:59 - 2016-12-17 20:59 - 00000000 ____D C:\Users\killer7\AppData\Local\Programs
2016-12-17 20:59 - 2016-12-17 20:59 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-15 14:36 - 2016-12-16 14:42 - 00000000 ____D C:\Users\killer7\AppData\Local\Troubleshooter
2016-12-15 14:36 - 2016-12-15 14:36 - 00000000 ____D C:\Users\killer7\.android
2016-12-15 14:35 - 2016-12-15 14:35 - 00000000 ____D C:\Users\killer7\AppData\Local\Macromedia
2016-12-15 14:33 - 2016-12-16 17:24 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-12-15 14:33 - 2016-11-23 21:37 - 00000570 _____ C:\Users\killer7\AppData\Local\TroubleshooterConfig.json
2016-12-15 14:32 - 2016-12-22 13:22 - 00000000 ____D C:\Users\killer7\AppData\Local\Bluestacks
2016-12-12 06:39 - 2016-12-12 06:41 - 00000000 ____D C:\Users\killer7\Downloads\pdf2doc
2016-12-11 15:56 - 2016-12-11 15:56 - 00000000 ____D C:\Users\killer7\AppData\Local\Diagnostics
2016-12-10 09:44 - 2016-12-10 09:44 - 00000000 ____D C:\found.001
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-07 09:25 - 2012-06-21 11:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-07 08:42 - 2009-07-14 12:34 - 00015360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-07 08:42 - 2009-07-14 12:34 - 00015360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-07 08:33 - 2010-10-27 11:34 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-07 08:33 - 2009-07-14 12:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-06 23:25 - 2012-05-02 18:53 - 00000000 ____D C:\Program Files\Steam
2017-01-06 19:15 - 2012-05-02 18:53 - 00000000 ____D C:\Program Files\Common Files\Steam
2017-01-06 17:27 - 2013-06-15 11:41 - 00000000 ____D C:\Users\killer7\AppData\Roaming\.minecraft
2017-01-02 17:05 - 2009-07-14 10:04 - 00000440 _____ C:\Windows\system.ini
2017-01-02 17:01 - 2012-08-22 16:32 - 00000000 ____D C:\Users\killer7\AppData\Roaming\baidu
2017-01-02 16:22 - 2010-11-12 21:36 - 00000000 ____D C:\Users\killer7\AppData\LocalLow\Yahoo!
2017-01-02 16:22 - 2010-11-12 21:35 - 00000000 ____D C:\Users\killer7\AppData\Roaming\Yahoo!
2017-01-02 16:22 - 2010-11-12 21:30 - 00000000 ____D C:\Program Files\Yahoo!
2017-01-01 11:07 - 2010-10-27 11:30 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-01 11:07 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\inf
2016-12-28 23:06 - 2010-11-28 16:45 - 00000000 ____D C:\ProgramData\TEMP
2016-12-22 13:39 - 2013-04-16 15:56 - 00000000 ____D C:\Users\killer7\Downloads\gie
2016-12-22 13:38 - 2012-04-30 15:42 - 00000000 ____D C:\Users\killer7\Downloads\Compressed
2016-12-22 13:26 - 2010-10-27 12:11 - 00000000 ____D C:\ProgramData\ZZZZZZ
2016-12-22 13:22 - 2009-07-14 10:37 - 00000000 __RHD C:\Users\Public\Libraries
2016-12-22 13:19 - 2011-12-24 06:35 - 00000000 ____D C:\Program Files\Garena Plus
2016-12-22 13:12 - 2009-07-14 10:37 - 00000000 ___RD C:\Users
2016-12-22 05:24 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\system32\config\RegBack
2016-12-22 03:17 - 2013-10-13 06:24 - 00000000 ____D C:\Users\killer7\Desktop\poker
2016-12-21 21:04 - 2012-01-14 18:38 - 00041978 __RSH C:\ProgramData\ntuser.pol
2016-12-20 23:37 - 2012-07-04 18:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-20 23:18 - 2012-04-30 15:42 - 00000000 ____D C:\Users\killer7\AppData\Roaming\DMCache
2016-12-20 23:18 - 2010-10-27 11:30 - 00000000 ___RD C:\Users\killer7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-20 23:09 - 2016-11-08 07:55 - 00000000 ____D C:\Users\killer7\AppData\Local\Google
2016-12-20 23:09 - 2016-11-08 07:53 - 00000000 ____D C:\Users\killer7\AppData\Local\Microsoft
2016-12-17 22:02 - 2013-10-02 12:55 - 00000000 ____D C:\Users\killer7\Desktop\SDSD - SAT
2016-12-17 21:56 - 2011-08-31 18:42 - 00360448 _____ C:\Users\UpdatusUser\ntuser.dat
2016-12-17 21:48 - 2016-07-30 09:26 - 00000000 ____D C:\Users\killer7\Downloads\Music
2016-12-17 21:46 - 2014-04-07 17:45 - 00000000 ____D C:\Users\killer7\Downloads\Programs
2016-12-17 21:43 - 2012-04-30 15:42 - 00000000 ____D C:\Users\killer7\Downloads\Video
2016-12-17 21:17 - 2010-10-27 11:32 - 00000000 __SHD C:\Windows\Installer
2016-12-17 15:21 - 2011-10-30 00:50 - 00000000 ___RD C:\Users\Guest.iskimeni\Videos
2016-12-17 09:16 - 2010-11-23 15:34 - 00000000 ____D C:\Config.Msi
2016-12-16 15:19 - 2011-10-30 02:05 - 01291430 ____H C:\Users\Guest.iskimeni\AppData\Local\IconCache.db
2016-12-16 15:04 - 2011-10-30 00:50 - 00000000 ___RD C:\Users\Guest.iskimeni\Downloads
2016-12-15 15:13 - 2012-10-04 21:49 - 00002145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-15 14:36 - 2010-10-27 11:30 - 00000000 ____D C:\Users\killer7
2016-12-15 14:27 - 2012-06-21 11:51 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-12-15 14:27 - 2011-07-19 05:28 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-12-15 14:27 - 2010-11-12 21:35 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-14 06:16 - 2010-12-01 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ÃÀͼ
2016-12-14 06:02 - 2010-10-28 21:01 - 00000000 ____D C:\Users\killer7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-12-14 05:58 - 2012-08-22 16:42 - 00000000 ____D C:\Users\killer7\AppData\Roaming\360Notify
2016-12-14 05:58 - 2010-11-04 23:41 - 00000000 ____D C:\Program Files\360
2016-12-12 21:59 - 2016-08-21 21:28 - 00000000 ____D C:\Users\killer7\Desktop\lawskul notes S.Y. 16-17 First Semester
2016-12-12 21:49 - 2012-04-30 15:42 - 00000000 ____D C:\Users\killer7\Downloads\Documents
2016-12-12 20:20 - 2010-10-27 11:30 - 00000000 ___SD C:\Users\killer7\AppData\Roaming\Microsoft
2016-12-12 20:19 - 2016-09-05 13:16 - 00000000 ____D C:\Users\killer7\Desktop\Jenna Folder
2016-12-12 17:57 - 2009-07-14 10:03 - 00262144 ____H C:\Windows\system32\config\SOFTWARE.LOG2
2016-12-11 15:56 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\system32\NDF
2016-12-10 09:48 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\system32\catroot2
2016-12-08 18:54 - 2016-07-07 09:17 - 00000022 _____ C:\Windows\GPU-Z.INI
 
==================== Files in the root of some directories =======
 
2011-09-17 10:06 - 2011-10-19 09:11 - 0145408 _____ () C:\Users\killer7\AppData\Roaming\chrtmp
2010-11-25 11:00 - 2012-06-20 16:31 - 0000565 _____ () C:\Users\killer7\AppData\Roaming\myMPQ.ini
2011-06-02 14:06 - 2013-01-04 19:53 - 0045270 _____ () C:\Users\killer7\AppData\Roaming\room_v3.dat
2010-10-27 12:49 - 2012-07-26 23:00 - 0000454 _____ () C:\Users\killer7\AppData\Roaming\SamsungLiveUpdateConfig.ini
2012-10-29 22:33 - 2012-10-29 22:33 - 0000035 _____ () C:\Users\killer7\AppData\Roaming\tester
2010-10-27 12:50 - 2010-10-27 12:51 - 1531392 _____ (Toshiba Samsung Storage Technology Corporation) C:\Users\killer7\AppData\Roaming\tsdnwin.dll
2016-12-15 14:33 - 2016-11-23 21:37 - 0000570 _____ () C:\Users\killer7\AppData\Local\TroubleshooterConfig.json
 
Some files in TEMP:
====================
C:\Users\killer7\AppData\Local\temp\i4jdel0.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-12-10 04:28
 
==================== End of FRST.txt ============================

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,544 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:02 PM

Posted 07 January 2017 - 10:23 AM

This program in bold is not recommended.
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.6.0 - Pando Networks Inc.)

Read about it. It may have been installed without your concent by a 3rd party program you installed.
http://www.shouldiremoveit.com/Pando-Media-Booster-6090-program.aspx

If you wish to remove it do it via the Control Panel > Programs > Programs and Features.
Your call.

If you do not use this program in you can remove it also.
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
----

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1112869332-939493985-2980015415-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1112869332-939493985-2980015415-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092613007\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-1112869332-939493985-2980015415-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1112869332-939493985-2980015415-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092613007 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
FF Extension: (z) - C:\Program Files\Mozilla Firefox\extensions\{c49d8d65-ff69-3e8e-26e1-f299236d3c4c} [2012-05-23] [not signed]
FF HKU\S-1-5-21-1112869332-939493985-2980015415-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi => not found
FF HKU\S-1-5-21-1112869332-939493985-2980015415-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092613007\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\killer7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-08]
CHR Extension: (Chrome Media Router) - C:\Users\killer7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16]
S4 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20120531.001\BHDrvx86.sys [X]
S3 catchme; \??\C:\Users\killer7\AppData\Local\Temp\catchme.sys [X]
S1 ccSet_NAV; \SystemRoot\system32\drivers\NAV\1307010.005\ccSetx86.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20120613.007\IDSvix86.sys [X]
S1 MpKsl989b6e83; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{82FF5C71-2D50-4224-90BB-2613F35286B5}\MpKsl989b6e83.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120614.032\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120614.032\NAVEX15.SYS [X]
S3 npkcrypt; \??\G:\Ragnarok Online\npkcrypt.sys [X]
S3 SRTSP; \SystemRoot\System32\Drivers\NAV\1307010.005\SRTSP.SYS [X]
S1 SRTSPX; \SystemRoot\system32\drivers\NAV\1307010.005\SRTSPX.SYS [X]
S0 SymDS; system32\drivers\NAV\1307010.005\SYMDS.SYS [X]
S0 SymEFA; system32\drivers\NAV\1307010.005\SYMEFA.SYS [X]
S1 SymIRON; \SystemRoot\system32\drivers\NAV\1307010.005\Ironx86.SYS [X]
S1 SymNetS; \SystemRoot\System32\Drivers\NAV\1307010.005\SYMNETS.SYS [X]
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TFSysMon; system32\drivers\TfSysMon.sys [X]
U2 wuaserv; no ImagePath
S3 XDva369; \??\C:\Windows\system32\XDva369.sys [X]
S3 XDva370; \??\C:\Windows\system32\XDva370.sys [X]
S3 XDva372; \??\C:\Windows\system32\XDva372.sys [X]
S3 XDva377; \??\C:\Windows\system32\XDva377.sys [X]
S3 XDva379; \??\C:\Windows\system32\XDva379.sys [X]
S3 XDva383; \??\C:\Windows\system32\XDva383.sys [X]
S3 XDva388; \??\C:\Windows\system32\XDva388.sys [X]
S3 XDva389; \??\C:\Windows\system32\XDva389.sys [X]
S3 XDva391; \??\C:\Windows\system32\XDva391.sys [X]
S3 XDva392; \??\C:\Windows\system32\XDva392.sys [X]
S3 XDva393; \??\C:\Windows\system32\XDva393.sys [X]
S3 XDva394; \??\C:\Windows\system32\XDva394.sys [X]
S3 XDva397; \??\C:\Windows\system32\XDva397.sys [X]
S3 XDva398; \??\C:\Windows\system32\XDva398.sys [X]
S3 XDva399; \??\C:\Windows\system32\XDva399.sys [X]
S3 XDva400; \??\C:\Windows\system32\XDva400.sys [X]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [X]
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\killer7\AppData\Local\Google\Update\GoogleUpdate.exe" => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\killer7\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\killer7\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{6CE4B8A6-4DB5-4F63-8013-1197503692EF}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{B6BB720C-25CB-11E0-B4E5-23EBDED72085}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{B6CE1A28-A831-43E4-A81F-E2B429D66231}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\killer7\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Guest.iskimeni\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\killer7\AppData\Local\Google\Update\GoogleUpdate.exe" => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\killer7\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\killer7\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Guest.iskimeni\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Guest.iskimeni\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\killer7\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{6CE4B8A6-4DB5-4F63-8013-1197503692EF}\InprocServer32 -> C:\Users\Guest.iskimeni\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\YBPAddon_2.9.8.dll => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{8201607b-9f82-509e-ad78-98c71e5e16ba}\InprocServer32 -> C:\Users\Guest.iskimeni\AppData\Local\Balanced Worlds\BWGameEngine\npWebLauncher.dll => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{B6BB720C-25CB-11E0-B4E5-23EBDED72085}\InprocServer32 -> C:\Users\Guest.iskimeni\AppData\Local\ASKTOO~1\DOWNLO~1\NEROOE~1.DLL => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{B6CE1A28-A831-43E4-A81F-E2B429D66231}\InprocServer32 -> C:\Users\Guest.iskimeni\AppData\Local\ASKTOO~1\DOWNLO~1\Nero.dll => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Guest.iskimeni\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\killer7\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Guest.iskimeni\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Guest.iskimeni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Guest.iskimeni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Guest.iskimeni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Guest.iskimeni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll => No File
Task: {07E9420A-8D81-4757-98B1-E77C26CE82F4} - no filepath
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84 [127]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
AlternateDataStreams: C:\ProgramData\TEMP:661DFA1C [134]
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [318]
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [109]
C:\Users\killer7\AppData\Local\temp\i4jdel0.exe

Reboot:


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

ADOBE AIR

Navigate to this page and follow the instructions and get the latest version.
https://get.adobe.com/air/
==============

ADOBE READER
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.
<<<>>>

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove these old versions via the Control Panel > Programs and Features.
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Reader X (10.1.2) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java™ 6 Update 33 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)

===

Please post the Fixlog.txt and let me know what problem persists.

#6 KtrlHeist

KtrlHeist
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 13 January 2017 - 05:48 AM

Hello nasdaq,
 
I was surprised when you told me that my Java is outdated!!!! honestly man, If you haven't told me I wouldn't know because some weeks ago it FLASHED an update!!!! Malwares are so scheming nowadays, I'm outdated and not aware hmmmm.. I guess it's hard to be away from your own desktop and internet connection for a year..
 
 
 
Anyway, I have done what you tell me to do..  and here are the things I noticed:
 
- The farbar recovery tool took too long to finish man! well, while I'm running it, I'm browsing the internet and playing DotA2 at the same time. (could that be the problem?) anyway, I did not turn off my PC and lit it on over night.. on the morning, I noticed that the computer restarted itself.. I opened the folder of the farbar recovery tool, and found the fixlog. it created the  fixlog liek you told me (see fixlog post).
 
- I've noticed some changes in the task manager when I'm running the farbar tool. It seems that the processes that were usually there (appearing suspisciously) were GONE!! (and now, they are not there anymore. see my screenshot, tell me if there's something still suspiscious..
 
- Start Up is still a pain in the arse tho.. desktop still takes a minute or two to complete waking rituals i suppose.
 
- Adobe and Java updates where done. outdated versions were successfully removed as well.
 
- So far, Internet Connection seems to be at its optimum.

HERE IS THE FIXLOG.TXT

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 01-01-2017
Ran by killer7 (12-01-2017 18:19:05) Run:1
Running from C:\Users\killer7\Desktop\Farbar REcovery Scan Tool
Loaded Profiles: killer7 (Available Profiles: killer7 & Guest)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1112869332-939493985-2980015415-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1112869332-939493985-2980015415-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092613007\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-1112869332-939493985-2980015415-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1112869332-939493985-2980015415-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092613007 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
FF Extension: (z) - C:\Program Files\Mozilla Firefox\extensions\{c49d8d65-ff69-3e8e-26e1-f299236d3c4c} [2012-05-23] [not signed]
FF HKU\S-1-5-21-1112869332-939493985-2980015415-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi => not found
FF HKU\S-1-5-21-1112869332-939493985-2980015415-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092613007\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\killer7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-08]
CHR Extension: (Chrome Media Router) - C:\Users\killer7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16]
S4 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20120531.001\BHDrvx86.sys [X]
S3 catchme; \??\C:\Users\killer7\AppData\Local\Temp\catchme.sys [X]
S1 ccSet_NAV; \SystemRoot\system32\drivers\NAV\1307010.005\ccSetx86.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20120613.007\IDSvix86.sys [X]
S1 MpKsl989b6e83; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{82FF5C71-2D50-4224-90BB-2613F35286B5}\MpKsl989b6e83.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120614.032\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120614.032\NAVEX15.SYS [X]
S3 npkcrypt; \??\G:\Ragnarok Online\npkcrypt.sys [X]
S3 SRTSP; \SystemRoot\System32\Drivers\NAV\1307010.005\SRTSP.SYS [X]
S1 SRTSPX; \SystemRoot\system32\drivers\NAV\1307010.005\SRTSPX.SYS [X]
S0 SymDS; system32\drivers\NAV\1307010.005\SYMDS.SYS [X]
S0 SymEFA; system32\drivers\NAV\1307010.005\SYMEFA.SYS [X]
S1 SymIRON; \SystemRoot\system32\drivers\NAV\1307010.005\Ironx86.SYS [X]
S1 SymNetS; \SystemRoot\System32\Drivers\NAV\1307010.005\SYMNETS.SYS [X]
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TFSysMon; system32\drivers\TfSysMon.sys [X]
U2 wuaserv; no ImagePath
S3 XDva369; \??\C:\Windows\system32\XDva369.sys [X]
S3 XDva370; \??\C:\Windows\system32\XDva370.sys [X]
S3 XDva372; \??\C:\Windows\system32\XDva372.sys [X]
S3 XDva377; \??\C:\Windows\system32\XDva377.sys [X]
S3 XDva379; \??\C:\Windows\system32\XDva379.sys [X]
S3 XDva383; \??\C:\Windows\system32\XDva383.sys [X]
S3 XDva388; \??\C:\Windows\system32\XDva388.sys [X]
S3 XDva389; \??\C:\Windows\system32\XDva389.sys [X]
S3 XDva391; \??\C:\Windows\system32\XDva391.sys [X]
S3 XDva392; \??\C:\Windows\system32\XDva392.sys [X]
S3 XDva393; \??\C:\Windows\system32\XDva393.sys [X]
S3 XDva394; \??\C:\Windows\system32\XDva394.sys [X]
S3 XDva397; \??\C:\Windows\system32\XDva397.sys [X]
S3 XDva398; \??\C:\Windows\system32\XDva398.sys [X]
S3 XDva399; \??\C:\Windows\system32\XDva399.sys [X]
S3 XDva400; \??\C:\Windows\system32\XDva400.sys [X]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [X]
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\killer7\AppData\Local\Google\Update\GoogleUpdate.exe" => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\killer7\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\killer7\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{6CE4B8A6-4DB5-4F63-8013-1197503692EF}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{B6BB720C-25CB-11E0-B4E5-23EBDED72085}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{B6CE1A28-A831-43E4-A81F-E2B429D66231}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\killer7\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615162_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Guest.iskimeni\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\killer7\AppData\Local\Google\Update\GoogleUpdate.exe" => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\killer7\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\killer7\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Guest.iskimeni\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Guest.iskimeni\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\killer7\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{6CE4B8A6-4DB5-4F63-8013-1197503692EF}\InprocServer32 -> C:\Users\Guest.iskimeni\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\YBPAddon_2.9.8.dll => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{8201607b-9f82-509e-ad78-98c71e5e16ba}\InprocServer32 -> C:\Users\Guest.iskimeni\AppData\Local\Balanced Worlds\BWGameEngine\npWebLauncher.dll => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{B6BB720C-25CB-11E0-B4E5-23EBDED72085}\InprocServer32 -> C:\Users\Guest.iskimeni\AppData\Local\ASKTOO~1\DOWNLO~1\NEROOE~1.DLL => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{B6CE1A28-A831-43E4-A81F-E2B429D66231}\InprocServer32 -> C:\Users\Guest.iskimeni\AppData\Local\ASKTOO~1\DOWNLO~1\Nero.dll => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Guest.iskimeni\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\killer7\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Guest.iskimeni\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Guest.iskimeni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Guest.iskimeni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Guest.iskimeni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll => No File
CustomCLSID: HKU\S-1-5-21-1112869332-939493985-2980015415-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092615492_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Guest.iskimeni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll => No File
Task: {07E9420A-8D81-4757-98B1-E77C26CE82F4} - no filepath
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84 [127]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
AlternateDataStreams: C:\ProgramData\TEMP:661DFA1C [134]
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [318]
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [109]
C:\Users\killer7\AppData\Local\temp\i4jdel0.exe
 
Reboot:
 
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\S-1-5-21-1112869332-939493985-2980015415-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\S-1-5-21-1112869332-939493985-2980015415-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01072017092613007\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\S-1-5-21-1112869332-939493985-2980015415-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 


#7 KtrlHeist

KtrlHeist
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 13 January 2017 - 05:53 AM

and here is the screenshot of my task manager (see attachment pls.)

 

 

Thanks  a lot nasdaq... I'm wondering if you could give me an idea how to repair computers... would you post some links where I should start reading? I want to be able to help as well.. thanks a lot man

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,544 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:02 PM

Posted 13 January 2017 - 11:31 AM



Start Up is still a pain in ...


Update all the divers identified by this tool.
How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector (PSI)
Follow the instructions on this page.


http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users