[code] HitmanPro 3.7.10.250 www.hitmanpro.com Computer name . . . . : USER-KOMPUTER Windows . . . . . . . : 6.1.1.7601.X64/4 User name . . . . . . : User-Komputer\User UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2015-10-10 11:40:10 Scan mode . . . . . . : Normal Scan duration . . . . : 4m 48s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 79 Traces . . . . . . . : 202 Objects scanned . . . : 1 339 505 Files scanned . . . . : 41 927 Remnants scanned . . : 311 488 files / 986 090 keys Malware _____________________________________________________________________ C:\Users\User\Downloads\Minecraft-Setup (1).exe Size . . . . . . . : 576 004 bytes Age . . . . . . . : 540.9 days (2014-04-17 14:34:13) Entropy . . . . . : 5.6 SHA-256 . . . . . : 6635D814CD8D6AED45C300FD29DA659A375B58376FA54508FE384DE034859D43 > Bitdefender . . . : Trojan.Ranapama.AH Fuzzy . . . . . . : 106.0 C:\Users\User\Downloads\Minecraft-Setup (2).exe Size . . . . . . . : 576 004 bytes Age . . . . . . . : 519.0 days (2014-05-09 10:38:48) Entropy . . . . . : 5.6 SHA-256 . . . . . : 6635D814CD8D6AED45C300FD29DA659A375B58376FA54508FE384DE034859D43 > Bitdefender . . . : Trojan.Ranapama.AH Fuzzy . . . . . . : 106.0 C:\Users\User\Downloads\Minecraft-Setup (3).exe Size . . . . . . . : 576 004 bytes Age . . . . . . . : 519.0 days (2014-05-09 10:46:24) Entropy . . . . . : 5.6 SHA-256 . . . . . : 6635D814CD8D6AED45C300FD29DA659A375B58376FA54508FE384DE034859D43 > Bitdefender . . . : Trojan.Ranapama.AH Fuzzy . . . . . . : 106.0 Suspicious files ____________________________________________________________ C:\Users\User\AppData\Local\PunkBuster\BF3\pb\dll\wc002331.dll Size . . . . . . . : 963 480 bytes Age . . . . . . . : 773.5 days (2013-08-27 23:43:53) Entropy . . . . . : 7.6 SHA-256 . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\User\AppData\Local\PunkBuster\BF3\pb\dll\wc002342.dll Size . . . . . . . : 969 032 bytes Age . . . . . . . : 383.8 days (2014-09-21 16:20:29) Entropy . . . . . : 7.6 SHA-256 . . . . . : FC5702BFEF687EDAF89499C7849E4FDA0AF9D72A5A632C5B4E20F2562468596C RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\User\AppData\Local\PunkBuster\BF3\pb\dll\wc002344.dll Size . . . . . . . : 1 014 616 bytes Age . . . . . . . : 300.6 days (2014-12-13 20:14:59) Entropy . . . . . : 7.6 SHA-256 . . . . . : 64D8D164CC4FF898DDCCBD5D588E88AF2C1F7EA464C2B7519C78BF0D30CC6F24 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\User\AppData\Local\PunkBuster\BFP4F\pb\dll\wc002304.dll Size . . . . . . . : 954 496 bytes Age . . . . . . . : 681.9 days (2013-11-27 15:08:20) Entropy . . . . . : 7.6 SHA-256 . . . . . : EEBDAC091729B0B80A21E14B2CE0392E4584205BA06F5ED1B846C51D034A2177 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\User\AppData\Local\PunkBuster\BFP4F\pb\pbcl.dll Size . . . . . . . : 954 496 bytes Age . . . . . . . : 411.0 days (2014-08-25 11:36:22) Entropy . . . . . : 7.6 SHA-256 . . . . . : EEBDAC091729B0B80A21E14B2CE0392E4584205BA06F5ED1B846C51D034A2177 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\User\AppData\Local\PunkBuster\BFP4F\pb\pbclold.dll Size . . . . . . . : 954 496 bytes Age . . . . . . . : 681.9 days (2013-11-27 14:59:39) Entropy . . . . . : 7.6 SHA-256 . . . . . : EEBDAC091729B0B80A21E14B2CE0392E4584205BA06F5ED1B846C51D034A2177 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\User\AppData\Local\PunkBuster\BFP4F\pb\PnkBstrK.sys Size . . . . . . . : 139 424 bytes Age . . . . . . . : 681.9 days (2013-11-27 15:04:36) Entropy . . . . . : 7.8 SHA-256 . . . . . : 2A97BC40220EE7B5383991EDB238A70B2D6A7881E54E465999E2EADD6A396029 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\User\AppData\Local\PunkBuster\FC3\pb\pbcl.dll Size . . . . . . . : 953 886 bytes Age . . . . . . . : 690.5 days (2013-11-19 00:11:45) Entropy . . . . . : 7.6 SHA-256 . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\User\AppData\Local\PunkBuster\FC3\pb\pbcls.dll Size . . . . . . . : 953 886 bytes Age . . . . . . . : 690.5 days (2013-11-19 00:11:44) Entropy . . . . . : 7.6 SHA-256 . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\User\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys Size . . . . . . . : 138 032 bytes Age . . . . . . . : 690.5 days (2013-11-19 00:11:58) Entropy . . . . . : 7.8 SHA-256 . . . . . : ABAF3FACF01E10E4C685F79C3B9E5D2118B3CF8629C4277EBE035B2A10474148 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\User\AppData\Local\PunkBuster\MOH\pb\dll\wc002309.dll Size . . . . . . . : 956 714 bytes Age . . . . . . . : 774.5 days (2013-08-26 23:02:06) Entropy . . . . . : 7.6 SHA-256 . . . . . : 4448DAEAEBDC05EF4E0CC3BE743A8E4A100331324CCEAE31ECBDBE4C2921A06B Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\User\AppData\Local\PunkBuster\MOH\pb\pbcl.dll Size . . . . . . . : 956 714 bytes Age . . . . . . . : 773.6 days (2013-08-27 21:36:35) Entropy . . . . . : 7.6 SHA-256 . . . . . : 4448DAEAEBDC05EF4E0CC3BE743A8E4A100331324CCEAE31ECBDBE4C2921A06B Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\User\AppData\Local\PunkBuster\MOH\pb\pbclold.dll Size . . . . . . . : 956 714 bytes Age . . . . . . . : 774.5 days (2013-08-26 22:55:09) Entropy . . . . . : 7.6 SHA-256 . . . . . : 4448DAEAEBDC05EF4E0CC3BE743A8E4A100331324CCEAE31ECBDBE4C2921A06B Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\User\AppData\Local\PunkBuster\MOH\pb\PnkBstrK.sys Size . . . . . . . : 139 096 bytes Age . . . . . . . : 774.5 days (2013-08-26 22:55:41) Entropy . . . . . : 7.8 SHA-256 . . . . . : 58A289998900FB3B98ADE29130EB3AEA70A21E6C2CCD6735008C279478B81E47 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\User\Desktop\TheForest.exe Size . . . . . . . : 16 104 408 bytes Age . . . . . . . : 47.5 days (2015-08-24 00:21:47) Entropy . . . . . : 6.8 SHA-256 . . . . . : FBB75B33B967C55EC714942BCBD012A7E4EF70AB53ADFD3FA70DC36F294EA0F6 Version . . . . . : 5.1.1.12859871 RSA Key Size . . . : 2048 Authenticode . . . : Invalid Fuzzy . . . . . . : 23.0 Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software. Authors name is missing in version info. This is not common to most programs. C:\Users\User\Downloads\FRST64.exe Size . . . . . . . : 2 194 944 bytes Age . . . . . . . : 0.4 days (2015-10-10 02:30:40) Entropy . . . . . : 7.6 SHA-256 . . . . . : C71A17F855D73AB42D760200C8D7FF888650A20B6BCFF38A76748E285F1FDE40 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Malware remnants ____________________________________________________________ HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide) HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\Tabs (Hijacker) HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}\ (FindWide) HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TNT2User_RASAPI32\ (FindWide) HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TNT2User_RASMANCS\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Wow6432Node\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Wow6432Node\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Wow6432Node\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Wow6432Node\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Wow6432Node\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Wow6432Node\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Wow6432Node\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Wow6432Node\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Wow6432Node\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Wow6432Node\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Wow6432Node\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Wow6432Node\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Wow6432Node\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Wow6432Node\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Wow6432Node\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Wow6432Node\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Wow6432Node\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Wow6432Node\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Wow6432Node\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Wow6432Node\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Wow6432Node\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Classes\Wow6432Node\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Wow6432Node\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Wow6432Node\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Wow6432Node\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Wow6432Node\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Wow6432Node\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Wow6432Node\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Wow6432Node\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Wow6432Node\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Wow6432Node\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Wow6432Node\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Wow6432Node\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Wow6432Node\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Wow6432Node\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Wow6432Node\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Wow6432Node\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Wow6432Node\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Wow6432Node\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Wow6432Node\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Wow6432Node\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Wow6432Node\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Wow6432Node\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ (FindWide) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000_Classes\Wow6432Node\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}\ (FindWide) Potential Unwanted Programs _________________________________________________ HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.dpliveupdate.oneclickctrl.9\ (DealPly) HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.dpliveupdate.update3webcontrol.3\ (DealPly) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{066D89E6-B457-4A57-888A-B0AEB11D5BF1}\ (DealPly) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{0E8990F4-2FC9-403C-883B-535D6271E740}\ (DealPly) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{1644E2E1-E15E-4E9E-9B25-5668536DD6A7}\ (DealPly) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{2BA83048-8B7C-4186-843B-D97FC1A6AE95}\ (DealPly) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{469960F8-8172-4386-BBB1-DF3590027D58}\ (DealPly) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{753C5ED0-B9AB-4F1E-8DAC-668E701CA569}\ (DealPly) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{80995911-5CF2-483F-A260-C736E8D0C691}\ (DealPly) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{821ED2B3-866E-4177-870E-52D995D123D0}\ (DealPly) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{9B4E4BF6-9346-4969-8428-C3CB81CD7A30}\ (DealPly) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{9BAC5A3B-33FD-4DB9-A4F1-B749498D4017}\ (DealPly) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A6670033-7A4B-4F59-B8A9-A7CEBF3CE960}\ (DealPly) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B1285825-F24F-4651-9F8A-2012460AD2FC}\ (DealPly) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B3D38AE9-C808-4811-8417-F114839D6392}\ (DealPly) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B8E64931-27EF-42BC-AF3B-0E2B25D17567}\ (DealPly) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{BE952BDF-6FDF-4A62-B318-E15D4487A2EF}\ (DealPly) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{C0233F6C-3110-4AEA-A798-C81DA43CED9E}\ (DealPly) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{CC5B7648-AAF8-4642-B53D-B7B5E4AE7241}\ (DealPly) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{D325B617-D6F9-4C72-90B2-A38E6D15C16E}\ (DealPly) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{DF51AD29-5239-441A-B921-E655C8162060}\ (DealPly) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E515494B-7548-462A-B7E7-A3E6F8C4899C}\ (DealPly) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E9ECFFF9-2011-439F-92EB-BE145ACD87DA}\ (DealPly) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{FBB92627-0DAA-4B69-97CC-9879236FE039}\ (DealPly) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4F622628-7632-4B28-B184-D7BA0CA3273B} (AirZip) HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\APNSetup_RASAPI32\ (AskBar) HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\APNSetup_RASMANCS\ (AskBar) HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PluginService_RASAPI32\ (Qone8) HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PluginService_RASMANCS\ (Qone8) HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PluginUpdate_RASAPI32\ (Qone8) HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PluginUpdate_RASMANCS\ (Qone8) HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\RegCleanPro_RASAPI32\ (RegClean Pro) HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\RegCleanPro_RASMANCS\ (RegClean Pro) HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SupTab_RASAPI32\ (Qone8) HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SupTab_RASMANCS\ (Qone8) HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TBNotifier_RASAPI32\ (AskBar) HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TBNotifier_RASMANCS\ (AskBar) HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\winzipersvc_RASAPI32\ (AirZip) HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\winzipersvc_RASMANCS\ (AirZip) HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wpm_RASAPI32\ (Qone8) HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wpm_RASMANCS\ (Qone8) HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wprotectmanager_RASAPI32\ (Qone8) HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wprotectmanager_RASMANCS\ (Qone8) HKLM\SYSTEM\ControlSet001\services\eventlog\Application\winzipersvc\ (AirZip) HKLM\SYSTEM\ControlSet002\services\eventlog\Application\winzipersvc\ (AirZip) HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\winzipersvc\ (AirZip) HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_\ (Crossrider) HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_\ (Crossrider) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\AppDataLow\Software\SmartBar\ (Conduit) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\ForumerIT\ (Bandoo) HKU\S-1-5-21-3615056651-1230219370-3880529227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71e129ff-6c2a-4984-818c-7e2c998b8d99}\ (SaveSense) Cookies _____________________________________________________________________ C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:245885873.log.optimizely.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:254a.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:ad.360yield.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:adadvisor.net C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:adaptv.advertising.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:adform.net C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:adformdsp.net C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:adhigh.net C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:adnxs.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:ads.betweendigital.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:ads.stickyadstv.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:adsby.bidtheatre.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:adscience.nl C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:adsrvr.org C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:adtech.de C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:atemda.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:bidswitch.net C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:bluekai.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:bs.serving-sys.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:c1.adform.net C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:casalemedia.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:cdn.turn.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:contextweb.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:crwdcntrl.net C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:ctnsnet.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:doubleclick.net C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:erne.co C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:everesttech.net C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:gwallet.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:ibillboard.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:lijit.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:liverail.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:m6r.eu C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:mathtag.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:metrigo.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:mxptint.net C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:nexac.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:openx.net C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:pixel.rubiconproject.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:pubmatic.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:revsci.net C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:rfihub.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:rs.gwallet.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:rtbidder.net C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:ru4.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:rubiconproject.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:server.adformdsp.net C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:serving-sys.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:simpli.fi C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:sxp.smartclip.net C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:tidaltv.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:track.adform.net C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:tradedoubler.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:tubemogul.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:turn.com C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jkyhoy73.default-1444441588826\cookies.sqlite:w55c.net [/code]