Author Topic: X64_HKEY_CLASSES_ROOT\CLSID|{03EBOE9C-7A91-4381-A220-9B52B641CDB1}  (Read 4935 times)

0 Members and 1 Guest are viewing this topic.

November 14, 2017, 08:59:23 PM

Crsness

  • Newbie

  • Offline
  • *

  • 2
  • Reputation:
    0
    • View Profile
This is the only one im unsure about.

I attached a copy of the log, well,, maybe the three IEXplorer entries

Please

RogueKiller V12.11.23.0 (x64) [Nov  6 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : Chrisn [Administrator]
Started from : C:\Users\Chrisn\Desktop\RogueKiller_portable64.exe
Mode : Scan -- Date : 11/14/2017 11:09:12 (Duration : 01:48:47)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 9 ¤¤¤
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Goobzo -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2073721809-3939958337-854567575-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : http://home.microsoft.com/search/lobby/search.asp  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2073721809-3939958337-854567575-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : http://home.microsoft.com/search/lobby/search.asp  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2073721809-3939958337-854567575-1000\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://home.microsoft.com/search/search.asp  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2073721809-3939958337-854567575-1000\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://home.microsoft.com/search/search.asp  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c8778b2c-78bc-4af1-a6b8-89cd3363f074} | DhcpNameServer : 172.20.10.1 ([])  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 10 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\Adtrustmedia -> Found
[PUP.Gen1][Folder] C:\ProgramData\SecTaskMan -> Found
[PUP.Gen1][Folder] C:\ProgramData\Yahoo! Companion -> Found
[PUP.Gen1][Folder] C:\Users\Chrisn\AppData\Roaming\Yahoo!\Companion -> Found
[PUP.Gen1][Folder] C:\Users\Chrisn\AppData\Local\AdTrustMedia -> Found
[PUP.Gen1][Folder] C:\ProgramData\Adtrustmedia -> Found
[PUP.Gen1][Folder] C:\ProgramData\SecTaskMan -> Found
[PUP.Gen1][Folder] C:\ProgramData\Yahoo! Companion -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\Yahoo!\Companion -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\YouTube Accelerator -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ATA ST3500413AS SCSI Disk Device +++++
--- User ---
[MBR] c49b18b5f1f034c5b7cd294041b7d045
[BSP] d92d208b3e38117b66d7dc008664451e : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1200 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2459648 | Size: 445865 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 915592552 | Size: 454 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 948075976 | Size: 14010 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


Reply #1November 14, 2017, 09:25:05 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: X64_HKEY_CLASSES_ROOT\CLSID|{03EBOE9C-7A91-4381-A220-9B52B641CDB1}
« Reply #1 on: November 14, 2017, 09:25:05 PM »
Hi Crsness,

Welcome to Adlice.com Forum.
This is linked to Admedia adware. You can safely remove it.

Regards.

Note : This thread has been moved to the "RogueKiller" section for clarity.