Author Topic: [In Progress] beyond slow laptop, MBAM found  (Read 2680 times)

Offline millermaster

  • Bronze Member
  • Posts: 90
[In Progress] beyond slow laptop, MBAM found
« on: May 17, 2017, 07:42:51 PM »
We inherited a laptop from my father-in-law which my wife wants to use. She tried to run Windows Update and ended up installing updates from 2014, or so I think. She installed Fire Fox. She complained the laptop was slow and said she had to register for firefox. I added Microsoft Security Essentials, updated it, added ccleaner, ran it (perhaps on a bit too aggressive settings?), removed a number of programs (but wasn't able to remove some), cleaned the registry and the laptop kept getting slower and slower. Tried checking for Windows Updates night after night but can't get anywhere (looks like it is checking for 48hrs straight, won't show any results, still shows last checked in 2014). Somewhere in between I ran ccleaner again. Last night I ran MBAM which found and quarantined a great number of files. This did not do much good. Since this is a 6 or 7 year old laptop we thought about recycling it when I remembered that I received help from spywarehammer with my PC before so I am asking for help if it's not too much trouble. I know I probably should not have ran MBAM without help and for sure should not have ran ccleaner. I apologize for this.

Here are the attach logs
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/21/2010 9:11:08 AM
System Uptime: 5/17/2017 7:56:49 PM (1 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: Intel(R) Celeron(R) CPU          900  @ 2.20GHz | CPU | 2194/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 222 GiB total, 170.967 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
3ivx MPEG-4 5.0.3 (remove only)
Adobe Flash Player 25 ActiveX
Adobe Flash Player 25 NPAPI
Adobe Reader 9.3
Ask Toolbar Updater
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
Best Buy pc app
Bing Rewards Client Installer
CCleaner
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Compatibility Pack for the 2007 Office system
Conexant HD Audio
D3DX10
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java 7 Update 25
Java Auto Updater
Java(TM) 6 Update 17
Junk Mail filter update
Label@Once 1.0
MahJongg Master 3
Malwarebytes version 3.1.2.1733
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 27.0 (x86 en-US)
Mozilla Firefox 53.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
PlayReady PC Runtime amd64
PreReq
PrintProjects
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
Synaptics Pointing Device Driver
TOSHIBA Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
ToshibaRegistration
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio C++ 10.0 Runtime
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================

here is the DDS log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16798  BrowserJavaVersion: 10.25.2
Run by user1 at 20:13:25 on 2017-05-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1916.374 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Microsoft Security Essentials *Disabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\servicing\TrustedInstaller.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^ZU^xdm896^YY^us&ptb=A22B0EDE-4938-4574-BEAF-47854FF9956F
uSearch Bar = www.google.com
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mWinlogon: Userinit = C:\windows\SysWOW64\Userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - <orphaned>
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6403F7B1-B9DE-4A39-8DA7-A312071EDF81} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{690C4E76-38D1-4C46-880A-C95803B21A7A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{690C4E76-38D1-4C46-880A-C95803B21A7A}\2425553454F5E4564777F627B6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{690C4E76-38D1-4C46-880A-C95803B21A7A}\2457666616C6F6 : DHCPNameServer = 192.168.11.1
TCP: Interfaces\{690C4E76-38D1-4C46-880A-C95803B21A7A}\445656A7E6574737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{690C4E76-38D1-4C46-880A-C95803B21A7A}\4456C64716027457563747 : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{690C4E76-38D1-4C46-880A-C95803B21A7A}\44F4E4F46514E4D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.33.1
TCP: Interfaces\{690C4E76-38D1-4C46-880A-C95803B21A7A}\7756374756C6C633834303 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{690C4E76-38D1-4C46-880A-C95803B21A7A}\84F6C69646169794E6E6 : DHCPNameServer = 107.20.210.188 50.57.44.67 107.20.211.133 50.57.47.168
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [Windows Mobile-based device management] C:\windows\WindowsMobile\wmdcBase.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\mkvf8l5y.default-1494885523312\
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2017-5-17 251832]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2016-8-25 295000]
R1 ctxusbm;Citrix USB Monitor Driver;C:\windows\System32\drivers\ctxusbm.sys [2010-7-14 87600]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\windows\System32\drivers\mbae64.sys [2017-5-17 77440]
R2 MBAMChameleon;MBAMChameleon;C:\windows\System32\drivers\MBAMChameleon.sys [2017-5-17 187320]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2010-5-8 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-3-4 75816]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2016-8-25 135928]
.
=============== Created Last 30 ================
.
2017-05-17 05:21:26   187320   ----a-w-   C:\windows\System32\drivers\MBAMChameleon.sys
2017-05-17 05:21:17   84256   ----a-w-   C:\windows\System32\drivers\mwac.sys
2017-05-17 05:21:17   113592   ----a-w-   C:\windows\System32\drivers\farflt.sys
2017-05-17 05:20:59   43968   ----a-w-   C:\windows\System32\drivers\mbam.sys
2017-05-17 05:20:42   251832   ----a-w-   C:\windows\System32\drivers\MBAMSwissArmy.sys
2017-05-17 05:20:08   77440   ----a-w-   C:\windows\System32\drivers\mbae64.sys
2017-05-17 05:19:45   --------   d-----w-   C:\ProgramData\Malwarebytes
2017-05-17 05:19:45   --------   d-----w-   C:\Program Files\Malwarebytes
2017-05-17 05:19:24   --------   d-----w-   C:\Users\user1\AppData\Local\Programs
2017-05-16 05:17:49   1167568   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{40765815-69B9-46A4-AC48-8FF871641501}\gapaengine.dll
2017-05-16 05:16:24   12994104   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{53E1AE09-0AEF-441F-9D65-C9C64B2FFD35}\mpengine.dll
2017-05-16 04:54:10   --------   d-----w-   C:\Program Files (x86)\Microsoft Security Client
2017-05-16 04:53:42   --------   d-----w-   C:\Program Files\Microsoft Security Client
2017-05-15 14:22:18   --------   d-----w-   C:\Program Files\CCleaner
2017-05-14 18:55:44   2620928   ----a-w-   C:\windows\System32\wucltux.dll
2017-05-14 18:55:27   97792   ----a-w-   C:\windows\System32\wudriver.dll
2017-05-14 18:55:27   92672   ----a-w-   C:\windows\SysWow64\wudriver.dll
2017-05-14 18:54:36   36864   ----a-w-   C:\windows\System32\wuapp.exe
2017-05-14 18:54:36   33792   ----a-w-   C:\windows\SysWow64\wuapp.exe
2017-05-14 18:54:36   198600   ----a-w-   C:\windows\System32\wuwebv.dll
2017-05-14 18:54:36   179656   ----a-w-   C:\windows\SysWow64\wuwebv.dll
.
==================== Find3M  ====================
.
2017-05-14 20:17:21   803320   ----a-w-   C:\windows\SysWow64\FlashPlayerApp.exe
2017-05-14 20:17:21   144888   ----a-w-   C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-04-07 22:06:58   532136   ------w-   C:\windows\System32\MpSigStub.exe
.
============= FINISH: 20:18:25.45 ===============
« Last Edit: May 29, 2017, 07:07:00 PM by Hoov »

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27141
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #1 on: May 29, 2017, 07:23:45 PM »
Download Windows Repair all in one and install it.

Now reboot your computer to safe mode. http://support.eset.com/kb2268/?locale=en_US

Now start up Windows repair all in one and go to the "Start Repairs" tab. Deselect the options for windows 8 /10 and then click the Start Repairs button. Then let it do its thing. Check occasionally to see if it needs input or a decision. This scan can take hours. Don't stop it just let it run. Let me know how it goes.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline millermaster

  • Bronze Member
  • Posts: 90
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #2 on: May 31, 2017, 05:43:16 PM »
Hoov, thank you for helping me again. I was able to download and it is running now. I will let you know once it's done or if I run into any trouble. Do I have to take notes of decisions or input needed?

Offline millermaster

  • Bronze Member
  • Posts: 90
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #3 on: May 31, 2017, 06:40:26 PM »
Hoov, this was quick. The program is done. It has to reboot to complete. This will be in normal mode, right?

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27141
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #4 on: May 31, 2017, 06:54:41 PM »
Yes. Check and see if anything has changed and let me know.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline millermaster

  • Bronze Member
  • Posts: 90
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #5 on: May 31, 2017, 07:21:11 PM »
Hoov, yes, the laptop is more responsive. Not fast but more responsive. Before it took minutes to open Firefox. Now it's under a minute. And I am able to get into MBAM, too. Looking at the scan report from 5/17. Not sure if this is something you want me to post but it found Adware.Yontoo, Trojan.Vundo and a number of other files. I know you will address this later but I wanted to mention it anyway. Also, I kept the laptop offline.

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27141
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #6 on: May 31, 2017, 08:37:44 PM »
Go ahead and post the log, but run another scan again. Post the log if it finds nothing, or remove what it finds and post that log. Also update Microsoft Security Essentials and run a scan with that. Let me know how that goes.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline millermaster

  • Bronze Member
  • Posts: 90
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #7 on: June 01, 2017, 10:57:50 PM »
Hoov, Security Essentials ran and found nothing. Also MBAM found nothing. Before I forget, every once in a while a windows pops up on the screen titled "Password Required". It asks "Please enter the master password for the Software Security Device." Below that is a field to enter text and two buttons "OK" and "Cancel".

Okay here are the MBAM Logs (newest 1st):
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/1/17
Scan Time: 3:15 AM
Log File: mbam 1.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.2064
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: user1-PC\user1

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 330649
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 10 min, 9 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/17/17
Scan Time: 12:55 AM
Log File: mbam2.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.1958
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: user1-PC\user1

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 328614
Threats Detected: 180
Threats Quarantined: 180
Time Elapsed: 13 min, 36 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 63
PUP.Optional.BetterSurf, HKLM\SOFTWARE\CLASSES\APPID\YontooIEClient.DLL, Quarantined, [898], [235788],1.0.1958
Adware.Yontoo, HKLM\SOFTWARE\Tarma Installer, Quarantined, [2012], [382206],1.0.1958
PUP.Optional.MindSpark, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\InboxAce_1g, Quarantined, [271], [240595],1.0.1958
PUP.Optional.TelevisionFanatic, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\TelevisionFanatic, Quarantined, [15015], [243985],1.0.1958
PUP.Optional.MindSpark, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\WeatherBlink, Quarantined, [271], [240673],1.0.1958
PUP.Optional.MindSpark, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\BringMeSports_1c, Quarantined, [271], [240430],1.0.1958
PUP.Optional.Conduit, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Quarantined, [563], [236861],1.0.1958
PUP.Optional.CrossRider, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [237], [237370],1.0.1958
PUP.Optional.FunWebProducts, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\Fun Web Products, Quarantined, [7103], [238589],1.0.1958
PUP.Optional.FunWebProducts, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\FunWebProducts, Quarantined, [7103], [238590],1.0.1958
PUP.Optional.MindSpark, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\InboxAce_1g, Quarantined, [271], [240481],1.0.1958
PUP.Optional.SavingsExplorer, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\Savings Explorer, Quarantined, [3321], [242590],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{597B1823-7FF0-4CD3-8095-9D8CBA514992}, Quarantined, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{597b1823-7ff0-4cd3-8095-9d8cba514992}, Quarantined, [2144], [241108],1.0.1958
PUP.Optional.MindSpark, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\TelevisionFanatic, Quarantined, [271], [240524],1.0.1958
PUP.Optional.MindSpark, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\WeatherBlink, Quarantined, [271], [240535],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{60A5DEAA-EB33-463B-AB00-7ADDB02C330A}, Quarantined, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{60a5deaa-eb33-463b-ab00-7addb02c330a}, Quarantined, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8C9EF753-BEB6-4582-B653-93AC59274437}, Quarantined, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8c9ef753-beb6-4582-b653-93ac59274437}, Quarantined, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}, Quarantined, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}, Quarantined, [2144], [241108],1.0.1958
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}, Quarantined, [563], [236866],1.0.1958
PUP.Optional.Conduit, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}, Quarantined, [563], [236866],1.0.1958
PUP.Optional.Launchie, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\4677, Quarantined, [2796], [371290],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Scheduled Update for Ask Toolbar, Quarantined, [510], [256266],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0328b630-ea94-4fa3-9f27-8250b6324ddb}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{14a70915-dde2-4ad5-a87f-38782ab646e6}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{164ea1fc-b0a0-4202-8c65-e4ba4d54a3ae}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1856a7bd-de8c-488b-aa7a-5682d13166fc}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1d71ec44-6a2b-42f4-b69f-97c1d89752c8}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110211101158}, Quarantined, [237], [237508],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{22714877-95e3-480e-a313-4ec440965e4f}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26bf4629-215b-45ff-97f5-590aa7a88cfe}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26e3cbe7-b6b0-4ced-82cc-13db96e92814}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3436bc13-c898-4775-b1ea-ba224587010d}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4e7f49ed-8c94-4aaa-a407-3010d099b11a}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{58886822-e70b-47fe-bbbb-9c4039328dc2}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5c03c42a-e055-4027-afa0-49ac44440b6e}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{73a7ee93-257c-4d58-ba02-290507e37937}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89b7ae32-9c52-41d6-a64d-14d7bdec9c58}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89cc5a31-b592-4bb3-82f5-bd8aca3e0bf0}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9170B96C-28D4-4626-8358-27E6CAEEF907}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9a0e47a8-be68-4975-9e94-81ed7b8a8cf1}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d09094b3-b426-4f16-a6d9-e211fe222127}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d3cceb9b-cf8d-4bba-a605-fac88c2e18a2}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ef37795b-9ce5-44d7-bba9-de33c99e1e05}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F138D901-86F0-4383-99B6-9CDD406036DA}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{fa460720-7b38-421d-981c-66f0ae288fb9}, Quarantined, [271], [240755],1.0.1958
Adware.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}, Quarantined, [2012], [382579],1.0.1958
Adware.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}, Quarantined, [2012], [382579],1.0.1958
Adware.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}, Quarantined, [2012], [382579],1.0.1958
PUP.Optional.BetterSurf, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\YontooIEClient.DLL, Quarantined, [898], [235788],1.0.1958
PUP.Optional.Launchie, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4073ABF9-6F0E-460D-BB34-CB01B9A24084}, Quarantined, [2796], [371291],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BB9EE18D-0D7A-430E-9BDD-CB87C4F8AD02}, Quarantined, [510], [259409],1.0.1958
PUP.Optional.BetterSurf, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\YontooIEClient.DLL, Quarantined, [898], [235788],1.0.1958
PUP.Optional.ASK, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7518E14F-0FEC-45B9-B6FC-0D9CB4AACEBF}, Quarantined, [510], [258187],1.0.1958
PUP.Optional.Inbox, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C04B7D22-5AEC-4561-8F49-27F6269208F6}, Quarantined, [5225], [185435],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\aaaaojmikegpiepcfdkkjaplodkpfmlo, Quarantined, [510], [327700],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\niapdbllcanepiiimjjndipklodoedlc, Quarantined, [51], [245163],1.0.1958

Registry Value: 44
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{597b1823-7ff0-4cd3-8095-9d8cba514992}|URL, Quarantined, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{60a5deaa-eb33-463b-ab00-7addb02c330a}|URL, Quarantined, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8c9ef753-beb6-4582-b653-93ac59274437}|URL, Quarantined, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}|URL, Quarantined, [2144], [241108],1.0.1958
PUP.Optional.Conduit, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|URL, Quarantined, [563], [236866],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0328b630-ea94-4fa3-9f27-8250b6324ddb}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{14a70915-dde2-4ad5-a87f-38782ab646e6}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{164ea1fc-b0a0-4202-8c65-e4ba4d54a3ae}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1856a7bd-de8c-488b-aa7a-5682d13166fc}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1d71ec44-6a2b-42f4-b69f-97c1d89752c8}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110211101158}|APPNAME, Quarantined, [237], [237508],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{22714877-95e3-480e-a313-4ec440965e4f}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26bf4629-215b-45ff-97f5-590aa7a88cfe}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26e3cbe7-b6b0-4ced-82cc-13db96e92814}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3436bc13-c898-4775-b1ea-ba224587010d}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4e7f49ed-8c94-4aaa-a407-3010d099b11a}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{58886822-e70b-47fe-bbbb-9c4039328dc2}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5c03c42a-e055-4027-afa0-49ac44440b6e}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{73a7ee93-257c-4d58-ba02-290507e37937}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89b7ae32-9c52-41d6-a64d-14d7bdec9c58}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89cc5a31-b592-4bb3-82f5-bd8aca3e0bf0}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9170B96C-28D4-4626-8358-27E6CAEEF907}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9a0e47a8-be68-4975-9e94-81ed7b8a8cf1}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d09094b3-b426-4f16-a6d9-e211fe222127}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d3cceb9b-cf8d-4bba-a605-fac88c2e18a2}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ef37795b-9ce5-44d7-bba9-de33c99e1e05}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F138D901-86F0-4383-99B6-9CDD406036DA}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{fa460720-7b38-421d-981c-66f0ae288fb9}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{597b1823-7ff0-4cd3-8095-9d8cba514992}|URL, Quarantined, [2144], [241109],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{60a5deaa-eb33-463b-ab00-7addb02c330a}|URL, Quarantined, [2144], [241109],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8c9ef753-beb6-4582-b653-93ac59274437}|URL, Quarantined, [2144], [241109],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}|URL, Quarantined, [2144], [241109],1.0.1958
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|URL, Quarantined, [563], [236876],1.0.1958
Adware.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}|, Quarantined, [2012], [382579],1.0.1958
Adware.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}|, Quarantined, [2012], [382579],1.0.1958
PUP.Optional.Launchie, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4073ABF9-6F0E-460D-BB34-CB01B9A24084}|PATH, Quarantined, [2796], [371291],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BB9EE18D-0D7A-430E-9BDD-CB87C4F8AD02}|PATH, Quarantined, [510], [259409],1.0.1958
PUP.Optional.ASK, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7518E14F-0FEC-45B9-B6FC-0D9CB4AACEBF}|URL, Quarantined, [510], [258187],1.0.1958
PUP.Optional.Inbox, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C04B7D22-5AEC-4561-8F49-27F6269208F6}|URL, Quarantined, [5225], [185435],1.0.1958
PUP.Optional.Inbox, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C04B7D22-5AEC-4561-8F49-27F6269208F6}|SUGGESTIONSURL_JSON, Quarantined, [5225], [253687],1.0.1958
Adware.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}|, Quarantined, [2012], [382579],1.0.1958

Registry Data: 2
Hijack.StartPage, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH BAR, Replaced, [1879], [292747],1.0.1958
PUM.Optional.DisableShowSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|START_SHOWSEARCH, Replaced, [16410], [293317],1.0.1958

Data Stream: 0
(No malicious items detected)

Folder: 12
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\light, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\dark, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\USERS\USER1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TADXIFIQ.DEFAULT\conduitCommon, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.FBSkins, C:\PROGRAM FILES (X86)\SOCIALEXTRAS, Quarantined, [10672], [238280],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\assets\oobe, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\Updater, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\assets, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\PROGRAM FILES (X86)\ASK.COM, Quarantined, [1332], [386990],1.0.1958

File: 59
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\dark\close.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\dark\Next.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\dark\Next_hover.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\dark\powered-by.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\dark\Prev.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\dark\Prev_hover.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\dark\settings.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\light\close.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\light\Next.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\light\Next_hover.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\light\powered-by.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\light\Prev.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\light\Prev_hover.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\light\settings.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\light\Thumbs.db, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\close.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\like.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\Next.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\Next_hover.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\powered-by.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\Prev.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\Prev_hover.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\settings.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\Thumbs.db, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\AppNotification.js, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\initialNotification.html, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\main.html, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\NotificationDialogStyle.css, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\sampleNotification.html, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\DialogsAPI.js, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\PIE.htc, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\settings.js, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\version.txt, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.MindSpark, C:\PROGRAM FILES (X86)\1CRES.DLL, Quarantined, [271], [301125],1.0.1958
PUP.Optional.BuzzBoxMedia, C:\PROGRAM FILES (X86)\SOCIALEXTRAS\UNINSTALLER.EXE, Quarantined, [10268], [301010],1.0.1958
PUP.Optional.MindSpark, C:\PROGRAM FILES (X86)\GCRES.DLL, Quarantined, [271], [301125],1.0.1958
PUP.Optional.ASK, C:\PROGRAM FILES (X86)\ASK.COM\SAUPDATE.EXE, Quarantined, [510], [309023],1.0.1958
PUP.Optional.MindSpark, C:\USERS\USER1\APPDATA\LOCAL\TELEVISIONFANATICAUTO.EXE, Quarantined, [271], [301125],1.0.1958
PUP.Optional.ASK, C:\WINDOWS\INSTALLER\FAC25.MSI, Quarantined, [510], [113867],1.0.1958
PUP.Optional.FBSkins, C:\Program Files (x86)\SocialExtras\install.log, Quarantined, [10672], [238280],1.0.1958
PUP.Optional.ASK, C:\USERS\USER1\APPDATA\LOCALLOW\MICROSOFT\INTERNET EXPLORER\SERVICES\SEARCH_ASK.COM.XML, Quarantined, [510], [339227],1.0.1958
PUP.Optional.Launchie, C:\WINDOWS\SYSTEM32\TASKS\4677, Quarantined, [2796], [371289],1.0.1958
PUP.Optional.ASK.Generic, C:\PROGRAM FILES (X86)\ASK.COM\UPDATER\config.xml, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\assets\oobe\b.png, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\assets\oobe\bl.png, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\assets\oobe\br.png, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\assets\oobe\l.png, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\assets\oobe\pointer.png, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\assets\oobe\r.png, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\assets\oobe\t.png, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\assets\oobe\tl.png, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\assets\oobe\tr.png, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\Updater\Updater.exe, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\cobrand.ico, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\config.xml, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\favicon.ico, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\mupcfg.xml, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\precache.exe, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK, C:\WINDOWS\SYSTEM32\TASKS\SCHEDULED UPDATE FOR ASK TOOLBAR, Quarantined, [510], [256264],1.0.1958

Physical Sector: 0
(No malicious items detected)


(end)
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Offline millermaster

  • Bronze Member
  • Posts: 90
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #8 on: June 01, 2017, 11:03:06 PM »
Here is the oldest log which is too long to post:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/17/17
Scan Time: 12:23 AM
Log File: mbam3.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.1958
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: user1-PC\user1

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327050
Threats Detected: 1035
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 15 min, 18 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 149
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\INTERFACE\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\InprocServer32, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\YontooIEClient.Api, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\YontooIEClient.Api.1, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\TYPELIB\{D372567D-67C1-4B29-B3F0-159B52B3E967}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\INTERFACE\{1AD27395-1659-4DFF-A319-2CFA243861A5}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1AD27395-1659-4DFF-A319-2CFA243861A5}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1AD27395-1659-4DFF-A319-2CFA243861A5}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D372567D-67C1-4B29-B3F0-159B52B3E967}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{D372567D-67C1-4B29-B3F0-159B52B3E967}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\YontooIEClient.Layers, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\YontooIEClient.Layers.1, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\InprocServer32, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\InprocServer32, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\InprocServer32, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME, No Action By User, [51], [-1],0.0.0
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME, No Action By User, [51], [-1],0.0.0
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D4027C7F-154A-4066-A1AD-4243D8127440}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\GenericAskToolbar.ToolbarWnd, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\GenericAskToolbar.ToolbarWnd.1, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\TYPELIB\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\INTERFACE\{6C434537-053E-486D-B62A-160059D9D456}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\INTERFACE\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\INTERFACE\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6C434537-053E-486D-B62A-160059D9D456}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6C434537-053E-486D-B62A-160059D9D456}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D4027C7F-154A-4066-A1AD-4243D8127440}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D4027C7F-154A-4066-A1AD-4243D8127440}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\InprocServer32, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\InprocServer32, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{00000000-6E41-4FD3-8538-502F5495E5FC}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.MindSpark, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8A7D2060-824D-4B17-B00A-759B1B5F30D9}, No Action By User, [271], [168374],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{86D4B82A-ABED-442A-BE86-96357B70F4FE}, No Action By User, [510], [335062],1.0.1958
PUP.Optional.BuzzBoxMedia, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FF4E1D1D-705B-4379-AB33-22D98C1ABF55}, No Action By User, [10268], [301010],1.0.1958
PUP.Optional.BuzzBoxMedia, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FF4E1D1D-705B-4379-AB33-22D98C1ABF55}, No Action By User, [10268], [301010],1.0.1958
PUP.Optional.BuzzBoxMedia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FF4E1D1D-705B-4379-AB33-22D98C1ABF55}, No Action By User, [10268], [301010],1.0.1958
PUP.Optional.BuzzBoxMedia, HKLM\SOFTWARE\CLASSES\TYPELIB\{9DCC627F-FBD1-45C7-B8B8-11CB5FCD8A5D}, No Action By User, [10268], [301010],1.0.1958
PUP.Optional.BuzzBoxMedia, HKLM\SOFTWARE\CLASSES\INTERFACE\{78396F1D-3032-4998-B457-0E33CED25F12}, No Action By User, [10268], [301010],1.0.1958
PUP.Optional.BuzzBoxMedia, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{78396F1D-3032-4998-B457-0E33CED25F12}, No Action By User, [10268], [301010],1.0.1958
PUP.Optional.BuzzBoxMedia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{78396F1D-3032-4998-B457-0E33CED25F12}, No Action By User, [10268], [301010],1.0.1958
PUP.Optional.BuzzBoxMedia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{9DCC627F-FBD1-45C7-B8B8-11CB5FCD8A5D}, No Action By User, [10268], [301010],1.0.1958
PUP.Optional.BuzzBoxMedia, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{9DCC627F-FBD1-45C7-B8B8-11CB5FCD8A5D}, No Action By User, [10268], [301010],1.0.1958
PUP.Optional.BuzzBoxMedia, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FF4E1D1D-705B-4379-AB33-22D98C1ABF55}, No Action By User, [10268], [301010],1.0.1958
PUP.Optional.BuzzBoxMedia, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FF4E1D1D-705B-4379-AB33-22D98C1ABF55}, No Action By User, [10268], [301010],1.0.1958
PUP.Optional.BuzzBoxMedia, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FF4E1D1D-705B-4379-AB33-22D98C1ABF55}\InprocServer32, No Action By User, [10268], [301010],1.0.1958
PUP.Optional.BuzzBoxMedia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FF4E1D1D-705B-4379-AB33-22D98C1ABF55}\InprocServer32, No Action By User, [10268], [301010],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}, No Action By User, [51], [181476],1.0.1958
PUP.Optional.MindSpark, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8BA2CFEF-A1BC-4964-AADC-33BE1AE5A33C}, No Action By User, [271], [168375],1.0.1958
PUP.Optional.FunWebProducts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB}, No Action By User, [7103], [168022],1.0.1958
Trojan.Vundo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467E-B8D4-7786EDA79AE0}, No Action By User, [885], [166565],1.0.1958
Trojan.Vundo, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467e-B8D4-7786EDA79AE0}, No Action By User, [885], [166565],1.0.1958
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}, No Action By User, [11622], [176175],1.0.1958
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}, No Action By User, [11622], [176175],1.0.1958
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32, No Action By User, [11622], [176175],1.0.1958
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32, No Action By User, [11622], [176175],1.0.1958
PUP.Optional.BetterSurf, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\YontooIEClient.DLL, No Action By User, [898], [235788],1.0.1958
PUP.Optional.ASK, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7518E14F-0FEC-45B9-B6FC-0D9CB4AACEBF}, No Action By User, [510], [258187],1.0.1958
PUP.Optional.Inbox, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C04B7D22-5AEC-4561-8F49-27F6269208F6}, No Action By User, [5225], [185435],1.0.1958
Adware.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}, No Action By User, [2012], [382579],1.0.1958
Adware.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}, No Action By User, [2012], [382579],1.0.1958
Adware.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}, No Action By User, [2012], [382579],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\aaaaojmikegpiepcfdkkjaplodkpfmlo, No Action By User, [510], [327700],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\niapdbllcanepiiimjjndipklodoedlc, No Action By User, [51], [245163],1.0.1958
PUP.Optional.MindSpark, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\InboxAce_1g, No Action By User, [271], [240595],1.0.1958
PUP.Optional.TelevisionFanatic, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\TelevisionFanatic, No Action By User, [15015], [243985],1.0.1958
PUP.Optional.MindSpark, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\WeatherBlink, No Action By User, [271], [240673],1.0.1958
PUP.Optional.MindSpark, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\BringMeSports_1c, No Action By User, [271], [240430],1.0.1958
PUP.Optional.Conduit, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, No Action By User, [563], [236861],1.0.1958
PUP.Optional.CrossRider, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, No Action By User, [237], [237370],1.0.1958
PUP.Optional.FunWebProducts, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\Fun Web Products, No Action By User, [7103], [238589],1.0.1958
PUP.Optional.FunWebProducts, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\FunWebProducts, No Action By User, [7103], [238590],1.0.1958
PUP.Optional.MindSpark, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\InboxAce_1g, No Action By User, [271], [240481],1.0.1958
PUP.Optional.SavingsExplorer, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\Savings Explorer, No Action By User, [3321], [242590],1.0.1958
PUP.Optional.MindSpark, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\TelevisionFanatic, No Action By User, [271], [240524],1.0.1958
PUP.Optional.MindSpark, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\WeatherBlink, No Action By User, [271], [240535],1.0.1958
PUP.Optional.BetterSurf, HKLM\SOFTWARE\CLASSES\APPID\YontooIEClient.DLL, No Action By User, [898], [235788],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{597B1823-7FF0-4CD3-8095-9D8CBA514992}, No Action By User, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{597b1823-7ff0-4cd3-8095-9d8cba514992}, No Action By User, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{60A5DEAA-EB33-463B-AB00-7ADDB02C330A}, No Action By User, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{60a5deaa-eb33-463b-ab00-7addb02c330a}, No Action By User, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8C9EF753-BEB6-4582-B653-93AC59274437}, No Action By User, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8c9ef753-beb6-4582-b653-93ac59274437}, No Action By User, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}, No Action By User, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}, No Action By User, [2144], [241108],1.0.1958
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}, No Action By User, [563], [236866],1.0.1958
PUP.Optional.Conduit, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}, No Action By User, [563], [236866],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0328b630-ea94-4fa3-9f27-8250b6324ddb}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{14a70915-dde2-4ad5-a87f-38782ab646e6}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{164ea1fc-b0a0-4202-8c65-e4ba4d54a3ae}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1856a7bd-de8c-488b-aa7a-5682d13166fc}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1d71ec44-6a2b-42f4-b69f-97c1d89752c8}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110211101158}, No Action By User, [237], [237508],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{22714877-95e3-480e-a313-4ec440965e4f}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26bf4629-215b-45ff-97f5-590aa7a88cfe}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26e3cbe7-b6b0-4ced-82cc-13db96e92814}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3436bc13-c898-4775-b1ea-ba224587010d}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4e7f49ed-8c94-4aaa-a407-3010d099b11a}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{58886822-e70b-47fe-bbbb-9c4039328dc2}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5c03c42a-e055-4027-afa0-49ac44440b6e}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{73a7ee93-257c-4d58-ba02-290507e37937}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89b7ae32-9c52-41d6-a64d-14d7bdec9c58}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89cc5a31-b592-4bb3-82f5-bd8aca3e0bf0}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9170B96C-28D4-4626-8358-27E6CAEEF907}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9a0e47a8-be68-4975-9e94-81ed7b8a8cf1}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d09094b3-b426-4f16-a6d9-e211fe222127}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d3cceb9b-cf8d-4bba-a605-fac88c2e18a2}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ef37795b-9ce5-44d7-bba9-de33c99e1e05}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F138D901-86F0-4383-99B6-9CDD406036DA}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{fa460720-7b38-421d-981c-66f0ae288fb9}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.BetterSurf, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\YontooIEClient.DLL, No Action By User, [898], [235788],1.0.1958
PUP.Optional.Launchie, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4073ABF9-6F0E-460D-BB34-CB01B9A24084}, No Action By User, [2796], [371291],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BB9EE18D-0D7A-430E-9BDD-CB87C4F8AD02}, No Action By User, [510], [259409],1.0.1958
PUP.Optional.Yontoo, HKCR\\YontooIEClient.Api, No Action By User, [51], [245162],1.0.1958
PUP.Optional.Yontoo, HKCR\\YontooIEClient.Api.1, No Action By User, [51], [245162],1.0.1958
PUP.Optional.Yontoo, HKCR\\YontooIEClient.Layers, No Action By User, [51], [245162],1.0.1958
PUP.Optional.Yontoo, HKCR\\YontooIEClient.Layers.1, No Action By User, [51], [245162],1.0.1958
Adware.Yontoo, HKLM\SOFTWARE\Tarma Installer, No Action By User, [2012], [382206],1.0.1958
PUP.Optional.Launchie, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\4677, No Action By User, [2796], [371290],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Scheduled Update for Ask Toolbar, No Action By User, [510], [256266],1.0.1958

Registry Value: 56
PUP.Optional.ASK, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{00000000-6E41-4FD3-8538-502F5495E5FC}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{D4027C7F-154A-4066-A1AD-4243D8127440}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{D4027C7F-154A-4066-A1AD-4243D8127440}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ConduitTB, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{30F9B915-B755-4826-820B-08FBA6BD249D}, No Action By User, [4013], [167822],1.0.1958
PUP.Optional.InboxToolBar, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, No Action By User, [10727], [168102],1.0.1958
PUP.Optional.InboxToolBar, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, No Action By User, [10727], [168103],1.0.1958
PUP.Optional.PageRage, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{9565115D-C7D6-46D3-BD63-B67B481A4368}, No Action By User, [10798], [168618],1.0.1958
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, No Action By User, [9354], [-1],0.0.0
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, No Action By User, [9354], [-1],0.0.0
PUP.Optional.ASK, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7518E14F-0FEC-45B9-B6FC-0D9CB4AACEBF}|URL, No Action By User, [510], [258187],1.0.1958
PUP.Optional.Inbox, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C04B7D22-5AEC-4561-8F49-27F6269208F6}|URL, No Action By User, [5225], [185435],1.0.1958
PUP.Optional.Inbox, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C04B7D22-5AEC-4561-8F49-27F6269208F6}|SUGGESTIONSURL_JSON, No Action By User, [5225], [253687],1.0.1958
Adware.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}|, No Action By User, [2012], [382579],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467e-B8D4-7786EDA79AE0}|URL, No Action By User, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{597b1823-7ff0-4cd3-8095-9d8cba514992}|URL, No Action By User, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{60a5deaa-eb33-463b-ab00-7addb02c330a}|URL, No Action By User, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8c9ef753-beb6-4582-b653-93ac59274437}|URL, No Action By User, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}|URL, No Action By User, [2144], [241108],1.0.1958
PUP.Optional.Conduit, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|URL, No Action By User, [563], [236866],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0328b630-ea94-4fa3-9f27-8250b6324ddb}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{14a70915-dde2-4ad5-a87f-38782ab646e6}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{164ea1fc-b0a0-4202-8c65-e4ba4d54a3ae}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1856a7bd-de8c-488b-aa7a-5682d13166fc}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1d71ec44-6a2b-42f4-b69f-97c1d89752c8}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110211101158}|APPNAME, No Action By User, [237], [237508],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{22714877-95e3-480e-a313-4ec440965e4f}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26bf4629-215b-45ff-97f5-590aa7a88cfe}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26e3cbe7-b6b0-4ced-82cc-13db96e92814}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3436bc13-c898-4775-b1ea-ba224587010d}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4e7f49ed-8c94-4aaa-a407-3010d099b11a}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{58886822-e70b-47fe-bbbb-9c4039328dc2}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5c03c42a-e055-4027-afa0-49ac44440b6e}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{73a7ee93-257c-4d58-ba02-290507e37937}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89b7ae32-9c52-41d6-a64d-14d7bdec9c58}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89cc5a31-b592-4bb3-82f5-bd8aca3e0bf0}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9170B96C-28D4-4626-8358-27E6CAEEF907}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9a0e47a8-be68-4975-9e94-81ed7b8a8cf1}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d09094b3-b426-4f16-a6d9-e211fe222127}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d3cceb9b-cf8d-4bba-a605-fac88c2e18a2}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ef37795b-9ce5-44d7-bba9-de33c99e1e05}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F138D901-86F0-4383-99B6-9CDD406036DA}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{fa460720-7b38-421d-981c-66f0ae288fb9}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467e-B8D4-7786EDA79AE0}|URL, No Action By User, [2144], [241109],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{597b1823-7ff0-4cd3-8095-9d8cba514992}|URL, No Action By User, [2144], [241109],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{60a5deaa-eb33-463b-ab00-7addb02c330a}|URL, No Action By User, [2144], [241109],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8c9ef753-beb6-4582-b653-93ac59274437}|URL, No Action By User, [2144], [241109],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}|URL, No Action By User, [2144], [241109],1.0.1958
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|URL, No Action By User, [563], [236876],1.0.1958
Adware.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}|, No Action By User, [2012], [382579],1.0.1958
PUP.Optional.Launchie, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4073ABF9-6F0E-460D-BB34-CB01B9A24084}|PATH, No Action By User, [2796], [371291],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BB9EE18D-0D7A-430E-9BDD-CB87C4F8AD02}|PATH, No Action By User, [510], [259409],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}|CONTACT, No Action By User, [51], [245164],1.0.1958
Adware.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}|, No Action By User, [2012], [382579],1.0.1958

Registry Data: 2
PUM.Optional.DisableShowSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|START_SHOWSEARCH, No Action By User, [16410], [293317],1.0.1958
Hijack.StartPage, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH BAR, No Action By User, [1879], [292747],1.0.1958

Data Stream: 0
(No malicious items detected)

Folder: 153
PUP.Optional.Yontoo, C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache, No Action By User, [51], [181476],1.0.1958
PUP.Optional.Yontoo, C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Cache, No Action By User, [51], [181476],1.0.1958
PUP.Optional.Yontoo, C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}, No Action By User, [51], [181476],1.0.1958
PUP.Optional.Yontoo, C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}, No Action By User, [51], [181476],1.0.1958
PUP.Optional.Yontoo, C:\PROGRAMDATA\Tarma Installer, No Action By User, [51], [181476],1.0.1958
PUP.Optional.StrongVault, C:\USERS\USER1\APPDATA\ROAMING\Strongvault, No Action By User, [8762], [181999],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\BringMeSports_1cEI\Installr\1.bin\chrome, No Action By User, [271], [178224],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\BringMeSports_1cEI\Installr\1.bin, No Action By User, [271], [178224],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\BringMeSports_1cEI\Installr, No Action By User, [271], [178224],1.0.1958
PUP.Optional.MindSpark, C:\PROGRAM FILES (X86)\BringMeSports_1cEI, No Action By User, [271], [178224],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\DailyFitnessCenter_53EI\Installr\setups, No Action By User, [271], [178238],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\DailyFitnessCenter_53EI\Installr\1.bin, No Action By User, [271], [178238],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\DailyFitnessCenter_53EI\Installr, No Action By User, [271], [178238],1.0.1958
PUP.Optional.MindSpark, C:\PROGRAM FILES (X86)\DailyFitnessCenter_53EI, No Action By User, [271], [178238],1.0.1958
PUP.Optional.FunWebProducts, C:\Program Files (x86)\FunWebProducts\ScreenSaver\Images, No Action By User, [7103], [177356],1.0.1958
PUP.Optional.FunWebProducts, C:\Program Files (x86)\FunWebProducts\ScreenSaver, No Action By User, [7103], [177356],1.0.1958
PUP.Optional.FunWebProducts, C:\PROGRAM FILES (X86)\FunWebProducts, No Action By User, [7103], [177356],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\InboxAce_1gEI\Installr\setups, No Action By User, [271], [178281],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\InboxAce_1gEI\Installr\1.bin, No Action By User, [271], [178281],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\InboxAce_1gEI\Installr, No Action By User, [271], [178281],1.0.1958
PUP.Optional.MindSpark, C:\PROGRAM FILES (X86)\InboxAce_1gEI, No Action By User, [271], [178281],1.0.1958
PUP.Optional.SavingsExplorer, C:\PROGRAM FILES (X86)\Savings Explorer, No Action By User, [3321], [179362],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\chrome, No Action By User, [271], [178333],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin, No Action By User, [271], [178333],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\TelevisionFanaticEI\Installr, No Action By User, [271], [178333],1.0.1958
PUP.Optional.MindSpark, C:\PROGRAM FILES (X86)\TelevisionFanaticEI, No Action By User, [271], [178333],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\TotalRecipeSearch_14EI\Installr\1.bin\chrome, No Action By User, [271], [178334],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\TotalRecipeSearch_14EI\Installr\1.bin, No Action By User, [271], [178334],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\TotalRecipeSearch_14EI\Installr, No Action By User, [271], [178334],1.0.1958
PUP.Optional.MindSpark, C:\PROGRAM FILES (X86)\TotalRecipeSearch_14EI, No Action By User, [271], [178334],1.0.1958
PUP.Optional.Yontoo, C:\PROGRAM FILES (X86)\Yontoo Layers Client, No Action By User, [51], [180573],1.0.1958
PUP.Optional.Conduit, C:\USERS\USER1\APPDATA\LOCAL\Conduit, No Action By User, [563], [182116],1.0.1958
PUP.Optional.SavingsExplorer, C:\USERS\USER1\APPDATA\LOCAL\Savings Explorer, No Action By User, [3321], [179361],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\PROGRAM FILES (X86)\CONDUIT\COMMUNITY ALERTS, No Action By User, [11622], [176175],1.0.1958
PUP.Optional.FunWebProducts, C:\Users\user1\AppData\LocalLow\FunWebProducts\ScreenSaver\Images, No Action By User, [7103], [177357],1.0.1958
PUP.Optional.FunWebProducts, C:\Users\user1\AppData\LocalLow\FunWebProducts\Installr\Cache, No Action By User, [7103], [177357],1.0.1958
PUP.Optional.FunWebProducts, C:\Users\user1\AppData\LocalLow\FunWebProducts\ScreenSaver, No Action By User, [7103], [177357],1.0.1958
PUP.Optional.FunWebProducts, C:\Users\user1\AppData\LocalLow\FunWebProducts\Installr, No Action By User, [7103], [177357],1.0.1958
PUP.Optional.FunWebProducts, C:\Users\user1\AppData\LocalLow\FunWebProducts\Shared, No Action By User, [7103], [177357],1.0.1958
PUP.Optional.FunWebProducts, C:\USERS\USER1\APPDATA\LOCALLOW\FUNWEBPRODUCTS, No Action By User, [7103], [177357],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\MyWebSearch\bar\Settings, No Action By User, [271], [178303],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\MyWebSearch\bar\History, No Action By User, [271], [178303],1.0.1958
PUP.Optional.MindSpark, C:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR, No Action By User, [271], [178303],1.0.1958
PUP.Optional.MindSpark, C:\Users\user1\AppData\LocalLow\BringMeSports_1c\bar\Cache, No Action By User, [271], [178361],1.0.1958
PUP.Optional.MindSpark, C:\Users\user1\AppData\LocalLow\BringMeSports_1c\bar, No Action By User, [271], [178361],1.0.1958
PUP.Optional.MindSpark, C:\USERS\USER1\APPDATA\LOCALLOW\BringMeSports_1c, No Action By User, [271], [178361],1.0.1958
PUP.Optional.MindSpark, C:\Users\user1\AppData\LocalLow\BringMeSports_1cEI\Installr\Cache, No Action By User, [271], [178361],1.0.1958
PUP.Optional.MindSpark, C:\Users\user1\AppData\LocalLow\BringMeSports_1cEI\Installr, No Action By User, [271], [178361],1.0.1958
PUP.Optional.MindSpark, C:\USERS\USER1\APPDATA\LOCALLOW\BringMeSports_1cEI, No Action By User, [271], [178361],1.0.1958
PUP.Optional.MindSpark, C:\Users\user1\AppData\LocalLow\DailyFitnessCenter_53EI\Installr\Cache, No Action By User, [271], [178374],1.0.1958
PUP.Optional.MindSpark, C:\Users\user1\AppData\LocalLow\DailyFitnessCenter_53EI\Installr, No Action By User, [271], [178374],1.0.1958
PUP.Optional.MindSpark, C:\USERS\USER1\APPDATA\LOCALLOW\DailyFitnessCenter_53EI, No Action By User, [271], [178374],1.0.1958
PUP.Optional.MindSpark, C:\Users\user1\AppData\LocalLow\InboxAce_1gEI\Installr\Cache, No Action By User, [271], [178415],1.0.1958
PUP.Optional.MindSpark, C:\Users\user1\AppData\LocalLow\InboxAce_1gEI\Installr, No Action By User, [271], [178415],1.0.1958
PUP.Optional.MindSpark, C:\USERS\USER1\APPDATA\LOCALLOW\InboxAce_1gEI, No Action By User, [271], [178415],1.0.1958
PUP.Optional.MindSpark, C:\Users\user1\AppData\LocalLow\TotalRecipeSearch_14EI\Installr\Cache, No Action By User, [271], [178464],1.0.1958
PUP.Optional.MindSpark, C:\Users\user1\AppData\LocalLow\TotalRecipeSearch_14EI\Installr, No Action By User, [271], [178464],1.0.1958
PUP.Optional.MindSpark, C:\USERS\USER1\APPDATA\LOCALLOW\TotalRecipeSearch_14EI, No Action By User, [271], [178464],1.0.1958
PUP.Optional.MyWebSearch, C:\Users\user1\AppData\LocalLow\MyWebSearch\bar\Settings, No Action By User, [2144], [178642],1.0.1958
PUP.Optional.MyWebSearch, C:\Users\user1\AppData\LocalLow\MyWebSearch\bar\History, No Action By User, [2144], [178642],1.0.1958
PUP.Optional.MyWebSearch, C:\Users\user1\AppData\LocalLow\MyWebSearch\bar, No Action By User, [2144], [178642],1.0.1958
PUP.Optional.MyWebSearch, C:\USERS\USER1\APPDATA\LOCALLOW\MYWEBSEARCH, No Action By User, [2144], [178642],1.0.1958
PUP.Optional.SearchResults, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0}\chrome\skin\lib\panels\default, No Action By User, [10854], [179467],1.0.1958
PUP.Optional.SearchResults, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0}\chrome\skin\lib\panels, No Action By User, [10854], [179467],1.0.1958
PUP.Optional.SearchResults, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0}\chrome\skin\lib, No Action By User, [10854], [179467],1.0.1958
PUP.Optional.SearchResults, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0}\chrome\skin, No Action By User, [10854], [179467],1.0.1958
PUP.Optional.SearchResults, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0}\chrome, No Action By User, [10854], [179467],1.0.1958
PUP.Optional.SearchResults, C:\USERS\USER1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TADXIFIQ.DEFAULT\EXTENSIONS\{377E5D4D-77E5-476A-8716-7E70A9272DA0}, No Action By User, [10854], [179467],1.0.1958
PUP.Optional.Bandoo.AppFlsh, C:\USERS\USER1\APPDATA\LOCALLOW\ilividtoolbargaw, No Action By User, [9354], [181443],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\com.djboxservice.dj.DJBox, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\net.vmn.www.RadioBeta, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\scripts, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\css, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\css, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\config\skin\images, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\debugbar, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\config\skin\css, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\modules, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\searchbar, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\data\weather, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\options, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\config\skin, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\data\search, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\FirefoxExtension\components, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\FirefoxExtension\content, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\config, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\locale, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\data, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\FirefoxExtension, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\ChromeExtension, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\PROGRAM FILES (X86)\SEARCH RESULTS TOOLBAR\DATAMNGR, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\SearchProtectorRetakeoverDialog\Images, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\SearchProtectorBubbleDialog\images, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\ToolbarUntrustedAppsApprovalDialog, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\NewSearchProtectorDialog\images, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\SearchProtectorRetakeoverDialog, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\ToolbarFirstTimeDialog\images, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\SearchProtectorDialog\Images, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\SearchProtectorBubbleDialog, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\UntrustedAppApprovalDialog, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\UntrustedAppPendingDialog, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\NewSearchProtectorDialog, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\UntrustedAddedAppDialog, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\ToolbarFirstTimeDialog, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\EngineFirstTimeDialog, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\SearchProtectorDialog, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\DetectedAppDialog, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\AddedAppDialog, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\DefualtImages, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\USERS\USER1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TADXIFIQ.DEFAULT\CT2418376, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ASK, C:\Users\user1\AppData\LocalLow\AskToolbar\APNU, No Action By User, [510], [182103],1.0.1958
PUP.Optional.ASK, C:\USERS\USER1\APPDATA\LOCALLOW\ASKTOOLBAR, No Action By User, [510], [182103],1.0.1958
PUP.Optional.Conduit, C:\Users\user1\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light, No Action By User, [563], [182117],1.0.1958
PUP.Optional.Conduit, C:\Users\user1\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark, No Action By User, [563], [182117],1.0.1958
PUP.Optional.Conduit, C:\Users\user1\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images, No Action By User, [563], [182117],1.0.1958
PUP.Optional.Conduit, C:\Users\user1\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog, No Action By User, [563], [182117],1.0.1958
PUP.Optional.Conduit, C:\Users\user1\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks, No Action By User, [563], [182117],1.0.1958
PUP.Optional.Conduit, C:\Users\user1\AppData\LocalLow\Conduit\Community Alerts\Dialogs, No Action By User, [563], [182117],1.0.1958
PUP.Optional.Conduit, C:\Users\user1\AppData\LocalLow\Conduit\Community Alerts\Feeds, No Action By User, [563], [182117],1.0.1958
PUP.Optional.Conduit, C:\Users\user1\AppData\LocalLow\Conduit\Community Alerts\Log, No Action By User, [563], [182117],1.0.1958
PUP.Optional.Conduit, C:\Users\user1\AppData\LocalLow\Conduit\Community Alerts, No Action By User, [563], [182117],1.0.1958
PUP.Optional.Conduit, C:\USERS\USER1\APPDATA\LOCALLOW\CONDUIT, No Action By User, [563], [182117],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\light, No Action By User, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\dark, No Action By User, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images, No Action By User, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog, No Action By User, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs, No Action By User, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert, No Action By User, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\USERS\USER1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TADXIFIQ.DEFAULT\conduitCommon, No Action By User, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\PROGRAM FILES (X86)\CONDUIT, No Action By User, [11622], [236884],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\assets\oobe, No Action By User, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\Updater, No Action By User, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\assets, No Action By User, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\PROGRAM FILES (X86)\ASK.COM, No Action By User, [1332], [386990],1.0.1958
PUP.Optional.FBSkins, C:\PROGRAM FILES (X86)\SOCIALEXTRAS, No Action By User, [10672], [238280],1.0.1958

File: 675
PUP.Optional.Yontoo, C:\PROGRAM FILES (X86)\YONTOO LAYERS CLIENT\YONTOOIECLIENT.DLL, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, C:\PROGRAMDATA\NTUSER.POL, No Action By User, [51], [-1],0.0.0
PUP.Optional.Yontoo, C:\WINDOWS\SYSTEM32\GROUPPOLICY\MACHINE\REGISTRY.POL, No Action By User, [51], [-1],0.0.0
PUP.Optional.ASK, C:\PROGRAM FILES (X86)\ASK.COM\GENERICASKTOOLBAR.DLL, No Action By User, [510], [327345],1.0.1958


Offline millermaster

  • Bronze Member
  • Posts: 90
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #9 on: June 01, 2017, 11:07:51 PM »
Above is the first third or quarter of the log. I'm not sure if it would make sense to post the rest here?

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27141
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #10 on: June 02, 2017, 06:31:02 AM »
For the "Please enter the master password for the Software Security Device" issue, go to  this page and scroll down to the section titled Removing the master password and follow the instructions.

I am looking over the logs now to try and figure out what is going on.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline millermaster

  • Bronze Member
  • Posts: 90
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #11 on: June 12, 2017, 10:54:30 PM »
Hoov,

I'm back in town. Thank you for helping me with the "Please enter the master password for the Software Security Device" issue. I wouldn't have been able to figure that one out on my own  :m


Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27141
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #12 on: June 15, 2017, 03:35:16 PM »
Sorry, missed your post.

How is the computer running now?

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline millermaster

  • Bronze Member
  • Posts: 90
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #13 on: June 15, 2017, 04:20:29 PM »
Hoov, the laptop is more responsive. Not fast at all but more responsive. Before it took minutes to open Firefox. Now it's under a minute. I kept it offline since I was concerned about the Adware.Yontoo, Trojan.Vundo and a number of other files that MBAM had found.

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27141
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #14 on: June 15, 2017, 05:49:32 PM »
OK, we are going to push this a bit. I need you to go online and go to this page, https://www.eset.com/us/home/online-scanner/ and click the button marked Scan Now. Follow the instructions and do a full scan of the hard drive. Let me know if that finds anything. Also do another scan with MalwareBytes after the ESET scan. I want to see if anything gets installed after you are online long enough to do the scan. Stay online when Malwarebytes is checking for its updates, then once the update is done, you can disconnect and let the scan finish. Post the log from that.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!