SpywareHammer.com

SpywareHammer Malware Removal Forums => Post Here for Malware Removal ... => Topic started by: millermaster on May 17, 2017, 07:42:51 PM

Title: [In Progress] beyond slow laptop, MBAM found
Post by: millermaster on May 17, 2017, 07:42:51 PM
We inherited a laptop from my father-in-law which my wife wants to use. She tried to run Windows Update and ended up installing updates from 2014, or so I think. She installed Fire Fox. She complained the laptop was slow and said she had to register for firefox. I added Microsoft Security Essentials, updated it, added ccleaner, ran it (perhaps on a bit too aggressive settings?), removed a number of programs (but wasn't able to remove some), cleaned the registry and the laptop kept getting slower and slower. Tried checking for Windows Updates night after night but can't get anywhere (looks like it is checking for 48hrs straight, won't show any results, still shows last checked in 2014). Somewhere in between I ran ccleaner again. Last night I ran MBAM which found and quarantined a great number of files. This did not do much good. Since this is a 6 or 7 year old laptop we thought about recycling it when I remembered that I received help from spywarehammer with my PC before so I am asking for help if it's not too much trouble. I know I probably should not have ran MBAM without help and for sure should not have ran ccleaner. I apologize for this.

Here are the attach logs
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/21/2010 9:11:08 AM
System Uptime: 5/17/2017 7:56:49 PM (1 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: Intel(R) Celeron(R) CPU          900  @ 2.20GHz | CPU | 2194/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 222 GiB total, 170.967 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
3ivx MPEG-4 5.0.3 (remove only)
Adobe Flash Player 25 ActiveX
Adobe Flash Player 25 NPAPI
Adobe Reader 9.3
Ask Toolbar Updater
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
Best Buy pc app
Bing Rewards Client Installer
CCleaner
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Compatibility Pack for the 2007 Office system
Conexant HD Audio
D3DX10
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
IntelŽ Matrix Storage Manager
Java 7 Update 25
Java Auto Updater
Java(TM) 6 Update 17
Junk Mail filter update
Label@Once 1.0
MahJongg Master 3
Malwarebytes version 3.1.2.1733
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 27.0 (x86 en-US)
Mozilla Firefox 53.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
PlayReady PC Runtime amd64
PreReq
PrintProjects
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
Synaptics Pointing Device Driver
TOSHIBA Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
ToshibaRegistration
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio C++ 10.0 Runtime
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================

here is the DDS log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16798  BrowserJavaVersion: 10.25.2
Run by user1 at 20:13:25 on 2017-05-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1916.374 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Microsoft Security Essentials *Disabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\servicing\TrustedInstaller.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^ZU^xdm896^YY^us&ptb=A22B0EDE-4938-4574-BEAF-47854FF9956F
uSearch Bar = www.google.com
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mWinlogon: Userinit = C:\windows\SysWOW64\Userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - <orphaned>
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6403F7B1-B9DE-4A39-8DA7-A312071EDF81} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{690C4E76-38D1-4C46-880A-C95803B21A7A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{690C4E76-38D1-4C46-880A-C95803B21A7A}\2425553454F5E4564777F627B6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{690C4E76-38D1-4C46-880A-C95803B21A7A}\2457666616C6F6 : DHCPNameServer = 192.168.11.1
TCP: Interfaces\{690C4E76-38D1-4C46-880A-C95803B21A7A}\445656A7E6574737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{690C4E76-38D1-4C46-880A-C95803B21A7A}\4456C64716027457563747 : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{690C4E76-38D1-4C46-880A-C95803B21A7A}\44F4E4F46514E4D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.33.1
TCP: Interfaces\{690C4E76-38D1-4C46-880A-C95803B21A7A}\7756374756C6C633834303 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{690C4E76-38D1-4C46-880A-C95803B21A7A}\84F6C69646169794E6E6 : DHCPNameServer = 107.20.210.188 50.57.44.67 107.20.211.133 50.57.47.168
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [Windows Mobile-based device management] C:\windows\WindowsMobile\wmdcBase.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\mkvf8l5y.default-1494885523312\
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2017-5-17 251832]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2016-8-25 295000]
R1 ctxusbm;Citrix USB Monitor Driver;C:\windows\System32\drivers\ctxusbm.sys [2010-7-14 87600]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\windows\System32\drivers\mbae64.sys [2017-5-17 77440]
R2 MBAMChameleon;MBAMChameleon;C:\windows\System32\drivers\MBAMChameleon.sys [2017-5-17 187320]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2010-5-8 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-3-4 75816]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2016-8-25 135928]
.
=============== Created Last 30 ================
.
2017-05-17 05:21:26   187320   ----a-w-   C:\windows\System32\drivers\MBAMChameleon.sys
2017-05-17 05:21:17   84256   ----a-w-   C:\windows\System32\drivers\mwac.sys
2017-05-17 05:21:17   113592   ----a-w-   C:\windows\System32\drivers\farflt.sys
2017-05-17 05:20:59   43968   ----a-w-   C:\windows\System32\drivers\mbam.sys
2017-05-17 05:20:42   251832   ----a-w-   C:\windows\System32\drivers\MBAMSwissArmy.sys
2017-05-17 05:20:08   77440   ----a-w-   C:\windows\System32\drivers\mbae64.sys
2017-05-17 05:19:45   --------   d-----w-   C:\ProgramData\Malwarebytes
2017-05-17 05:19:45   --------   d-----w-   C:\Program Files\Malwarebytes
2017-05-17 05:19:24   --------   d-----w-   C:\Users\user1\AppData\Local\Programs
2017-05-16 05:17:49   1167568   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{40765815-69B9-46A4-AC48-8FF871641501}\gapaengine.dll
2017-05-16 05:16:24   12994104   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{53E1AE09-0AEF-441F-9D65-C9C64B2FFD35}\mpengine.dll
2017-05-16 04:54:10   --------   d-----w-   C:\Program Files (x86)\Microsoft Security Client
2017-05-16 04:53:42   --------   d-----w-   C:\Program Files\Microsoft Security Client
2017-05-15 14:22:18   --------   d-----w-   C:\Program Files\CCleaner
2017-05-14 18:55:44   2620928   ----a-w-   C:\windows\System32\wucltux.dll
2017-05-14 18:55:27   97792   ----a-w-   C:\windows\System32\wudriver.dll
2017-05-14 18:55:27   92672   ----a-w-   C:\windows\SysWow64\wudriver.dll
2017-05-14 18:54:36   36864   ----a-w-   C:\windows\System32\wuapp.exe
2017-05-14 18:54:36   33792   ----a-w-   C:\windows\SysWow64\wuapp.exe
2017-05-14 18:54:36   198600   ----a-w-   C:\windows\System32\wuwebv.dll
2017-05-14 18:54:36   179656   ----a-w-   C:\windows\SysWow64\wuwebv.dll
.
==================== Find3M  ====================
.
2017-05-14 20:17:21   803320   ----a-w-   C:\windows\SysWow64\FlashPlayerApp.exe
2017-05-14 20:17:21   144888   ----a-w-   C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-04-07 22:06:58   532136   ------w-   C:\windows\System32\MpSigStub.exe
.
============= FINISH: 20:18:25.45 ===============
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: Hoov on May 29, 2017, 07:23:45 PM
Download Windows Repair all in one (http://www.tweaking.com/content/page/windows_repair_all_in_one.html) and install it.

Now reboot your computer to safe mode. http://support.eset.com/kb2268/?locale=en_US

Now start up Windows repair all in one and go to the "Start Repairs" tab. Deselect the options for windows 8 /10 and then click the Start Repairs button. Then let it do its thing. Check occasionally to see if it needs input or a decision. This scan can take hours. Don't stop it just let it run. Let me know how it goes.
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: millermaster on May 31, 2017, 05:43:16 PM
Hoov, thank you for helping me again. I was able to download and it is running now. I will let you know once it's done or if I run into any trouble. Do I have to take notes of decisions or input needed?
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: millermaster on May 31, 2017, 06:40:26 PM
Hoov, this was quick. The program is done. It has to reboot to complete. This will be in normal mode, right?
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: Hoov on May 31, 2017, 06:54:41 PM
Yes. Check and see if anything has changed and let me know.
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: millermaster on May 31, 2017, 07:21:11 PM
Hoov, yes, the laptop is more responsive. Not fast but more responsive. Before it took minutes to open Firefox. Now it's under a minute. And I am able to get into MBAM, too. Looking at the scan report from 5/17. Not sure if this is something you want me to post but it found Adware.Yontoo, Trojan.Vundo and a number of other files. I know you will address this later but I wanted to mention it anyway. Also, I kept the laptop offline.
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: Hoov on May 31, 2017, 08:37:44 PM
Go ahead and post the log, but run another scan again. Post the log if it finds nothing, or remove what it finds and post that log. Also update Microsoft Security Essentials and run a scan with that. Let me know how that goes.
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: millermaster on June 01, 2017, 10:57:50 PM
Hoov, Security Essentials ran and found nothing. Also MBAM found nothing. Before I forget, every once in a while a windows pops up on the screen titled "Password Required". It asks "Please enter the master password for the Software Security Device." Below that is a field to enter text and two buttons "OK" and "Cancel".

Okay here are the MBAM Logs (newest 1st):
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/1/17
Scan Time: 3:15 AM
Log File: mbam 1.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.2064
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: user1-PC\user1

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 330649
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 10 min, 9 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/17/17
Scan Time: 12:55 AM
Log File: mbam2.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.1958
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: user1-PC\user1

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 328614
Threats Detected: 180
Threats Quarantined: 180
Time Elapsed: 13 min, 36 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 63
PUP.Optional.BetterSurf, HKLM\SOFTWARE\CLASSES\APPID\YontooIEClient.DLL, Quarantined, [898], [235788],1.0.1958
Adware.Yontoo, HKLM\SOFTWARE\Tarma Installer, Quarantined, [2012], [382206],1.0.1958
PUP.Optional.MindSpark, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\InboxAce_1g, Quarantined, [271], [240595],1.0.1958
PUP.Optional.TelevisionFanatic, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\TelevisionFanatic, Quarantined, [15015], [243985],1.0.1958
PUP.Optional.MindSpark, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\WeatherBlink, Quarantined, [271], [240673],1.0.1958
PUP.Optional.MindSpark, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\BringMeSports_1c, Quarantined, [271], [240430],1.0.1958
PUP.Optional.Conduit, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Quarantined, [563], [236861],1.0.1958
PUP.Optional.CrossRider, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [237], [237370],1.0.1958
PUP.Optional.FunWebProducts, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\Fun Web Products, Quarantined, [7103], [238589],1.0.1958
PUP.Optional.FunWebProducts, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\FunWebProducts, Quarantined, [7103], [238590],1.0.1958
PUP.Optional.MindSpark, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\InboxAce_1g, Quarantined, [271], [240481],1.0.1958
PUP.Optional.SavingsExplorer, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\Savings Explorer, Quarantined, [3321], [242590],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{597B1823-7FF0-4CD3-8095-9D8CBA514992}, Quarantined, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{597b1823-7ff0-4cd3-8095-9d8cba514992}, Quarantined, [2144], [241108],1.0.1958
PUP.Optional.MindSpark, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\TelevisionFanatic, Quarantined, [271], [240524],1.0.1958
PUP.Optional.MindSpark, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\WeatherBlink, Quarantined, [271], [240535],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{60A5DEAA-EB33-463B-AB00-7ADDB02C330A}, Quarantined, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{60a5deaa-eb33-463b-ab00-7addb02c330a}, Quarantined, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8C9EF753-BEB6-4582-B653-93AC59274437}, Quarantined, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8c9ef753-beb6-4582-b653-93ac59274437}, Quarantined, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}, Quarantined, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}, Quarantined, [2144], [241108],1.0.1958
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}, Quarantined, [563], [236866],1.0.1958
PUP.Optional.Conduit, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}, Quarantined, [563], [236866],1.0.1958
PUP.Optional.Launchie, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\4677, Quarantined, [2796], [371290],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Scheduled Update for Ask Toolbar, Quarantined, [510], [256266],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0328b630-ea94-4fa3-9f27-8250b6324ddb}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{14a70915-dde2-4ad5-a87f-38782ab646e6}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{164ea1fc-b0a0-4202-8c65-e4ba4d54a3ae}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1856a7bd-de8c-488b-aa7a-5682d13166fc}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1d71ec44-6a2b-42f4-b69f-97c1d89752c8}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110211101158}, Quarantined, [237], [237508],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{22714877-95e3-480e-a313-4ec440965e4f}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26bf4629-215b-45ff-97f5-590aa7a88cfe}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26e3cbe7-b6b0-4ced-82cc-13db96e92814}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3436bc13-c898-4775-b1ea-ba224587010d}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4e7f49ed-8c94-4aaa-a407-3010d099b11a}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{58886822-e70b-47fe-bbbb-9c4039328dc2}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5c03c42a-e055-4027-afa0-49ac44440b6e}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{73a7ee93-257c-4d58-ba02-290507e37937}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89b7ae32-9c52-41d6-a64d-14d7bdec9c58}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89cc5a31-b592-4bb3-82f5-bd8aca3e0bf0}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9170B96C-28D4-4626-8358-27E6CAEEF907}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9a0e47a8-be68-4975-9e94-81ed7b8a8cf1}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d09094b3-b426-4f16-a6d9-e211fe222127}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d3cceb9b-cf8d-4bba-a605-fac88c2e18a2}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ef37795b-9ce5-44d7-bba9-de33c99e1e05}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F138D901-86F0-4383-99B6-9CDD406036DA}, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{fa460720-7b38-421d-981c-66f0ae288fb9}, Quarantined, [271], [240755],1.0.1958
Adware.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}, Quarantined, [2012], [382579],1.0.1958
Adware.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}, Quarantined, [2012], [382579],1.0.1958
Adware.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}, Quarantined, [2012], [382579],1.0.1958
PUP.Optional.BetterSurf, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\YontooIEClient.DLL, Quarantined, [898], [235788],1.0.1958
PUP.Optional.Launchie, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4073ABF9-6F0E-460D-BB34-CB01B9A24084}, Quarantined, [2796], [371291],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BB9EE18D-0D7A-430E-9BDD-CB87C4F8AD02}, Quarantined, [510], [259409],1.0.1958
PUP.Optional.BetterSurf, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\YontooIEClient.DLL, Quarantined, [898], [235788],1.0.1958
PUP.Optional.ASK, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7518E14F-0FEC-45B9-B6FC-0D9CB4AACEBF}, Quarantined, [510], [258187],1.0.1958
PUP.Optional.Inbox, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C04B7D22-5AEC-4561-8F49-27F6269208F6}, Quarantined, [5225], [185435],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\aaaaojmikegpiepcfdkkjaplodkpfmlo, Quarantined, [510], [327700],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\niapdbllcanepiiimjjndipklodoedlc, Quarantined, [51], [245163],1.0.1958

Registry Value: 44
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{597b1823-7ff0-4cd3-8095-9d8cba514992}|URL, Quarantined, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{60a5deaa-eb33-463b-ab00-7addb02c330a}|URL, Quarantined, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8c9ef753-beb6-4582-b653-93ac59274437}|URL, Quarantined, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}|URL, Quarantined, [2144], [241108],1.0.1958
PUP.Optional.Conduit, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|URL, Quarantined, [563], [236866],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0328b630-ea94-4fa3-9f27-8250b6324ddb}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{14a70915-dde2-4ad5-a87f-38782ab646e6}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{164ea1fc-b0a0-4202-8c65-e4ba4d54a3ae}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1856a7bd-de8c-488b-aa7a-5682d13166fc}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1d71ec44-6a2b-42f4-b69f-97c1d89752c8}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110211101158}|APPNAME, Quarantined, [237], [237508],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{22714877-95e3-480e-a313-4ec440965e4f}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26bf4629-215b-45ff-97f5-590aa7a88cfe}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26e3cbe7-b6b0-4ced-82cc-13db96e92814}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3436bc13-c898-4775-b1ea-ba224587010d}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4e7f49ed-8c94-4aaa-a407-3010d099b11a}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{58886822-e70b-47fe-bbbb-9c4039328dc2}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5c03c42a-e055-4027-afa0-49ac44440b6e}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{73a7ee93-257c-4d58-ba02-290507e37937}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89b7ae32-9c52-41d6-a64d-14d7bdec9c58}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89cc5a31-b592-4bb3-82f5-bd8aca3e0bf0}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9170B96C-28D4-4626-8358-27E6CAEEF907}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9a0e47a8-be68-4975-9e94-81ed7b8a8cf1}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d09094b3-b426-4f16-a6d9-e211fe222127}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d3cceb9b-cf8d-4bba-a605-fac88c2e18a2}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ef37795b-9ce5-44d7-bba9-de33c99e1e05}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F138D901-86F0-4383-99B6-9CDD406036DA}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{fa460720-7b38-421d-981c-66f0ae288fb9}|APPPATH, Quarantined, [271], [240755],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{597b1823-7ff0-4cd3-8095-9d8cba514992}|URL, Quarantined, [2144], [241109],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{60a5deaa-eb33-463b-ab00-7addb02c330a}|URL, Quarantined, [2144], [241109],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8c9ef753-beb6-4582-b653-93ac59274437}|URL, Quarantined, [2144], [241109],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}|URL, Quarantined, [2144], [241109],1.0.1958
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|URL, Quarantined, [563], [236876],1.0.1958
Adware.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}|, Quarantined, [2012], [382579],1.0.1958
Adware.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}|, Quarantined, [2012], [382579],1.0.1958
PUP.Optional.Launchie, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4073ABF9-6F0E-460D-BB34-CB01B9A24084}|PATH, Quarantined, [2796], [371291],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BB9EE18D-0D7A-430E-9BDD-CB87C4F8AD02}|PATH, Quarantined, [510], [259409],1.0.1958
PUP.Optional.ASK, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7518E14F-0FEC-45B9-B6FC-0D9CB4AACEBF}|URL, Quarantined, [510], [258187],1.0.1958
PUP.Optional.Inbox, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C04B7D22-5AEC-4561-8F49-27F6269208F6}|URL, Quarantined, [5225], [185435],1.0.1958
PUP.Optional.Inbox, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C04B7D22-5AEC-4561-8F49-27F6269208F6}|SUGGESTIONSURL_JSON, Quarantined, [5225], [253687],1.0.1958
Adware.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}|, Quarantined, [2012], [382579],1.0.1958

Registry Data: 2
Hijack.StartPage, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH BAR, Replaced, [1879], [292747],1.0.1958
PUM.Optional.DisableShowSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|START_SHOWSEARCH, Replaced, [16410], [293317],1.0.1958

Data Stream: 0
(No malicious items detected)

Folder: 12
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\light, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\dark, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\USERS\USER1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TADXIFIQ.DEFAULT\conduitCommon, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.FBSkins, C:\PROGRAM FILES (X86)\SOCIALEXTRAS, Quarantined, [10672], [238280],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\assets\oobe, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\Updater, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\assets, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\PROGRAM FILES (X86)\ASK.COM, Quarantined, [1332], [386990],1.0.1958

File: 59
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\dark\close.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\dark\Next.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\dark\Next_hover.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\dark\powered-by.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\dark\Prev.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\dark\Prev_hover.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\dark\settings.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\light\close.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\light\Next.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\light\Next_hover.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\light\powered-by.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\light\Prev.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\light\Prev_hover.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\light\settings.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\light\Thumbs.db, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\close.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\like.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\Next.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\Next_hover.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\powered-by.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\Prev.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\Prev_hover.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\settings.png, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\Thumbs.db, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\AppNotification.js, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\initialNotification.html, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\main.html, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\NotificationDialogStyle.css, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\sampleNotification.html, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\DialogsAPI.js, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\PIE.htc, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\settings.js, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\version.txt, Quarantined, [11622], [182257],1.0.1958
PUP.Optional.MindSpark, C:\PROGRAM FILES (X86)\1CRES.DLL, Quarantined, [271], [301125],1.0.1958
PUP.Optional.BuzzBoxMedia, C:\PROGRAM FILES (X86)\SOCIALEXTRAS\UNINSTALLER.EXE, Quarantined, [10268], [301010],1.0.1958
PUP.Optional.MindSpark, C:\PROGRAM FILES (X86)\GCRES.DLL, Quarantined, [271], [301125],1.0.1958
PUP.Optional.ASK, C:\PROGRAM FILES (X86)\ASK.COM\SAUPDATE.EXE, Quarantined, [510], [309023],1.0.1958
PUP.Optional.MindSpark, C:\USERS\USER1\APPDATA\LOCAL\TELEVISIONFANATICAUTO.EXE, Quarantined, [271], [301125],1.0.1958
PUP.Optional.ASK, C:\WINDOWS\INSTALLER\FAC25.MSI, Quarantined, [510], [113867],1.0.1958
PUP.Optional.FBSkins, C:\Program Files (x86)\SocialExtras\install.log, Quarantined, [10672], [238280],1.0.1958
PUP.Optional.ASK, C:\USERS\USER1\APPDATA\LOCALLOW\MICROSOFT\INTERNET EXPLORER\SERVICES\SEARCH_ASK.COM.XML, Quarantined, [510], [339227],1.0.1958
PUP.Optional.Launchie, C:\WINDOWS\SYSTEM32\TASKS\4677, Quarantined, [2796], [371289],1.0.1958
PUP.Optional.ASK.Generic, C:\PROGRAM FILES (X86)\ASK.COM\UPDATER\config.xml, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\assets\oobe\b.png, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\assets\oobe\bl.png, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\assets\oobe\br.png, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\assets\oobe\l.png, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\assets\oobe\pointer.png, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\assets\oobe\r.png, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\assets\oobe\t.png, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\assets\oobe\tl.png, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\assets\oobe\tr.png, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\Updater\Updater.exe, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\cobrand.ico, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\config.xml, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\favicon.ico, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\mupcfg.xml, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\precache.exe, Quarantined, [1332], [386990],1.0.1958
PUP.Optional.ASK, C:\WINDOWS\SYSTEM32\TASKS\SCHEDULED UPDATE FOR ASK TOOLBAR, Quarantined, [510], [256264],1.0.1958

Physical Sector: 0
(No malicious items detected)


(end)
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: millermaster on June 01, 2017, 11:03:06 PM
Here is the oldest log which is too long to post:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/17/17
Scan Time: 12:23 AM
Log File: mbam3.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.1958
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: user1-PC\user1

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327050
Threats Detected: 1035
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 15 min, 18 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 149
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\INTERFACE\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\InprocServer32, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\YontooIEClient.Api, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\YontooIEClient.Api.1, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\TYPELIB\{D372567D-67C1-4B29-B3F0-159B52B3E967}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\INTERFACE\{1AD27395-1659-4DFF-A319-2CFA243861A5}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1AD27395-1659-4DFF-A319-2CFA243861A5}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1AD27395-1659-4DFF-A319-2CFA243861A5}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D372567D-67C1-4B29-B3F0-159B52B3E967}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{D372567D-67C1-4B29-B3F0-159B52B3E967}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\YontooIEClient.Layers, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\YontooIEClient.Layers.1, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\InprocServer32, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\InprocServer32, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\InprocServer32, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME, No Action By User, [51], [-1],0.0.0
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME, No Action By User, [51], [-1],0.0.0
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D4027C7F-154A-4066-A1AD-4243D8127440}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\GenericAskToolbar.ToolbarWnd, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\GenericAskToolbar.ToolbarWnd.1, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\TYPELIB\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\INTERFACE\{6C434537-053E-486D-B62A-160059D9D456}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\INTERFACE\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\INTERFACE\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6C434537-053E-486D-B62A-160059D9D456}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6C434537-053E-486D-B62A-160059D9D456}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D4027C7F-154A-4066-A1AD-4243D8127440}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D4027C7F-154A-4066-A1AD-4243D8127440}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\InprocServer32, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\InprocServer32, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{00000000-6E41-4FD3-8538-502F5495E5FC}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.MindSpark, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8A7D2060-824D-4B17-B00A-759B1B5F30D9}, No Action By User, [271], [168374],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{86D4B82A-ABED-442A-BE86-96357B70F4FE}, No Action By User, [510], [335062],1.0.1958
PUP.Optional.BuzzBoxMedia, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FF4E1D1D-705B-4379-AB33-22D98C1ABF55}, No Action By User, [10268], [301010],1.0.1958
PUP.Optional.BuzzBoxMedia, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FF4E1D1D-705B-4379-AB33-22D98C1ABF55}, No Action By User, [10268], [301010],1.0.1958
PUP.Optional.BuzzBoxMedia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FF4E1D1D-705B-4379-AB33-22D98C1ABF55}, No Action By User, [10268], [301010],1.0.1958
PUP.Optional.BuzzBoxMedia, HKLM\SOFTWARE\CLASSES\TYPELIB\{9DCC627F-FBD1-45C7-B8B8-11CB5FCD8A5D}, No Action By User, [10268], [301010],1.0.1958
PUP.Optional.BuzzBoxMedia, HKLM\SOFTWARE\CLASSES\INTERFACE\{78396F1D-3032-4998-B457-0E33CED25F12}, No Action By User, [10268], [301010],1.0.1958
PUP.Optional.BuzzBoxMedia, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{78396F1D-3032-4998-B457-0E33CED25F12}, No Action By User, [10268], [301010],1.0.1958
PUP.Optional.BuzzBoxMedia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{78396F1D-3032-4998-B457-0E33CED25F12}, No Action By User, [10268], [301010],1.0.1958
PUP.Optional.BuzzBoxMedia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{9DCC627F-FBD1-45C7-B8B8-11CB5FCD8A5D}, No Action By User, [10268], [301010],1.0.1958
PUP.Optional.BuzzBoxMedia, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{9DCC627F-FBD1-45C7-B8B8-11CB5FCD8A5D}, No Action By User, [10268], [301010],1.0.1958
PUP.Optional.BuzzBoxMedia, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FF4E1D1D-705B-4379-AB33-22D98C1ABF55}, No Action By User, [10268], [301010],1.0.1958
PUP.Optional.BuzzBoxMedia, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FF4E1D1D-705B-4379-AB33-22D98C1ABF55}, No Action By User, [10268], [301010],1.0.1958
PUP.Optional.BuzzBoxMedia, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FF4E1D1D-705B-4379-AB33-22D98C1ABF55}\InprocServer32, No Action By User, [10268], [301010],1.0.1958
PUP.Optional.BuzzBoxMedia, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FF4E1D1D-705B-4379-AB33-22D98C1ABF55}\InprocServer32, No Action By User, [10268], [301010],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}, No Action By User, [51], [181476],1.0.1958
PUP.Optional.MindSpark, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8BA2CFEF-A1BC-4964-AADC-33BE1AE5A33C}, No Action By User, [271], [168375],1.0.1958
PUP.Optional.FunWebProducts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB}, No Action By User, [7103], [168022],1.0.1958
Trojan.Vundo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467E-B8D4-7786EDA79AE0}, No Action By User, [885], [166565],1.0.1958
Trojan.Vundo, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467e-B8D4-7786EDA79AE0}, No Action By User, [885], [166565],1.0.1958
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}, No Action By User, [11622], [176175],1.0.1958
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}, No Action By User, [11622], [176175],1.0.1958
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32, No Action By User, [11622], [176175],1.0.1958
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32, No Action By User, [11622], [176175],1.0.1958
PUP.Optional.BetterSurf, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\YontooIEClient.DLL, No Action By User, [898], [235788],1.0.1958
PUP.Optional.ASK, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7518E14F-0FEC-45B9-B6FC-0D9CB4AACEBF}, No Action By User, [510], [258187],1.0.1958
PUP.Optional.Inbox, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C04B7D22-5AEC-4561-8F49-27F6269208F6}, No Action By User, [5225], [185435],1.0.1958
Adware.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}, No Action By User, [2012], [382579],1.0.1958
Adware.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}, No Action By User, [2012], [382579],1.0.1958
Adware.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}, No Action By User, [2012], [382579],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\aaaaojmikegpiepcfdkkjaplodkpfmlo, No Action By User, [510], [327700],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\niapdbllcanepiiimjjndipklodoedlc, No Action By User, [51], [245163],1.0.1958
PUP.Optional.MindSpark, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\InboxAce_1g, No Action By User, [271], [240595],1.0.1958
PUP.Optional.TelevisionFanatic, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\TelevisionFanatic, No Action By User, [15015], [243985],1.0.1958
PUP.Optional.MindSpark, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\WeatherBlink, No Action By User, [271], [240673],1.0.1958
PUP.Optional.MindSpark, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\BringMeSports_1c, No Action By User, [271], [240430],1.0.1958
PUP.Optional.Conduit, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, No Action By User, [563], [236861],1.0.1958
PUP.Optional.CrossRider, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, No Action By User, [237], [237370],1.0.1958
PUP.Optional.FunWebProducts, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\Fun Web Products, No Action By User, [7103], [238589],1.0.1958
PUP.Optional.FunWebProducts, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\FunWebProducts, No Action By User, [7103], [238590],1.0.1958
PUP.Optional.MindSpark, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\InboxAce_1g, No Action By User, [271], [240481],1.0.1958
PUP.Optional.SavingsExplorer, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\Savings Explorer, No Action By User, [3321], [242590],1.0.1958
PUP.Optional.MindSpark, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\TelevisionFanatic, No Action By User, [271], [240524],1.0.1958
PUP.Optional.MindSpark, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\APPDATALOW\SOFTWARE\WeatherBlink, No Action By User, [271], [240535],1.0.1958
PUP.Optional.BetterSurf, HKLM\SOFTWARE\CLASSES\APPID\YontooIEClient.DLL, No Action By User, [898], [235788],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{597B1823-7FF0-4CD3-8095-9D8CBA514992}, No Action By User, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{597b1823-7ff0-4cd3-8095-9d8cba514992}, No Action By User, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{60A5DEAA-EB33-463B-AB00-7ADDB02C330A}, No Action By User, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{60a5deaa-eb33-463b-ab00-7addb02c330a}, No Action By User, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8C9EF753-BEB6-4582-B653-93AC59274437}, No Action By User, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8c9ef753-beb6-4582-b653-93ac59274437}, No Action By User, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}, No Action By User, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}, No Action By User, [2144], [241108],1.0.1958
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}, No Action By User, [563], [236866],1.0.1958
PUP.Optional.Conduit, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}, No Action By User, [563], [236866],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0328b630-ea94-4fa3-9f27-8250b6324ddb}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{14a70915-dde2-4ad5-a87f-38782ab646e6}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{164ea1fc-b0a0-4202-8c65-e4ba4d54a3ae}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1856a7bd-de8c-488b-aa7a-5682d13166fc}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1d71ec44-6a2b-42f4-b69f-97c1d89752c8}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110211101158}, No Action By User, [237], [237508],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{22714877-95e3-480e-a313-4ec440965e4f}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26bf4629-215b-45ff-97f5-590aa7a88cfe}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26e3cbe7-b6b0-4ced-82cc-13db96e92814}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3436bc13-c898-4775-b1ea-ba224587010d}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4e7f49ed-8c94-4aaa-a407-3010d099b11a}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{58886822-e70b-47fe-bbbb-9c4039328dc2}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5c03c42a-e055-4027-afa0-49ac44440b6e}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{73a7ee93-257c-4d58-ba02-290507e37937}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89b7ae32-9c52-41d6-a64d-14d7bdec9c58}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89cc5a31-b592-4bb3-82f5-bd8aca3e0bf0}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9170B96C-28D4-4626-8358-27E6CAEEF907}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9a0e47a8-be68-4975-9e94-81ed7b8a8cf1}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d09094b3-b426-4f16-a6d9-e211fe222127}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d3cceb9b-cf8d-4bba-a605-fac88c2e18a2}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ef37795b-9ce5-44d7-bba9-de33c99e1e05}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F138D901-86F0-4383-99B6-9CDD406036DA}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{fa460720-7b38-421d-981c-66f0ae288fb9}, No Action By User, [271], [240755],1.0.1958
PUP.Optional.BetterSurf, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\YontooIEClient.DLL, No Action By User, [898], [235788],1.0.1958
PUP.Optional.Launchie, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4073ABF9-6F0E-460D-BB34-CB01B9A24084}, No Action By User, [2796], [371291],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BB9EE18D-0D7A-430E-9BDD-CB87C4F8AD02}, No Action By User, [510], [259409],1.0.1958
PUP.Optional.Yontoo, HKCR\\YontooIEClient.Api, No Action By User, [51], [245162],1.0.1958
PUP.Optional.Yontoo, HKCR\\YontooIEClient.Api.1, No Action By User, [51], [245162],1.0.1958
PUP.Optional.Yontoo, HKCR\\YontooIEClient.Layers, No Action By User, [51], [245162],1.0.1958
PUP.Optional.Yontoo, HKCR\\YontooIEClient.Layers.1, No Action By User, [51], [245162],1.0.1958
Adware.Yontoo, HKLM\SOFTWARE\Tarma Installer, No Action By User, [2012], [382206],1.0.1958
PUP.Optional.Launchie, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\4677, No Action By User, [2796], [371290],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Scheduled Update for Ask Toolbar, No Action By User, [510], [256266],1.0.1958

Registry Value: 56
PUP.Optional.ASK, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{00000000-6E41-4FD3-8538-502F5495E5FC}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{D4027C7F-154A-4066-A1AD-4243D8127440}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{D4027C7F-154A-4066-A1AD-4243D8127440}, No Action By User, [510], [327345],1.0.1958
PUP.Optional.ConduitTB, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{30F9B915-B755-4826-820B-08FBA6BD249D}, No Action By User, [4013], [167822],1.0.1958
PUP.Optional.InboxToolBar, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, No Action By User, [10727], [168102],1.0.1958
PUP.Optional.InboxToolBar, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, No Action By User, [10727], [168103],1.0.1958
PUP.Optional.PageRage, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{9565115D-C7D6-46D3-BD63-B67B481A4368}, No Action By User, [10798], [168618],1.0.1958
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, No Action By User, [9354], [-1],0.0.0
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, No Action By User, [9354], [-1],0.0.0
PUP.Optional.ASK, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7518E14F-0FEC-45B9-B6FC-0D9CB4AACEBF}|URL, No Action By User, [510], [258187],1.0.1958
PUP.Optional.Inbox, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C04B7D22-5AEC-4561-8F49-27F6269208F6}|URL, No Action By User, [5225], [185435],1.0.1958
PUP.Optional.Inbox, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C04B7D22-5AEC-4561-8F49-27F6269208F6}|SUGGESTIONSURL_JSON, No Action By User, [5225], [253687],1.0.1958
Adware.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}|, No Action By User, [2012], [382579],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467e-B8D4-7786EDA79AE0}|URL, No Action By User, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{597b1823-7ff0-4cd3-8095-9d8cba514992}|URL, No Action By User, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{60a5deaa-eb33-463b-ab00-7addb02c330a}|URL, No Action By User, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8c9ef753-beb6-4582-b653-93ac59274437}|URL, No Action By User, [2144], [241108],1.0.1958
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}|URL, No Action By User, [2144], [241108],1.0.1958
PUP.Optional.Conduit, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|URL, No Action By User, [563], [236866],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0328b630-ea94-4fa3-9f27-8250b6324ddb}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{14a70915-dde2-4ad5-a87f-38782ab646e6}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{164ea1fc-b0a0-4202-8c65-e4ba4d54a3ae}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1856a7bd-de8c-488b-aa7a-5682d13166fc}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1d71ec44-6a2b-42f4-b69f-97c1d89752c8}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110211101158}|APPNAME, No Action By User, [237], [237508],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{22714877-95e3-480e-a313-4ec440965e4f}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26bf4629-215b-45ff-97f5-590aa7a88cfe}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26e3cbe7-b6b0-4ced-82cc-13db96e92814}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3436bc13-c898-4775-b1ea-ba224587010d}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4e7f49ed-8c94-4aaa-a407-3010d099b11a}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{58886822-e70b-47fe-bbbb-9c4039328dc2}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5c03c42a-e055-4027-afa0-49ac44440b6e}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{73a7ee93-257c-4d58-ba02-290507e37937}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89b7ae32-9c52-41d6-a64d-14d7bdec9c58}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89cc5a31-b592-4bb3-82f5-bd8aca3e0bf0}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9170B96C-28D4-4626-8358-27E6CAEEF907}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9a0e47a8-be68-4975-9e94-81ed7b8a8cf1}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d09094b3-b426-4f16-a6d9-e211fe222127}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d3cceb9b-cf8d-4bba-a605-fac88c2e18a2}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ef37795b-9ce5-44d7-bba9-de33c99e1e05}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F138D901-86F0-4383-99B6-9CDD406036DA}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{fa460720-7b38-421d-981c-66f0ae288fb9}|APPPATH, No Action By User, [271], [240755],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467e-B8D4-7786EDA79AE0}|URL, No Action By User, [2144], [241109],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{597b1823-7ff0-4cd3-8095-9d8cba514992}|URL, No Action By User, [2144], [241109],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{60a5deaa-eb33-463b-ab00-7addb02c330a}|URL, No Action By User, [2144], [241109],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8c9ef753-beb6-4582-b653-93ac59274437}|URL, No Action By User, [2144], [241109],1.0.1958
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}|URL, No Action By User, [2144], [241109],1.0.1958
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|URL, No Action By User, [563], [236876],1.0.1958
Adware.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}|, No Action By User, [2012], [382579],1.0.1958
PUP.Optional.Launchie, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4073ABF9-6F0E-460D-BB34-CB01B9A24084}|PATH, No Action By User, [2796], [371291],1.0.1958
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BB9EE18D-0D7A-430E-9BDD-CB87C4F8AD02}|PATH, No Action By User, [510], [259409],1.0.1958
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}|CONTACT, No Action By User, [51], [245164],1.0.1958
Adware.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}|, No Action By User, [2012], [382579],1.0.1958

Registry Data: 2
PUM.Optional.DisableShowSearch, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|START_SHOWSEARCH, No Action By User, [16410], [293317],1.0.1958
Hijack.StartPage, HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH BAR, No Action By User, [1879], [292747],1.0.1958

Data Stream: 0
(No malicious items detected)

Folder: 153
PUP.Optional.Yontoo, C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache, No Action By User, [51], [181476],1.0.1958
PUP.Optional.Yontoo, C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Cache, No Action By User, [51], [181476],1.0.1958
PUP.Optional.Yontoo, C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}, No Action By User, [51], [181476],1.0.1958
PUP.Optional.Yontoo, C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}, No Action By User, [51], [181476],1.0.1958
PUP.Optional.Yontoo, C:\PROGRAMDATA\Tarma Installer, No Action By User, [51], [181476],1.0.1958
PUP.Optional.StrongVault, C:\USERS\USER1\APPDATA\ROAMING\Strongvault, No Action By User, [8762], [181999],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\BringMeSports_1cEI\Installr\1.bin\chrome, No Action By User, [271], [178224],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\BringMeSports_1cEI\Installr\1.bin, No Action By User, [271], [178224],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\BringMeSports_1cEI\Installr, No Action By User, [271], [178224],1.0.1958
PUP.Optional.MindSpark, C:\PROGRAM FILES (X86)\BringMeSports_1cEI, No Action By User, [271], [178224],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\DailyFitnessCenter_53EI\Installr\setups, No Action By User, [271], [178238],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\DailyFitnessCenter_53EI\Installr\1.bin, No Action By User, [271], [178238],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\DailyFitnessCenter_53EI\Installr, No Action By User, [271], [178238],1.0.1958
PUP.Optional.MindSpark, C:\PROGRAM FILES (X86)\DailyFitnessCenter_53EI, No Action By User, [271], [178238],1.0.1958
PUP.Optional.FunWebProducts, C:\Program Files (x86)\FunWebProducts\ScreenSaver\Images, No Action By User, [7103], [177356],1.0.1958
PUP.Optional.FunWebProducts, C:\Program Files (x86)\FunWebProducts\ScreenSaver, No Action By User, [7103], [177356],1.0.1958
PUP.Optional.FunWebProducts, C:\PROGRAM FILES (X86)\FunWebProducts, No Action By User, [7103], [177356],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\InboxAce_1gEI\Installr\setups, No Action By User, [271], [178281],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\InboxAce_1gEI\Installr\1.bin, No Action By User, [271], [178281],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\InboxAce_1gEI\Installr, No Action By User, [271], [178281],1.0.1958
PUP.Optional.MindSpark, C:\PROGRAM FILES (X86)\InboxAce_1gEI, No Action By User, [271], [178281],1.0.1958
PUP.Optional.SavingsExplorer, C:\PROGRAM FILES (X86)\Savings Explorer, No Action By User, [3321], [179362],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\chrome, No Action By User, [271], [178333],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin, No Action By User, [271], [178333],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\TelevisionFanaticEI\Installr, No Action By User, [271], [178333],1.0.1958
PUP.Optional.MindSpark, C:\PROGRAM FILES (X86)\TelevisionFanaticEI, No Action By User, [271], [178333],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\TotalRecipeSearch_14EI\Installr\1.bin\chrome, No Action By User, [271], [178334],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\TotalRecipeSearch_14EI\Installr\1.bin, No Action By User, [271], [178334],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\TotalRecipeSearch_14EI\Installr, No Action By User, [271], [178334],1.0.1958
PUP.Optional.MindSpark, C:\PROGRAM FILES (X86)\TotalRecipeSearch_14EI, No Action By User, [271], [178334],1.0.1958
PUP.Optional.Yontoo, C:\PROGRAM FILES (X86)\Yontoo Layers Client, No Action By User, [51], [180573],1.0.1958
PUP.Optional.Conduit, C:\USERS\USER1\APPDATA\LOCAL\Conduit, No Action By User, [563], [182116],1.0.1958
PUP.Optional.SavingsExplorer, C:\USERS\USER1\APPDATA\LOCAL\Savings Explorer, No Action By User, [3321], [179361],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\PROGRAM FILES (X86)\CONDUIT\COMMUNITY ALERTS, No Action By User, [11622], [176175],1.0.1958
PUP.Optional.FunWebProducts, C:\Users\user1\AppData\LocalLow\FunWebProducts\ScreenSaver\Images, No Action By User, [7103], [177357],1.0.1958
PUP.Optional.FunWebProducts, C:\Users\user1\AppData\LocalLow\FunWebProducts\Installr\Cache, No Action By User, [7103], [177357],1.0.1958
PUP.Optional.FunWebProducts, C:\Users\user1\AppData\LocalLow\FunWebProducts\ScreenSaver, No Action By User, [7103], [177357],1.0.1958
PUP.Optional.FunWebProducts, C:\Users\user1\AppData\LocalLow\FunWebProducts\Installr, No Action By User, [7103], [177357],1.0.1958
PUP.Optional.FunWebProducts, C:\Users\user1\AppData\LocalLow\FunWebProducts\Shared, No Action By User, [7103], [177357],1.0.1958
PUP.Optional.FunWebProducts, C:\USERS\USER1\APPDATA\LOCALLOW\FUNWEBPRODUCTS, No Action By User, [7103], [177357],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\MyWebSearch\bar\Settings, No Action By User, [271], [178303],1.0.1958
PUP.Optional.MindSpark, C:\Program Files (x86)\MyWebSearch\bar\History, No Action By User, [271], [178303],1.0.1958
PUP.Optional.MindSpark, C:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR, No Action By User, [271], [178303],1.0.1958
PUP.Optional.MindSpark, C:\Users\user1\AppData\LocalLow\BringMeSports_1c\bar\Cache, No Action By User, [271], [178361],1.0.1958
PUP.Optional.MindSpark, C:\Users\user1\AppData\LocalLow\BringMeSports_1c\bar, No Action By User, [271], [178361],1.0.1958
PUP.Optional.MindSpark, C:\USERS\USER1\APPDATA\LOCALLOW\BringMeSports_1c, No Action By User, [271], [178361],1.0.1958
PUP.Optional.MindSpark, C:\Users\user1\AppData\LocalLow\BringMeSports_1cEI\Installr\Cache, No Action By User, [271], [178361],1.0.1958
PUP.Optional.MindSpark, C:\Users\user1\AppData\LocalLow\BringMeSports_1cEI\Installr, No Action By User, [271], [178361],1.0.1958
PUP.Optional.MindSpark, C:\USERS\USER1\APPDATA\LOCALLOW\BringMeSports_1cEI, No Action By User, [271], [178361],1.0.1958
PUP.Optional.MindSpark, C:\Users\user1\AppData\LocalLow\DailyFitnessCenter_53EI\Installr\Cache, No Action By User, [271], [178374],1.0.1958
PUP.Optional.MindSpark, C:\Users\user1\AppData\LocalLow\DailyFitnessCenter_53EI\Installr, No Action By User, [271], [178374],1.0.1958
PUP.Optional.MindSpark, C:\USERS\USER1\APPDATA\LOCALLOW\DailyFitnessCenter_53EI, No Action By User, [271], [178374],1.0.1958
PUP.Optional.MindSpark, C:\Users\user1\AppData\LocalLow\InboxAce_1gEI\Installr\Cache, No Action By User, [271], [178415],1.0.1958
PUP.Optional.MindSpark, C:\Users\user1\AppData\LocalLow\InboxAce_1gEI\Installr, No Action By User, [271], [178415],1.0.1958
PUP.Optional.MindSpark, C:\USERS\USER1\APPDATA\LOCALLOW\InboxAce_1gEI, No Action By User, [271], [178415],1.0.1958
PUP.Optional.MindSpark, C:\Users\user1\AppData\LocalLow\TotalRecipeSearch_14EI\Installr\Cache, No Action By User, [271], [178464],1.0.1958
PUP.Optional.MindSpark, C:\Users\user1\AppData\LocalLow\TotalRecipeSearch_14EI\Installr, No Action By User, [271], [178464],1.0.1958
PUP.Optional.MindSpark, C:\USERS\USER1\APPDATA\LOCALLOW\TotalRecipeSearch_14EI, No Action By User, [271], [178464],1.0.1958
PUP.Optional.MyWebSearch, C:\Users\user1\AppData\LocalLow\MyWebSearch\bar\Settings, No Action By User, [2144], [178642],1.0.1958
PUP.Optional.MyWebSearch, C:\Users\user1\AppData\LocalLow\MyWebSearch\bar\History, No Action By User, [2144], [178642],1.0.1958
PUP.Optional.MyWebSearch, C:\Users\user1\AppData\LocalLow\MyWebSearch\bar, No Action By User, [2144], [178642],1.0.1958
PUP.Optional.MyWebSearch, C:\USERS\USER1\APPDATA\LOCALLOW\MYWEBSEARCH, No Action By User, [2144], [178642],1.0.1958
PUP.Optional.SearchResults, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0}\chrome\skin\lib\panels\default, No Action By User, [10854], [179467],1.0.1958
PUP.Optional.SearchResults, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0}\chrome\skin\lib\panels, No Action By User, [10854], [179467],1.0.1958
PUP.Optional.SearchResults, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0}\chrome\skin\lib, No Action By User, [10854], [179467],1.0.1958
PUP.Optional.SearchResults, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0}\chrome\skin, No Action By User, [10854], [179467],1.0.1958
PUP.Optional.SearchResults, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0}\chrome, No Action By User, [10854], [179467],1.0.1958
PUP.Optional.SearchResults, C:\USERS\USER1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TADXIFIQ.DEFAULT\EXTENSIONS\{377E5D4D-77E5-476A-8716-7E70A9272DA0}, No Action By User, [10854], [179467],1.0.1958
PUP.Optional.Bandoo.AppFlsh, C:\USERS\USER1\APPDATA\LOCALLOW\ilividtoolbargaw, No Action By User, [9354], [181443],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\com.djboxservice.dj.DJBox, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\net.vmn.www.RadioBeta, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\scripts, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\css, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\css, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\config\skin\images, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\debugbar, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\config\skin\css, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\modules, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\searchbar, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\data\weather, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\options, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\config\skin, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\data\search, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\FirefoxExtension\components, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\FirefoxExtension\content, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\config, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\locale, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\data, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\FirefoxExtension, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\ChromeExtension, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.DataMngr.AppFlsh, C:\PROGRAM FILES (X86)\SEARCH RESULTS TOOLBAR\DATAMNGR, No Action By User, [9454], [181453],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\SearchProtectorRetakeoverDialog\Images, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\SearchProtectorBubbleDialog\images, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\ToolbarUntrustedAppsApprovalDialog, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\NewSearchProtectorDialog\images, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\SearchProtectorRetakeoverDialog, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\ToolbarFirstTimeDialog\images, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\SearchProtectorDialog\Images, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\SearchProtectorBubbleDialog, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\UntrustedAppApprovalDialog, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\UntrustedAppPendingDialog, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\NewSearchProtectorDialog, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\UntrustedAddedAppDialog, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\ToolbarFirstTimeDialog, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\EngineFirstTimeDialog, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\SearchProtectorDialog, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\DetectedAppDialog, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\AddedAppDialog, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs\DefualtImages, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\CT2418376\Dialogs, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\USERS\USER1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TADXIFIQ.DEFAULT\CT2418376, No Action By User, [11622], [181765],1.0.1958
PUP.Optional.ASK, C:\Users\user1\AppData\LocalLow\AskToolbar\APNU, No Action By User, [510], [182103],1.0.1958
PUP.Optional.ASK, C:\USERS\USER1\APPDATA\LOCALLOW\ASKTOOLBAR, No Action By User, [510], [182103],1.0.1958
PUP.Optional.Conduit, C:\Users\user1\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light, No Action By User, [563], [182117],1.0.1958
PUP.Optional.Conduit, C:\Users\user1\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark, No Action By User, [563], [182117],1.0.1958
PUP.Optional.Conduit, C:\Users\user1\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images, No Action By User, [563], [182117],1.0.1958
PUP.Optional.Conduit, C:\Users\user1\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog, No Action By User, [563], [182117],1.0.1958
PUP.Optional.Conduit, C:\Users\user1\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks, No Action By User, [563], [182117],1.0.1958
PUP.Optional.Conduit, C:\Users\user1\AppData\LocalLow\Conduit\Community Alerts\Dialogs, No Action By User, [563], [182117],1.0.1958
PUP.Optional.Conduit, C:\Users\user1\AppData\LocalLow\Conduit\Community Alerts\Feeds, No Action By User, [563], [182117],1.0.1958
PUP.Optional.Conduit, C:\Users\user1\AppData\LocalLow\Conduit\Community Alerts\Log, No Action By User, [563], [182117],1.0.1958
PUP.Optional.Conduit, C:\Users\user1\AppData\LocalLow\Conduit\Community Alerts, No Action By User, [563], [182117],1.0.1958
PUP.Optional.Conduit, C:\USERS\USER1\APPDATA\LOCALLOW\CONDUIT, No Action By User, [563], [182117],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\light, No Action By User, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\dark, No Action By User, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images, No Action By User, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs\AppNotificationDialog, No Action By User, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert\Dialogs, No Action By User, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\conduitCommon\alert, No Action By User, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\USERS\USER1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TADXIFIQ.DEFAULT\conduitCommon, No Action By User, [11622], [182257],1.0.1958
PUP.Optional.ConduitTB.Gen, C:\PROGRAM FILES (X86)\CONDUIT, No Action By User, [11622], [236884],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\assets\oobe, No Action By User, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\Updater, No Action By User, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\Program Files (x86)\Ask.com\assets, No Action By User, [1332], [386990],1.0.1958
PUP.Optional.ASK.Generic, C:\PROGRAM FILES (X86)\ASK.COM, No Action By User, [1332], [386990],1.0.1958
PUP.Optional.FBSkins, C:\PROGRAM FILES (X86)\SOCIALEXTRAS, No Action By User, [10672], [238280],1.0.1958

File: 675
PUP.Optional.Yontoo, C:\PROGRAM FILES (X86)\YONTOO LAYERS CLIENT\YONTOOIECLIENT.DLL, No Action By User, [51], [299674],1.0.1958
PUP.Optional.Yontoo, C:\PROGRAMDATA\NTUSER.POL, No Action By User, [51], [-1],0.0.0
PUP.Optional.Yontoo, C:\WINDOWS\SYSTEM32\GROUPPOLICY\MACHINE\REGISTRY.POL, No Action By User, [51], [-1],0.0.0
PUP.Optional.ASK, C:\PROGRAM FILES (X86)\ASK.COM\GENERICASKTOOLBAR.DLL, No Action By User, [510], [327345],1.0.1958

Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: millermaster on June 01, 2017, 11:07:51 PM
Above is the first third or quarter of the log. I'm not sure if it would make sense to post the rest here?
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: Hoov on June 02, 2017, 06:31:02 AM
For the "Please enter the master password for the Software Security Device" issue, go to  this page (https://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins?redirectlocale=en-US&redirectslug=Protecting+stored+passwords+using+a+master+password) and scroll down to the section titled Removing the master password and follow the instructions.

I am looking over the logs now to try and figure out what is going on.
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: millermaster on June 12, 2017, 10:54:30 PM
Hoov,

I'm back in town. Thank you for helping me with the "Please enter the master password for the Software Security Device" issue. I wouldn't have been able to figure that one out on my own  :m

Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: Hoov on June 15, 2017, 03:35:16 PM
Sorry, missed your post.

How is the computer running now?
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: millermaster on June 15, 2017, 04:20:29 PM
Hoov, the laptop is more responsive. Not fast at all but more responsive. Before it took minutes to open Firefox. Now it's under a minute. I kept it offline since I was concerned about the Adware.Yontoo, Trojan.Vundo and a number of other files that MBAM had found.
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: Hoov on June 15, 2017, 05:49:32 PM
OK, we are going to push this a bit. I need you to go online and go to this page, https://www.eset.com/us/home/online-scanner/ and click the button marked Scan Now. Follow the instructions and do a full scan of the hard drive. Let me know if that finds anything. Also do another scan with MalwareBytes after the ESET scan. I want to see if anything gets installed after you are online long enough to do the scan. Stay online when Malwarebytes is checking for its updates, then once the update is done, you can disconnect and let the scan finish. Post the log from that.
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: millermaster on June 16, 2017, 09:37:58 AM
I went online, klicked on the button, downloaded eset and stayed online while it was doing its thing which took a long time (the scan alone took 4hrs and 7 minutes). Each step to get to the download was slow. I turned Security Essentials off for the Scan since eset stated running a virus program while scanning may cause problems. It is now back to Real-Time protection and updated. Here is that log:

C:\AI_RecycleBin\{357AF691-D70D-411E-9756-C093451972C2}\3\Strongvault\StrongVaultApp.exe   a variant of MSIL/Adware.StrongVault.A application   
C:\Users\user1\AppData\LocalLow\MyOwnSuperheroIE\bar\setups\MyOwnSuperhero Installer(05b3e7eb).exe   a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application   
C:\Users\user1\AppData\LocalLow\MyOwnSuperheroIE\bar\setups\MyOwnSuperhero Installer(155fb8c3).exe   a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application   
C:\Users\user1\AppData\LocalLow\MyOwnSuperheroIE\bar\setups\MyOwnSuperhero Installer(1e67abf7).exe   a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application   
C:\Users\user1\AppData\LocalLow\MyOwnSuperheroIE\bar\setups\MyOwnSuperhero Installer(1ebb0d88).exe   a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application   
C:\Users\user1\AppData\LocalLow\MyOwnSuperheroIE\bar\setups\MyOwnSuperhero Installer(222a2faa).exe   a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application   
C:\Users\user1\AppData\LocalLow\MyOwnSuperheroIE\bar\setups\MyOwnSuperhero Installer(27c2c783).exe   a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application   
C:\Users\user1\AppData\LocalLow\MyOwnSuperheroIE\bar\setups\MyOwnSuperhero Installer(2c775bfe).exe   a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application   
C:\Users\user1\AppData\LocalLow\MyOwnSuperheroIE\bar\setups\MyOwnSuperhero Installer(45936b0f).exe   a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application   
C:\Users\user1\AppData\LocalLow\MyOwnSuperheroIE\bar\setups\MyOwnSuperhero Installer(4b53297b).exe   a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application   
C:\Users\user1\AppData\LocalLow\TelevisionFanaticEI\Installr\Cache\2A27FDBC.exe   a variant of Win32/Toolbar.MyWebSearch.V potentially unwanted application   
C:\Users\user1\AppData\LocalLow\WeatherBlinkEI\Installr\Cache\12B7390C.exe   a variant of Win32/Toolbar.MyWebSearch.V potentially unwanted application   

I had eset delete the files. After that the computer didn't respond to opening MBAM or Security Essentials. I waited 15 Minutes, still nothing, so I disconnected the LAN cable, shut it down and turned it back on again. I started MBAM with LAN cable back in place and ran MBAM after updating and went offline again but MBAM didn't find anything.

After exporting the MBAM log and closing MBAM a window popped up "Program Compatibility Assistant" reading:
Windows detected that this program did not run correclty
To try and fix the problem, Windows has applied compatibility settings to this program. Windows will use these settings the next time you run the program.
If you noticed that this program didn't run correctly, try running the program again.
Program: Malwarebytes
Publisher: Malwarebytes
Location: C:\Program Files\Malwarebyt...\mbam.exe

Here is the log:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/16/17
Scan Time: 9:54 AM
Log File: mbam-2017-06-16-1000.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.141
Update Package Version: 1.0.2164
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: user1-PC\user1

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331967
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 13 min, 33 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: Hoov on June 16, 2017, 09:59:49 AM
It bothers me that another toolbar was found. Please read the instructions below and follow them. You do not remove things the first time thru (unless you are for sure that you know you do not want that software).

1.- Download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) by Xplode onto your Desktop.
2.- Download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
3.- Please download RogueKiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) and Save to the desktop.
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: millermaster on June 21, 2017, 04:23:26 PM
Hoov,

Sorry it took me a while to get back, I was busy with work.

I went ahead and downloaded AdwCleaner, went offline, closed all programs, ran the exe file and hit the scan button. AdwCleaner found 169 files. I couldn't see any programs I wanted to keep in the folders, files or tasks. As far as the registry goes, I was sure for about 95% that I didn't want to keep anything. At the end of the day all I want is a laptop to run Firefox, stream some music and that's it. So, with 95% confidence, I hit the "clean" button without un-selecting anything. AdwCleaner displayed "deleting folders" while the process bar filled up about 15%. After that AdwCleaner went into "Not responding". I left it alone for 45minutes. Nothing changed. So, I Ctrl+Alt+Del-ed the laptop and rebooted. No text file opened though and I am not sure how successful my cleaning attempt was. I will stop here and now. Before doing anything else, I will post the log and wait to see what your thoughts are.


# AdwCleaner v6.047 - Logfile created 21/06/2017 at 16:16:25
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-19.1 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : user1 - USER1-PC
# Running from : C:\Users\user1\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found:  C:\Users\user1\AppData\Local\Best Buy pc app
Folder Found:  C:\ProgramData\Best Buy pc app
Folder Found:  C:\ProgramData\Application Data\Best Buy pc app
Folder Found:  C:\Users\user1\AppData\Local\iLivid
Folder Found:  C:\Users\user1\AppData\Local\PackageAware
Folder Found:  C:\Users\user1\AppData\Local\torch
Folder Found:  C:\Users\user1\AppData\LocalLow\iac
Folder Found:  C:\Users\user1\AppData\LocalLow\Yahoo!\Companion
Folder Found:  C:\Users\user1\AppData\LocalLow\IAC
Folder Found:  C:\ProgramData\Ascentive
Folder Found:  C:\ProgramData\Ask
Folder Found:  C:\ProgramData\Partner
Folder Found:  C:\ProgramData\Application Data\Ascentive
Folder Found:  C:\ProgramData\Application Data\Ask
Folder Found:  C:\ProgramData\Application Data\Partner
Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games
Folder Found:  C:\Program Files (x86)\Conduit
Folder Found:  C:\Program Files (x86)\MyWebSearch
Folder Found:  C:\Program Files (x86)\Search Results Toolbar
Folder Found:  C:\windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Found:  C:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion
Folder Found:  C:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion


***** [ Files ] *****

File Found:  C:\alotserviceruntime.log


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

Task Found:  Best Buy pc app
Task Found:  0


***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Best Buy pc app
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Best Buy pc app_is1
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{9A1A857D-41B0-4122-9DB2-B5A9B21DE0B2}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{9A1A857D-41B0-4122-9DB2-B5A9B21DE0B2}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{A60671D2-CC17-4FDB-8CB7-87EFC561FB2C}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A60671D2-CC17-4FDB-8CB7-87EFC561FB2C}
Key Found:  HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found:  HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found:  [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found:  HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F4D7835-42B0-4BA7-9587-1B01393F78EE}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E1368B44-60A8-470F-9537-C1BC2390C8E3}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
Key Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\APN
Key Found:  HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Ask.com
Key Found:  HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Conduit
Key Found:  HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\FunWebProducts
Key Found:  HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\MyWebSearch
Key Found:  HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Yahoo\Companion
Key Found:  HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Yahoo\YFriendsBar
Key Found:  HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\AppDataLow\Software\AskToolbar
Key Found:  HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\AppDataLow\Software\CompeteInc
Key Found:  HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\AppDataLow\Software\Conduit
Key Found:  HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\AppDataLow\Software\MyWebSearch
Key Found:  HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\AppDataLow\Software\Yahoo\Companion
Key Found:  HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found:  HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\gamesbar
Key Found:  HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\MyWebSearch
Key Found:  HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Yahoo\Companion
Key Found:  HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Yahoo\YFriendsBar
Key Found:  HKCU\Software\APN
Key Found:  HKCU\Software\Ask.com
Key Found:  HKCU\Software\Conduit
Key Found:  HKCU\Software\FunWebProducts
Key Found:  HKCU\Software\MyWebSearch
Key Found:  HKCU\Software\Yahoo\Companion
Key Found:  HKCU\Software\Yahoo\YFriendsBar
Key Found:  HKCU\Software\AppDataLow\Software\AskToolbar
Key Found:  HKCU\Software\AppDataLow\Software\CompeteInc
Key Found:  HKCU\Software\AppDataLow\Software\Conduit
Key Found:  HKCU\Software\AppDataLow\Software\MyWebSearch
Key Found:  HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found:  HKLM\SOFTWARE\APN
Key Found:  HKLM\SOFTWARE\AskToolbar
Key Found:  HKLM\SOFTWARE\Conduit
Key Found:  HKLM\SOFTWARE\FocusInteractive
Key Found:  HKLM\SOFTWARE\Fun Web Products
Key Found:  HKLM\SOFTWARE\InboxAce_1g
Key Found:  HKLM\SOFTWARE\MyWebSearch
Key Found:  HKLM\SOFTWARE\Yahoo\Companion
Key Found:  HKLM\SOFTWARE\WeatherBlink
Key Found:  HKLM\SOFTWARE\TelevisionFanatic
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\gamesbar
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\MyWebSearch
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Yahoo\Companion
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Yahoo\YFriendsBar
Key Found:  [x64] HKCU\Software\APN
Key Found:  [x64] HKCU\Software\Ask.com
Key Found:  [x64] HKCU\Software\Conduit
Key Found:  [x64] HKCU\Software\FunWebProducts
Key Found:  [x64] HKCU\Software\MyWebSearch
Key Found:  [x64] HKCU\Software\Yahoo\Companion
Key Found:  [x64] HKCU\Software\Yahoo\YFriendsBar
Key Found:  [x64] HKCU\Software\AppDataLow\Software\AskToolbar
Key Found:  [x64] HKCU\Software\AppDataLow\Software\CompeteInc
Key Found:  [x64] HKCU\Software\AppDataLow\Software\Conduit
Key Found:  [x64] HKCU\Software\AppDataLow\Software\MyWebSearch
Key Found:  [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found:  [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found:  HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found:  HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found:  HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Found:  HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
Data Found:  HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^ZU^xdm896^YY^us&ptb=A22B0EDE-4938-457
Data Found:  HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^ZU^xdm896^YY^us&ptb=A22B0EDE-4938-4574-BEAF-47854FF9956F
Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^ZU^xdm896^YY^us&ptb=A22B0EDE-4938-4574-BEAF-47854FF9956F
Key Found:  HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}
Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\ApnUpdater
Key Found:  HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found:  HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [15902 Bytes] - [21/06/2017 16:16:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15976 Bytes] ##########
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: Hoov on June 21, 2017, 06:20:44 PM
Well at least it is getting cleaner. Try rebooting windows cleanly. The instructions are here, https://support.microsoft.com/en-us/help/929135/how-to-perform-a-clean-boot-in-windows scroll down and make sure to select the windows 7 option.

Once that is done, go ahead and follow the previous instructions to clean the computer.

One question, was this computer purchased at Best Buy, or was it ever take there for  maintenance that you know of?
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: millermaster on June 21, 2017, 07:48:45 PM
I do not know where the computer was purchased but I know it was taken to Best Buy for Service at least once.

Rebooting Windows cleanly made the difference  :t!

Here is the AdwCleaner log. One question: should I reboot windows cleanly for the Junkware Removal Tool and RogueKiller, too? I will work on that either tomorrow or on Friday...


# AdwCleaner v6.047 - Logfile created 21/06/2017 at 20:35:52
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-19.1 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : user1 - USER1-PC
# Running from : C:\Users\user1\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\user1\AppData\Local\iLivid
[-] Folder deleted: C:\Users\user1\AppData\Local\PackageAware
[-] Folder deleted: C:\Users\user1\AppData\Local\torch
[-] Folder deleted: C:\Users\user1\AppData\LocalLow\iac
[-] Folder deleted: C:\Users\user1\AppData\LocalLow\Yahoo!\Companion
[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
[Start Page]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key deleted: HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}
[x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\ApnUpdater
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [15926 Bytes] - [21/06/2017 20:35:52]
C:\AdwCleaner\AdwCleaner[S0].txt - [17255 Bytes] - [21/06/2017 16:16:25]
C:\AdwCleaner\AdwCleaner[S1].txt - [15564 Bytes] - [21/06/2017 20:27:13]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [16148 Bytes] ##########
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: Hoov on June 21, 2017, 08:44:24 PM
Booting windows cleanly would be the best way. But unless you went and undid it, you are still in that mode. It survives a reboot. Unlike safe mode, you have to go back and turn everything back on.
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: millermaster on June 22, 2017, 01:43:30 PM
Thank you, I didn't know. I thought it worked like safe mode.

I ran the Junkware Removal Tool and the log is attached at the bottom.
 
Next I downloaded Roguekiller to the desktop. After double clicking on it, window opened "C:\Users\user1\RogueKiller.exe is not a valid Win32 application" and I am not able to post anything for RogueKiller.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Home Premium x64
Ran by user1 (Administrator) on Thu 06/22/2017 at 14:27:13.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 43

Successfully deleted: C:\ai_recyclebin (Folder)
Successfully deleted: C:\ProgramData\strongvault online backup (Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{0AA40EEA-7029-4125-90CF-DE921C697BC4} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{0B838235-7061-4A9A-95F7-4D417A606C55} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{1518AB3E-2B54-46F8-B63A-49D6D638E8BB} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{201457BD-6F57-44A7-9E30-7208D85FACA1} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{27994228-4B4E-42E0-85C5-8299325C1AAA} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{2BBC9548-8E22-4AE7-AB37-5887985E545C} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{316BFAD1-3DD9-4477-A70B-ED2E1FD45024} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{578CF9A0-740E-486D-9B63-C85647A5B631} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{5BE6EBB5-D395-4BF9-BA34-E13B692F4568} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{7521066C-9123-4C28-8149-5E4461B9ED46} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{78C73347-3467-428D-8B5E-442B79AF9540} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{79B4F12E-2FE1-466B-BB4F-F7466BEE086C} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{990361C7-4FF6-42AA-A539-B1D391E55AF0} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{A37E2D58-5746-49D9-A37D-2217FE297DFD} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{B2EB163B-9795-49E5-90EF-EAECE69CE2B3} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{DD5CD88B-9655-4D81-825F-AF66EDC0861A} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{F32DD16C-3392-49A7-872E-91538C8C4B87} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{FFDF9E64-C1EC-4721-A329-85EB1DD9D56C} (Empty Folder)
Successfully deleted: C:\Users\user1\Appdata\LocalLow\televisionfanaticei (Folder)
Successfully deleted: C:\Users\user1\Appdata\LocalLow\weatherblinkei (Folder)
Successfully deleted: C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\extensions\toolbar@ask.com (Folder)
Successfully deleted: C:\windows\wininit.ini (File)
Successfully deleted: C:\Program Files (x86)\weatherblinkei (Folder)
Successfully deleted: C:\Users\user1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KL195R2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QH15SWL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHZ96TOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EUVFF863 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IXS11AKO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBR04W56 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI1JF248 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YU8VDGPN (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KL195R2 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QH15SWL (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHZ96TOA (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EUVFF863 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IXS11AKO (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBR04W56 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI1JF248 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YU8VDGPN (Temporary Internet Files Folder)



Registry: 4

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AE753F4C-2AD0-42DB-8A12-E83979DDC45C} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/22/2017 at 14:29:09.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: Hoov on June 22, 2017, 08:32:26 PM
Right click on roguekiller and select run as administrator and see if it will start.
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: millermaster on June 23, 2017, 02:15:33 AM
No, that makes no difference. Still get the "...RogueKiller.exe is not a valid Win32 application" window ???
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: Hoov on June 23, 2017, 03:45:17 AM
Is this the only time you have seen this?
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: millermaster on June 23, 2017, 01:33:50 PM
 Yes, I have never seen this message before.
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: millermaster on June 23, 2017, 03:32:21 PM
Do you want me to try and run it in compatibility mode for Windows 7?
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: Hoov on June 23, 2017, 03:46:56 PM
No. Try downloading it again. If you have access to another computer try downloading it with that one, and move it to the problem child. If you get the same problem, reboot to safe mode and try running it in safe mode.
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: millermaster on June 23, 2017, 04:21:02 PM
If you do not mind me asking what size should that RogueKiller.exe file have? I downloaded it from the Sur la Toile site to my good PC and while transferring I realized that the file has a size of 0 bytes. Or at least it looks that way in the windows explorer on both computers. Safe mode wouldn't make a difference either. Perhaps I should look for another mirror site?
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: Hoov on June 23, 2017, 04:54:04 PM
That is the wrong file. I will send you a PM with the link.
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: Hoov on June 23, 2017, 05:35:03 PM
You have the link in your PM.
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: millermaster on June 23, 2017, 06:44:06 PM
This worked much better. The RKreport.txt did not generate so I copy the text direct from the program:

RogueKiller V12.11.3.0 (x64) [Jun 19 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : user1 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 06/23/2017 18:47:23 (Duration : 00:33:09)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUP.BestBuy] (X64) HKEY_LOCAL_MACHINE\Software\Best Buy -> Found
[PUP.BestBuy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Best Buy pc app -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 3 ¤¤¤
[Suspicious.Path][File] C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [LNK@] C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" -> Found
[PUP.Tific][Folder] C:\Users\user1\AppData\Roaming\Tific -> Found
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9250315AS +++++
--- User ---
[MBR] a32c698fd3b2a4486ac2bcfd6cbfe899
[BSP] b9818e7a885bcd3eec8b6b3757018fc4 : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 227813 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 469635072 | Size: 9161 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK



RogueKiller V12.11.3.0 (x64) [Jun 19 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : user1 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 06/23/2017 18:47:23 (Duration : 00:33:09)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUP.BestBuy] (X64) HKEY_LOCAL_MACHINE\Software\Best Buy -> Deleted
[PUP.BestBuy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Best Buy pc app -> Deleted
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Replaced (1)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 3 ¤¤¤
[Suspicious.Path][File] C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [LNK@] C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" -> Deleted
[PUP.Tific][Folder] C:\Users\user1\AppData\Roaming\Tific -> Deleted
[PUP.Tific][File] C:\Users\user1\AppData\Roaming\Tific\Environment.tfc -> Deleted
[PUP.Tific][File] C:\Users\user1\AppData\Roaming\Tific\tificps.symantec.com.tfc -> Deleted
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific -> Removed at reboot [91]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\config\170\Config.swf -> Deleted
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\config\170 -> Deleted
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\config -> Deleted
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\content\170\Resources_en_AU.swf -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\content\170\Resources_en_CA.swf -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\content\170\Resources_en_IE.swf -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\content\170\Resources_en_NZ.swf -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\content\170\Resources_en_UK.swf -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\content\170\Resources_en_US.swf -> Removed at reboot [5]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\content\170 -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\content -> Removed at reboot [91]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\hsplayer.dll -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\InstallHelper.exe -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\Norton PC Checkup.exe -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\OemStop.exe -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\Resource.dll -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\.CLT2010.exe -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\.CLT2011.exe -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\ccL100U.dll -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\ccL90U.dll -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\legacy\ccL80U.dll -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\legacy\msvcm80.dll -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\legacy\msvcp80.dll -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\legacy\msvcr80.dll -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\legacy\SymClgX.dll -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\legacy\symNPD.exe -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\legacy\symNPDScan.dll -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\legacy\SymXPep2.dll -> Removed at reboot [5]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\legacy -> Removed at reboot [91]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\libeay32.dll -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\Microsoft.VC90.CRT\msvcm90.dll -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\Microsoft.VC90.CRT\msvcp90.dll -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\Microsoft.VC90.CRT\msvcr90.dll -> Removed at reboot [5]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\Microsoft.VC90.CRT -> Removed at reboot [91]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\SymNSPDetector.exe -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\symNSPDetector3PP.xml.enc -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\SymNSPScanner.exe -> Removed at reboot [5]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd -> Removed at reboot [91]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\nss\OEMScanner.exe -> Removed at reboot [5]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\nss -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners -> Removed at reboot [91]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\ScheduleWinExe.exe -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\styles\170\en\img\protectionBackground.png -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\styles\170\en\img\virusBackground.png -> Removed at reboot [5]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\styles\170\en\img -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\styles\170\en -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\styles\170 -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\styles -> Removed at reboot [91]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\SymcPCCULaunchSvc.exe -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\SymcPCCUMigration.exe -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\TestWorker.dll -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\version.txt -> Deleted
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20 -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86) -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca -> Removed at reboot [91]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca.tfc -> Deleted
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_c72a8f5adc414236821593ea55112e2a\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\config\170\Config.swf -> Removed at reboot [5]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_c72a8f5adc414236821593ea55112e2a\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\config\170 -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_c72a8f5adc414236821593ea55112e2a\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\config -> Removed at reboot [91]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_c72a8f5adc414236821593ea55112e2a\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\version.txt -> Deleted
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_c72a8f5adc414236821593ea55112e2a\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20 -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_c72a8f5adc414236821593ea55112e2a\C\Program Files (x86)\Norton PC Checkup\Engine -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_c72a8f5adc414236821593ea55112e2a\C\Program Files (x86)\Norton PC Checkup -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_c72a8f5adc414236821593ea55112e2a\C\Program Files (x86) -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_c72a8f5adc414236821593ea55112e2a\C -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_c72a8f5adc414236821593ea55112e2a -> Removed at reboot [91]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_c72a8f5adc414236821593ea55112e2a.tfc -> Deleted
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup -> Removed at reboot [91]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Cache\tificps.symantec.com\config.tfc -> Deleted
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Cache\tificps.symantec.com\config.tfi -> Deleted
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Cache\tificps.symantec.com\English\config.tfc -> Deleted
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Cache\tificps.symantec.com\English\config.tfi -> Deleted
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Cache\tificps.symantec.com\English -> Deleted
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Cache\tificps.symantec.com\Log.txt -> Deleted
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Cache\tificps.symantec.com -> Deleted
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Cache -> Deleted
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Client.log -> Deleted
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Download\_tificps.symantec.com%3A80\ts-0-1291348.vbs -> Deleted
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Download\_tificps.symantec.com%3A80 -> Deleted
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Download -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9250315AS +++++
--- User ---
[MBR] a32c698fd3b2a4486ac2bcfd6cbfe899
[BSP] b9818e7a885bcd3eec8b6b3757018fc4 : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 227813 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 469635072 | Size: 9161 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: Hoov on June 23, 2017, 07:03:31 PM
Go back into msconfig and the task manager and set everything to start normally again, reboot and tell me how it is going.
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: millermaster on June 24, 2017, 11:04:53 AM
I went ahead and changed the settings to start normal, rebooted, verified and everything was normal. I rebooted twice more and the second reboot took twice as long so I checked msconfig to see that the settings were back to selective startup. I changed this back, rebooted ten times and it is normal now. I updated Security Essentials. Removed a couple of programs, tried Firefox and even though it is not fast, I am now able to get it to go without having to reboot.
 
After that I ran RogueKiller again and was surprised to find this:
 
RogueKiller V12.11.3.0 (x64) [Jun 19 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : user1 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 06/24/2017 06:50:31 (Duration : 01:33:36)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] a32c698fd3b2a4486ac2bcfd6cbfe899
[BSP] b9818e7a885bcd3eec8b6b3757018fc4 : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 227813 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 469635072 | Size: 9161 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: Hoov on June 24, 2017, 09:55:12 PM
That file could be a left over from some sort of one click support. I would not worry about it. Run your computer for a day and let me know if you are having any problems with it.
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: millermaster on June 25, 2017, 03:33:20 AM
It is still slow to respond especially after it first boots up. It truly is a lot better than before. When I mean slow, I do not only mean the startup and Firefox to start but while I am typing this, there are times where the screen is two or three words behind my typing. Not always and every word. And I am not fast to type - only use 2 fingers to type.
 
This morning while it was starting up Java Auto Updater and Real Player wanted to install updates. Are these programs still needed? I checked my PC and both are no longer installed there. Maybe they are hidden? This brings up two other questions. a) Would you perhaps be able which programs on this laptop I do not really need any more and b) how can I tell or better yet stop programs to automatically check for updates every time the laptop starts up since I am now thinking that this may have something to do with the slowness of this laptop?
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: Hoov on June 25, 2017, 07:07:37 AM
You may have things that are trying to update. If you have uninstalled them, then you need to look in the task scheduler. To start it,
Click the Start button, Click Control Panel, Click System and Maintenance, Click Administrative Tools, Double-click Task Scheduler. Now you will need to go thru all the different categories and either delete or disable the tasks.

But before you do that, I would like you to run Speccy. You can download it at https://www.piriform.com/speccy Once you have downloaded it install it and then run it. If you look in the lower left hand corner you will be able to see when the scan is done. When it is done, click on File and then click on Save Snapshot. Save it to your desktop. DO NOT UPLOAD IT HERE. I am sending you a link to where you can upload it. You should be getting a PM shortly.

I want you to run this when the computer seems to be bogged down the most.
Title: Re: [In Progress] beyond slow laptop, MBAM found
Post by: millermaster on July 11, 2017, 08:56:46 AM
Hoov, it's been a while. I ran Speccy and filled out the form a couple of days ago. I looked into the task scheduler but am a bit overwhelmed there. Plus you said to wait - so I will wait  :)1