Author Topic: [In Progress] beyond slow laptop, MBAM found  (Read 1870 times)

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27136
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #30 on: June 23, 2017, 05:35:03 PM »
You have the link in your PM.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline millermaster

  • Bronze Member
  • Posts: 90
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #31 on: June 23, 2017, 06:44:06 PM »
This worked much better. The RKreport.txt did not generate so I copy the text direct from the program:

RogueKiller V12.11.3.0 (x64) [Jun 19 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : user1 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 06/23/2017 18:47:23 (Duration : 00:33:09)
Switches : -refid

Processes : 0

Registry : 8
[PUP.BestBuy] (X64) HKEY_LOCAL_MACHINE\Software\Best Buy -> Found
[PUP.BestBuy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Best Buy pc app -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Found

Tasks : 0

Files : 3
[Suspicious.Path][File] C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [LNK@] C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" -> Found
[PUP.Tific][Folder] C:\Users\user1\AppData\Roaming\Tific -> Found
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific -> Found

WMI : 0

Hosts File : 0

Antirootkit : 0 (Driver: Loaded)

Web browsers : 0

MBR Check :
+++++ PhysicalDrive0: ST9250315AS +++++
--- User ---
[MBR] a32c698fd3b2a4486ac2bcfd6cbfe899
[BSP] b9818e7a885bcd3eec8b6b3757018fc4 : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 227813 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 469635072 | Size: 9161 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK



RogueKiller V12.11.3.0 (x64) [Jun 19 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : user1 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 06/23/2017 18:47:23 (Duration : 00:33:09)
Switches : -refid

Processes : 0

Registry : 8
[PUP.BestBuy] (X64) HKEY_LOCAL_MACHINE\Software\Best Buy -> Deleted
[PUP.BestBuy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Best Buy pc app -> Deleted
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Replaced (1)

Tasks : 0

Files : 3
[Suspicious.Path][File] C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [LNK@] C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" -> Deleted
[PUP.Tific][Folder] C:\Users\user1\AppData\Roaming\Tific -> Deleted
[PUP.Tific][File] C:\Users\user1\AppData\Roaming\Tific\Environment.tfc -> Deleted
[PUP.Tific][File] C:\Users\user1\AppData\Roaming\Tific\tificps.symantec.com.tfc -> Deleted
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific -> Removed at reboot [91]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\config\170\Config.swf -> Deleted
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\config\170 -> Deleted
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\config -> Deleted
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\content\170\Resources_en_AU.swf -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\content\170\Resources_en_CA.swf -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\content\170\Resources_en_IE.swf -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\content\170\Resources_en_NZ.swf -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\content\170\Resources_en_UK.swf -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\content\170\Resources_en_US.swf -> Removed at reboot [5]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\content\170 -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\content -> Removed at reboot [91]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\hsplayer.dll -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\InstallHelper.exe -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\Norton PC Checkup.exe -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\OemStop.exe -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\Resource.dll -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\.CLT2010.exe -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\.CLT2011.exe -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\ccL100U.dll -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\ccL90U.dll -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\legacy\ccL80U.dll -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\legacy\msvcm80.dll -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\legacy\msvcp80.dll -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\legacy\msvcr80.dll -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\legacy\SymClgX.dll -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\legacy\symNPD.exe -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\legacy\symNPDScan.dll -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\legacy\SymXPep2.dll -> Removed at reboot [5]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\legacy -> Removed at reboot [91]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\libeay32.dll -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\Microsoft.VC90.CRT\msvcm90.dll -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\Microsoft.VC90.CRT\msvcp90.dll -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\Microsoft.VC90.CRT\msvcr90.dll -> Removed at reboot [5]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\Microsoft.VC90.CRT -> Removed at reboot [91]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\SymNSPDetector.exe -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\symNSPDetector3PP.xml.enc -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd\SymNSPScanner.exe -> Removed at reboot [5]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\npd -> Removed at reboot [91]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\nss\OEMScanner.exe -> Removed at reboot [5]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners\nss -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\scanners -> Removed at reboot [91]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\ScheduleWinExe.exe -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\styles\170\en\img\protectionBackground.png -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\styles\170\en\img\virusBackground.png -> Removed at reboot [5]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\styles\170\en\img -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\styles\170\en -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\styles\170 -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\styles -> Removed at reboot [91]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\SymcPCCULaunchSvc.exe -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\SymcPCCUMigration.exe -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\TestWorker.dll -> Removed at reboot [5]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\version.txt -> Deleted
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20 -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup\Engine -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86)\Norton PC Checkup -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C\Program Files (x86) -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca\C -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca -> Removed at reboot [91]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_b9ad3abd4058428ebc0cb65b01ee33ca.tfc -> Deleted
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_c72a8f5adc414236821593ea55112e2a\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\config\170\Config.swf -> Removed at reboot [5]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_c72a8f5adc414236821593ea55112e2a\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\config\170 -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_c72a8f5adc414236821593ea55112e2a\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\config -> Removed at reboot [91]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_c72a8f5adc414236821593ea55112e2a\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\version.txt -> Deleted
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_c72a8f5adc414236821593ea55112e2a\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20 -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_c72a8f5adc414236821593ea55112e2a\C\Program Files (x86)\Norton PC Checkup\Engine -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_c72a8f5adc414236821593ea55112e2a\C\Program Files (x86)\Norton PC Checkup -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_c72a8f5adc414236821593ea55112e2a\C\Program Files (x86) -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_c72a8f5adc414236821593ea55112e2a\C -> Removed at reboot [91]
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_c72a8f5adc414236821593ea55112e2a -> Removed at reboot [91]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Backup\Install_DLM_File_c72a8f5adc414236821593ea55112e2a.tfc -> Deleted
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Backup -> Removed at reboot [91]
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Cache\tificps.symantec.com\config.tfc -> Deleted
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Cache\tificps.symantec.com\config.tfi -> Deleted
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Cache\tificps.symantec.com\English\config.tfc -> Deleted
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Cache\tificps.symantec.com\English\config.tfi -> Deleted
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Cache\tificps.symantec.com\English -> Deleted
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Cache\tificps.symantec.com\Log.txt -> Deleted
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Cache\tificps.symantec.com -> Deleted
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Cache -> Deleted
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Client.log -> Deleted
[PUP.Tific][File] C:\Users\user1\AppData\Local\Tific\Download\_tificps.symantec.com%3A80\ts-0-1291348.vbs -> Deleted
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Download\_tificps.symantec.com%3A80 -> Deleted
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific\Download -> Deleted

WMI : 0

Hosts File : 0

Antirootkit : 0 (Driver: Loaded)

Web browsers : 0

MBR Check :
+++++ PhysicalDrive0: ST9250315AS +++++
--- User ---
[MBR] a32c698fd3b2a4486ac2bcfd6cbfe899
[BSP] b9818e7a885bcd3eec8b6b3757018fc4 : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 227813 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 469635072 | Size: 9161 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27136
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #32 on: June 23, 2017, 07:03:31 PM »
Go back into msconfig and the task manager and set everything to start normally again, reboot and tell me how it is going.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline millermaster

  • Bronze Member
  • Posts: 90
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #33 on: June 24, 2017, 11:04:53 AM »
I went ahead and changed the settings to start normal, rebooted, verified and everything was normal. I rebooted twice more and the second reboot took twice as long so I checked msconfig to see that the settings were back to selective startup. I changed this back, rebooted ten times and it is normal now. I updated Security Essentials. Removed a couple of programs, tried Firefox and even though it is not fast, I am now able to get it to go without having to reboot.
 
After that I ran RogueKiller again and was surprised to find this:
 
RogueKiller V12.11.3.0 (x64) [Jun 19 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : user1 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 06/24/2017 06:50:31 (Duration : 01:33:36)

Processes : 0

Registry : 0

Tasks : 0

Files : 1
[PUP.Tific][Folder] C:\Users\user1\AppData\Local\Tific -> Found

WMI : 0

Hosts File : 0

Antirootkit : 0 (Driver: Loaded)

Web browsers : 0

MBR Check :
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] a32c698fd3b2a4486ac2bcfd6cbfe899
[BSP] b9818e7a885bcd3eec8b6b3757018fc4 : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 227813 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 469635072 | Size: 9161 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27136
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #34 on: June 24, 2017, 09:55:12 PM »
That file could be a left over from some sort of one click support. I would not worry about it. Run your computer for a day and let me know if you are having any problems with it.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline millermaster

  • Bronze Member
  • Posts: 90
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #35 on: June 25, 2017, 03:33:20 AM »
It is still slow to respond especially after it first boots up. It truly is a lot better than before. When I mean slow, I do not only mean the startup and Firefox to start but while I am typing this, there are times where the screen is two or three words behind my typing. Not always and every word. And I am not fast to type - only use 2 fingers to type.
 
This morning while it was starting up Java Auto Updater and Real Player wanted to install updates. Are these programs still needed? I checked my PC and both are no longer installed there. Maybe they are hidden? This brings up two other questions. a) Would you perhaps be able which programs on this laptop I do not really need any more and b) how can I tell or better yet stop programs to automatically check for updates every time the laptop starts up since I am now thinking that this may have something to do with the slowness of this laptop?

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27136
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #36 on: June 25, 2017, 07:07:37 AM »
You may have things that are trying to update. If you have uninstalled them, then you need to look in the task scheduler. To start it,
Click the Start button, Click Control Panel, Click System and Maintenance, Click Administrative Tools, Double-click Task Scheduler. Now you will need to go thru all the different categories and either delete or disable the tasks.

But before you do that, I would like you to run Speccy. You can download it at https://www.piriform.com/speccy Once you have downloaded it install it and then run it. If you look in the lower left hand corner you will be able to see when the scan is done. When it is done, click on File and then click on Save Snapshot. Save it to your desktop. DO NOT UPLOAD IT HERE. I am sending you a link to where you can upload it. You should be getting a PM shortly.

I want you to run this when the computer seems to be bogged down the most.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline millermaster

  • Bronze Member
  • Posts: 90
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #37 on: July 11, 2017, 08:56:46 AM »
Hoov, it's been a while. I ran Speccy and filled out the form a couple of days ago. I looked into the task scheduler but am a bit overwhelmed there. Plus you said to wait - so I will wait  :)1