Jump to content


Photo

laptop lighting up light a christmas tree upon startup and browsing


  • This topic is locked This topic is locked
11 replies to this topic

#1 digitallive

digitallive

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 02 June 2017 - 08:58 PM

when i turn on the laptop i get several alleged "anti" spyware programs that start scanning. internet browsing is impossible.

 

attached are requested logs. any help greatly appreciated. this is the girlfriends computer. usually i can figure these things out with a few spyware/malware removal programs but i'm at a loss with this one. in way over my head.

 

I tried to attach the malwarebytes log and it said the file was to big to upload so here's a copy/paste. sorry!

 

EDIT

 

below are c/p of the requested logs, attached are the text files as well. my apologies for not c/p them at first

 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/2/17
Scan Time: 9:48 PM
Log File: malwarebytes.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.139
Update Package Version: 1.0.2076
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: JuliesComputer\Julie

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 361408
Threats Detected: 1060
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 14 min, 49 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 309
PUP.Optional.Yontoo, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME, No Action By User, [52], [-1],0.0.0
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME, No Action By User, [52], [-1],0.0.0
PUP.Optional.MindSpark, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\FROMDOCTOPDF_65SERVICE, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\CLSID\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\CLSID\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}\InprocServer32, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}\InprocServer32, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.SETTINGSPLUGIN, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.SETTINGSPLUGIN.1, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{36B445BF-1B84-466A-A623-A360A8CFF8C3}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{463A3C2B-3B87-4FAD-A9A6-CD1B93ED836C}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{4AD8E6E4-3DFE-458D-845D-55F516C7C3B0}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{C7879E06-4C3F-4061-B619-7CFD072E4F26}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{DAAD8A57-6BD6-48D0-9034-093AD607C39A}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{36B445BF-1B84-466A-A623-A360A8CFF8C3}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{463A3C2B-3B87-4FAD-A9A6-CD1B93ED836C}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4AD8E6E4-3DFE-458D-845D-55F516C7C3B0}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C7879E06-4C3F-4061-B619-7CFD072E4F26}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{DAAD8A57-6BD6-48D0-9034-093AD607C39A}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{36B445BF-1B84-466A-A623-A360A8CFF8C3}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{463A3C2B-3B87-4FAD-A9A6-CD1B93ED836C}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4AD8E6E4-3DFE-458D-845D-55F516C7C3B0}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C7879E06-4C3F-4061-B619-7CFD072E4F26}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DAAD8A57-6BD6-48D0-9034-093AD607C39A}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}\InprocServer32, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}\InprocServer32, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}\InprocServer32, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}\InprocServer32, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FROMDOCTOPDF_65BAR UNINSTALL INTERNET EXPLORER, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\CLSID\{F236CA79-3123-4AFB-9F74-E98117AD5625}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F236CA79-3123-4AFB-9F74-E98117AD5625}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F236CA79-3123-4AFB-9F74-E98117AD5625}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F236CA79-3123-4AFB-9F74-E98117AD5625}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F236CA79-3123-4AFB-9F74-E98117AD5625}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F236CA79-3123-4AFB-9F74-E98117AD5625}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\CLSID\{F236CA79-3123-4AFB-9F74-E98117AD5625}\InprocServer32, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F236CA79-3123-4AFB-9F74-E98117AD5625}\InprocServer32, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F236CA79-3123-4AFB-9F74-E98117AD5625}\InprocServer32, No Action By User, [274], [312773],1.0.2076
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{149622B2-F1C5-492D-BFDF-8E5ED85854A0}, No Action By User, [961], [335820],1.0.2076
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{149622B2-F1C5-492D-BFDF-8E5ED85854A0}, No Action By User, [961], [335820],1.0.2076
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\APPID\{149622B2-F1C5-492D-BFDF-8E5ED85854A0}, No Action By User, [961], [335820],1.0.2076
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\TYPELIB\{95F57E4A-1FFA-4814-9AEC-34D22DF3D8FA}, No Action By User, [961], [335828],1.0.2076
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{95F57E4A-1FFA-4814-9AEC-34D22DF3D8FA}, No Action By User, [961], [335828],1.0.2076
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{95F57E4A-1FFA-4814-9AEC-34D22DF3D8FA}, No Action By User, [961], [335828],1.0.2076
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\TYPELIB\{A5FF3EB5-BF62-4D59-84DF-DC518E46FCB3}, No Action By User, [961], [335824],1.0.2076
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A5FF3EB5-BF62-4D59-84DF-DC518E46FCB3}, No Action By User, [961], [335824],1.0.2076
PUP.Optional.DriverUpdate, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SLIMSERVICE, No Action By User, [961], [335824],1.0.2076
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{A5FF3EB5-BF62-4D59-84DF-DC518E46FCB3}, No Action By User, [961], [335824],1.0.2076
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{99415057-7C50-439D-AA20-02D83C071B61}, No Action By User, [52], [160140],1.0.2076
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{99415057-7C50-439D-AA20-02D83C071B61}, No Action By User, [52], [160140],1.0.2076
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}, No Action By User, [205], [169108],1.0.2076
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}, No Action By User, [205], [169108],1.0.2076
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\APPID\{1BD47D21-01F4-4538-9290-39FD569A0F24}, No Action By User, [961], [335822],1.0.2076
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{1BD47D21-01F4-4538-9290-39FD569A0F24}, No Action By User, [961], [335822],1.0.2076
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{1BD47D21-01F4-4538-9290-39FD569A0F24}, No Action By User, [961], [335822],1.0.2076
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, No Action By User, [52], [160141],1.0.2076
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, No Action By User, [52], [160141],1.0.2076
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\CLSID\{959D527D-6C27-4879-A644-065526D6969C}, No Action By User, [961], [335833],1.0.2076
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\CLSID\{6DC6EE87-F3BB-40EB-BCEE-12F7D6E3EEDF}, No Action By User, [961], [335836],1.0.2076
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\CLSID\{BAF87BD0-A924-4108-AFA5-A5FA720A2E86}, No Action By User, [961], [335831],1.0.2076
PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, No Action By User, [100], [-1],0.0.0
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{AE84501A-2CB6-41D6-B3A7-9679BDBDFA0B}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.TOOLBARPROTECTOR, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.TOOLBARPROTECTOR.1, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{AE84501A-2CB6-41D6-B3A7-9679BDBDFA0B}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{9CB19259-5D60-49A7-8AF7-2B7CAF36C124}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{A7C6FA4E-F2A1-4D4B-90CB-2757143E7AAB}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{F39D8ED3-A6F6-427F-8AF8-BC9784FA70D8}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9CB19259-5D60-49A7-8AF7-2B7CAF36C124}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A7C6FA4E-F2A1-4D4B-90CB-2757143E7AAB}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F39D8ED3-A6F6-427F-8AF8-BC9784FA70D8}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9CB19259-5D60-49A7-8AF7-2B7CAF36C124}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A7C6FA4E-F2A1-4D4B-90CB-2757143E7AAB}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F39D8ED3-A6F6-427F-8AF8-BC9784FA70D8}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{AE84501A-2CB6-41D6-B3A7-9679BDBDFA0B}\InprocServer32, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{AE84501A-2CB6-41D6-B3A7-9679BDBDFA0B}\InprocServer32, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{AFA196F4-80E5-47AD-B7BC-C671487D36FB}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{37E2C8D2-3EF0-46D4-AD11-A8DA53942034}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{CF9608AD-4ECF-4A16-B122-B374299DE7B5}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{F05D47B2-7C9F-401D-A083-3AA4A4711F4F}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{37E2C8D2-3EF0-46D4-AD11-A8DA53942034}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{CF9608AD-4ECF-4A16-B122-B374299DE7B5}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F05D47B2-7C9F-401D-A083-3AA4A4711F4F}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{37E2C8D2-3EF0-46D4-AD11-A8DA53942034}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CF9608AD-4ECF-4A16-B122-B374299DE7B5}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F05D47B2-7C9F-401D-A083-3AA4A4711F4F}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{AFA196F4-80E5-47AD-B7BC-C671487D36FB}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{AFA196F4-80E5-47AD-B7BC-C671487D36FB}\InprocServer32, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{AFA196F4-80E5-47AD-B7BC-C671487D36FB}\InprocServer32, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{72D05120-DF65-4C27-921E-899B5267FEF2}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{2C9D27D8-C81E-4968-8026-E725E01650C1}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{A1F3E70D-04BA-47FB-ACCA-CC8FCFA74D41}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A1F3E70D-04BA-47FB-ACCA-CC8FCFA74D41}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A1F3E70D-04BA-47FB-ACCA-CC8FCFA74D41}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{2C9D27D8-C81E-4968-8026-E725E01650C1}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{2C9D27D8-C81E-4968-8026-E725E01650C1}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{72D05120-DF65-4C27-921E-899B5267FEF2}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{72D05120-DF65-4C27-921E-899B5267FEF2}\InprocServer32, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{72D05120-DF65-4C27-921E-899B5267FEF2}\InprocServer32, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CD1D181E-C654-4CA5-9D09-B3648537FD7D}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.FEEDMANAGER, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.FEEDMANAGER.1, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CD1D181E-C654-4CA5-9D09-B3648537FD7D}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{62D88F68-AC05-4FBF-AC16-E76B3B7B6531}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{E70DAE92-1A31-4AB8-9FCF-52FBDA0CC66A}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{62D88F68-AC05-4FBF-AC16-E76B3B7B6531}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E70DAE92-1A31-4AB8-9FCF-52FBDA0CC66A}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{62D88F68-AC05-4FBF-AC16-E76B3B7B6531}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E70DAE92-1A31-4AB8-9FCF-52FBDA0CC66A}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CD1D181E-C654-4CA5-9D09-B3648537FD7D}\InprocServer32, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CD1D181E-C654-4CA5-9D09-B3648537FD7D}\InprocServer32, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.HTMLMENU, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.HTMLMENU.1, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}\InprocServer32, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}\InprocServer32, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4FFA72EC-9FD9-4B2B-92A5-68B60885FD8A}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{840AE8AE-D547-433E-985C-6BF6C74F5084}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{A9141680-DC75-4DD7-B86D-9CC2A83DCB9B}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC65C7F9-115F-42A6-BC49-BF7A60A5314E}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A9141680-DC75-4DD7-B86D-9CC2A83DCB9B}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FC65C7F9-115F-42A6-BC49-BF7A60A5314E}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A9141680-DC75-4DD7-B86D-9CC2A83DCB9B}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC65C7F9-115F-42A6-BC49-BF7A60A5314E}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{840AE8AE-D547-433E-985C-6BF6C74F5084}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{840AE8AE-D547-433E-985C-6BF6C74F5084}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4FFA72EC-9FD9-4B2B-92A5-68B60885FD8A}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4FFA72EC-9FD9-4B2B-92A5-68B60885FD8A}\InprocServer32, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4FFA72EC-9FD9-4B2B-92A5-68B60885FD8A}\InprocServer32, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{017D68F2-19B3-41AE-9D8A-8B09DBD25479}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.MULTIPLEBUTTON, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.MULTIPLEBUTTON.1, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{017D68F2-19B3-41AE-9D8A-8B09DBD25479}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{017D68F2-19B3-41AE-9D8A-8B09DBD25479}\InprocServer32, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{017D68F2-19B3-41AE-9D8A-8B09DBD25479}\InprocServer32, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3700B685-D795-4E17-9B78-73BCEE5D4086}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.SCRIPTBUTTON, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.SCRIPTBUTTON.1, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3700B685-D795-4E17-9B78-73BCEE5D4086}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3700B685-D795-4E17-9B78-73BCEE5D4086}\InprocServer32, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3700B685-D795-4E17-9B78-73BCEE5D4086}\InprocServer32, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3E6260AC-BC6F-44B4-942B-1568C367543A}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{1747AE4D-0A83-4336-84D4-48500BF1554F}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{314D051A-F3B4-4B7A-AAB4-1122FB82A0B5}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{316A2A46-F832-49B3-95E0-D460BD88D6B4}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{C64B02A7-77F8-4EC9-B2C3-78EBBFFC00EE}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{F4F94932-9CDB-45F4-BD4A-C77B5074D353}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{314D051A-F3B4-4B7A-AAB4-1122FB82A0B5}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{316A2A46-F832-49B3-95E0-D460BD88D6B4}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C64B02A7-77F8-4EC9-B2C3-78EBBFFC00EE}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F4F94932-9CDB-45F4-BD4A-C77B5074D353}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{314D051A-F3B4-4B7A-AAB4-1122FB82A0B5}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{316A2A46-F832-49B3-95E0-D460BD88D6B4}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C64B02A7-77F8-4EC9-B2C3-78EBBFFC00EE}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F4F94932-9CDB-45F4-BD4A-C77B5074D353}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1747AE4D-0A83-4336-84D4-48500BF1554F}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1747AE4D-0A83-4336-84D4-48500BF1554F}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3E6260AC-BC6F-44B4-942B-1568C367543A}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3E6260AC-BC6F-44B4-942B-1568C367543A}\InprocServer32, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.PSEUDOTRANSPARENTPLUGIN, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.PSEUDOTRANSPARENTPLUGIN.1, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}\InprocServer32, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}\InprocServer32, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3E6260AC-BC6F-44B4-942B-1568C367543A}\InprocServer32, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}\InprocServer32, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}\InprocServer32, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2BD4465D-669A-42E6-B449-636B0B10EBB8}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.THIRDPARTYINSTALLER, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.THIRDPARTYINSTALLER.1, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2BD4465D-669A-42E6-B449-636B0B10EBB8}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{6467B28C-D408-4066-8B26-056335875D3D}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{E1DA9C58-A56C-4F9E-A9DD-32BCF8CCC98B}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6467B28C-D408-4066-8B26-056335875D3D}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E1DA9C58-A56C-4F9E-A9DD-32BCF8CCC98B}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6467B28C-D408-4066-8B26-056335875D3D}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E1DA9C58-A56C-4F9E-A9DD-32BCF8CCC98B}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2BD4465D-669A-42E6-B449-636B0B10EBB8}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{2BD4465D-669A-42E6-B449-636B0B10EBB8}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2BD4465D-669A-42E6-B449-636B0B10EBB8}\InprocServer32, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2BD4465D-669A-42E6-B449-636B0B10EBB8}\InprocServer32, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.HTMLPANEL, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.HTMLPANEL.1, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{777CEBBF-A763-42BE-ABBF-FF264689666B}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{87509D74-1F24-4B10-A14E-0AACF713CE14}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{777CEBBF-A763-42BE-ABBF-FF264689666B}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{87509D74-1F24-4B10-A14E-0AACF713CE14}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{777CEBBF-A763-42BE-ABBF-FF264689666B}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{87509D74-1F24-4B10-A14E-0AACF713CE14}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}\InprocServer32, No Action By User, [274], [178264],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}\InprocServer32, No Action By User, [274], [178264],1.0.2076
PUP.Optional.InstantSupport, HKLM\SOFTWARE\CLASSES\CLSID\{480ED1A4-0C5C-43BA-AD0E-A9CEA7A51A5E}, No Action By User, [9251], [246484],1.0.2076
PUP.Optional.InstantSupport, HKLM\SOFTWARE\CLASSES\CLSID\{480ED1A4-0C5C-43BA-AD0E-A9CEA7A51A5E}\InprocServer32, No Action By User, [9251], [246484],1.0.2076
PUP.Optional.PCAcceleratePro, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PCACCELERATEPRO, No Action By User, [1033], [181158],1.0.2076
PUP.Optional.SystemHealer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SYSTEMHEALER, No Action By User, [980], [182463],1.0.2076
PUP.Optional.BubbleDock, HKU\S-1-5-21-517651220-3426787782-2425582286-1001_Classes\BUBBLEDOCK, No Action By User, [3682], [254671],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{36B445BF-1B84-466A-A623-A360A8CFF8C3}, No Action By User, [274], [240755],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}, No Action By User, [274], [240755],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A3B975A0-F679-444E-9D94-6D292FA53140}, No Action By User, [274], [240755],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E1035F55-4C0C-4EFC-9AAE-38F421FCE726}, No Action By User, [274], [240755],1.0.2076
PUP.Optional.SuperOptimizer, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, No Action By User, [2621], [243667],1.0.2076
PUP.Optional.ConsumerInput, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\COMPETE, No Action By User, [205], [253738],1.0.2076
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\WOW6432NODE\SLIMWARE UTILITIES INC\SLIMCLEANER PLUS, No Action By User, [791], [338932],1.0.2076
PUP.Optional.ASK, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}, No Action By User, [523], [245525],1.0.2076
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}, No Action By User, [523], [245525],1.0.2076
PUP.Optional.SuperOptimizer, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, No Action By User, [2621], [243667],1.0.2076
PUP.Optional.MindSpark, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\APPDATALOW\SOFTWARE\FROMDOCTOPDF_65, No Action By User, [274], [240467],1.0.2076
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, No Action By User, [28], [260247],1.0.2076
PUP.Optional.FindingDiscount, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FINDINGDISCOUNT, No Action By User, [12076], [255285],1.0.2076
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0B4D26F6-61A8-4463-99DD-5F2FE0400FA6}, No Action By User, [52], [246105],1.0.2076
PUP.Optional.Yontoo, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0B4D26F6-61A8-4463-99DD-5F2FE0400FA6}, No Action By User, [52], [246105],1.0.2076
PUP.Optional.MindSpark, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\FROMDOCTOPDF_65, No Action By User, [274], [240582],1.0.2076
PUP.Optional.InstantSupport, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\ISTAB, No Action By User, [9251], [254396],1.0.2076
PUP.Optional.Nosibay, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\NOSIBAY, No Action By User, [12328], [241241],1.0.2076
PUP.Optional.PCAcceleratePro, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\PCACCELERATEPRO, No Action By User, [1033], [251881],1.0.2076
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SEARCH AND KNOW, No Action By User, [52], [185823],1.0.2076
PUP.Optional.Wajam, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\WAJIENHANCE, No Action By User, [100], [244670],1.0.2076
PUP.Optional.FindingDiscount, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\WINDOWS DISCOUNT, No Action By User, [12076], [185303],1.0.2076
PUP.Optional.PCAcceleratePro, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\APTAB, No Action By User, [1033], [254525],1.0.2076
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{4EF60154}, No Action By User, [270], [240969],1.0.2076
PUP.Optional.SelectionTool, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\WTOOLS\SELECTION TOOLS, No Action By User, [12486], [242889],1.0.2076
PUP.Optional.SelectionTool, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\WTOOLS\SELECTION TOOLS TAG, No Action By User, [12486], [242889],1.0.2076
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{4DD8D474}, No Action By User, [270], [240969],1.0.2076
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, No Action By User, [15481], [252393],1.0.2076
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AF8298B3}, No Action By User, [28], [260250],1.0.2076
PUP.Optional.OptimizerPro, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\OPTIMIZER PRO, No Action By User, [815], [241445],1.0.2076
PUP.Optional.WindApp, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\STORE\WINDAPP, No Action By User, [15212], [244993],1.0.2076
PUP.Optional.WindApp, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\STORE\WINDAPP TAG, No Action By User, [15212], [244994],1.0.2076
PUP.Optional.Yontoo, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, No Action By User, [52], [246106],1.0.2076
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, No Action By User, [52], [246106],1.0.2076
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, No Action By User, [52], [246106],1.0.2076
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{26A08C0D-7DE4-49EF-8E3B-A2A587D3A63D}, No Action By User, [980], [258707],1.0.2076
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{30BFB4C5-765B-43C7-91C1-D2B229554B70}, No Action By User, [791], [334102],1.0.2076
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3BA8D022-2419-4038-8749-52E3DF0F86B8}, No Action By User, [980], [258707],1.0.2076
PUP.Optional.SelectionTool, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5096C761-B2CE-418C-9A2D-CACFC857D8AD}, No Action By User, [12486], [258295],1.0.2076
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5E035C52-BB45-4E21-8700-CF9FC9A92B3A}, No Action By User, [980], [258706],1.0.2076
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{65E55123-CCC7-4623-B9BB-75638FB65A09}, No Action By User, [980], [258706],1.0.2076
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9775ABC4-FA50-4582-8E8E-8C76770B8810}, No Action By User, [980], [258706],1.0.2076
PUP.Optional.Nosibay, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A534D337-5D5F-42C1-AC5E-5EC5149D476E}, No Action By User, [12328], [258209],1.0.2076
PUP.Optional.SelectionTools, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SELECTION TOOLS UPDATE, No Action By User, [14994], [242897],1.0.2076
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SLIMCLEANER PLUS (SCHEDULED SCAN - JULIE), No Action By User, [791], [334109],1.0.2076
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, No Action By User, [15481], [252393],1.0.2076
PUP.Optional.InstantSupport, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\INSTANTSUPPORT, No Action By User, [9251], [254395],1.0.2076
PUP.Optional.SystemHealer, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\SYSTEM HEALER, No Action By User, [980], [252826],1.0.2076
PUP.Optional.Wajam, HKLM\SOFTWARE\WAJANETEN, No Action By User, [100], [185150],1.0.2076
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SYSTEM HEALER TASK, No Action By User, [980], [252787],1.0.2076
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SYSTEM HEALERPERIOD, No Action By User, [980], [252787],1.0.2076
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, No Action By User, [28], [260247],1.0.2076
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SYSTEM HEALERSTARTUP, No Action By User, [980], [252787],1.0.2076
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SYSTEMHEALER MONITOR, No Action By User, [980], [252788],1.0.2076
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SYSTEMHEALER RUN DELAY, No Action By User, [980], [252788],1.0.2076
PUP.Optional.Nosibay, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WINDAPP UPDATE, No Action By User, [12328], [241242],1.0.2076
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\SlimWare Utilities, Inc.\SLIMCLEANER PLUS, No Action By User, [791], [391877],1.0.2076
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C5A62BD3-AF28-47C5-A5BD-5B0F92A94F5A}, No Action By User, [791], [335437],1.0.2076
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A61A2372-5EB0-425A-B979-A55620BE6954}, No Action By User, [52], [294118],1.0.2076
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\TYPELIB\{19EA6237-8729-4805-8059-4CE8668E323E}, No Action By User, [52], [294118],1.0.2076
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC72D179-08AA-4AD5-B932-69A324BA716A}, No Action By User, [52], [294118],1.0.2076
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FC72D179-08AA-4AD5-B932-69A324BA716A}, No Action By User, [52], [294118],1.0.2076
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC72D179-08AA-4AD5-B932-69A324BA716A}, No Action By User, [52], [294118],1.0.2076
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{19EA6237-8729-4805-8059-4CE8668E323E}, No Action By User, [52], [294118],1.0.2076
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{19EA6237-8729-4805-8059-4CE8668E323E}, No Action By User, [52], [294118],1.0.2076
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A61A2372-5EB0-425A-B979-A55620BE6954}, No Action By User, [52], [294118],1.0.2076
PUP.Optional.Yontoo, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A61A2372-5EB0-425A-B979-A55620BE6954}, No Action By User, [52], [294118],1.0.2076
PUP.Optional.Yontoo, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A61A2372-5EB0-425A-B979-A55620BE6954}, No Action By User, [52], [294118],1.0.2076
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A61A2372-5EB0-425A-B979-A55620BE6954}, No Action By User, [52], [294118],1.0.2076

Registry Value: 54
PUP.Optional.MindSpark, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}, No Action By User, [274], [312773],1.0.2076
PUP.Optional.PCAcceleratePro, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|PCACCELERATEPRO, No Action By User, [1033], [315966],1.0.2076
PUP.Optional.MindSpark, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{4C60E5AB-5C68-4C59-ABAA-885010B24B32}, No Action By User, [274], [170062],1.0.2076
PUP.Optional.SlimCleanerPlus, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SLIMCLEANER PLUS, No Action By User, [791], [331458],1.0.2076
PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [100], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [100], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, No Action By User, [100], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, No Action By User, [100], [-1],0.0.0
PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [100], [-1],0.0.0
PUP.Optional.InstantSupport, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|INSTANTSUPPORT, No Action By User, [9251], [246484],1.0.2076
PUP.Optional.BubbleDock, HKU\S-1-5-21-517651220-3426787782-2425582286-1001_Classes\BUBBLEDOCK|, No Action By User, [3682], [254671],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{36B445BF-1B84-466A-A623-A360A8CFF8C3}|APPPATH, No Action By User, [274], [240755],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}|APPPATH, No Action By User, [274], [240755],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A3B975A0-F679-444E-9D94-6D292FA53140}|APPPATH, No Action By User, [274], [240755],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}|APPPATH, No Action By User, [274], [240755],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E1035F55-4C0C-4EFC-9AAE-38F421FCE726}|APPPATH, No Action By User, [274], [240755],1.0.2076
PUP.Optional.PCAcceleratePro, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|PCACCELERATEPRO.EXE, No Action By User, [1033], [315965],1.0.2076
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|FROMDOCTOPDF EPM SUPPORT, No Action By User, [274], [235093],1.0.2076
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}|APPPATH, No Action By User, [205], [245885],1.0.2076
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}|DISPLAYNAME, No Action By User, [523], [245525],1.0.2076
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}|URL, No Action By User, [523], [245524],1.0.2076
PUP.Optional.PCAcceleratePro, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|PCACCELERATEPRO.EXE, No Action By User, [1033], [255023],1.0.2076
PUP.Optional.SelectionTools, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|SELECTION TOOLS.EXE, No Action By User, [14994], [255024],1.0.2076
PUP.Optional.Yontoo, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0B4D26F6-61A8-4463-99DD-5F2FE0400FA6}|URL, No Action By User, [52], [246105],1.0.2076
PUP.Optional.PCAcceleratePro, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\APTAB|HB, No Action By User, [1033], [254525],1.0.2076
PUP.Optional.Yontoo, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DONOTASKAGAIN, No Action By User, [52], [246380],1.0.2076
PUP.Optional.ASK, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}|DISPLAYNAME, No Action By User, [523], [245523],1.0.2076
PUP.Optional.ASK, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}|URL, No Action By User, [523], [245522],1.0.2076
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DISABLEAUTOUPDATECHECKSCHECKBOXVALUE, No Action By User, [15481], [252393],1.0.2076
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AF8298B3}|1, No Action By User, [28], [260250],1.0.2076
PUP.Optional.OptimizerPro, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\OPTIMIZER PRO|ADSBUYNOWURL, No Action By User, [815], [241445],1.0.2076
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}|APPPATH, No Action By User, [205], [245885],1.0.2076
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}|URL, No Action By User, [52], [246106],1.0.2076
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{26A08C0D-7DE4-49EF-8E3B-A2A587D3A63D}|PATH, No Action By User, [980], [258707],1.0.2076
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{30BFB4C5-765B-43C7-91C1-D2B229554B70}|PATH, No Action By User, [791], [334102],1.0.2076
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3BA8D022-2419-4038-8749-52E3DF0F86B8}|PATH, No Action By User, [980], [258707],1.0.2076
PUP.Optional.SelectionTool, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5096C761-B2CE-418C-9A2D-CACFC857D8AD}|PATH, No Action By User, [12486], [258295],1.0.2076
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5E035C52-BB45-4E21-8700-CF9FC9A92B3A}|PATH, No Action By User, [980], [258706],1.0.2076
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{65E55123-CCC7-4623-B9BB-75638FB65A09}|PATH, No Action By User, [980], [258706],1.0.2076
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9775ABC4-FA50-4582-8E8E-8C76770B8810}|PATH, No Action By User, [980], [258706],1.0.2076
PUP.Optional.Nosibay, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A534D337-5D5F-42C1-AC5E-5EC5149D476E}|PATH, No Action By User, [12328], [258209],1.0.2076
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DISABLEAUTOUPDATECHECKSCHECKBOXVALUE, No Action By User, [15481], [252393],1.0.2076
PUP.Optional.InstantSupport, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\INSTANTSUPPORT|ASSISTENT, No Action By User, [9251], [254395],1.0.2076
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{202e8060-75e9-4659-8b90-b3ba5fcb3025}|NAMESERVER, No Action By User, [6344], [260227],1.0.2076
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{5c3813a9-1ccf-4e20-9331-5f50bdef27df}|NAMESERVER, No Action By User, [6344], [260227],1.0.2076
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{b3da4eb1-12b0-4581-af63-882d3c8bbe7d}|NAMESERVER, No Action By User, [6344], [260227],1.0.2076
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{e117effa-92de-4db8-b800-ed2a836ab25b}|NAMESERVER, No Action By User, [6344], [260227],1.0.2076
PUP.Optional.SystemHealer, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\SYSTEM HEALER|HOMEPAGE, No Action By User, [980], [252826],1.0.2076
PUP.Optional.SystemHealer, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\SYSTEM HEALER|CARTURL, No Action By User, [980], [261796],1.0.2076
PUP.Optional.SystemHealer, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\SYSTEM HEALER|SUPPORTPAGE, No Action By User, [980], [252826],1.0.2076
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DONOTASKAGAIN, No Action By User, [52], [246561],1.0.2076
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C5A62BD3-AF28-47C5-A5BD-5B0F92A94F5A}|DISPLAYNAME, No Action By User, [791], [335437],1.0.2076
PUP.Optional.MindSpark, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\FROMDOCTOPDF_65SERVICE|IMAGEPATH, No Action By User, [274], [240828],1.0.2076

Registry Data: 15
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, No Action By User, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, No Action By User, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{202e8060-75e9-4659-8b90-b3ba5fcb3025}|NameServer, No Action By User, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{202e8060-75e9-4659-8b90-b3ba5fcb3025}|DhcpNameServer, No Action By User, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{350afb26-c1a7-11e6-944d-806e6f6e6963}|NameServer, No Action By User, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{5c3813a9-1ccf-4e20-9331-5f50bdef27df}|NameServer, No Action By User, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{5c3813a9-1ccf-4e20-9331-5f50bdef27df}|DhcpNameServer, No Action By User, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}|NameServer, No Action By User, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{b3da4eb1-12b0-4581-af63-882d3c8bbe7d}|NameServer, No Action By User, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{b3da4eb1-12b0-4581-af63-882d3c8bbe7d}|DhcpNameServer, No Action By User, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{e117effa-92de-4db8-b800-ed2a836ab25b}|NameServer, No Action By User, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{e117effa-92de-4db8-b800-ed2a836ab25b}|DhcpNameServer, No Action By User, [28], [-1],0.0.0
PUP.Optional.Yontoo, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, No Action By User, [52], [293262],1.0.2076
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, No Action By User, [52], [293257],1.0.2076
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NAMESERVER, No Action By User, [6344], [293494],1.0.2076

Data Stream: 0
(No malicious items detected)

Folder: 153
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\6370d72c-5085-1, No Action By User, [28], [182288],1.0.2076
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\6370d72c-5f47-1, No Action By User, [28], [182288],1.0.2076
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\6370d72c-6103-0, No Action By User, [28], [182288],1.0.2076
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\6370d72c-70c1-0, No Action By User, [28], [182288],1.0.2076
PUP.Optional.Yontoo, C:\ProgramData\745CB632-A3E1-4029-BE3C-A5DC7F8EE31D\plugins\7\resources, No Action By User, [52], [181524],1.0.2076
PUP.Optional.Yontoo, C:\ProgramData\745CB632-A3E1-4029-BE3C-A5DC7F8EE31D\plugincontainer, No Action By User, [52], [181524],1.0.2076
PUP.Optional.Yontoo, C:\ProgramData\745CB632-A3E1-4029-BE3C-A5DC7F8EE31D\plugins\2, No Action By User, [52], [181524],1.0.2076
PUP.Optional.Yontoo, C:\ProgramData\745CB632-A3E1-4029-BE3C-A5DC7F8EE31D\plugins\3, No Action By User, [52], [181524],1.0.2076
PUP.Optional.Yontoo, C:\ProgramData\745CB632-A3E1-4029-BE3C-A5DC7F8EE31D\plugins\5, No Action By User, [52], [181524],1.0.2076
PUP.Optional.Yontoo, C:\ProgramData\745CB632-A3E1-4029-BE3C-A5DC7F8EE31D\plugins\6, No Action By User, [52], [181524],1.0.2076
PUP.Optional.Yontoo, C:\ProgramData\745CB632-A3E1-4029-BE3C-A5DC7F8EE31D\plugins\7, No Action By User, [52], [181524],1.0.2076
PUP.Optional.Yontoo, C:\ProgramData\745CB632-A3E1-4029-BE3C-A5DC7F8EE31D\plugins\8, No Action By User, [52], [181524],1.0.2076
PUP.Optional.Yontoo, C:\ProgramData\745CB632-A3E1-4029-BE3C-A5DC7F8EE31D\plugins, No Action By User, [52], [181524],1.0.2076
PUP.Optional.Yontoo, C:\PROGRAMDATA\745CB632-A3E1-4029-BE3C-A5DC7F8EE31D, No Action By User, [52], [181524],1.0.2076
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\7d668565-0711-0, No Action By User, [28], [182288],1.0.2076
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\7d668565-0fd1-0, No Action By User, [28], [182288],1.0.2076
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\7d668565-27c1-1, No Action By User, [28], [182288],1.0.2076
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\7d668565-2dd1-1, No Action By User, [28], [182288],1.0.2076
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\7d668565-3523-0, No Action By User, [28], [182288],1.0.2076
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\7d668565-3991-1, No Action By Us

Attached Files


Edited by digitallive, 03 June 2017 - 06:46 AM.


#2 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,038 posts

Posted 04 June 2017 - 06:22 AM

Hello digitallive.
Welcome to SpywareInfo Forum.
I'm Android 8888 and I'll be helping you. Please ask questions if anything is unclear.

I will ask you to wait until I examine your logs and return with a prepared fix.

Thank you.

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#3 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,038 posts

Posted 04 June 2017 - 10:32 AM

Hello digitallive.

I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

Read all of my instructions very carefully and bear in mind that any mistakes during the cleaning process may have serious consequences such as leaving the computer unbootable.

Please DO NOT run any tools on your own or make any other changes to your computer and follow the directions in the order listed during the malware removal process, otherwise you can worsen the situation rather than solve it.

Make sure to run all tools from the computer's Desktop and with Administrator privileges (i.e. right-click the tool icon and select Run as administrator).

Please run one scan at a time.

Even if your computer appears to be running better, it may still be infected as some infections are difficult to remove and can leave remnants on the System. Therefore once started I strongly suggest you to complete the malware removal process.


I noticed that you have a malicious program installed on your system. I'll ask you to uninstall them since uninstalling such programs before running malware removal tools will ensure a better clean-up.
Wajam
If you have an issue when uninstalling this program, please let me know.


I see that your Google Chrome browser has been compromised.
Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.
Please let me know if you did this by yourself.



Next,

I can see in the log of the Malwarebytes scan that it found many threats but it did not take any action on them. Please follow the instructions below to run Malwarebytes again and quarantine all the threats it found. Then post the entire contents of its log for my review.

  • Open Malwarebytes;
  • On the left pane select Settings;
  • Select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both 'ON' and leave all other settings to default.
  • Go back to Dashboard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient.
  • When the scan completes if potential threats are detected, ensure to check-mark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
  • Please attach the log in your next reply.

 

 

Next,

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Press the Windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-517651220-3426787782-2425582286-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06022017224040268\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> OldSearch URL =
SearchScopes: HKLM-x32 -> {92A07574-BE7A-454A-8440-307FC4FD6F13} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-517651220-3426787782-2425582286-1001 -> DefaultScope {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKU\S-1-5-21-517651220-3426787782-2425582286-1001 -> {92A07574-BE7A-454A-8440-307FC4FD6F13} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-517651220-3426787782-2425582286-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06022017224040268 -> DefaultScope {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKU\S-1-5-21-517651220-3426787782-2425582286-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06022017224040268 -> {92A07574-BE7A-454A-8440-307FC4FD6F13} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
2017-06-02 08:22 - 2017-06-02 08:22 - 00004182 _____ C:\WINDOWS\System32\Tasks\{ADEBE7E6-1A40-504D-AE9D-F1057CEC0704}
2017-06-02 08:22 - 2017-06-02 08:22 - 00004182 _____ C:\WINDOWS\System32\Tasks\{22B48D7D-951F-3AD6-03D4-0EA461A60664}
2017-06-02 08:22 - 2017-06-02 08:22 - 00003882 _____ C:\WINDOWS\System32\Tasks\{179E8208-28F3-5714-1E3A-FBBB6F28AE23}
2017-06-02 08:22 - 2016-03-15 00:06 - 00000000 ____D C:\ProgramData\af8298b3
2017-05-10 21:33 - 2017-04-22 14:10 - 00003882 _____ C:\WINDOWS\System32\Tasks\{C5523BAD-0760-5C51-2DD7-70638755BD63}
2017-01-24 19:01 - 2017-01-24 19:02 - 44506760 _____ () C:\Users\Julie\AppData\Local\Temp\AmazonDriveSetupQ.exe
Task: {01B38775-A96D-4A0C-A3ED-F3677774CC40} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {0C2CD09E-BF14-419D-8D31-863FD7A7E1FA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {0DA80DEF-8452-4926-883F-DB4A6479FA01} - \{79040E47-7D7D-0409-7911-7E0E0C091104} -> No File <==== ATTENTION
Task: {202A4EAB-6645-4866-97F5-2406CEEF5079} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2DB53FF3-4469-4A53-BE2D-357F78BE65FB} - System32\Tasks\{179E8208-28F3-5714-1E3A-FBBB6F28AE23} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\af8298b3\d2aa3ca6.dll" <==== ATTENTION
Task: {2F12F947-83B4-4C87-A9FA-E5039F66CFB1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {43A87FD1-CCAD-49F3-B675-B83C609DCF97} - System32\Tasks\{ADEBE7E6-1A40-504D-AE9D-F1057CEC0704} => C:\ProgramData\{EEC61AE6-596D-AD4D-D4DB-0FDF648916F1}\79718388-CEDA-3423-5A41-16D8A73A4873.exe  <==== ATTENTION
Task: {54A19C71-7252-461F-A013-32EB5EACBC14} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {622E2B4E-51A0-496A-84E0-4D77FEECC44E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {6F24F304-25A2-4CF2-B1CA-6D6D900DD412} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {73719195-8FC0-4D1D-A736-B9E9BE1D375D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8808DBB6-7C3D-404B-BE82-7FADDECC9F3C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9E8C63EC-1F92-4F2F-A6C2-C0F0EA380B76} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {A8D93D2A-0F84-40CB-96D6-7FF64ACDDD20} - System32\Tasks\{22B48D7D-951F-3AD6-03D4-0EA461A60664} => C:\ProgramData\{F5A8198E-4203-AE25-72D1-58D611E827C9}\E1EB5F79-5640-E8D2-7920-1BC89D84A7C4.exe  <==== ATTENTION
Task: {A8E08AA7-4F2E-4BA6-A83B-2057D80C40EE} - System32\Tasks\{C5523BAD-0760-5C51-2DD7-70638755BD63} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\af8298b3\d2aa3ca6.dll" <==== ATTENTION
Task: {C08805D1-57D2-4E67-8ACE-FFBA34BD547F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CE5DD8AA-3502-4FE3-AD40-084DA8406E68} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D8EC6DC1-3392-40F4-8908-76C4DE6AA0E1} - \WPD\SqmUpload_S-1-5-21-517651220-3426787782-2425582286-1001 -> No File <==== ATTENTION
Task: {DBF04562-673A-4D25-A3B9-58E12223660C} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {E2067A4A-A21A-42B7-898B-28A34FF35689} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
HKU\S-1-5-21-517651220-3426787782-2425582286-1001\...\StartupApproved\Run: => "SlimCleaner Plus"
HKU\S-1-5-21-517651220-3426787782-2425582286-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06022017224040268\...\StartupApproved\Run: => "SlimCleaner Plus"
C:\PROGRA~3\af8298b3\d2aa3ca6.dll
C:\ProgramData\{EEC61AE6-596D-AD4D-D4DB-0FDF648916F1}\79718388-CEDA-3423-5A41-16D8A73A4873.exe
C:\ProgramData\{EEC61AE6-596D-AD4D-D4DB-0FDF648916F1}
C:\ProgramData\{F5A8198E-4203-AE25-72D1-58D611E827C9}\E1EB5F79-5640-E8D2-7920-1BC89D84A7C4.exe
C:\ProgramData\{F5A8198E-4203-AE25-72D1-58D611E827C9}
End

Save the file as fixlist.txt in to the same folder as FRST64.
Right-click the FRST64 icon and select Run as administrator to run the tool.
Click the Fix button only once and wait.
When finished FRST will generate a log on the Desktop (fixlog.txt). Please post it to your reply.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
 
 
 
Next,

Please download Junkware Removal Tool and save it to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Right-click on the icon and select Run as administrator.
  • The tool will open and check for updates. You will see the Disclaimer.
  • Press any key to continue and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your next reply.

 

 

Next,

Please download AdwCleaner and save it to your computer's Desktop.

  • Close all open programs and internet browsers.
  • Double-click on the icon to start the tool.
  • Click Yes to accept any security warnings that may appear.
  • Click I Agree on the disclaimer to accept the Terms of Use.
  • Click the Scan button to start the scan and wait for the process to complete.
  • Click the Logfile button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button and follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file in your next reply.
  • You can find the log file at C:\AdwCleaner[Cn].txt (n is a number, the highest number is the most recent).

 

 

Next,

Please download Farbar Service Scanner by Farbar to your Desktop and double-click the file to run it.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center / Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

 

 

 

To summarize, in your next reply please include the entire contents of the following logs:
Malwarebytes quarantine log;
fixlog.txt;
JRT.txt log;
AdwCleaner clean log;
FSS.txt log.

Please note if the content of all logs is complete before validating your reply.

Let me know how is the computer running after completing the instructions above.

Thank you.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#4 digitallive

digitallive

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 09 June 2017 - 10:08 PM

when i tried to uninstall Waja, I got this error

 

c:/Program Files/WajaNetEn/12f73fe905c41e7eec2743e7fc51914f.exe'. Makee sure you typed the name correctly, and then try again.



#5 digitallive

digitallive

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 09 June 2017 - 10:40 PM

Malwarebytes scan after quaruntine

 

 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/9/17
Scan Time: 11:38 PM
Log File: malwarebytes-scanresults_afterquaruntined.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.139
Update Package Version: 1.0.2126
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: JuliesComputer\Julie

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 362371
Threats Detected: 1058
Threats Quarantined: 1058
Time Elapsed: 16 min, 27 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 310
PUP.Optional.MindSpark, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\FROMDOCTOPDF_65SERVICE, Delete-on-Reboot, [276], [312773],1.0.2126
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{149622B2-F1C5-492D-BFDF-8E5ED85854A0}, Delete-on-Reboot, [979], [335820],1.0.2126
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{149622B2-F1C5-492D-BFDF-8E5ED85854A0}, Delete-on-Reboot, [979], [335820],1.0.2126
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\APPID\{149622B2-F1C5-492D-BFDF-8E5ED85854A0}, Delete-on-Reboot, [979], [335820],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\CLSID\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}\InprocServer32, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}\InprocServer32, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.SETTINGSPLUGIN, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.SETTINGSPLUGIN.1, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{36B445BF-1B84-466A-A623-A360A8CFF8C3}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{463A3C2B-3B87-4FAD-A9A6-CD1B93ED836C}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{4AD8E6E4-3DFE-458D-845D-55F516C7C3B0}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{C7879E06-4C3F-4061-B619-7CFD072E4F26}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{DAAD8A57-6BD6-48D0-9034-093AD607C39A}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{36B445BF-1B84-466A-A623-A360A8CFF8C3}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{463A3C2B-3B87-4FAD-A9A6-CD1B93ED836C}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4AD8E6E4-3DFE-458D-845D-55F516C7C3B0}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C7879E06-4C3F-4061-B619-7CFD072E4F26}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{DAAD8A57-6BD6-48D0-9034-093AD607C39A}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{36B445BF-1B84-466A-A623-A360A8CFF8C3}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{463A3C2B-3B87-4FAD-A9A6-CD1B93ED836C}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4AD8E6E4-3DFE-458D-845D-55F516C7C3B0}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C7879E06-4C3F-4061-B619-7CFD072E4F26}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DAAD8A57-6BD6-48D0-9034-093AD607C39A}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}\InprocServer32, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}\InprocServer32, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}\InprocServer32, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}\InprocServer32, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FROMDOCTOPDF_65BAR UNINSTALL INTERNET EXPLORER, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\CLSID\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\TYPELIB\{95F57E4A-1FFA-4814-9AEC-34D22DF3D8FA}, Delete-on-Reboot, [979], [335828],1.0.2126
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{95F57E4A-1FFA-4814-9AEC-34D22DF3D8FA}, Delete-on-Reboot, [979], [335828],1.0.2126
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{95F57E4A-1FFA-4814-9AEC-34D22DF3D8FA}, Delete-on-Reboot, [979], [335828],1.0.2126
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\TYPELIB\{A5FF3EB5-BF62-4D59-84DF-DC518E46FCB3}, Delete-on-Reboot, [979], [335824],1.0.2126
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A5FF3EB5-BF62-4D59-84DF-DC518E46FCB3}, Delete-on-Reboot, [979], [335824],1.0.2126
PUP.Optional.DriverUpdate, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SLIMSERVICE, Delete-on-Reboot, [979], [335824],1.0.2126
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{A5FF3EB5-BF62-4D59-84DF-DC518E46FCB3}, Delete-on-Reboot, [979], [335824],1.0.2126
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\CLSID\{BAF87BD0-A924-4108-AFA5-A5FA720A2E86}, Delete-on-Reboot, [979], [335831],1.0.2126
PUP.Optional.MultiPlug, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME, Delete-on-Reboot, [272], [-1],0.0.0
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME, Delete-on-Reboot, [272], [-1],0.0.0
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\CLSID\{F236CA79-3123-4AFB-9F74-E98117AD5625}, Delete-on-Reboot, [276], [312773],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F236CA79-3123-4AFB-9F74-E98117AD5625}, Delete-on-Reboot, [276], [312773],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F236CA79-3123-4AFB-9F74-E98117AD5625}, Delete-on-Reboot, [276], [312773],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F236CA79-3123-4AFB-9F74-E98117AD5625}, Delete-on-Reboot, [276], [312773],1.0.2126
PUP.Optional.MindSpark, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F236CA79-3123-4AFB-9F74-E98117AD5625}, Delete-on-Reboot, [276], [312773],1.0.2126
PUP.Optional.MindSpark, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F236CA79-3123-4AFB-9F74-E98117AD5625}, Delete-on-Reboot, [276], [312773],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\CLSID\{F236CA79-3123-4AFB-9F74-E98117AD5625}\InprocServer32, Delete-on-Reboot, [276], [312773],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F236CA79-3123-4AFB-9F74-E98117AD5625}\InprocServer32, Delete-on-Reboot, [276], [312773],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F236CA79-3123-4AFB-9F74-E98117AD5625}\InprocServer32, Delete-on-Reboot, [276], [312773],1.0.2126
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{1BD47D21-01F4-4538-9290-39FD569A0F24}, Delete-on-Reboot, [979], [335822],1.0.2126
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{1BD47D21-01F4-4538-9290-39FD569A0F24}, Delete-on-Reboot, [979], [335822],1.0.2126
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\APPID\{1BD47D21-01F4-4538-9290-39FD569A0F24}, Delete-on-Reboot, [979], [335822],1.0.2126
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\CLSID\{6DC6EE87-F3BB-40EB-BCEE-12F7D6E3EEDF}, Delete-on-Reboot, [979], [335836],1.0.2126
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}, Delete-on-Reboot, [207], [169108],1.0.2126
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}, Delete-on-Reboot, [207], [169108],1.0.2126
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{99415057-7C50-439D-AA20-02D83C071B61}, Delete-on-Reboot, [53], [160140],1.0.2126
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{99415057-7C50-439D-AA20-02D83C071B61}, Delete-on-Reboot, [53], [160140],1.0.2126
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\CLSID\{959D527D-6C27-4879-A644-065526D6969C}, Delete-on-Reboot, [979], [335833],1.0.2126
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, Delete-on-Reboot, [53], [160141],1.0.2126
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, Delete-on-Reboot, [53], [160141],1.0.2126
PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Delete-on-Reboot, [101], [-1],0.0.0
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{AE84501A-2CB6-41D6-B3A7-9679BDBDFA0B}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.TOOLBARPROTECTOR, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.TOOLBARPROTECTOR.1, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{AE84501A-2CB6-41D6-B3A7-9679BDBDFA0B}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{9CB19259-5D60-49A7-8AF7-2B7CAF36C124}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{A7C6FA4E-F2A1-4D4B-90CB-2757143E7AAB}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{F39D8ED3-A6F6-427F-8AF8-BC9784FA70D8}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9CB19259-5D60-49A7-8AF7-2B7CAF36C124}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A7C6FA4E-F2A1-4D4B-90CB-2757143E7AAB}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F39D8ED3-A6F6-427F-8AF8-BC9784FA70D8}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9CB19259-5D60-49A7-8AF7-2B7CAF36C124}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A7C6FA4E-F2A1-4D4B-90CB-2757143E7AAB}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F39D8ED3-A6F6-427F-8AF8-BC9784FA70D8}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{AE84501A-2CB6-41D6-B3A7-9679BDBDFA0B}\InprocServer32, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{AE84501A-2CB6-41D6-B3A7-9679BDBDFA0B}\InprocServer32, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{AFA196F4-80E5-47AD-B7BC-C671487D36FB}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{37E2C8D2-3EF0-46D4-AD11-A8DA53942034}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{CF9608AD-4ECF-4A16-B122-B374299DE7B5}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{F05D47B2-7C9F-401D-A083-3AA4A4711F4F}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{37E2C8D2-3EF0-46D4-AD11-A8DA53942034}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{CF9608AD-4ECF-4A16-B122-B374299DE7B5}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F05D47B2-7C9F-401D-A083-3AA4A4711F4F}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{37E2C8D2-3EF0-46D4-AD11-A8DA53942034}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CF9608AD-4ECF-4A16-B122-B374299DE7B5}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F05D47B2-7C9F-401D-A083-3AA4A4711F4F}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{AFA196F4-80E5-47AD-B7BC-C671487D36FB}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{AFA196F4-80E5-47AD-B7BC-C671487D36FB}\InprocServer32, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{AFA196F4-80E5-47AD-B7BC-C671487D36FB}\InprocServer32, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{72D05120-DF65-4C27-921E-899B5267FEF2}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{2C9D27D8-C81E-4968-8026-E725E01650C1}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{A1F3E70D-04BA-47FB-ACCA-CC8FCFA74D41}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A1F3E70D-04BA-47FB-ACCA-CC8FCFA74D41}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A1F3E70D-04BA-47FB-ACCA-CC8FCFA74D41}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{2C9D27D8-C81E-4968-8026-E725E01650C1}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{2C9D27D8-C81E-4968-8026-E725E01650C1}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{72D05120-DF65-4C27-921E-899B5267FEF2}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{72D05120-DF65-4C27-921E-899B5267FEF2}\InprocServer32, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{72D05120-DF65-4C27-921E-899B5267FEF2}\InprocServer32, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CD1D181E-C654-4CA5-9D09-B3648537FD7D}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.FEEDMANAGER, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.FEEDMANAGER.1, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CD1D181E-C654-4CA5-9D09-B3648537FD7D}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{62D88F68-AC05-4FBF-AC16-E76B3B7B6531}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{E70DAE92-1A31-4AB8-9FCF-52FBDA0CC66A}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{62D88F68-AC05-4FBF-AC16-E76B3B7B6531}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E70DAE92-1A31-4AB8-9FCF-52FBDA0CC66A}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{62D88F68-AC05-4FBF-AC16-E76B3B7B6531}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E70DAE92-1A31-4AB8-9FCF-52FBDA0CC66A}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CD1D181E-C654-4CA5-9D09-B3648537FD7D}\InprocServer32, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CD1D181E-C654-4CA5-9D09-B3648537FD7D}\InprocServer32, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.HTMLMENU, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.HTMLMENU.1, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}\InprocServer32, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}\InprocServer32, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4FFA72EC-9FD9-4B2B-92A5-68B60885FD8A}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{840AE8AE-D547-433E-985C-6BF6C74F5084}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{A9141680-DC75-4DD7-B86D-9CC2A83DCB9B}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC65C7F9-115F-42A6-BC49-BF7A60A5314E}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A9141680-DC75-4DD7-B86D-9CC2A83DCB9B}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FC65C7F9-115F-42A6-BC49-BF7A60A5314E}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A9141680-DC75-4DD7-B86D-9CC2A83DCB9B}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC65C7F9-115F-42A6-BC49-BF7A60A5314E}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{840AE8AE-D547-433E-985C-6BF6C74F5084}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{840AE8AE-D547-433E-985C-6BF6C74F5084}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4FFA72EC-9FD9-4B2B-92A5-68B60885FD8A}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4FFA72EC-9FD9-4B2B-92A5-68B60885FD8A}\InprocServer32, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4FFA72EC-9FD9-4B2B-92A5-68B60885FD8A}\InprocServer32, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{017D68F2-19B3-41AE-9D8A-8B09DBD25479}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.MULTIPLEBUTTON, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.MULTIPLEBUTTON.1, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{017D68F2-19B3-41AE-9D8A-8B09DBD25479}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{017D68F2-19B3-41AE-9D8A-8B09DBD25479}\InprocServer32, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{017D68F2-19B3-41AE-9D8A-8B09DBD25479}\InprocServer32, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3700B685-D795-4E17-9B78-73BCEE5D4086}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.SCRIPTBUTTON, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.SCRIPTBUTTON.1, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3700B685-D795-4E17-9B78-73BCEE5D4086}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3700B685-D795-4E17-9B78-73BCEE5D4086}\InprocServer32, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3700B685-D795-4E17-9B78-73BCEE5D4086}\InprocServer32, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3E6260AC-BC6F-44B4-942B-1568C367543A}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{1747AE4D-0A83-4336-84D4-48500BF1554F}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{314D051A-F3B4-4B7A-AAB4-1122FB82A0B5}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{316A2A46-F832-49B3-95E0-D460BD88D6B4}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{C64B02A7-77F8-4EC9-B2C3-78EBBFFC00EE}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{F4F94932-9CDB-45F4-BD4A-C77B5074D353}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{314D051A-F3B4-4B7A-AAB4-1122FB82A0B5}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{316A2A46-F832-49B3-95E0-D460BD88D6B4}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C64B02A7-77F8-4EC9-B2C3-78EBBFFC00EE}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F4F94932-9CDB-45F4-BD4A-C77B5074D353}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{314D051A-F3B4-4B7A-AAB4-1122FB82A0B5}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{316A2A46-F832-49B3-95E0-D460BD88D6B4}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C64B02A7-77F8-4EC9-B2C3-78EBBFFC00EE}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F4F94932-9CDB-45F4-BD4A-C77B5074D353}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1747AE4D-0A83-4336-84D4-48500BF1554F}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1747AE4D-0A83-4336-84D4-48500BF1554F}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3E6260AC-BC6F-44B4-942B-1568C367543A}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3E6260AC-BC6F-44B4-942B-1568C367543A}\InprocServer32, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.PSEUDOTRANSPARENTPLUGIN, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.PSEUDOTRANSPARENTPLUGIN.1, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}\InprocServer32, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}\InprocServer32, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3E6260AC-BC6F-44B4-942B-1568C367543A}\InprocServer32, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}\InprocServer32, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}\InprocServer32, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2BD4465D-669A-42E6-B449-636B0B10EBB8}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.THIRDPARTYINSTALLER, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.THIRDPARTYINSTALLER.1, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2BD4465D-669A-42E6-B449-636B0B10EBB8}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{6467B28C-D408-4066-8B26-056335875D3D}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{E1DA9C58-A56C-4F9E-A9DD-32BCF8CCC98B}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6467B28C-D408-4066-8B26-056335875D3D}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E1DA9C58-A56C-4F9E-A9DD-32BCF8CCC98B}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6467B28C-D408-4066-8B26-056335875D3D}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E1DA9C58-A56C-4F9E-A9DD-32BCF8CCC98B}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2BD4465D-669A-42E6-B449-636B0B10EBB8}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{2BD4465D-669A-42E6-B449-636B0B10EBB8}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2BD4465D-669A-42E6-B449-636B0B10EBB8}\InprocServer32, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2BD4465D-669A-42E6-B449-636B0B10EBB8}\InprocServer32, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.HTMLPANEL, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\FROMDOCTOPDF_65.HTMLPANEL.1, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{777CEBBF-A763-42BE-ABBF-FF264689666B}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{87509D74-1F24-4B10-A14E-0AACF713CE14}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{777CEBBF-A763-42BE-ABBF-FF264689666B}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{87509D74-1F24-4B10-A14E-0AACF713CE14}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{777CEBBF-A763-42BE-ABBF-FF264689666B}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{87509D74-1F24-4B10-A14E-0AACF713CE14}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}\InprocServer32, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}\InprocServer32, Delete-on-Reboot, [276], [178264],1.0.2126
PUP.Optional.InstantSupport, HKLM\SOFTWARE\CLASSES\CLSID\{480ED1A4-0C5C-43BA-AD0E-A9CEA7A51A5E}, Delete-on-Reboot, [9268], [246484],1.0.2126
PUP.Optional.InstantSupport, HKLM\SOFTWARE\CLASSES\CLSID\{480ED1A4-0C5C-43BA-AD0E-A9CEA7A51A5E}\InprocServer32, Delete-on-Reboot, [9268], [246484],1.0.2126
PUP.Optional.PCAcceleratePro, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PCACCELERATEPRO, Delete-on-Reboot, [1051], [181158],1.0.2126
PUP.Optional.SystemHealer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SYSTEMHEALER, Delete-on-Reboot, [998], [182463],1.0.2126
PUP.Optional.SuperOptimizer, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Delete-on-Reboot, [2638], [243667],1.0.2126
PUP.Optional.MindSpark, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\FROMDOCTOPDF_65, Delete-on-Reboot, [276], [240582],1.0.2126
PUP.Optional.SuperOptimizer, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Delete-on-Reboot, [2638], [243667],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{36B445BF-1B84-466A-A623-A360A8CFF8C3}, Delete-on-Reboot, [276], [240755],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}, Delete-on-Reboot, [276], [240755],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A3B975A0-F679-444E-9D94-6D292FA53140}, Delete-on-Reboot, [276], [240755],1.0.2126
PUP.Optional.MindSpark, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\APPDATALOW\SOFTWARE\FROMDOCTOPDF_65, Delete-on-Reboot, [276], [240467],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E1035F55-4C0C-4EFC-9AAE-38F421FCE726}, Delete-on-Reboot, [276], [240755],1.0.2126
PUP.Optional.ConsumerInput, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\COMPETE, Delete-on-Reboot, [207], [253738],1.0.2126
PUP.Optional.InstantSupport, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\INSTANTSUPPORT, Delete-on-Reboot, [9268], [254395],1.0.2126
PUP.Optional.InstantSupport, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\ISTAB, Delete-on-Reboot, [9268], [254396],1.0.2126
PUP.Optional.BubbleDock, HKU\S-1-5-21-517651220-3426787782-2425582286-1001_Classes\BUBBLEDOCK, Delete-on-Reboot, [3699], [254671],1.0.2126
PUP.Optional.Nosibay, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\NOSIBAY, Delete-on-Reboot, [12379], [241241],1.0.2126
PUP.Optional.SelectionTool, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\WTOOLS\SELECTION TOOLS, Delete-on-Reboot, [12537], [242889],1.0.2126
PUP.Optional.ASK, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}, Delete-on-Reboot, [529], [245525],1.0.2126
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}, Delete-on-Reboot, [529], [245525],1.0.2126
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0B4D26F6-61A8-4463-99DD-5F2FE0400FA6}, Delete-on-Reboot, [53], [246105],1.0.2126
PUP.Optional.Yontoo, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0B4D26F6-61A8-4463-99DD-5F2FE0400FA6}, Delete-on-Reboot, [53], [246105],1.0.2126
PUP.Optional.SelectionTool, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\WTOOLS\SELECTION TOOLS TAG, Delete-on-Reboot, [12537], [242889],1.0.2126
PUP.Optional.PCAcceleratePro, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\PCACCELERATEPRO, Delete-on-Reboot, [1051], [251881],1.0.2126
PUP.Optional.Wajam, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\WAJIENHANCE, Delete-on-Reboot, [101], [244670],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Delete-on-Reboot, [28], [260247],1.0.2126
PUP.Optional.FindingDiscount, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\WINDOWS DISCOUNT, Delete-on-Reboot, [12127], [185303],1.0.2126
PUP.Optional.PCAcceleratePro, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\APTAB, Delete-on-Reboot, [1051], [254525],1.0.2126
PUP.Optional.OptimizerPro, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\OPTIMIZER PRO, Delete-on-Reboot, [830], [241445],1.0.2126
PUP.Optional.WindApp, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\STORE\WINDAPP, Delete-on-Reboot, [15263], [244993],1.0.2126
PUP.Optional.WindApp, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\STORE\WINDAPP TAG, Delete-on-Reboot, [15263], [244994],1.0.2126
PUP.Optional.SystemHealer, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\SYSTEM HEALER, Delete-on-Reboot, [998], [252826],1.0.2126
PUP.Optional.Wajam, HKLM\SOFTWARE\WAJANETEN, Delete-on-Reboot, [101], [185150],1.0.2126
PUP.Optional.Yontoo, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Delete-on-Reboot, [53], [246106],1.0.2126
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Delete-on-Reboot, [53], [246106],1.0.2126
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Delete-on-Reboot, [53], [246106],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Delete-on-Reboot, [28], [260247],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AF8298B3}, Delete-on-Reboot, [28], [260250],1.0.2126
Adware.DNSUnlocker, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\11598763487076930564, Delete-on-Reboot, [407], [405303],1.0.2126
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\WOW6432NODE\SlimWare Utilities Inc\SLIMCLEANER PLUS, Delete-on-Reboot, [805], [338932],1.0.2126
PUP.Optional.SelectionTools, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SELECTION TOOLS UPDATE, Delete-on-Reboot, [15045], [242897],1.0.2126
PUP.Optional.FindingDiscount, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FINDINGDISCOUNT, Delete-on-Reboot, [12127], [255285],1.0.2126
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{26A08C0D-7DE4-49EF-8E3B-A2A587D3A63D}, Delete-on-Reboot, [998], [258707],1.0.2126
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C5A62BD3-AF28-47C5-A5BD-5B0F92A94F5A}, Delete-on-Reboot, [805], [335437],1.0.2126
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{30BFB4C5-765B-43C7-91C1-D2B229554B70}, Delete-on-Reboot, [805], [334102],1.0.2126
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3BA8D022-2419-4038-8749-52E3DF0F86B8}, Delete-on-Reboot, [998], [258707],1.0.2126
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Delete-on-Reboot, [15532], [252393],1.0.2126
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SLIMCLEANER PLUS (SCHEDULED SCAN - JULIE), Delete-on-Reboot, [805], [334109],1.0.2126
PUP.Optional.SelectionTool, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5096C761-B2CE-418C-9A2D-CACFC857D8AD}, Delete-on-Reboot, [12537], [258295],1.0.2126
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5E035C52-BB45-4E21-8700-CF9FC9A92B3A}, Delete-on-Reboot, [998], [258706],1.0.2126
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{65E55123-CCC7-4623-B9BB-75638FB65A09}, Delete-on-Reboot, [998], [258706],1.0.2126
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SEARCH AND KNOW, Delete-on-Reboot, [53], [185823],1.0.2126
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{4EF60154}, Delete-on-Reboot, [272], [240969],1.0.2126
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9775ABC4-FA50-4582-8E8E-8C76770B8810}, Delete-on-Reboot, [998], [258706],1.0.2126
PUP.Optional.Nosibay, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A534D337-5D5F-42C1-AC5E-5EC5149D476E}, Delete-on-Reboot, [12379], [258209],1.0.2126
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SYSTEM HEALER TASK, Delete-on-Reboot, [998], [252787],1.0.2126
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{4DD8D474}, Delete-on-Reboot, [272], [240969],1.0.2126
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SYSTEM HEALERPERIOD, Delete-on-Reboot, [998], [252787],1.0.2126
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SYSTEM HEALERSTARTUP, Delete-on-Reboot, [998], [252787],1.0.2126
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SYSTEMHEALER MONITOR, Delete-on-Reboot, [998], [252788],1.0.2126
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Delete-on-Reboot, [15532], [252393],1.0.2126
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SYSTEMHEALER RUN DELAY, Delete-on-Reboot, [998], [252788],1.0.2126
PUP.Optional.Nosibay, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WINDAPP UPDATE, Delete-on-Reboot, [12379], [241242],1.0.2126
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\SlimWare Utilities, Inc.\SLIMCLEANER PLUS, Delete-on-Reboot, [805], [391877],1.0.2126
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A61A2372-5EB0-425A-B979-A55620BE6954}, Delete-on-Reboot, [53], [294118],1.0.2126
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\TYPELIB\{19EA6237-8729-4805-8059-4CE8668E323E}, Delete-on-Reboot, [53], [294118],1.0.2126
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC72D179-08AA-4AD5-B932-69A324BA716A}, Delete-on-Reboot, [53], [294118],1.0.2126
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FC72D179-08AA-4AD5-B932-69A324BA716A}, Delete-on-Reboot, [53], [294118],1.0.2126
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC72D179-08AA-4AD5-B932-69A324BA716A}, Delete-on-Reboot, [53], [294118],1.0.2126
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{19EA6237-8729-4805-8059-4CE8668E323E}, Delete-on-Reboot, [53], [294118],1.0.2126
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{19EA6237-8729-4805-8059-4CE8668E323E}, Delete-on-Reboot, [53], [294118],1.0.2126
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A61A2372-5EB0-425A-B979-A55620BE6954}, Delete-on-Reboot, [53], [294118],1.0.2126
PUP.Optional.Yontoo, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A61A2372-5EB0-425A-B979-A55620BE6954}, Delete-on-Reboot, [53], [294118],1.0.2126
PUP.Optional.Yontoo, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A61A2372-5EB0-425A-B979-A55620BE6954}, Delete-on-Reboot, [53], [294118],1.0.2126
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A61A2372-5EB0-425A-B979-A55620BE6954}, Delete-on-Reboot, [53], [294118],1.0.2126

Registry Value: 54
PUP.Optional.MindSpark, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}, Delete-on-Reboot, [276], [168398],1.0.2126
PUP.Optional.MindSpark, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{4C60E5AB-5C68-4C59-ABAA-885010B24B32}, Delete-on-Reboot, [276], [170062],1.0.2126
PUP.Optional.PCAcceleratePro, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|PCACCELERATEPRO, Delete-on-Reboot, [1051], [315966],1.0.2126
PUP.Optional.SlimCleanerPlus, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SLIMCLEANER PLUS, Delete-on-Reboot, [805], [331458],1.0.2126
PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [101], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [101], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Delete-on-Reboot, [101], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, Delete-on-Reboot, [101], [-1],0.0.0
PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [101], [-1],0.0.0
PUP.Optional.InstantSupport, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|INSTANTSUPPORT, Delete-on-Reboot, [9268], [246484],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{36B445BF-1B84-466A-A623-A360A8CFF8C3}|APPPATH, Delete-on-Reboot, [276], [240755],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}|APPPATH, Delete-on-Reboot, [276], [240755],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A3B975A0-F679-444E-9D94-6D292FA53140}|APPPATH, Delete-on-Reboot, [276], [240755],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}|APPPATH, Delete-on-Reboot, [276], [240755],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E1035F55-4C0C-4EFC-9AAE-38F421FCE726}|APPPATH, Delete-on-Reboot, [276], [240755],1.0.2126
PUP.Optional.InstantSupport, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\INSTANTSUPPORT|ASSISTENT, Delete-on-Reboot, [9268], [254395],1.0.2126
PUP.Optional.PCAcceleratePro, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|PCACCELERATEPRO.EXE, Delete-on-Reboot, [1051], [315965],1.0.2126
PUP.Optional.BubbleDock, HKU\S-1-5-21-517651220-3426787782-2425582286-1001_Classes\BUBBLEDOCK|, Delete-on-Reboot, [3699], [254671],1.0.2126
PUP.Optional.PCAcceleratePro, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|PCACCELERATEPRO.EXE, Delete-on-Reboot, [1051], [255023],1.0.2126
PUP.Optional.SelectionTools, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|SELECTION TOOLS.EXE, Delete-on-Reboot, [15045], [255024],1.0.2126
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}|DISPLAYNAME, Delete-on-Reboot, [529], [245525],1.0.2126
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}|URL, Delete-on-Reboot, [529], [245524],1.0.2126
PUP.Optional.Yontoo, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0B4D26F6-61A8-4463-99DD-5F2FE0400FA6}|URL, Delete-on-Reboot, [53], [246105],1.0.2126
PUP.Optional.PCAcceleratePro, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\APTAB|HB, Delete-on-Reboot, [1051], [254525],1.0.2126
PUP.Optional.Yontoo, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DONOTASKAGAIN, Delete-on-Reboot, [53], [246380],1.0.2126
PUP.Optional.ASK, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}|DISPLAYNAME, Delete-on-Reboot, [529], [245523],1.0.2126
PUP.Optional.ASK, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}|URL, Delete-on-Reboot, [529], [245522],1.0.2126
PUP.Optional.OptimizerPro, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\OPTIMIZER PRO|ADSBUYNOWURL, Delete-on-Reboot, [830], [241445],1.0.2126
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|FROMDOCTOPDF EPM SUPPORT, Delete-on-Reboot, [276], [235093],1.0.2126
PUP.Optional.SystemHealer, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\SYSTEM HEALER|HOMEPAGE, Delete-on-Reboot, [998], [252826],1.0.2126
PUP.Optional.SystemHealer, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\SYSTEM HEALER|CARTURL, Delete-on-Reboot, [998], [261796],1.0.2126
PUP.Optional.SystemHealer, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\SYSTEM HEALER|SUPPORTPAGE, Delete-on-Reboot, [998], [252826],1.0.2126
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}|APPPATH, Delete-on-Reboot, [207], [245885],1.0.2126
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}|URL, Delete-on-Reboot, [53], [246106],1.0.2126
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}|APPPATH, Delete-on-Reboot, [207], [245885],1.0.2126
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DONOTASKAGAIN, Delete-on-Reboot, [53], [246561],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AF8298B3}|1, Delete-on-Reboot, [28], [260250],1.0.2126
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{26A08C0D-7DE4-49EF-8E3B-A2A587D3A63D}|PATH, Delete-on-Reboot, [998], [258707],1.0.2126
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C5A62BD3-AF28-47C5-A5BD-5B0F92A94F5A}|DISPLAYNAME, Delete-on-Reboot, [805], [335437],1.0.2126
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{30BFB4C5-765B-43C7-91C1-D2B229554B70}|PATH, Delete-on-Reboot, [805], [334102],1.0.2126
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3BA8D022-2419-4038-8749-52E3DF0F86B8}|PATH, Delete-on-Reboot, [998], [258707],1.0.2126
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DISABLEAUTOUPDATECHECKSCHECKBOXVALUE, Delete-on-Reboot, [15532], [252393],1.0.2126
PUP.Optional.SelectionTool, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5096C761-B2CE-418C-9A2D-CACFC857D8AD}|PATH, Delete-on-Reboot, [12537], [258295],1.0.2126
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5E035C52-BB45-4E21-8700-CF9FC9A92B3A}|PATH, Delete-on-Reboot, [998], [258706],1.0.2126
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{65E55123-CCC7-4623-B9BB-75638FB65A09}|PATH, Delete-on-Reboot, [998], [258706],1.0.2126
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9775ABC4-FA50-4582-8E8E-8C76770B8810}|PATH, Delete-on-Reboot, [998], [258706],1.0.2126
PUP.Optional.Nosibay, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A534D337-5D5F-42C1-AC5E-5EC5149D476E}|PATH, Delete-on-Reboot, [12379], [258209],1.0.2126
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DISABLEAUTOUPDATECHECKSCHECKBOXVALUE, Delete-on-Reboot, [15532], [252393],1.0.2126
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{202e8060-75e9-4659-8b90-b3ba5fcb3025}|NAMESERVER, Delete-on-Reboot, [6359], [260227],1.0.2126
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{5c3813a9-1ccf-4e20-9331-5f50bdef27df}|NAMESERVER, Delete-on-Reboot, [6359], [260227],1.0.2126
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{b3da4eb1-12b0-4581-af63-882d3c8bbe7d}|NAMESERVER, Delete-on-Reboot, [6359], [260227],1.0.2126
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{e117effa-92de-4db8-b800-ed2a836ab25b}|NAMESERVER, Delete-on-Reboot, [6359], [260227],1.0.2126
PUP.Optional.MindSpark, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\FROMDOCTOPDF_65SERVICE|IMAGEPATH, Delete-on-Reboot, [276], [240828],1.0.2126

Registry Data: 15
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Replace-on-Reboot, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Replace-on-Reboot, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{202e8060-75e9-4659-8b90-b3ba5fcb3025}|NameServer, Replace-on-Reboot, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{202e8060-75e9-4659-8b90-b3ba5fcb3025}|DhcpNameServer, Replace-on-Reboot, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{350afb26-c1a7-11e6-944d-806e6f6e6963}|NameServer, Replace-on-Reboot, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{5c3813a9-1ccf-4e20-9331-5f50bdef27df}|NameServer, Replace-on-Reboot, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{5c3813a9-1ccf-4e20-9331-5f50bdef27df}|DhcpNameServer, Replace-on-Reboot, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}|NameServer, Replace-on-Reboot, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{b3da4eb1-12b0-4581-af63-882d3c8bbe7d}|NameServer, Replace-on-Reboot, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{b3da4eb1-12b0-4581-af63-882d3c8bbe7d}|DhcpNameServer, Replace-on-Reboot, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{e117effa-92de-4db8-b800-ed2a836ab25b}|NameServer, Replace-on-Reboot, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{e117effa-92de-4db8-b800-ed2a836ab25b}|DhcpNameServer, Replace-on-Reboot, [28], [-1],0.0.0
PUP.Optional.Yontoo, HKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replace-on-Reboot, [53], [293262],1.0.2126
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replace-on-Reboot, [53], [293257],1.0.2126
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NAMESERVER, Replace-on-Reboot, [6359], [293494],1.0.2126

Data Stream: 0
(No malicious items detected)

Folder: 152
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\6370d72c-07e1-1, Delete-on-Reboot, [28], [182288],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\6370d72c-0b85-0, Delete-on-Reboot, [28], [182288],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\6370d72c-22d3-0, Delete-on-Reboot, [28], [182288],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\6370d72c-2343-0, Delete-on-Reboot, [28], [182288],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\6370d72c-26a1-1, Delete-on-Reboot, [28], [182288],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\6370d72c-28a7-0, Delete-on-Reboot, [28], [182288],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\6370d72c-2d15-1, Delete-on-Reboot, [28], [182288],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\6370d72c-2e55-0, Delete-on-Reboot, [28], [182288],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\6370d72c-3463-0, Delete-on-Reboot, [28], [182288],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\6370d72c-3c47-0, Delete-on-Reboot, [28], [182288],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\6370d72c-4b11-0, Delete-on-Reboot, [28], [182288],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\6370d72c-5085-1, Delete-on-Reboot, [28], [182288],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\7d668565-0711-0, Delete-on-Reboot, [28], [182288],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\7d668565-0fd1-0, Delete-on-Reboot, [28], [182288],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\7d668565-27c1-1, Delete-on-Reboot, [28], [182288],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\7d668565-2dd1-1, Delete-on-Reboot, [28], [182288],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\7d668565-3523-0, Delete-on-Reboot, [28], [182288],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\7d668565-3991-1, Delete-on-Reboot, [28], [182288],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\7d668565-4877-1, Delete-on-Reboot, [28], [182288],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\7d668565-54e3-1, Delete-on-Reboot, [28], [182288],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\7d668565-5507-1, Delete-on-Reboot, [28], [182288],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\7d668565-6687-0, Delete-on-Reboot, [28], [182288],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\7d668565-6907-0, Delete-on-Reboot, [28], [182288],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\7d668565-69a3-0, Delete-on-Reboot, [28], [182288],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\7d668565-73c7-0, Delete-on-Reboot, [28], [182288],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\7d668565-7a43-1, Delete-on-Reboot, [28], [182288],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\7d668565-7e23-1, Delete-on-Reboot, [28], [182288],1.0.2126
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\7d668565-7f03-0, Delete-on-Reboot, [28], [182288],1.0.2126
PUP.Optional.MultiPlug, C:\PROGRAMDATA\5276A350C7379A84, Delete-on-Reboot, [272], [240943],1.0.2126
PUP.Optional.MultiPlug.Gen


#6 digitallive

digitallive

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 09 June 2017 - 10:43 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-06-2017 01
Ran by Julie (10-06-2017 00:15:25) Run:1
Running from C:\Users\Julie\Desktop
Loaded Profiles: Julie (Available Profiles: Julie)
Boot Mode: Normal
==============================================

fixlist content:
*****************
StartCreateRestorePoint:CloseProcesses:EmptyTemp:HKLM-x32\...\Run: [] => [X]CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTIONHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKU\S-1-5-21-517651220-3426787782-2425582286-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06022017224040268\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankSearchScopes: HKLM -> OldSearch URL =SearchScopes: HKLM-x32 -> {92A07574-BE7A-454A-8440-307FC4FD6F13} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKU\S-1-5-21-517651220-3426787782-2425582286-1001 -> DefaultScope {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =SearchScopes: HKU\S-1-5-21-517651220-3426787782-2425582286-1001 -> {92A07574-BE7A-454A-8440-307FC4FD6F13} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKU\S-1-5-21-517651220-3426787782-2425582286-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06022017224040268 -> DefaultScope {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =SearchScopes: HKU\S-1-5-21-517651220-3426787782-2425582286-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06022017224040268 -> {92A07574-BE7A-454A-8440-307FC4FD6F13} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>2017-06-02 08:22 - 2017-06-02 08:22 - 00004182 _____ C:\WINDOWS\System32\Tasks\{ADEBE7E6-1A40-504D-AE9D-F1057CEC0704}2017-06-02 08:22 - 2017-06-02 08:22 - 00004182 _____ C:\WINDOWS\System32\Tasks\{22B48D7D-951F-3AD6-03D4-0EA461A60664}2017-06-02 08:22 - 2017-06-02 08:22 - 00003882 _____ C:\WINDOWS\System32\Tasks\{179E8208-28F3-5714-1E3A-FBBB6F28AE23}2017-06-02 08:22 - 2016-03-15 00:06 - 00000000 ____D C:\ProgramData\af8298b32017-05-10 21:33 - 2017-04-22 14:10 - 00003882 _____ C:\WINDOWS\System32\Tasks\{C5523BAD-0760-5C51-2DD7-70638755BD63}2017-01-24 19:01 - 2017-01-24 19:02 - 44506760 _____ () C:\Users\Julie\AppData\Local\Temp\AmazonDriveSetupQ.exeTask: {01B38775-A96D-4A0C-A3ED-F3677774CC40} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTIONTask: {0C2CD09E-BF14-419D-8D31-863FD7A7E1FA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTIONTask: {0DA80DEF-8452-4926-883F-DB4A6479FA01} - \{79040E47-7D7D-0409-7911-7E0E0C091104} -> No File <==== ATTENTIONTask: {202A4EAB-6645-4866-97F5-2406CEEF5079} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTIONTask: {2DB53FF3-4469-4A53-BE2D-357F78BE65FB} - System32\Tasks\{179E8208-28F3-5714-1E3A-FBBB6F28AE23} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\af8298b3\d2aa3ca6.dll" <==== ATTENTIONTask: {2F12F947-83B4-4C87-A9FA-E5039F66CFB1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTIONTask: {43A87FD1-CCAD-49F3-B675-B83C609DCF97} - System32\Tasks\{ADEBE7E6-1A40-504D-AE9D-F1057CEC0704} => C:\ProgramData\{EEC61AE6-596D-AD4D-D4DB-0FDF648916F1}\79718388-CEDA-3423-5A41-16D8A73A4873.exe  <==== ATTENTIONTask: {54A19C71-7252-461F-A013-32EB5EACBC14} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTIONTask: {622E2B4E-51A0-496A-84E0-4D77FEECC44E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTIONTask: {6F24F304-25A2-4CF2-B1CA-6D6D900DD412} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTIONTask: {73719195-8FC0-4D1D-A736-B9E9BE1D375D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTIONTask: {8808DBB6-7C3D-404B-BE82-7FADDECC9F3C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTIONTask: {9E8C63EC-1F92-4F2F-A6C2-C0F0EA380B76} - \CCleanerSkipUAC -> No File <==== ATTENTIONTask: {A8D93D2A-0F84-40CB-96D6-7FF64ACDDD20} - System32\Tasks\{22B48D7D-951F-3AD6-03D4-0EA461A60664} => C:\ProgramData\{F5A8198E-4203-AE25-72D1-58D611E827C9}\E1EB5F79-5640-E8D2-7920-1BC89D84A7C4.exe  <==== ATTENTIONTask: {A8E08AA7-4F2E-4BA6-A83B-2057D80C40EE} - System32\Tasks\{C5523BAD-0760-5C51-2DD7-70638755BD63} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\af8298b3\d2aa3ca6.dll" <==== ATTENTIONTask: {C08805D1-57D2-4E67-8ACE-FFBA34BD547F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTIONTask: {CE5DD8AA-3502-4FE3-AD40-084DA8406E68} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTIONTask: {D8EC6DC1-3392-40F4-8908-76C4DE6AA0E1} - \WPD\SqmUpload_S-1-5-21-517651220-3426787782-2425582286-1001 -> No File <==== ATTENTIONTask: {DBF04562-673A-4D25-A3B9-58E12223660C} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTIONTask: {E2067A4A-A21A-42B7-898B-28A34FF35689} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTIONHKU\S-1-5-21-517651220-3426787782-2425582286-1001\...\StartupApproved\Run: => "SlimCleaner Plus"HKU\S-1-5-21-517651220-3426787782-2425582286-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06022017224040268\...\StartupApproved\Run: => "SlimCleaner Plus"C:\PROGRA~3\af8298b3\d2aa3ca6.dllC:\ProgramData\{EEC61AE6-596D-AD4D-D4DB-0FDF648916F1}\79718388-CEDA-3423-5A41-16D8A73A4873.exeC:\ProgramData\{EEC61AE6-596D-AD4D-D4DB-0FDF648916F1}C:\ProgramData\{F5A8198E-4203-AE25-72D1-58D611E827C9}\E1EB5F79-5640-E8D2-7920-1BC89D84A7C4.exeC:\ProgramData\{F5A8198E-4203-AE25-72D1-58D611E827C9}End
*****************

StartCreateRestorePoint:CloseProcesses:EmptyTemp:HKLM-x32\...\Run: [] => [X]CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTIONHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKU\S-1-5-21-517651220-3426787782-2425582286-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKU\S-1-5-21-517651220-3426787782-2425582286-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06022017224040268\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankSearchScopes: HKLM -> OldSearch URL =SearchScopes: HKLM-x32 -> {92A07574-BE7A-454A-8440-307FC4FD6F13} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKU\S-1-5-21-517651220-3426787782-2425582286-1001 -> DefaultScope {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =SearchScopes: HKU\S-1-5-21-517651220-3426787782-2425582286-1001 -> {92A07574-BE7A-454A-8440-307FC4FD6F13} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKU\S-1-5-21-517651220-3426787782-2425582286-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06022017224040268 -> DefaultScope {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =SearchScopes: HKU\S-1-5-21-517651220-3426787782-2425582286-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06022017224040268 -> {92A07574-BE7A-454A-8440-307FC4FD6F13} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>2017-06-02 08:22 - 2017-06-02 08:22 - 00004182 _____ C:\WINDOWS\System32\Tasks\{ADEBE7E6-1A40-504D-AE9D-F1057CEC0704}2017-06-02 08:22 - 2017-06-02 08:22 - 00004182 _____ C:\WINDOWS\System32\Tasks\{22B48D7D-951F-3AD6-03D4-0EA461A60664}2017-06-02 08:22 - 2017-06-02 08:22 - 00003882 _____ C:\WINDOWS\System32\Tasks\{179E8208-28F3-5714-1E3A-FBBB6F28AE23}2017-06-02 08:22 - 2016-03-15 00:06 - 00000000 ____D C:\ProgramData\af8298b32017-05-10 21:33 - 2017-04-22 14:10 - 00003882 _____ C:\WINDOWS\System32\Tasks\{C5523BAD-0760-5C51-2DD7-70638755BD63}2017-01-24 19:01 - 2017-01-24 19:02 - 44506760 _____ () C:\Users\Julie\AppData\Local\Temp\AmazonDriveSetupQ.exeTask: {01B38775-A96D-4A0C-A3ED-F3677774CC40} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTIONTask: {0C2CD09E-BF14-419D-8D31-863FD7A7E1FA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTIONTask: {0DA80DEF-8452-4926-883F-DB4A6479FA01} - \{79040E47-7D7D-0409-7911-7E0E0C091104} -> No File <==== ATTENTIONTask: {202A4EAB-6645-4866-97F5-2406CEEF5079} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTIONTask: {2DB53FF3-4469-4A53-BE2D-357F78BE65FB} - System32\Tasks\{179E8208-28F3-5714-1E3A-FBBB6F28AE23} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\af8298b3\d2aa3ca6.dll" <==== ATTENTIONTask: {2F12F947-83B4-4C87-A9FA-E5039F66CFB1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTIONTask: {43A87FD1-CCAD-49F3-B675-B83C609DCF97} - System32\Tasks\{ADEBE7E6-1A40-504D-AE9D-F1057CEC0704} => C:\ProgramData\{EEC61AE6-596D-AD4D-D4DB-0FDF648916F1}\79718388-CEDA-3423-5A41-16D8A73A4873.exe  <==== ATTENTIONTask: {54A19C71-7252-461F-A013-32EB5EACBC14} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTIONTask: {622E2B4E-51A0-496A-84E0-4D77FEECC44E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTIONTask: {6F24F304-25A2-4CF2-B1CA-6D6D900DD412} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTIONTask: {73719195-8FC0-4D1D-A736-B9E9BE1D375D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTIONTask: {8808DBB6-7C3D-404B-BE82-7FADDECC9F3C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTIONTask: {9E8C63EC-1F92-4F2F-A6C2-C0F0EA380B76} - \CCleanerSkipUAC -> No File <==== ATTENTIONTask: {A8D93D2A-0F84-40CB-96D6-7FF64ACDDD20} - System32\Tasks\{22B48D7D-951F-3AD6-03D4-0EA461A60664} => C:\ProgramData\{F5A8198E-4203-AE25-72D1-58D611E827C9}\E1EB5F79-5640-E8D2-7920-1BC89D84A7C4.exe  <==== ATTENTIONTask: {A8E08AA7-4F2E-4BA6-A83B-2057D80C40EE} - System32\Tasks\{C5523BAD-0760-5C51-2DD7-70638755BD63} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\af8298b3\d2aa3ca6.dll" <==== ATTENTIONTask: {C08805D1-57D2-4E67-8ACE-FFBA34BD547F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTIONTask: {CE5DD8AA-3502-4FE3-AD40-084DA8406E68} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTIONTask: {D8EC6DC1-3392-40F4-8908-76C4DE6AA0E1} - \WPD\SqmUpload_S-1-5-21-517651220-3426787782-2425582286-1001 -> No File <==== ATTENTIONTask: {DBF04562-673A-4D25-A3B9-58E12223660C} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTIONTask: {E2067A4A-A21A-42B7-898B-28A34FF35689} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTIONHKU\S-1-5-21-517651220-3426787782-2425582286-1001\...\StartupApproved\Run: => "SlimCleaner Plus"HKU\S-1-5-21-517651220-3426787782-2425582286-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06022017224040268\...\StartupApproved\Run: => "SlimCleaner Plus"C:\PROGRA~3\af8298b3\d2aa3ca6.dllC:\ProgramData\{EEC61AE6-596D-AD4D-D4DB-0FDF648916F1}\79718388-CEDA-3423-5A41-16D8A73A4873.exeC:\ProgramData\{EEC61AE6-596D-AD4D-D4DB-0FDF648916F1}C:\ProgramData\{F5A8198E-4203-AE25-72D1-58D611E827C9}\E1EB5F79-5640-E8D2-7920-1BC89D84A7C4.exeC:\ProgramData\{F5A8198E-4203-AE25-72D1-58D611E827C9}End => Error: No automatic fix found for this entry.

==== End of Fixlog 00:15:26 ====



#7 digitallive

digitallive

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 09 June 2017 - 10:44 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64
Ran by Julie (Administrator) on Sat 06/10/2017 at  0:23:34.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 21

Successfully deleted: C:\Program Files (x86)\TicTTaCoupono (Folder)
Successfully deleted: C:\ProgramData\af8298b3 (Folder)
Successfully deleted: C:\ProgramData\slimware utilities inc (Folder)
Successfully deleted: C:\Users\Julie\AppData\Local\downloaded installers (Folder)
Successfully deleted: C:\Users\Julie\AppData\Local\slimware utilities inc (Folder)
Successfully deleted: C:\Users\Public\Desktop\slimcleaner plus.lnk (Shortcut)
Successfully deleted: C:\WINDOWS\system32\Tasks\SELECTION TOOLS UPDATE (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\SLIMCLEANER PLUS (SCHEDULED SCAN - JULIE) (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\SYSTEM HEALER TASK (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\SYSTEM HEALERPERIOD (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\SYSTEM HEALERSTARTUP (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\WINDAPP UPDATE (Task)
Successfully deleted: C:\WINDOWS\Tasks\SLIMCLEANER PLUS (SCHEDULED SCAN - JULIE).JOB (Task)
Successfully deleted: C:\WINDOWS\Tasks\SYSTEM HEALERPERIOD.JOB (Task)
Successfully deleted: C:\WINDOWS\Tasks\SYSTEM HEALERSTARTUP.JOB (Task)
Successfully deleted: C:\Program Files (x86)\relaydouble (Folder)
Successfully deleted: C:\Users\Julie\AppData\Roaming\BUBBLE DOCK.BOOSTRAP.LOG (File)
Successfully deleted: C:\Users\Julie\AppData\Roaming\BUBBLE DOCK.INSTALLATION.LOG (File)
Successfully deleted: C:\Users\Julie\AppData\Roaming\SELECTION TOOLS.INSTALLATION.LOG (File)
Successfully deleted: C:\Users\Julie\AppData\Roaming\WINDAPP.BOOSTRAP.LOG (File)
Successfully deleted: C:\Users\Julie\AppData\Roaming\WINDAPP.INSTALLATION.LOG (File)



Registry: 4

Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\FROMDOCTOPDF APPINTEGRATOR 32-BIT (Registry Value)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\FROMDOCTOPDF APPINTEGRATOR 64-BIT (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{92A07574-BE7A-454A-8440-307FC4FD6F13} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{92A07574-BE7A-454A-8440-307FC4FD6F13} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/10/2017 at  0:28:01.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#8 digitallive

digitallive

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 09 June 2017 - 10:44 PM

# AdwCleaner v6.047 - Logfile created 10/06/2017 at 00:31:37
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-10.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Julie - JULIESCOMPUTER
# Running from : C:\Users\Julie\Desktop\adwcleaner_6.047.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found:  C:\ProgramData\{40e37d0e-ff2f-ed4e-40e3-37d0eff2f43b}


***** [ Files ] *****

File Found:  C:\Users\Public\Desktop\PCAcceleratePro.lnk


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

Task Found:  SLIMCLEANER PLUS (SCHEDULED SCAN - JULIE)
Task Found:  WindApp Update
Task Found:  Selection Tools Update
Task Found:  SystemHealer Monitor
Task Found:  SystemHealer Run Delay
Task Found:  System HealerStartUp
Task Found:  System HealerPeriod
Task Found:  System Healer Task
Task Found:  windapp update
Task Found:  selection tools update


***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\64a43f27-acf7-8f91-b517-f35d824eb708
Key Found:  HKU\S-1-5-21-517651220-3426787782-2425582286-1001\Software\Classes\.bubbledock
Key Found:  HKCU\Software\Classes\.bubbledock
Key Found:  [x64] HKCU\Software\Classes\.bubbledock
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}
Key Found:  HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found:  HKU\S-1-5-21-517651220-3426787782-2425582286-1001\Software\Store
Key Found:  HKU\S-1-5-21-517651220-3426787782-2425582286-1001\Software\WTools
Key Found:  HKU\S-1-5-21-517651220-3426787782-2425582286-1001\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found:  HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found:  HKCU\Software\Store
Key Found:  HKCU\Software\WTools
Key Found:  HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found:  HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found:  HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found:  HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found:  HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found:  HKLM\SOFTWARE\CompeteInc
Key Found:  HKLM\SOFTWARE\SlimWare Utilities Inc
Key Found:  HKLM\SOFTWARE\StrongSignal
Key Found:  HKLM\SOFTWARE\WajaNetEn
Key Found:  HKLM\SOFTWARE\InstantSupport
Key Found:  HKLM\SOFTWARE\PCAcceleratePro
Key Found:  HKLM\SOFTWARE\Windows Discount
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B114619-78B7-1CFF-55EF-74266954F883}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F6423EE4-93D8-FA04-D09D-A8598F6EFDFD}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajaNetEn
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstantSupport
Key Found:  [x64] HKCU\Software\Store
Key Found:  [x64] HKCU\Software\WTools
Key Found:  [x64] HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found:  [x64] HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\autopcbackup.dl.tb.ask.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\driverupdate.net
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\eshopcomp.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\land.pckeeper.software
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pckeeper.software
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.eshopcomp.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.conduit.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.driverupdate.net
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\reimageplus.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\utop.it
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.reimageplus.c
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\reimageplus.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\utop.it
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.reimageplus.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\autopcbackup.dl.tb.ask.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\driverupdate.net
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\eshopcomp.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\land.pckeeper.software
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pckeeper.software
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.eshopcomp.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.conduit.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.driverupdate.net
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\reimageplus.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.c
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\utop.it
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.reimageplus
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\reimageplus.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\utop.it
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.reimageplus.co
Value Found:  HKU\S-1-5-21-517651220-3426787782-2425582286-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Bubble Dock]
Value Found:  HKU\S-1-5-21-517651220-3426787782-2425582286-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Selection Tools]
Value Found:  HKU\S-1-5-21-517651220-3426787782-2425582286-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [WindApp]
Value Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [InstantSupport]
Value Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [PCAcceleratePro]
Value Found:  HKU\S-1-5-21-517651220-3426787782-2425582286-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [SlimCleaner Plus]
Key Found:  HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
Key Found:  HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
Key Found:  HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
Key Found:  HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [10843 Bytes] - [10/06/2017 00:31:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10917 Bytes] ##########
 



#9 digitallive

digitallive

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 09 June 2017 - 10:45 PM

Farbar Service Scanner Version: 27-01-2016
Ran by Julie (administrator) on 10-06-2017 at 00:34:34
Running from "C:\Users\Julie\Desktop"
Microsoft Windows 10 Home  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****



#10 digitallive

digitallive

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 09 June 2017 - 10:50 PM

computer appears to be running fine now. no pop ups, net browsing normal. have only tried a few minutes

 

thank you and my apologies for late reply



#11 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,038 posts

Posted 11 June 2017 - 09:02 AM

Hello digitallive.

I apologize for the late reply.

It's good to hear that your computer appears to be running well. The logs show that the tools removed many infected items from the system.

 

Now go to Programs and Features under Control Panel and check if the program Wajam is still installed.

If so, try to uninstall Wajam using Revo Uninstaller. NOTE: If it does not appear on the list of installed programs please skip this step and go to the next step.

Please download and install the free version of Revo Uninstaller
Right-click on the icon of Revo Uninstaller and select Run as administrator to run the tool.
Click Yes to accept any security warnings that may appear.
Select Wajam and click Uninstall. Follow the instructions to complete the removal process.
In 'Search Mode' set it to 'Advanced' and click on the Scan button. The tool will search for leftovers.
Click on Delete and then click Next. You may have to repeat this to delete all the leftovers (Registry items, files and folders).
Click on the Finish button.
Restart the computer.


Next,

Please download Zemana AntiMalware and save it to your Desktop.

  • Right-click on the icon and select Run as administrator to install the program.
  • Click Yes to accept the security warning.
  • Once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
  • Click on the Back button.
  • On the top right corner click on Reports icon (the one with three bars) and double click on the latest report.
  • Now click File > Save As, then choose your Desktop and click the Save button.
  • Please post the contents of the saved report in your next reply.


Next, let's search for leftovers with ESET Online Scanner.

Please scan your computer with ESET Online Scanner.

  • Click on this link to open ESET Online Scanner in a new window.
  • Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
  • Close all your programs and browsers and disconnect any USB flash drives from the computer.
  • Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
  • Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.
  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Click Yes to accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.


Please post the contents of the Zemana AntiMalware log, the contents of the ESET log (if it produced one) and let me know how is the computer running.

 

 

Thank you.

 

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#12 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,038 posts

Posted 12 July 2017 - 02:32 PM

Since the issue appear to be resolved, this topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.




Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!