[RESOLVED] Family Computer Cleanup
Hi,
A friend brought his Dell Optiplex 620 back in because of it "getting really slow", especially when trying to surf the web. MB found two malware threats and over 350 PUPs and other files. I've followed the steps in the Rules thread ... but the machine still seems like it's dragging on something else.
Here's what I've done so far:
1. Windows Firewall IS on, it was when user had the machine.
2. Using Avast!, up to date. Avast! did not find anything.
3. Downloaded Malwarebytes and ran scan. Two definite threats found, both from Trojan Chrome INJ. Also over 350 other PUPs and files quarantined. The log appears below.
4. Ran DDS ... the logs will appear below. Might have to use more than one post because of length.
Thanks for your help!
-Peter
(The MBAM file is very large ... posting it over the next 3 posts)
---- MBAM P1 ---
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/15/2014
Scan Time: 2:02:13 PM
Logfile: mbam.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.15.07
Rootkit Database: v2014.11.12.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Doug
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 342026
Time Elapsed: 9 min, 16 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 48
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0FA32667-9A8A-4E9C-902F-CA3323180003}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2A42D13C-D427-4787-821B-CF6973855778}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6B458F62-592F-4B25-8967-E6A350A59328}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0FA32667-9A8A-4E9C-902F-CA3323180003}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2A42D13C-D427-4787-821B-CF6973855778}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6B458F62-592F-4B25-8967-E6A350A59328}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TBSB07898.TBSB07898.3, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TBSB07898.TBSB07898, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TBSB07898.TBSB07898, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TBSB07898.IEToolbar, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TBSB07898.IEToolbar.1, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TBSB07898.IEToolbar, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TBSB07898.IEToolbar.1, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TBSB07898.TBSB07898.3, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKU\S-1-5-21-2143344270-1574984809-1801501437-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKU\S-1-5-21-2143344270-1574984809-1801501437-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{4509D3CC-B642-4745-B030-645B79522C6D}, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4897BBA6-48D9-468C-8EFA-846275D7701B}, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4897BBA6-48D9-468C-8EFA-846275D7701B}, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{4509D3CC-B642-4745-B030-645B79522C6D}, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\CLASSES\URLSearchHook.ToolbarURLSearchHook.1, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\CLASSES\URLSearchHook.ToolbarURLSearchHook, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\URLSearchHook.ToolbarURLSearchHook, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\URLSearchHook.ToolbarURLSearchHook.1, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\CLASSES\Toolbar3.TBSB07898.1, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\CLASSES\Toolbar3.TBSB07898, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.TBSB07898, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.TBSB07898.1, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.BestToolbar.A, HKU\S-1-5-21-2143344270-1574984809-1801501437-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.BestToolbar.A, HKU\S-1-5-21-2143344270-1574984809-1801501437-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.SearchApp.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\aaaaaiabcopkplhgaedhbloeejhhankf, Quarantined, [b162d963fe7eec4a877882bbb0536997],
PUP.Optional.SearchApp.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\aaaaaiabcopkplhgaedhbloeejhhankf, Quarantined, [f51eca727705ad8910efc17cf70c50b0],
Registry Values: 3
Trojan.Chrome.INJ, HKU\S-1-5-21-2143344270-1574984809-1801501437-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|kcacnlcowkzy, regsvr32.exe /s "C:\Users\Doug\AppData\Local\Apple Computer\kcacnlcowkzy.dll", Quarantined, [44cfd369790366d019b821c242bfc53b]
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [4ac929134834112567cab1091de5c838],
Registry Data: 0
(No malicious items detected)
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/15/2014
Scan Time: 2:02:13 PM
Logfile: mbam.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.15.07
Rootkit Database: v2014.11.12.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Doug
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 342026
Time Elapsed: 9 min, 16 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 48
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0FA32667-9A8A-4E9C-902F-CA3323180003}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2A42D13C-D427-4787-821B-CF6973855778}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6B458F62-592F-4B25-8967-E6A350A59328}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0FA32667-9A8A-4E9C-902F-CA3323180003}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2A42D13C-D427-4787-821B-CF6973855778}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6B458F62-592F-4B25-8967-E6A350A59328}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TBSB07898.TBSB07898.3, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TBSB07898.TBSB07898, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TBSB07898.TBSB07898, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TBSB07898.IEToolbar, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TBSB07898.IEToolbar.1, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TBSB07898.IEToolbar, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TBSB07898.IEToolbar.1, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TBSB07898.TBSB07898.3, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKU\S-1-5-21-2143344270-1574984809-1801501437-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKU\S-1-5-21-2143344270-1574984809-1801501437-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{4509D3CC-B642-4745-B030-645B79522C6D}, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4897BBA6-48D9-468C-8EFA-846275D7701B}, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4897BBA6-48D9-468C-8EFA-846275D7701B}, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{4509D3CC-B642-4745-B030-645B79522C6D}, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\CLASSES\URLSearchHook.ToolbarURLSearchHook.1, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\CLASSES\URLSearchHook.ToolbarURLSearchHook, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\URLSearchHook.ToolbarURLSearchHook, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\URLSearchHook.ToolbarURLSearchHook.1, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\CLASSES\Toolbar3.TBSB07898.1, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\CLASSES\Toolbar3.TBSB07898, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.TBSB07898, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.TBSB07898.1, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.BestToolbar.A, HKU\S-1-5-21-2143344270-1574984809-1801501437-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.BestToolbar.A, HKU\S-1-5-21-2143344270-1574984809-1801501437-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.SearchApp.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\aaaaaiabcopkplhgaedhbloeejhhankf, Quarantined, [b162d963fe7eec4a877882bbb0536997],
PUP.Optional.SearchApp.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\aaaaaiabcopkplhgaedhbloeejhhankf, Quarantined, [f51eca727705ad8910efc17cf70c50b0],
Registry Values: 3
Trojan.Chrome.INJ, HKU\S-1-5-21-2143344270-1574984809-1801501437-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|kcacnlcowkzy, regsvr32.exe /s "C:\Users\Doug\AppData\Local\Apple Computer\kcacnlcowkzy.dll", Quarantined, [44cfd369790366d019b821c242bfc53b]
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [4ac929134834112567cab1091de5c838],
Registry Data: 0
(No malicious items detected)
-------