Ran Emergency kit and Hitman Pro [Removed pending steps]

I posted this yesterday late anonymously, but it hasn't been approved yet, so I created an account so that hopefully I can post everything. IE 11 opens very small and won't work at all. I'm using Chrome right now and it seems to work. Logs as follows: [Malwarebytes] Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.01.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 family :: PATTISHP [administrator] 12/31/2013 5:51:35 PM mbam-log-2013-12-31 (17-51-35).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 245653 Time elapsed: 5 minute(s), 45 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 1 C:\Users\family\AppData\Local\TBHostSupport\TBHostSupport_0.dll (PUP.Optional.Conduit) -> Delete on reboot. Registry Keys Detected: 20 HKCR\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully. HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully. HKCR\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully. HKCR\wajam.WajamDownloader.1 (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully. HKCR\wajam.WajamDownloader (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully. HKCR\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} (PUP.Optional.Datamngr.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully. HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1 (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. HKCR\AppID\priam_bho.DLL (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully. HKCU\Software\Conduit\ValueApps (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully. HKCU\Software\Distromatic\Toolbars (PUP.Optional.AlexaTB.A) -> Quarantined and deleted successfully. HKCU\Software\InstalledBrowserExtensions\Innovative Apps (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\SEARCHPROTECT (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\WAJAM (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Wow6432Node\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully. HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. HKCR\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. HKCR\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. Registry Values Detected: 5 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TBHostSupport (PUP.Optional.Conduit) -> Data: "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\family\AppData\Local\TBHostSupport\TBHostSupport_0.dll",DLLRunTBHostSupportPlugin -> Quarantined and deleted successfully. HKCU\Software\SearchProtect|IELastInstalledTBHomepage (PUP.Optional.SearchProtect.A) -> Data: http://search.conduit.com?SearchSource=10&CUI=UN19871615090362996&UM=2&ctid=CT3298566 -> Quarantined and deleted successfully. HKCU\Software\Wajam|affiliate_id (PUP.Optional.Wajam.A) -> Data: 3220 -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES (X86)\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGHELPERAPP.EXE (PUP.Optional.SweetIM.A) -> Data: 1 -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES (X86)\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGTOOLBARPROXY.DLL (PUP.Optional.SweetIM.A) -> Data: 1 -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 11 C:\Program Files (x86)\SweetIM\Toolbars (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\flavours (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Users\family\AppData\Local\TBHostSupport (PUP.Optional.Conduit) -> Delete on reboot. C:\Users\family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully. Files Detected: 99 C:\Users\family\Downloads\Flash_Setup (1).exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully. C:\Users\family\Downloads\Flash_Setup.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully. C:\Users\family\AppData\Local\Conduit\CT3289847\WhiteSmoke_NewAutoUpdateHelper.exe (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\default.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf\logger.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\about.html (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\affid.dat (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\basis.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\bing.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dating.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\find.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\games.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\glitter.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\google.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\help.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\highlight.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\locales.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\music.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\news.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\onstart.js (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\options.html (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\photos.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\shopping.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\video.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-search.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_blank.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\flavours\toolbar_bng.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\flavours\toolbar_ggl.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\flavours\toolbar_yho.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Users\family\AppData\Local\TBHostSupport\TBHostSupport.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully. C:\Users\family\AppData\Local\TBHostSupport\TBHostSupport_0.dll (PUP.Optional.Conduit) -> Delete on reboot. C:\Users\family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\uninstall.lnk (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully. (end)

I have had trouble with Malware that was not detected by either Norton or McAfee. I followed all of the instructions. Attached are the first four logs. The 5th and 6th are below. Thank you so much! Results of screen317's Security Check version 0.99.78 [Pending the steps - in order starting with Malwarebytes]

Internet Explorer 11.0.9600.16476 LeeFamily :: LEEFAMILY-PC [administrator] Protection: Disabled 1/18/2014 4:56:27 PM mbam-log-2014-01-18 (16-56-27).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 629593 Time elapsed: 1 hour(s), 52 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 1 C:\Users\LeeFamily\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Delete on reboot. Registry Keys Detected: 1 HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully. Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\SysWOW64\rundll32.exe "C:\Users\LeeFamily\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 2 C:\Users\LeeFamily\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Delete on reboot. C:\Users\LeeFamily\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully. Files Detected: 12 C:\Users\LeeFamily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E0AT1LYQ\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\LeeFamily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WYH1S711\spstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\LeeFamily\AppData\Local\Temp\nshCE6A.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\LeeFamily\AppData\Local\Temp\nshF9F.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\LeeFamily\AppData\Local\Temp\nss15F7.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\LeeFamily\AppData\Local\Temp\nstDBF1.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\LeeFamily\AppData\Local\Temp\nsxCAD1.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\LeeFamily\AppData\Local\Temp\parent.txt (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully. C:\Users\LeeFamily\AppData\Local\Temp\30806087-8ec0-491e-8297-5c087b20ea770\parent.txt (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully. C:\Users\LeeFamily\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Delete on reboot. C:\Users\LeeFamily\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully. C:\Users\LeeFamily\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully. (end) O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found. O2:64bit: - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found. O2:64bit: - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No CLSID value found. O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2:64bit: - BHO: (Highlightly) - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll (Highlightly) O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Highlightly) - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files (x86)\Highlightly\IE\HighlightlyClientIE.dll (Highlightly) O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O3 - HKU\S-1-5-21-677949184-3754523269-1628976051-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-677949184-3754523269-1628976051-1000..\Run: [Amazon Cloud Player] C:\Users\LeeFamily\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe () O4 - HKU\S-1-5-21-677949184-3754523269-1628976051-1000..\Run: [BrowserProtect] "C:\Program Files (x86)\BrowserProtect\BpAuto.lnk" File not found O4 - HKU\S-1-5-21-677949184-3754523269-1628976051-1000..\Run: [NETGEARGenie] C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe () O4 - HKU\S-1-5-21-677949184-3754523269-1628976051-1000..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-677949184-3754523269-1628976051-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-677949184-3754523269-1628976051-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-677949184-3754523269-1628976051-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: LastPass - file://C:\Users\LeeFamily\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\LeeFamily\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: LastPass - file://C:\Users\LeeFamily\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\LeeFamily\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass) O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass) O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass) O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-677949184-3754523269-1628976051-1000\..Trusted Domains: vizzed.com ([www] * in Trusted sites) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://remote.wtplaw.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35C59CC6-AF6C-4012-9E12-2DC18D59BF3C}: DhcpNameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51BEA4CB-DF75-488E-BB4B-6B3C4E4B46FF}: NameServer = 208.67.220.123,208.67.222.123 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{19a60e7c-f23f-11e1-ba4b-782bcbb47808}\Shell - "" = AutoRun O33 - MountPoints2\{19a60e7c-f23f-11e1-ba4b-782bcbb47808}\Shell\AutoRun\command - "" = E:\SISetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014/01/19 08:33:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\LeeFamily\Desktop\OTL.exe [2014/01/18 20:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Highlightly [2014/01/18 20:40:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Highlightly [2014/01/18 18:45:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2014/01/18 15:56:25 | 000,000,000 | ---D | C] -- C:\Users\LeeFamily\.android [2014/01/18 15:56:22 | 000,000,000 | ---D | C] -- C:\Users\LeeFamily\AppData\Local\cache [2014/01/17 20:47:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 [2014/01/16 20:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Strongvault Online Backup [2014/01/16 20:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Winferno [2014/01/16 20:09:44 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin [2014/01/16 20:09:38 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin [2014/01/16 20:08:42 | 000,516,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CapiCom.dll [2014/01/16 19:56:28 | 000,000,000 | ---D | C] -- C:\Users\LeeFamily\AppData\Local\CatalinaGroup [2014/01/16 19:29:39 | 000,000,000 | ---D | C] -- C:\Users\LeeFamily\AppData\Local\Downloaded Installations [2014/01/16 19:29:36 | 000,000,000 | ---D | C] -- C:\Users\LeeFamily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor [2014/01/16 19:20:44 | 000,000,000 | ---D | C] -- C:\Users\LeeFamily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts [2014/01/14 19:06:16 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2014/01/14 19:06:16 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2014/01/13 17:16:40 | 000,000,000 | ---D | C] -- C:\Users\LeeFamily\Desktop\41560855.gpd - Shortcut [2014/01/09 20:59:51 | 000,000,000 | ---D | C] -- C:\Users\LeeFamily\AppData\Local\Daring_Development_Inc [2014/01/09 20:59:40 | 000,000,000 | ---D | C] -- C:\Users\LeeFamily\AppData\Roaming\SmartPCFix [2014/01/06 22:43:37 | 000,000,000 | ---D | C] -- C:\Users\LeeFamily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup [2014/01/01 21:10:42 | 000,000,000 | ---D | C] -- C:\Users\LeeFamily\Documents\BlackBerry [2014/01/01 21:02:34 | 000,000,000 | ---D | C] -- C:\Users\LeeFamily\AppData\Local\Research In Motion [2014/01/01 21:02:33 | 000,000,000 | ---D | C] -- C:\Users\LeeFamily\AppData\Roaming\Research In Motion [2014/01/01 21:02:00 | 000,044,544 | ---- | C] (Research in Motion Ltd) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys [2014/01/01 21:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry [2014/01/01 21:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion [2014/01/01 21:01:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\XCPCSync.OEM [2014/01/01 21:01:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Research In Motion [2014/01/01 21:01:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Research In Motion [2013/12/29 07:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud [2013/12/29 07:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/12/29 07:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/12/29 07:54:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013/12/29 07:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/12/29 07:54:54 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013/12/23 14:32:50 | 004,558,848 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr [2013/12/21 22:42:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Overwolf [2013/12/21 22:37:31 | 000,000,000 | ---D | C] -- C:\Users\LeeFamily\AppData\Roaming\TS3Client [2013/12/21 22:37:25 | 000,000,000 | ---D | C] -- C:\Users\LeeFamily\AppData\Local\Overwolf [2011/11/09 21:46:16 | 014,880,256 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe [43 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [43 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Users\LeeFamily\Desktop\*.tmp files -> C:\Users\LeeFamily\Desktop\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014/01/19 10:52:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014/01/19 10:43:03 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-677949184-3754523269-1628976051-1000UA.job [2014/01/19 10:00:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014/01/19 08:24:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/01/18 23:02:13 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014/01/18 23:02:13 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-677949184-3754523269-1628976051-1000Core.job [2014/01/18 19:26:26 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014/01/18 19:26:26 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014/01/18 19:21:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LeeFamily\Desktop\OTL.exe [2014/01/18 19:17:28 | 523,071,487 | -HS- | M] () -- C:\hiberfil.sys [2014/01/18 15:47:26 | 007,823,360 | ---- | M] () -- C:\Users\LeeFamily\Desktop\MyCAREER1.CMG [2014/01/18 14:46:35 | 001,613,824 | ---- | M] () -- C:\Users\LeeFamily\Desktop\savegame.svg.bak [2014/01/18 14:21:58 | 001,613,824 | ---- | M] () -- C:\Users\LeeFamily\Desktop\savegame.svg [2014/01/18 14:20:47 | 001,613,824 | ---- | M] () -- C:\Users\LeeFamily\Desktop\savegame.svg.bak.bak [2014/01/18 14:19:16 | 000,783,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014/01/18 14:19:16 | 000,663,222 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014/01/18 14:19:16 | 000,122,090 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014/01/18 13:44:16 | 001,365,204 | ---- | M] () -- C:\Users\LeeFamily\Desktop\Segment 3.bin [2014/01/18 13:44:16 | 000,500,352 | ---- | M] () -- C:\Users\LeeFamily\Desktop\Segment 7.bin [2014/01/18 13:44:16 | 000,490,512 | ---- | M] () -- C:\Users\LeeFamily\Desktop\Segment 4.bin [2014/01/18 13:44:16 | 000,082,861 | ---- | M] () -- C:\Users\LeeFamily\Desktop\Segment 2.bin [2014/01/18 13:44:16 | 000,044,681 | ---- | M] () -- C:\Users\LeeFamily\Desktop\Segment 6.bin [2014/01/18 13:44:16 | 000,033,057 | ---- | M] () -- C:\Users\LeeFamily\Desktop\Segment 5.bin [2014/01/18 13:44:16 | 000,001,279 | ---- | M] () -- C:\Users\LeeFamily\Desktop\Segment 1.bin [2014/01/18 13:44:16 | 000,000,005 | ---- | M] () -- C:\Users\LeeFamily\Desktop\Segment 0.bin [2014/01/18 01:55:35 | 000,790,528 | ---- | M] () -- C:\Users\LeeFamily\Desktop\SGTA412 [2014/01/17 20:53:19 | 007,835,648 | ---- | M] () -- C:\Users\LeeFamily\Desktop\mod.CMG [2014/01/17 20:50:16 | 007,835,648 | ---- | M] () -- C:\Users\LeeFamily\Desktop\mod.CMG.bak [2014/01/16 20:33:02 | 000,000,220 | ---- | M] () -- C:\Users\LeeFamily\Desktop\Saints Row IV.url [2014/01/16 20:31:40 | 003,814,862 | ---- | M] () -- C:\Users\LeeFamily\Desktop\ClientRegistry.blob [2014/01/16 20:31:19 | 000,000,000 | ---- | M] () -- C:\Users\LeeFamily\Desktop\.crash [2014/01/15 14:50:04 | 000,454,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014/01/13 17:14:39 | 000,000,732 | ---- | M] () -- C:\Users\LeeFamily\Desktop\41560855.gpd - Shortcut.rar [2014/01/13 17:14:18 | 000,001,052 | ---- | M] () -- C:\Users\LeeFamily\Desktop\41560855.gpd - Shortcut.lnk [2014/01/13 17:12:35 | 000,248,437 | ---- | M] () -- C:\Users\LeeFamily\Desktop\41560855.gpd [2014/01/13 16:40:20 | 000,614,400 | ---- | M] () -- C:\Users\LeeFamily\Desktop\SGTA50015 [2014/01/13 16:30:07 | 000,606,208 | ---- | M] () -- C:\Users\LeeFamily\Desktop\SGTA50010.bak [2014/01/13 16:29:18 | 007,823,360 | ---- | M] () -- C:\Users\LeeFamily\Desktop\MyCAREER3.CMG [2014/01/13 16:29:07 | 007,835,648 | ---- | M] () -- C:\Users\LeeFamily\Desktop\MyCAREER4.CMG [2014/01/13 16:24:26 | 000,614,400 | ---- | M] () -- C:\Users\LeeFamily\Desktop\SGTA50015.bak [2014/01/12 16:56:29 | 000,606,208 | ---- | M] () -- C:\Users\LeeFamily\Desktop\SGTA50009.bak.bak.bak [2014/01/12 16:44:59 | 007,835,648 | ---- | M] () -- C:\Users\LeeFamily\Desktop\MyCAREER4.CMG.bak [2014/01/12 15:28:41 | 000,331,776 | ---- | M] () -- C:\Users\LeeFamily\Desktop\SGTA50009.bak [2014/01/12 15:27:28 | 000,331,776 | ---- | M] () -- C:\Users\LeeFamily\Desktop\SGTA50009.bak.bak [2014/01/12 15:26:42 | 000,331,776 | ---- | M] () -- C:\Users\LeeFamily\Desktop\SGTA50015.bak.bak.bak.bak [2014/01/12 15:26:42 | 000,331,776 | ---- | M] () -- C:\Users\LeeFamily\Desktop\SGTA50015.bak.bak.bak [2014/01/12 15:26:42 | 000,331,776 | ---- | M] () -- C:\Users\LeeFamily\Desktop\SGTA50015.bak.bak [2014/01/12 15:26:42 | 000,331,776 | ---- | M] () -- C:\Users\LeeFamily\Desktop\SGTA50009.bak.bak.bak.bak [2014/01/10 22:48:13 | 000,155,648 | ---- | M] () -- C:\Users\LeeFamily\Desktop\ASSASSINSCREED3SAVEGAME1A [2014/01/10 22:44:38 | 000,368,640 | ---- | M] () -- C:\Users\LeeFamily\Desktop\DR2S000.DSF [2014/01/10 22:03:54 | 000,790,528 | ---- | M] () -- C:\Users\LeeFamily\Desktop\SGTA412.bak [2014/01/10 22:02:24 | 000,331,776 | ---- | M] () -- C:\Users\LeeFamily\Desktop\SGTA50010.bak.bak [2014/01/10 22:02:24 | 000,331,776 | ---- | M] () -- C:\Users\LeeFamily\Desktop\SGTA50010 [2014/01/10 21:33:07 | 000,974,848 | ---- | M] () -- C:\Users\LeeFamily\Desktop\JustCause2Save00.sav [2014/01/10 20:54:49 | 000,114,688 | ---- | M] () -- C:\Users\LeeFamily\Desktop\ASSASSINSCREED3SAVEGAME1B [2014/01/10 20:19:42 | 000,004,174 | ---- | M] () -- C:\ProgramData\P1100OS.HTM [2014/01/10 17:33:11 | 000,001,360 | ---- | M] () -- C:\Users\LeeFamily\Desktop\ROBLOX Player.lnk [2014/01/10 08:04:12 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\Play Wizard101.lnk [2014/01/05 11:55:26 | 031,863,084 | ---- | M] () -- C:\Users\LeeFamily\Documents\Youth_O Mary Don't You Weep_accomp.wav [2014/01/05 11:55:22 | 044,533,036 | ---- | M] () -- C:\Users\LeeFamily\Documents\Youth_Servant's Chorus_accomp.wav [2014/01/05 11:53:45 | 002,658,206 | ---- | M] () -- C:\Users\LeeFamily\Documents\Youth -- O Mary, Don't You Weep- Soprano I.m4a [2014/01/05 11:53:37 | 042,050,092 | ---- | M] () -- C:\Users\LeeFamily\Documents\Youth_Simple Song_accomp.wav [2014/01/05 11:52:53 | 016,644,908 | ---- | M] () -- C:\Users\LeeFamily\Documents\Youth_Hej Igazitisad_accomp.wav [2014/01/05 11:52:49 | 003,153,562 | ---- | M] () -- C:\Users\LeeFamily\Documents\Youth -- Servants' Chorus- Soprano I.m4a [2014/01/05 11:52:03 | 001,836,012 | ---- | M] () -- C:\Users\LeeFamily\Documents\Hej, Igazitsad Part I.mp3 [2014/01/05 11:51:57 | 032,264,236 | ---- | M] () -- C:\Users\LeeFamily\Documents\Youth_My Heart Soars_accomp.wav [2014/01/05 11:51:14 | 002,504,980 | ---- | M] () -- C:\Users\LeeFamily\Documents\Youth -- Simple Song.m4a [2014/01/05 11:50:37 | 015,844,652 | ---- | M] () -- C:\Users\LeeFamily\Documents\Youth_Esurientes_accomp.wav [2014/01/05 11:49:37 | 001,650,821 | ---- | M] () -- C:\Users\LeeFamily\Documents\Youth -- My Heart Soars part 1.m4a [2014/01/04 12:39:00 | 001,486,217 | ---- | M] () -- C:\Users\LeeFamily\Documents\Deb's new ride.jpg [2014/01/04 12:35:28 | 000,625,051 | ---- | M] () -- C:\Users\LeeFamily\Documents\XMChannelGuide.pdf [2014/01/04 11:05:35 | 000,032,497 | ---- | M] () -- C:\Users\LeeFamily\Documents\Ipad Receipt.pdf [2014/01/02 01:43:20 | 000,331,776 | ---- | M] () -- C:\Users\LeeFamily\Desktop\SGTA50009 [2014/01/01 21:08:46 | 738,122,818 | ---- | M] () -- C:\Users\LeeFamily\Documents\LoaderBackup-(2014-01-01).bbb [2014/01/01 21:04:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf [2014/01/01 21:02:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf [2014/01/01 21:01:50 | 000,002,236 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk [2013/12/30 18:26:40 | 005,521,408 | ---- | M] () -- C:\Users\LeeFamily\Desktop\Career 20131230182638 [2013/12/29 08:22:06 | 000,001,236 | ---- | M] () -- C:\Users\LeeFamily\Desktop\Amazon Cloud Player.lnk [2013/12/29 07:56:29 | 000,001,788 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/12/23 14:32:50 | 004,558,848 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr [2013/12/22 09:14:24 | 000,069,632 | ---- | M] () -- C:\Users\LeeFamily\Desktop\spdata_e0000308ae2d0664 [2013/12/21 19:07:14 | 004,354,499 | ---- | M] () -- C:\Program Files (x86)\childrenitsdinnertimeo8.gif [43 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [43 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Users\LeeFamily\Desktop\*.tmp files -> C:\Users\LeeFamily\Desktop\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014/01/18 18:51:41 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2014/01/18 15:47:26 | 007,823,360 | ---- | C] () -- C:\Users\LeeFamily\Desktop\MyCAREER1.CMG [2014/01/18 14:46:21 | 001,613,824 | ---- | C] () -- C:\Users\LeeFamily\Desktop\savegame.svg.bak.bak [2014/01/18 14:21:58 | 001,613,824 | ---- | C] () -- C:\Users\LeeFamily\Desktop\savegame.svg [2014/01/18 13:44:16 | 001,365,204 | ---- | C] () -- C:\Users\LeeFamily\Desktop\Segment 3.bin [2014/01/18 13:44:16 | 000,500,352 | ---- | C] () -- C:\Users\LeeFamily\Desktop\Segment 7.bin [2014/01/18 13:44:16 | 000,490,512 | ---- | C] () -- C:\Users\LeeFamily\Desktop\Segment 4.bin [2014/01/18 13:44:16 | 000,044,681 | ---- | C] () -- C:\Users\LeeFamily\Desktop\Segment 6.bin [2014/01/18 13:44:16 | 000,033,057 | ---- | C] () -- C:\Users\LeeFamily\Desktop\Segment 5.bin [2014/01/18 13:44:16 | 000,001,279 | ---- | C] () -- C:\Users\LeeFamily\Desktop\Segment 1.bin [2014/01/18 13:44:16 | 000,000,005 | ---- | C] () -- C:\Users\LeeFamily\Desktop\Segment 0.bin [2014/01/17 22:47:02 | 000,082,861 | ---- | C] () -- C:\Users\LeeFamily\Desktop\Segment 2.bin [2014/01/17 20:55:21 | 001,613,824 | ---- | C] () -- C:\Users\LeeFamily\Desktop\savegame.svg.bak [2014/01/17 20:52:47 | 007,835,648 | ---- | C] () -- C:\Users\LeeFamily\Desktop\mod.CMG.bak [2014/01/17 20:42:56 | 007,835,648 | ---- | C] () -- C:\Users\LeeFamily\Desktop\mod.CMG [2014/01/16 20:33:02 | 000,000,220 | ---- | C] () -- C:\Users\LeeFamily\Desktop\Saints Row IV.url [2014/01/16 20:31:19 | 000,000,000 | ---- | C] () -- C:\Users\LeeFamily\Desktop\.crash [2014/01/16 20:05:18 | 000,248,437 | ---- | C] () -- C:\Users\LeeFamily\Desktop\41560855.gpd [2014/01/16 19:21:16 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe [2014/01/13 17:14:39 | 000,000,732 | ---- | C] () -- C:\Users\LeeFamily\Desktop\41560855.gpd - Shortcut.rar [2014/01/13 17:14:18 | 000,001,052 | ---- | C] () -- C:\Users\LeeFamily\Desktop\41560855.gpd - Shortcut.lnk [2014/01/13 16:29:54 | 000,331,776 | ---- | C] () -- C:\Users\LeeFamily\Desktop\SGTA50010.bak.bak [2014/01/13 16:29:18 | 007,823,360 | ---- | C] () -- C:\Users\LeeFamily\Desktop\MyCAREER3.CMG [2014/01/12 16:56:24 | 000,331,776 | ---- | C] () -- C:\Users\LeeFamily\Desktop\SGTA50009.bak.bak.bak.bak [2014/01/12 16:44:59 | 007,835,648 | ---- | C] () -- C:\Users\LeeFamily\Desktop\MyCAREER4.CMG.bak [2014/01/12 15:30:28 | 000,790,528 | ---- | C] () -- C:\Users\LeeFamily\Desktop\SGTA412.bak [2014/01/12 15:18:15 | 000,606,208 | ---- | C] () -- C:\Users\LeeFamily\Desktop\SGTA50010.bak [2014/01/12 06:23:32 | 000,614,400 | ---- | C] () -- C:\Users\LeeFamily\Desktop\SGTA50015 [2014/01/11 00:12:27 | 000,606,208 | ---- | C] () -- C:\Users\LeeFamily\Desktop\SGTA50009.bak.bak.bak [2014/01/11 00:12:00 | 000,331,776 | ---- | C] () -- C:\Users\LeeFamily\Desktop\SGTA50009.bak.bak [2014/01/11 00:11:18 | 000,331,776 | ---- | C] () -- C:\Users\LeeFamily\Desktop\SGTA50009.bak [2014/01/11 00:04:06 | 000,331,776 | ---- | C] () -- C:\Users\LeeFamily\Desktop\SGTA50015.bak.bak.bak.bak [2014/01/11 00:03:20 | 000,331,776 | ---- | C] () -- C:\Users\LeeFamily\Desktop\SGTA50015.bak.bak.bak [2014/01/11 00:03:06 | 000,331,776 | ---- | C] () -- C:\Users\LeeFamily\Desktop\SGTA50015.bak.bak [2014/01/11 00:02:57 | 000,614,400 | ---- | C] () -- C:\Users\LeeFamily\Desktop\SGTA50015.bak [2014/01/10 22:03:54 | 000,790,528 | ---- | C] () -- C:\Users\LeeFamily\Desktop\SGTA412 [2014/01/10 22:02:24 | 000,331,776 | ---- | C] () -- C:\Users\LeeFamily\Desktop\SGTA50010 [2014/01/10 20:49:50 | 000,974,848 | ---- | C] () -- C:\Users\LeeFamily\Desktop\JustCause2Save00.sav [2014/01/10 08:58:38 | 000,114,688 | ---- | C] () -- C:\Users\LeeFamily\Desktop\ASSASSINSCREED3SAVEGAME1B [2014/01/10 08:04:12 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\Play Wizard101.lnk [2014/01/05 11:54:04 | 031,863,084 | ---- | C] () -- C:\Users\LeeFamily\Documents\Youth_O Mary Don't You Weep_accomp.wav [2014/01/05 11:53:39 | 002,658,206 | ---- | C] () -- C:\Users\LeeFamily\Documents\Youth -- O Mary, Don't You Weep- Soprano I.m4a [2014/01/05 11:53:25 | 044,533,036 | ---- | C] () -- C:\Users\LeeFamily\Documents\Youth_Servant's Chorus_accomp.wav [2014/01/05 11:52:38 | 003,153,562 | ---- | C] () -- C:\Users\LeeFamily\Documents\Youth -- Servants' Chorus- Soprano I.m4a [2014/01/05 11:52:23 | 016,644,908 | ---- | C] () -- C:\Users\LeeFamily\Documents\Youth_Hej Igazitisad_accomp.wav [2014/01/05 11:52:03 | 001,836,012 | ---- | C] () -- C:\Users\LeeFamily\Documents\Hej, Igazitsad Part I.mp3 [2014/01/05 11:51:26 | 042,050,092 | ---- | C] () -- C:\Users\LeeFamily\Documents\Youth_Simple Song_accomp.wav [2014/01/05 11:51:12 | 002,504,980 | ---- | C] () -- C:\Users\LeeFamily\Documents\Youth -- Simple Song.m4a [2014/01/05 11:50:56 | 032,264,236 | ---- | C] () -- C:\Users\LeeFamily\Documents\Youth_My Heart Soars_accomp.wav [2014/01/05 11:50:12 | 015,844,652 | ---- | C] () -- C:\Users\LeeFamily\Documents\Youth_Esurientes_accomp.wav [2014/01/05 11:49:36 | 001,650,821 | ---- | C] () -- C:\Users\LeeFamily\Documents\Youth -- My Heart Soars part 1.m4a [2014/01/04 12:39:00 | 001,486,217 | ---- | C] () -- C:\Users\LeeFamily\Documents\Deb's new ride.jpg [2014/01/04 12:35:28 | 000,625,051 | ---- | C] () -- C:\Users\LeeFamily\Documents\XMChannelGuide.pdf [2014/01/04 11:05:35 | 000,032,497 | ---- | C] () -- C:\Users\LeeFamily\Documents\Ipad Receipt.pdf [2014/01/02 01:43:20 | 000,331,776 | ---- | C] () -- C:\Users\LeeFamily\Desktop\SGTA50009 [2014/01/01 21:04:56 | 738,122,818 | ---- | C] () -- C:\Users\LeeFamily\Documents\LoaderBackup-(2014-01-01).bbb [2014/01/01 21:04:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf [2014/01/01 21:02:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf [2014/01/01 21:01:50 | 000,002,236 | ---- | C] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk [2013/12/30 18:26:40 | 005,521,408 | ---- | C] () -- C:\Users\LeeFamily\Desktop\Career 20131230182638 [2013/12/29 08:22:06 | 000,001,236 | ---- | C] () -- C:\Users\LeeFamily\Desktop\Amazon Cloud Player.lnk [2013/12/29 07:56:29 | 000,001,788 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/12/27 13:50:36 | 000,368,640 | ---- | C] () -- C:\Users\LeeFamily\Desktop\DR2S000.DSF [2013/12/23 19:09:36 | 000,155,648 | ---- | C] () -- C:\Users\LeeFamily\Desktop\ASSASSINSCREED3SAVEGAME1A [2013/12/22 21:23:18 | 007,835,648 | ---- | C] () -- C:\Users\LeeFamily\Desktop\MyCAREER4.CMG [2013/12/22 09:14:24 | 000,069,632 | ---- | C] () -- C:\Users\LeeFamily\Desktop\spdata_e0000308ae2d0664 [2013/12/21 19:07:13 | 004,354,499 | ---- | C] () -- C:\Program Files (x86)\childrenitsdinnertimeo8.gif [2013/12/18 20:16:29 | 000,123,605 | ---- | C] () -- C:\Program Files (x86)\12_funny+pictures.jpg [2013/12/18 20:09:58 | 000,068,329 | ---- | C] () -- C:\Program Files (x86)\if-eminem-is-a-rapper-actor-wouldnt-that-make-him-a-raptor.jpg [2013/12/13 23:51:44 | 000,034,094 | ---- | C] () -- C:\Program Files (x86)\im_coming_at_you_bro_1464.jpg [2013/11/19 21:05:58 | 000,277,192 | ---- | C] () -- C:\ProgramData\1384913100.bdinstall.bin [2013/09/20 20:46:34 | 000,000,037 | -HS- | C] () -- C:\Users\LeeFamily\AppData\Local\70149b02515b3bb20dd492.47983420 [2013/08/15 18:53:04 | 000,003,745 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml [2013/08/14 09:53:54 | 000,000,581 | ---- | C] () -- C:\Windows\hegames.ini [2013/05/19 14:21:00 | 000,000,420 | ---- | C] () -- C:\Windows\wininit.ini [2013/05/05 12:39:06 | 000,024,772 | ---- | C] () -- C:\ProgramData\P1100DEF.css [2013/05/05 12:39:06 | 000,004,174 | ---- | C] () -- C:\ProgramData\P1100OS.HTM [2013/05/05 12:39:06 | 000,002,944 | ---- | C] () -- C:\ProgramData\P1100SIG.GIF [2013/04/21 13:09:24 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI [2012/11/30 09:24:50 | 000,012,292 | -H-- | C] () -- C:\Users\LeeFamily\.DS_Store [2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012/03/25 22:14:22 | 000,000,629 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [2012/03/20 08:11:57 | 000,000,106 | ---- | C] () -- C:\Windows\VaultMediaClient.INI [2012/03/08 23:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/03/08 23:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011/11/06 11:36:11 | 000,000,632 | RHS- | C] () -- C:\Users\LeeFamily\ntuser.pol [2011/10/13 19:15:59 | 000,000,000 | ---- | C] () -- C:\ProgramData\dc485d8df6bcb777a4b724db8567b8b1_c [2011/10/10 18:41:21 | 000,008,704 | ---- | C] () -- C:\Users\LeeFamily\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/09/22 19:58:15 | 000,007,597 | ---- | C] () -- C:\Users\LeeFamily\AppData\Local\Resmon.ResmonCfg [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2011/10/22 07:49:08 | 000,000,000 | ---D | M] -- C:\Users\Kids Account\AppData\Roaming\ICAClient [2011/10/22 07:49:08 | 000,000,000 | ---D | M] -- C:\Users\Kids Account\AppData\Roaming\Leadertech [2014/01/10 17:30:30 | 000,000,000 | ---D | M] -- C:\Users\LeeFamily\AppData\Roaming\.minecraft [2012/10/13 07:02:01 | 000,000,000 | ---D | M] -- C:\Users\LeeFamily\AppData\Roaming\Acronis [2011/10/05 21:18:50 | 000,000,000 | ---D | M] -- C:\Users\LeeFamily\AppData\Roaming\Amazon [2013/10/27 18:38:50 | 000,000,000 | ---D | M] -- C:\Users\LeeFamily\AppData\Roaming\Dashlane [2011/09/10 20:16:03 | 000,000,000 | ---D | M] -- C:\Users\LeeFamily\AppData\Roaming\Fingertapps [2011/10/22 22:20:06 | 000,000,000 | ---D | M] -- C:\Users\LeeFamily\AppData\Roaming\Galcon Fusion [2011/09/29 07:13:09 | 000,000,000 | ---D | M] -- C:\Users\LeeFamily\AppData\Roaming\ICAClient [2011/09/10 20:15:48 | 000,000,000 | ---D | M] -- C:\Users\LeeFamily\AppData\Roaming\Leadertech [2013/07/05 09:00:27 | 000,000,000 | ---D | M] -- C:\Users\LeeFamily\AppData\Roaming\Local [2013/09/04 22:32:37 | 000,000,000 | ---D | M] -- C:\Users\LeeFamily\AppData\Roaming\MakeMusic [2013/09/20 21:05:43 | 000,000,000 | ---D | M] -- C:\Users\LeeFamily\AppData\Roaming\Netgear Live Parental Controls [2013/11/16 07:01:44 | 000,000,000 | ---D | M] -- C:\Users\LeeFamily\AppData\Roaming\New Technology Studio [2012/10/19 18:21:18 | 000,000,000 | ---D | M] -- C:\Users\LeeFamily\AppData\Roaming\Nico Mak Computing [2011/09/10 23:25:48 | 000,000,000 | ---D | M] -- C:\Users\LeeFamily\AppData\Roaming\OpenDNS Updater [2012/02/20 14:22:13 | 000,000,000 | ---D | M] -- C:\Users\LeeFamily\AppData\Roaming\OverDrive [2011/09/12 06:05:58 | 000,000,000 | ---D | M] -- C:\Users\LeeFamily\AppData\Roaming\PCDr [2014/01/16 19:47:41 | 000,000,000 | ---D | M] -- C:\Users\LeeFamily\AppData\Roaming\QuickScan [2014/01/01 21:03:09 | 000,000,000 | ---D | M] -- C:\Users\LeeFamily\AppData\Roaming\Research In Motion [2014/01/09 21:08:16 | 000,000,000 | ---D | M] -- C:\Users\LeeFamily\AppData\Roaming\SmartPCFix [2013/12/21 22:39:20 | 000,000,000 | ---D | M] -- C:\Users\LeeFamily\AppData\Roaming\TS3Client [2012/12/13 19:44:43 | 000,000,000 | ---D | M] -- C:\Users\LeeFamily\AppData\Roaming\Unity [2011/10/22 07:44:38 | 000,000,000 | ---D | M] -- C:\Users\Main Family Account\AppData\Roaming\ICAClient [2011/10/22 07:44:37 | 000,000,000 | ---D | M] -- C:\Users\Main Family Account\AppData\Roaming\Leadertech [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 60 bytes -> C:\Users\LeeFamily\.DS_Store:AFP_AfpInfo @Alternate Data Stream - 5120 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys @Alternate Data Stream - 5120 bytes -> C:\Users\LeeFamily\Desktop\desktop.ini:gs5sys @Alternate Data Stream - 5120 bytes -> C:\ProgramData\desktop.ini:gs5sys @Alternate Data Stream - 5120 bytes -> C:\ProgramData:gs5sys @Alternate Data Stream - 304 bytes -> C:\Users\LeeFamily\Documents\thisone-1.jpg:SummaryInformation @Alternate Data Stream - 1536 bytes -> C:\Users\LeeFamily\Documents\desktop.ini:gs5sys @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34

I had Mr. PC Cleaner on my device and followed the pre-cleaning steps as well as the cleaning steps. I am attaching the logs

It's been a long time since I had to post here thanks to prudrnt web surfing and a kick-ass anti-virus program, but something doesn't seem right these last few weeks. For instance, I can't download any new programs; I wantd to update my audio/video program but I get a pop-up saying my current security settings do not allow the file to be downloaded. Even when I temporarily disable my security program it still won't allow me. I've also noticed an unusual folder in my program files. I seem to have a Google Desktop folder, although I don't want it, And I can't seem to delete it. In its Install subfile there is a folder with no words but something shaped like a key. Don't know if its related but it does seem a bit wierd. Anyway here are my logs: MBAM LOG Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.31.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Patrick :: VALUED-8BABB634 [administrator] 1/30/2014 11:00:27 PM MBAM-log-2014-01-31 (00-05-54).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 362800 Time elapsed: 1 hour(s), 2 minute(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir (PUP.Optional.Conduit) -> No action taken. C:\System Volume Information\_restore{0244974B-5625-4F09-9337-01DF509F5039}\RP942\A0152983.dll (PUP.Optional.Conduit) -> No action taken. (end) ---------------------------------- AdwCleaner log # AdwCleaner v3.013 - Report created 31/01/2014 at 10:24:37 # Updated 24/11/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Patrick - VALUED-8BABB634 # Running from : C:\Documents and Settings\Patrick\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B} Key Deleted : HKLM\Software\Description Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v25.0.1 (en-US) [ File : C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\3gagc4lx.default\prefs.js ] ************************* AdwCleaner[R0].txt - [37340 octets] - [05/11/2013 19:51:35] AdwCleaner[R1].txt - [977 octets] - [05/11/2013 19:56:38] AdwCleaner[R2].txt - [1534 octets] - [24/11/2013 18:51:19] AdwCleaner[R3].txt - [1533 octets] - [31/01/2014 10:20:58] AdwCleaner[S0].txt - [38064 octets] - [05/11/2013 19:52:38] AdwCleaner[S1].txt - [1605 octets] - [24/11/2013 18:59:32] AdwCleaner[S2].txt - [1462 octets] - [31/01/2014 10:24:37] ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1522 octets] ########## -----------------------------------

I'm a little overlly paranoid at times and before I waste anyone's time on this site I wanted to be sure that I need to have my computer reviewed by one of the experts here. I was searching recently trying to find out how to do something computer related and tried to stay on sites known to be trustworthy but got a pop up from NIS that said it blocked a trojan. I don't know which site housed the trojan as next time I went to the same site that I was on when the pop up appeared, the popup did not appear again. Anyway I did a scan with Malwarebytes and NIS to be sure nothing got through and neither found anything. Then yesterday I ran ESET online scanner and it found W32/google.toolbar.E (it said it was in ccleaner). So now my malware radar paranoia is running rampant. It does seem like my hard drive is active more than it used to be at idle times. Is it OK if I go ahead and follow the instructions for cleanup and have someone look at my computer or is it a waste of your time? Thanks so much.

Hi there, just looking for some advice. on removing WORM_DOWNAD.AD and Mal_downadd.j, trendmicro says that these have been quarantined/deleted but the messages always appear. I have patched the machines with the MicroSoftt patch for the relevant OS. I have tried the below removal tools/instructions from the trendmicro site but there is always a notification alerting that the virus has been found and not removed. What is a removal tool/process for this virus. Thanks.

I picked up one or more viruses a few months ago on my Toshiba laptop running Windows 7 Pro. I have been keeping it off the network because I didn't want to risk infecting other computers on my network. So it doesn't have the very latest updates for Windows, Java, etc. I have McAfee installed but it doesn't seem to be able to get rid of the bugs. So I followed your steps in the Clean-Up forum. Please see attachment. Thanks. Doug

it looks like AdwCleaner is the victim of a campaign to ruin its reputation, because Sophos blocks it's download, and a bunch of commenters at different download sites say it itself installs adware and such. but, we still have it listed as part of the "do this first" FAQ for security clean up. just wanted to double check, is AdwCleaner still ok to use? Is the link in the FAQ broken or hijacked? Is Sophos bad or working off bad data? Thanks - it's been a while since one of my family members got hit with something (per my request they use FF and other prophylactics). Don't want to make an annoying situation worse. -- Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam.

I'm looking at my SO's Win 7 laptop. I had assumed it was infected because the following is true: AVG real time scan is disabled. AVG control panel won't start. Windows update last completed on 8/8/2013. Windows update reports 72 important updates but won't download anything. Adobe Reader is at version 9 {known security problems} but won't download the update. i.e. - I assumed an infection of some kind had turned off the AV and the security updates. These are the results of following the mandatory cleanup process: (remainder of post attached as text)

So, my wife clicked on an ad to install something at download.com and 'voila' was infected with MySearch Dial malware. I ran MBAM, Hitman Pro, SAS, Emsisoft Emergency Kit, MBAR to kill it (yes, a little overboard). Also, fixed browser settings. I replaced AV with Avast Pro and MBAM Pro. [Mod Note: Removed extraneous commentary until steps are added]

A friend told me that I sent him a suspicious email which I didn't. So I asked him to show me the email and this is it: " Hi, hxxp://dreamland.net.in/-news.twitter.com?paxabjdoboqyc " And it was also sent to at least 20 other people. I did everything in the Mandatory Steps section and I want to know if my PC is still infected. Thank you.

Yesterday I got email that I though was about a job interview. In that email was a voice message along with a button to click to listen to it...I clicked the button. Bad mistake, no message played, instead the computer restarted itself. when it came back on my AV (AVG Fee 2014) picked up a trojan horse. I've followed all the mandatory steps but it hasn't resolved the issue.

Eight days ago I received a new desktop from Falcon Northwest and have been in the process of setting it up for general use and photoprocessing...not gaming. It is running windows 8.1, installed by Falcon. It has Windows Explorer but I am using Firefox. I am using Live Mail. Windows Defender is enabled and, about two days after I started using the machine, got MalwareBytes loaded. Early-on I noticed that when using either browser the screen suddenly, randomly, became populated with various ads, warnings about my computer and offers of assistance if I would 'click here'...which I didn't. Some of these would step on the Pandora audio and intrude aurally. The machine seems to be running otherwise normally (though I have little feel yet for what constitutes normal). No blue screens or omnious warnings. On 3/10 I did a full malware scan and 30 threats popped up. They were located in Memory Processes, Registry Keys, Folders and Files. Almost all were PUP.Optional, BetterBrowse, all were located on C:\ and all were said to be deleted and quarantined successfully. A full Defender scan showed nothing. I thought that this would have taken care of the problem but it continues. Today I ran another malware quick scan and it was clean. I next ran the ESET scan and it chowed 16 threats equally divided between D:\ and F:\ (a Drobo). These were all Win/32Adware.Vitrumonde.NEOapplication. ESET reported that they were deleted. At that point I went back to #1 and used TFC. It seemed to get stuck and required Task Manager to halt it. But the second time I ran it it reported all folders emptied:0 bytes. It never saif to reboot or not but I did anyway. I then turned malwarebytes back on, checked for updates, and ran a full scan again (of C;\, D:\ and F:\) and it was clean. AdwCleaner was then downloaded but the first attempt to run generated a warning that "Windows protected your PC and prevented an unrecognized app from starting which might put your PC at risk...: Clicking for 'info' allowed an override. The Clean button was greyed out. We chose Scan instead and then Clean. OTL was run without incident as was Security Check. The final ESET scan was clean.

I am working on a computer for someone and ran the first few steps. He complained first about not being able to get on the internet, the computer running extremely slow, and pop-ups. I noticed that he is not getting an IP address. Ran TFC, then ADW, then MBAM. Ran the other tools to get the logs. I do not have an internet connection at this moment so I wasn't able to do the online scan, it's still stuck on Acquiring IP Address. I have posted the logs (except for ADW which has disappeared and now the computer comes up clean when running ADW). I noticed there are TONS of services set for Automatic that don't seem legitimate, however, I don't know the first thing about checking them.

My friend gave me her laptop to look at, after her kids messed it up. She said they had most likely been clicking on all kinds of ad links and fake virus warnings, as well as downloading stuff they probably shouldn't have been. She said that it got to the point where she couldn't access anything through her browser. When I looked at it, I couldn't get any sites to come up in Internet Explorer, although there was an internet connection present. I also couldn't get her McAfee to update. It would warn me it was out of date and tell me updates were available, but when I tried to update it, it would hang for a minute and then do nothing. I also saw all kinds of programs that I doubt she installed, some of them I knew to be junk, and others that I did not recognize. And overall, the system was moving slowly. I managed to get IE working again, but I was still getting some weird popup warnings, so I decided to come here for help. The required steps removed some more junk, and things seem to be moving faster, but I'm still having the problems with McAfee that I mentioned above. Not sure if there's still junk on her machine, or if the installation got messed up somehow.

:mad:OK. Can't start computer in safe mode. It immediately goes into shutdown. Created, burned, update file def's, ran Kaspersky Rescue Disk 10. Found some items and deleted them. Re-ran Kaspersky, found nothing. Restarted computer still have the Homeland Security warning. Pulled hard drive. Bridged to my computer. Trying to run Malwarebytes. Scan stalls at 20233 objects. Malwarebytes not responding. I would appreciate any help you can provide. Thanks.

I work out of town weeks at a time, just got in and the wife and kids have done a number on the desktop. Thanks in advance. MBAM: Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2014.04.09.06 Windows 7 Service Pack 1 x64 NTFS (Safe Mode) Internet Explorer 11.0.9600.16521 Jason i4 :: JASONMC-PC [administrator] Protection: Disabled 4/10/2014 10:03:45 AM mbam-log-2014-04-10 (10-03-45).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 374428 Time elapsed: 6 minute(s), 46 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 23 HKLM\SYSTEM\CurrentControlSet\Services\ConvertFilesforFreeUpdt (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully. HKCR\CLSID\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully. HKCR\TypeLib\{22B58425-A384-436c-A334-BB9255664D10} (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully. HKCR\Interface\{951F4658-6461-46AD-AB13-F73E7FCBE6DB} (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully. HKCR\ConvertFilesforFree.1 (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully. HKCR\ConvertFilesforFree (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59A062A1-5ECA-4A1A-BC44-B2A9283A8ACB} (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully. HKCR\CLSID\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully. HKCR\TypeLib\{EA3802D2-C00A-4478-9319-34075A31C28F} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully. HKCR\Interface\{483F56D2-1D67-44A5-A4C5-67DBB724F7A0} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Convert Files for Free (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Highlightly (PUP.Optional.Highlightly) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\cmclajginlihohopoeofghddnhpplhom (PUP.Optional.HighLightly.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Quarantined and deleted successfully. HKLM\SOFTWARE\V9Software\v9hp (PUP.Optional.V9.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\ZUpdater\ConvertFilesforFreeUpdt.exe (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully. HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HLNFD (PUP.Optional.Highlightly) -> Quarantined and deleted successfully. HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HLSVC (PUP.Optional.Highlightly) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Highlightly (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. Registry Values Detected: 5 HKLM\SOFTWARE\Mozilla\Firefox\Extensions|extension@Convert_Files_for_Free.com (PUP.Optional.FreeFileConverter.A) -> Data: C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com -> Quarantined and deleted successfully. HKLM\SOFTWARE\Mozilla\Firefox\Extensions|quick_start@gmail.com (PUP.Optional.QuickStart.A) -> Data: C:\Users\Jason i4\AppData\Roaming\Mozilla\Firefox\Profiles\bk8egblr.default\extensions\quick_start@gmail.com -> Quarantined and deleted successfully. HKLM\SOFTWARE\Mozilla\Firefox\Extensions|gethighlightly@gethighlightly.com (PUP.Optional.Highlightly.A) -> Data: C:\Program Files (x86)\Mozilla Firefox\extensions\gethighlightly@gethighlightly.com -> Quarantined and deleted successfully. HKLM\SYSTEM\CurrentControlSet\Services\hlnfd|DisplayName (PUP.Optional.Highlightly) -> Data: hlnfd -> Quarantined and deleted successfully. HKLM\SYSTEM\CurrentControlSet\Services\hlsvc|DisplayName (PUP.Optional.Highlightly) -> Data: Highlightly Client Service -> Quarantined and deleted successfully. Registry Data Items Detected: 3 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.v9.com/?type=hp&ts=1397138451&from=irs&uid=WDCXWD6400AAKS-75A7B2_WD-WMASY764972749727&i=psd&t=340c268c0) Good: (http://www.google.com) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://www.v9.com/?type=hp&ts=1397138451&from=irs&uid=WDCXWD6400AAKS-75A7B2_WD-WMASY764972749727&i=psd&t=340c268c0) Good: (http://www.google.com) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Quarantined and repaired successfully. Folders Detected: 40 C:\Program Files (x86)\Convert Files for Free (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\content (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\defaults (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\defaults\preferences (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_0 (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_1 (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Program Files\Highlightly (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Program Files\Highlightly\IE (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Highlightly (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Highlightly\3rd Party Licenses (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Highlightly\Chrome (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Highlightly\FireFox (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Highlightly\IE (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Highlightly\Service (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0 (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\img (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\img\weather (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\js (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\en (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\es (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\es_419 (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\fr (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\fr-BE (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\fr-CA (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\fr-CH (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\fr-LU (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\it (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\it-CH (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\pl (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\pt_BR (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\ru (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\ru-MO (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\tr (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\vi (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\zh_CN (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\zh_TW (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. Files Detected: 85 C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree.dll (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Highlightly\IE\HighlightlyClientIE.dll (PUP.Optional.Highlightly) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Temp\4ytergbe.05b.exe (PUP.Optional.SkyTech.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Temp\c3a3k3ql.z3c.exe (PUP.Optional.HighLightly.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Temp\dsi0xfdp.vcu.exe (PUP.Optional.FastFreeConverter.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Temp\fullpackage_temp1397138432\alilog.dll (PUP.Optional.SkyTech.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Temp\fullpackage_temp1397138432\package1.zip (PUP.Optional.SkyTech.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Convert Files for Free\install.ico (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Convert Files for Free\uninstall.exe (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\chrome.manifest (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\install.rdf (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\content\browserOverlay.js (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\content\browserOverlay.xul (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\defaults\preferences\defaults.js (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\v9.xml (PUP.Optional.V9.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Highlightly\Service\hlsvc.exe (PUP.Optional.Highlightly) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_0\background.html (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_0\background.js (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_0\icon-128.png (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_0\icon-16.png (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_0\icon-48.png (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_0\manifest.json (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_0\options.css (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_0\options.html (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_0\options.js (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_0\vitruvian.bootstrap.js (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_0\vitruvian.plugin-api.js (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_1\background.html (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_1\background.js (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_1\icon-128.png (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_1\icon-16.png (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_1\icon-48.png (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_1\manifest.json (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_1\options.css (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_1\options.html (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_1\options.js (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_1\vitruvian.bootstrap.js (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_1\vitruvian.plugin-api.js (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Highlightly\terms-of-service.rtf (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Highlightly\Uninstall.exe (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Highlightly\3rd Party Licenses\buildcrx-license.txt (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Highlightly\3rd Party Licenses\Info-ZIP-license.txt (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Highlightly\3rd Party Licenses\nsJSON-license.txt (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Highlightly\3rd Party Licenses\SimpleSC-license.txt (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Highlightly\3rd Party Licenses\UAC-license.txt (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Highlightly\Chrome\cmclajginlihohopoeofghddnhpplhom.crx (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Highlightly\FireFox\gethighlightly@gethighlightly.com.xpi (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\index.html (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\manifest.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\style.css (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\img\default_logo.png (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\img\icon128.png (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\img\icon16.png (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\img\icon48.png (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\img\loading.gif (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\img\search.png (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\img\weather\0.png (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\js\background.js (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\js\ga.js (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\js\jquery-base.js (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\js\jquery.autocomplete.js (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\js\js.js (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\js\xagainit.js (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\en\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\es\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\es_419\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\fr\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\fr-BE\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\fr-CA\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\fr-CH\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\fr-LU\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\it\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\it-CH\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\pl\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\pt_BR\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\ru\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\ru-MO\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\tr\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\vi\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\zh_CN\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\zh_TW\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully. (end) AdwCleaner: # AdwCleaner v3.023 - Report created 10/04/2014 at 13:22:31 # Updated 01/04/2014 by Xplode # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) # Username : Jason i4 - JASONMC-PC # Running from : C:\Users\Jason i4\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files (x86)\File Type Helper Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\gethighlightly@gethighlightly.com Folder Deleted : C:\Users\Jason i4\AppData\Roaming\Mozilla\Firefox\Profiles\bk8egblr.default\Extensions\quick_start@gmail.com Folder Deleted : C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc [!] Folder Deleted : C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc File Deleted : C:\END ***** [ Shortcuts ] ***** Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 4.0 Beta 10.lnk Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk Shortcut Disinfected : C:\Users\Jason i4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Shortcut Disinfected : C:\Users\Jason i4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Shortcut Disinfected : C:\Users\Jason i4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk Shortcut Disinfected : C:\Users\Jason i4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Shortcut Disinfected : C:\Users\Jason i4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk Shortcut Disinfected : C:\Users\Jason i4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk Shortcut Disinfected : C:\Users\Jason i4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ***** [ Registry ] ***** Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_securable_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_securable_RASMANCS Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SAFARI.EXE\shell\open\command Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\Software\V9Software ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16521 Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] -\\ Mozilla Firefox v28.0 (en-US) [ File : C:\Users\Jason Mc\AppData\Roaming\Mozilla\Firefox\Profiles\gjj40hsg.default\prefs.js ] [ File : C:\Users\Jason i4\AppData\Roaming\Mozilla\Firefox\Profiles\bk8egblr.default\prefs.js ] Line Deleted : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1395779534985"); [ File : C:\Users\Averi\AppData\Roaming\Mozilla\Firefox\Profiles\u8vpcrs6.default\prefs.js ] -\\ Google Chrome v33.0.1750.154 [ File : C:\Users\Jason Mc\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : homepage Deleted : search_url [ File : C:\Users\Averi\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [8548 octets] - [10/04/2014 13:19:37] AdwCleaner[S0].txt - [5194 octets] - [10/04/2014 13:22:31] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5254 octets] ##########

I have removed this virus many time but this time it won't go away. I have used KAV Live CD, AVG Live CD, Safe Mode, No Restore Point. I even started to do a manual removal but that was too tedious and I never found anything worth removing. After running the Live CDs, Windows will start and work normally for 2 minutes then it gets locked out with the moneypak screen. Not sure what to try next.