dslreports logo
spacer Home Reviews Speed Test Tools News Forums Info About Join  
 
    All Forums Hot Topics Gallery
spc

Search similar:
ForumsThe SiteOld Forums

Security CleanupInfected, need Clean-up Help Plz.

uniqs
3525
Share
« Toshiba Laptop - Windows 7 - Lots of Services / IssuesKids downloaded junk »
xxTRAGEDYxx
join:2008-03-14
Kannapolis, NC
1 edit

xxTRAGEDYxx

Member

2014-Apr-10 9:18 pm

Infected, need Clean-up Help Plz.

mbam-log-201···-45).txt
57,004 bytes		 AdwCleaner[S0].txt
5,354 bytes
I work out of town weeks at a time, just got in and the wife and kids have done a number on the desktop. Thanks in advance.

MBAM:

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.09.06

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 11.0.9600.16521
Jason i4 :: JASONMC-PC [administrator]

Protection: Disabled

4/10/2014 10:03:45 AM
mbam-log-2014-04-10 (10-03-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 374428
Time elapsed: 6 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 23
HKLM\SYSTEM\CurrentControlSet\Services\ConvertFilesforFreeUpdt (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{22B58425-A384-436c-A334-BB9255664D10} (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
HKCR\Interface\{951F4658-6461-46AD-AB13-F73E7FCBE6DB} (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
HKCR\ConvertFilesforFree.1 (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
HKCR\ConvertFilesforFree (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59A062A1-5ECA-4A1A-BC44-B2A9283A8ACB} (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKCR\TypeLib\{EA3802D2-C00A-4478-9319-34075A31C28F} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKCR\Interface\{483F56D2-1D67-44A5-A4C5-67DBB724F7A0} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Convert Files for Free (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Highlightly (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\cmclajginlihohopoeofghddnhpplhom (PUP.Optional.HighLightly.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\V9Software\v9hp (PUP.Optional.V9.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\ZUpdater\ConvertFilesforFreeUpdt.exe (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HLNFD (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HLSVC (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Highlightly (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.

Registry Values Detected: 5
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|extension@Convert_Files_for_Free.com (PUP.Optional.FreeFileConverter.A) -> Data: C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|quick_start@gmail.com (PUP.Optional.QuickStart.A) -> Data: C:\Users\Jason i4\AppData\Roaming\Mozilla\Firefox\Profiles\bk8egblr.default\extensions\quick_start@gmail.com -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|gethighlightly@gethighlightly.com (PUP.Optional.Highlightly.A) -> Data: C:\Program Files (x86)\Mozilla Firefox\extensions\gethighlightly@gethighlightly.com -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\hlnfd|DisplayName (PUP.Optional.Highlightly) -> Data: hlnfd -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\hlsvc|DisplayName (PUP.Optional.Highlightly) -> Data: Highlightly Client Service -> Quarantined and deleted successfully.

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.v9.com/?type=hp&ts=1397138451&from=irs&uid=WDCXWD6400AAKS-75A7B2_WD-WMASY764972749727&i=psd&t=340c268c0) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://www.v9.com/?type=hp&ts=1397138451&from=irs&uid=WDCXWD6400AAKS-75A7B2_WD-WMASY764972749727&i=psd&t=340c268c0) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Quarantined and repaired successfully.

Folders Detected: 40
C:\Program Files (x86)\Convert Files for Free (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\content (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\defaults (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\defaults\preferences (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_0 (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_1 (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Program Files\Highlightly (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Program Files\Highlightly\IE (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\3rd Party Licenses (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\Chrome (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\FireFox (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\IE (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\Service (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0 (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\img (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\img\weather (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\js (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\en (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\es (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\es_419 (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\fr (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\fr-BE (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\fr-CA (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\fr-CH (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\fr-LU (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\it (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\it-CH (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\pl (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\pt_BR (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\ru (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\ru-MO (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\tr (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\vi (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\zh_CN (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\zh_TW (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.

Files Detected: 85
C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree.dll (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\IE\HighlightlyClientIE.dll (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Temp\4ytergbe.05b.exe (PUP.Optional.SkyTech.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Temp\c3a3k3ql.z3c.exe (PUP.Optional.HighLightly.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Temp\dsi0xfdp.vcu.exe (PUP.Optional.FastFreeConverter.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Temp\fullpackage_temp1397138432\alilog.dll (PUP.Optional.SkyTech.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Temp\fullpackage_temp1397138432\package1.zip (PUP.Optional.SkyTech.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\install.ico (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\uninstall.exe (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\chrome.manifest (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\install.rdf (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\content\browserOverlay.js (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\content\browserOverlay.xul (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\defaults\preferences\defaults.js (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\v9.xml (PUP.Optional.V9.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\Service\hlsvc.exe (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_0\background.html (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_0\background.js (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_0\icon-128.png (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_0\icon-16.png (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_0\icon-48.png (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_0\manifest.json (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_0\options.css (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_0\options.html (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_0\options.js (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_0\vitruvian.bootstrap.js (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_0\vitruvian.plugin-api.js (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_1\background.html (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_1\background.js (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_1\icon-128.png (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_1\icon-16.png (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_1\icon-48.png (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_1\manifest.json (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_1\options.css (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_1\options.html (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_1\options.js (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_1\vitruvian.bootstrap.js (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom\1.9.0.2_1\vitruvian.plugin-api.js (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\terms-of-service.rtf (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\Uninstall.exe (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\3rd Party Licenses\buildcrx-license.txt (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\3rd Party Licenses\Info-ZIP-license.txt (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\3rd Party Licenses\nsJSON-license.txt (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\3rd Party Licenses\SimpleSC-license.txt (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\3rd Party Licenses\UAC-license.txt (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\Chrome\cmclajginlihohopoeofghddnhpplhom.crx (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\FireFox\gethighlightly@gethighlightly.com.xpi (PUP.Optional.Highlightly.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\index.html (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\manifest.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\style.css (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\img\default_logo.png (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\img\icon128.png (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\img\icon16.png (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\img\icon48.png (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\img\loading.gif (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\img\search.png (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\img\weather\0.png (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\js\background.js (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\js\ga.js (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\js\jquery-base.js (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\js\jquery.autocomplete.js (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\js\js.js (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\js\xagainit.js (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\en\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\es\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\es_419\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\fr\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\fr-BE\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\fr-CA\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\fr-CH\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\fr-LU\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\it\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\it-CH\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\pl\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\pt_BR\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\ru\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\ru-MO\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\tr\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\vi\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\zh_CN\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.
C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\zh_TW\messages.json (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.

(end)

AdwCleaner:
# AdwCleaner v3.023 - Report created 10/04/2014 at 13:22:31
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Jason i4 - JASONMC-PC
# Running from : C:\Users\Jason i4\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\File Type Helper
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\gethighlightly@gethighlightly.com
Folder Deleted : C:\Users\Jason i4\AppData\Roaming\Mozilla\Firefox\Profiles\bk8egblr.default\Extensions\quick_start@gmail.com
Folder Deleted : C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
[!] Folder Deleted : C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
File Deleted : C:\END

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 4.0 Beta 10.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Jason i4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Jason i4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Jason i4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Jason i4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Jason i4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Jason i4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Jason i4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_securable_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_securable_RASMANCS
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SAFARI.EXE\shell\open\command
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\V9Software

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Jason Mc\AppData\Roaming\Mozilla\Firefox\Profiles\gjj40hsg.default\prefs.js ]

[ File : C:\Users\Jason i4\AppData\Roaming\Mozilla\Firefox\Profiles\bk8egblr.default\prefs.js ]

Line Deleted : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1395779534985");

[ File : C:\Users\Averi\AppData\Roaming\Mozilla\Firefox\Profiles\u8vpcrs6.default\prefs.js ]

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Jason Mc\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : search_url

[ File : C:\Users\Averi\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [8548 octets] - [10/04/2014 13:19:37]
AdwCleaner[S0].txt - [5194 octets] - [10/04/2014 13:22:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5254 octets] ##########

# AdwCleaner v3.023 - Report created 10/04/2014 at 13:22:31
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Jason i4 - JASONMC-PC
# Running from : C:\Users\Jason i4\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\File Type Helper
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\gethighlightly@gethighlightly.com
Folder Deleted : C:\Users\Jason i4\AppData\Roaming\Mozilla\Firefox\Profiles\bk8egblr.default\Extensions\quick_start@gmail.com
Folder Deleted : C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
[!] Folder Deleted : C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
File Deleted : C:\END

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 4.0 Beta 10.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Jason i4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Jason i4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Jason i4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Jason i4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Jason i4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Jason i4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Jason i4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_securable_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_securable_RASMANCS
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SAFARI.EXE\shell\open\command
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\V9Software

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Jason Mc\AppData\Roaming\Mozilla\Firefox\Profiles\gjj40hsg.default\prefs.js ]

[ File : C:\Users\Jason i4\AppData\Roaming\Mozilla\Firefox\Profiles\bk8egblr.default\prefs.js ]

Line Deleted : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1395779534985");

[ File : C:\Users\Averi\AppData\Roaming\Mozilla\Firefox\Profiles\u8vpcrs6.default\prefs.js ]

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Jason Mc\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Jason i4\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : search_url

[ File : C:\Users\Averi\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [8548 octets] - [10/04/2014 13:19:37]
AdwCleaner[S0].txt - [5194 octets] - [10/04/2014 13:22:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5254 octets] ##########
actions · 2014-Apr-10 9:18 pm · (locked)
xxTRAGEDYxx

xxTRAGEDYxx

Member

2014-Apr-10 9:21 pm

OTL.Txt
133,186 bytes
I had to attach OTL.txt, it's too large to copy & paste.

OTL Extras logfile created on: 4/10/2014 1:53:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jason i4\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 6.72 Gb Available Physical Memory | 86.75% Memory free
15.50 Gb Paging File | 14.63 Gb Available in Paging File | 94.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.12 Gb Total Space | 382.82 Gb Free Space | 65.88% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.62 Gb Free Space | 50.79% Space Free | Partition Type: NTFS
Drive E: | 702.82 Mb Total Space | 646.36 Mb Free Space | 91.97% Space Free | Partition Type: UDF

Computer Name: JASONMC-PC | User Name: Jason i4 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\File Type Helper\FileTypeHelper.exe "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\File Type Helper\FileTypeHelper.exe "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[color=#E56717]========== Firewall Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe:*:Enabled:Spybot-S&D 2 Firewall service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe:*:Enabled:Spybot-S&D 2 On-Access monitor service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe:*:Enabled:Spybot-S&D 2 Scan On Demand service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe:*:Enabled:Spybot-S&D 2 Firewall service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe:*:Enabled:Spybot-S&D 2 On-Access monitor service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe:*:Enabled:Spybot-S&D 2 Scan On Demand service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049ACB9E-57CF-4353-B67D-9740313F626C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{06BECFBC-9FD0-4184-BF85-8C97AA4E9375}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{07406C5D-1331-41EA-A77A-07949795949A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{20E44948-F903-46C4-903D-716E78EA0731}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{234A179E-B2C7-4992-A8D5-0151AD047D87}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{29D6CAE5-12F1-40B9-B367-486AB0FC7049}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C1EE355-6485-4AB5-BEA7-D16D4897776B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{41B85CE6-928A-48B4-837F-F8CCB0B5CB35}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{53FCE892-56A2-4444-BBD5-88F995C9EA54}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5E3C930C-F667-4710-99C1-A9DEA6BABD59}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{667CEFB6-75EB-4EF1-A5C6-4403FB56408D}" = rport=137 | protocol=17 | dir=out | app=system |
"{6ADAD723-3DC8-4CAD-8DC1-D6945D572DA5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8EEBD9A7-92B3-4826-8278-51B8FF3C04EC}" = lport=139 | protocol=6 | dir=in | app=system |
"{956F580D-844D-4BED-A153-CAD6F8A1AF48}" = rport=139 | protocol=6 | dir=out | app=system |
"{9FAE5288-ADB4-43B2-883D-E95C9B182A3F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A818F7D8-C066-458B-BA70-0430354EE064}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B1047495-DECE-4A95-8E58-8F64BD0F4310}" = lport=137 | protocol=17 | dir=in | app=system |
"{B27E2B1D-0471-4769-A547-5CD7DB4660A4}" = rport=138 | protocol=17 | dir=out | app=system |
"{CBF03C6A-FBF1-49EB-9814-524A6023CCD9}" = rport=445 | protocol=6 | dir=out | app=system |
"{CC290B4E-C0AE-49E3-803F-24770E1A691B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DE23D42D-9FD8-4604-82CC-E42038045B54}" = lport=138 | protocol=17 | dir=in | app=system |
"{E896F05B-3B7A-4B0A-9751-9BB704FAD704}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F27BB581-BB35-4702-848D-D1A394B90949}" = lport=445 | protocol=6 | dir=in | app=system |
"{F8B3BC24-1E07-427B-97CC-DB3ECBDD4CD8}" = lport=2869 | protocol=6 | dir=in | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{046D2E10-3734-4AF0-9EB4-8200FB7B752D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{078CABF5-28F0-4E7D-A5E2-7FFFFC207BE8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0898EB04-AED5-4B4F-AEAF-DF630F3CDF4D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{194810EE-2246-403D-9897-F27E5B181FF6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1971703F-8378-4091-B198-E418490B0100}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1F0603D1-C48A-489E-9C65-8DA428063D78}" = protocol=6 | dir=in | app=c:\users\jason mc\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{25F02361-6E32-4BC6-A3E5-3F0E700E5B3C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{29AD9CA7-D35C-42AB-A793-0FFE6BDDA3D4}" = protocol=6 | dir=in | app=c:\users\jason i4\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{2C14062C-599B-489A-8EDF-01FE0AAB8084}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3361591F-CB66-4450-BDE3-23BB79E44E62}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3D1AF770-7449-45A1-84DF-C714A5C61698}" = protocol=17 | dir=in | app=c:\users\jason i4\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{4CCA1A28-D7AE-4B09-9262-094D7BB63C05}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{570FDE7D-292E-4636-B9E3-363178CED9FF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5B968E04-26EA-49FE-949F-101992CB4345}" = protocol=17 | dir=in | app=c:\users\jason i4\appdata\local\microsoft\skydrive\skydrive.exe |
"{6447140C-3DA9-40F0-85E2-11591CC7222E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{7678E837-2236-4B6A-AF07-841181992B03}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{77FE9F83-DFF6-4610-948F-54B2B633FE4A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C00F1F2-A6EC-49B6-B4AC-8B07EA4B0A9B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7EB94624-3552-4256-A0C1-A96A1B1B9099}" = protocol=17 | dir=in | app=c:\program files (x86)\rhapsody\rhapsody.exe |
"{900F226B-9047-47E0-AA6E-51019A8268EA}" = protocol=6 | dir=out | app=system |
"{90874800-8A5F-4CC4-A6B1-45AE9A4DF1E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{92A46790-6582-4B09-B2F1-0AE9E1613E51}" = protocol=6 | dir=in | app=c:\users\jason i4\appdata\local\microsoft\skydrive\skydrive.exe |
"{9F2C5C61-DE5A-44F5-902A-7F0CF9E6F172}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A70B5EB6-DECF-4C2E-A26D-06478475FC51}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AC012366-8113-406A-B28F-CF3D6EBB4717}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ADCE27E0-7A16-4979-A9B5-91F90DDCA073}" = protocol=6 | dir=in | app=c:\program files (x86)\rhapsody\rhapsody.exe |
"{B3E1CB9D-39B6-4E30-8E71-5BE71FF236F8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B43707D1-3929-44FA-8B1D-6BB9BC7E8835}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D090110D-D529-42B7-9602-2D7BF799B78F}" = protocol=17 | dir=in | app=c:\users\jason mc\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{D67A8922-FD93-45F0-B5B0-84664616B75C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DBE888B1-3B0E-4AB6-BEEC-3BD31E016E68}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E5385023-4866-4C4B-BFBA-CFB49F6F4609}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E6A164D2-7A4F-4105-8FE5-3690E9E0A7DA}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
"TCP Query User{15186ABF-F2FD-466D-B05B-1277C339B78F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{6257E4C1-C0EE-41BB-BC49-01F0E6256D08}C:\program files (x86)\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\quicktime\quicktimeplayer.exe |
"TCP Query User{78A0BEE3-AD60-4DD0-B4F0-1D9BFB884FCB}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{8A1F4B04-699E-40C5-8A10-06A34A73BC92}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{B5F49C99-7C81-40F9-B600-5FA44BEC0076}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{03CB28AE-A75D-48CE-83A6-833F4DD86E46}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{42C7A614-65EA-42F5-BFDE-42016A34F852}C:\program files (x86)\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\quicktime\quicktimeplayer.exe |
"UDP Query User{7C6209AA-EAA4-4E09-BE71-68B060C55504}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{8210E44E-39D3-4273-83A1-4E9371A323B3}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{FB990425-B704-4ACB-BDEB-38DE703C46C6}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{50150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"339B7A8F3F3C10AA41030B876159242270CF93F9" = Windows Driver Package - ESCORT Inc. (WinUSB) MyDeviceClass (05/21/2013 )
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"C3A68AE56C189121787C8B61800B0DB5521FC891" = Windows Driver Package - ESCORT, Inc. (usbser) Ports (01/15/2013 1.0.0.0)
"CanonMyPrinter" = Canon My Printer
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Office Professional 15 (Technical Preview) - en-us" = Microsoft Office 365 Home Premium Preview - en-us
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08BFB912-8D71-4E29-9A80-18BFB385F19B}" = LeapFrog Connect
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{1D106581-6726-4D1B-ABEC-0CA02410F24F}" = Adobe Photoshop CS6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{30673869-977C-45B1-9D00-D6C1F630C5C9}" = DetectorTools
"{334713BA-B8E7-4A60-988C-4110753A191E}" = ArcSoft Magic-i Visual Effects 2
"{35B15182-D134-4F41-82BB-59B83F596487}" = LeapFrog Tag Plugin
"{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}" = Catalina Savings Printer
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3CB4A7B0-007D-4722-AF1D-891B53E04606}" = Napster Download Manager
"{41101F0C-DBD9-321C-A6B1-E0689B495A4E}" = Google Talk Plugin
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{5E9890FD-4385-4238-9219-DDE246606BF7}" = LeapFrog Leapster2 Plugin
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D8EACA3-664E-4F83-8A84-BE3AE952DAB6}" = ArcSoft WebCam Companion 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{732E3F74-FF24-42BC-B1A2-3244BBEBEB5D}" = LeapFrog LeapPad Explorer Plugin
"{7390FC95-D842-448A-A3A2-C8DC89AEB83A}" = HP Button Manager
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D31612BB-C6D7-4142-96AE-16DB062354CF}" = HP Webcam User's Guide
"{E121A4FE-009B-385B-BB0D-B934E2A88288}" = Google Talk Plugin
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"avast" = avast! Pro Antivirus
"Canon MP250 series User Registration" = Canon MP250 series User Registration
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.4" = Coupon Printer for Windows
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Google Chrome" = Google Chrome
"LeapPadExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
"Leapster2Plugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Rhapsody" = Rhapsody
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"TextMaker Viewer" = TextMaker Viewer
"UPCShell" = LeapFrog Connect
"v9 uninstaller" = v9 uninstaller
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"VLC media player" = VLC media player 2.0.0

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
"UnityWebPlayer" = Unity Web Player

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 5/2/2013 8:20:18 PM | Computer Name = JasonMc-PC | Source = Office 2013 Licensing Service | ID = 0
Description =

Error - 5/3/2013 11:48:01 AM | Computer Name = JasonMc-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp:
0x4cc808ec Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0xf44 Faulting application
start time: 0x01ce48008e82ea97 Faulting application path: C:\Program Files (x86)\Common
Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Faulting module path: unknown Report
Id: d56406c0-b408-11e2-bc5a-0024e8036641

Error - 5/3/2013 5:01:18 PM | Computer Name = JasonMc-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 5/3/2013 8:20:20 PM | Computer Name = JasonMc-PC | Source = Office 2013 Licensing Service | ID = 0
Description =

Error - 5/4/2013 12:14:32 AM | Computer Name = JasonMc-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/4/2013 12:14:32 AM | Computer Name = JasonMc-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9906

Error - 5/4/2013 12:14:32 AM | Computer Name = JasonMc-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9906

Error - 5/4/2013 9:24:05 AM | Computer Name = JasonMc-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 5/4/2013 5:35:01 PM | Computer Name = JasonMc-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/4/2013 5:35:01 PM | Computer Name = JasonMc-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9610

[ Media Center Events ]
Error - 6/28/2011 10:43:24 PM | Computer Name = JasonMc-PC | Source = MCUpdate | ID = 0
Description = 10:43:07 PM - Error connecting to the internet. 10:43:07 PM - Unable
to contact server..

Error - 6/28/2011 11:44:23 PM | Computer Name = JasonMc-PC | Source = MCUpdate | ID = 0
Description = 11:44:23 PM - Error connecting to the internet. 11:44:23 PM - Unable
to contact server..

Error - 6/28/2011 11:44:56 PM | Computer Name = JasonMc-PC | Source = MCUpdate | ID = 0
Description = 11:44:52 PM - Error connecting to the internet. 11:44:52 PM - Unable
to contact server..

Error - 6/29/2011 12:45:41 AM | Computer Name = JasonMc-PC | Source = MCUpdate | ID = 0
Description = 12:45:41 AM - Error connecting to the internet. 12:45:41 AM - Unable
to contact server..

Error - 6/29/2011 12:46:14 AM | Computer Name = JasonMc-PC | Source = MCUpdate | ID = 0
Description = 12:46:13 AM - Error connecting to the internet. 12:46:13 AM - Unable
to contact server..

Error - 6/29/2011 1:46:46 AM | Computer Name = JasonMc-PC | Source = MCUpdate | ID = 0
Description = 1:46:46 AM - Error connecting to the internet. 1:46:46 AM - Unable
to contact server..

Error - 6/29/2011 1:47:17 AM | Computer Name = JasonMc-PC | Source = MCUpdate | ID = 0
Description = 1:47:16 AM - Error connecting to the internet. 1:47:16 AM - Unable
to contact server..

Error - 6/29/2011 3:14:12 AM | Computer Name = JasonMc-PC | Source = MCUpdate | ID = 0
Description = 3:14:12 AM - Error connecting to the internet. 3:14:12 AM - Unable
to contact server..

Error - 6/29/2011 3:14:42 AM | Computer Name = JasonMc-PC | Source = MCUpdate | ID = 0
Description = 3:14:41 AM - Error connecting to the internet. 3:14:41 AM - Unable
to contact server..

Error - 7/4/2011 3:58:44 AM | Computer Name = JasonMc-PC | Source = MCUpdate | ID = 0
Description = 3:58:41 AM - Error connecting to the internet. 3:58:41 AM - Unable
to contact server..

Error encountered while reading event logs.
actions · 2014-Apr-10 9:21 pm · (locked)
xxTRAGEDYxx

xxTRAGEDYxx

Member

2014-Apr-10 9:24 pm

Checkup.txt

Results of screen317's Security Check version 0.99.81
Windows 7 Service Pack 1 x64
Internet Explorer 11
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
[color=red]Windows Security Center service is not running! This report may not be accurate![/color]
Windows Firewall Enabled!
Windows Firewall Disabled!
avast! Antivirus
Antivirus up to date!
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
Spybot - Search & Destroy
VirusTotal Uploader 2.0
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 51
Adobe Flash Player 12.0.0.77
Adobe Reader XI
Mozilla Firefox (28.0)
Google Chrome 33.0.1750.146
Google Chrome 33.0.1750.154
Google Chrome plugins...
[u]````````Process Check: objlist.exe by Laurent````````[/u]
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:
[u]````````````````````End of Log``````````````````````[/u]

OnlineAvScan:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=59836bead99959439f14d793031d35b3
# engine=17838
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-10 08:06:51
# local_time=2014-04-10 04:06:51 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=773 16777214 85 74 247510 248392 0 0
# compatibility_mode=5893 16776574 100 94 19578311 148703861 0 0
# scanned=454927
# found=1
# cleaned=1
# scan_time=7328
sh=8DC6D1BD5FDC4BC43FB85555B87CCFC00CC574FD ft=1 fh=ba9cd5a8a212e8b0 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\$Recycle.Bin\S-1-5-21-4152320453-934737754-434420139-1000\$R5TVFJ0.exe"
actions · 2014-Apr-10 9:24 pm · (locked)

TheJoker
MVM
join:2001-04-26
Charlottesville, VA
1 edit

1 recommendation

TheJoker to xxTRAGEDYxx

MVM

2014-Apr-12 8:34 am

to xxTRAGEDYxx
Its not that bad. Everything I see is related to potentially unwanted programs (PUPs), most likely installed along with legitimate programs, and not actually reading the user agreements when installing, just clicking "Next" to get through the install, and not seeing that there were additional programs requested to install. Download.com/Cnet is one of the offenders for wrapping installers with additional junkware. Let them know that they should actually read the user agreements, and not agree to the installation of anything other than what they thought they were downloading. I recommend you read this article:
Safe software download sites - Beware of deceptive download links & PUPs

Please go to Control Panel's Programs and Features and uninstall the following programs:
Coupon Printer for Window
v9 uninstaller

OTL
- Copy the text in the quote box below to the clipboard by highlighting all the text inside the box and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
quote:
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.v9.com/web/?type=ds&ts=1397138451&from=irs&uid=WDCXWD6400AAKS-75A7B2_WD-WMASY764972749727&i=psd&t=340c268c0&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.v9.com/web/?type=ds&ts=1397138451&from=irs&uid=WDCXWD6400AAKS-75A7B2_WD-WMASY764972749727&i=psd&t=340c268c0&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "v9"
FF - prefs.js..browser.search.selectedEngine: "v9"
FF - HKCU\Software\MozillaPlugins\@plugin.couponnetwork.com/Coupon Print Activator;version=4.5: C:\Users\Jason i4\AppData\Roaming\E-centives\NPcolPM460.dll (Invenda)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\JASONI~1\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@plugin.couponnetwork.com/Coupon Print Activator;version=4.5: C:\Users\Jason i4\AppData\Roaming\E-centives\NPcolPM460.dll (Invenda)
CHR - default_search_provider: v9 (Enabled)
O2:64bit: - BHO: (ConvertFilesforFree) - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll File not found
O2:64bit: - BHO: (Highlightly) - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll File not found
O2 - BHO: (no name) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O4 - HKCU..\RunOnce: [Report] C:\AdwCleaner\AdwCleaner[S0].txt ()
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2010/06/27 15:10:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/24 18:01:39 | 000,001,036 | ---- | C] () -- C:\ProgramData\ss.ini
[2014/04/10 09:10:19 | 000,094,238 | ---- | C] () -- C:\Users\Jason i4\Desktop\TightHole.JPG
[2014/04/10 08:11:31 | 000,290,434 | ---- | C] () -- C:\Users\Jason i4\Desktop\MercNose.jpg
[2014/04/08 14:49:18 | 001,742,770 | ---- | C] () -- C:\Users\Jason i4\Desktop\DirectDeposit.jpg
[2014/04/06 20:35:28 | 000,281,973 | ---- | C] () -- C:\Users\Jason i4\Desktop\NorelcoCoupon.jpg
[2013/10/30 09:39:25 | 000,893,239 | ---- | C] () -- C:\Users\Jason i4\AppData\Local\a.zip
[2013/10/28 09:41:44 | 000,002,708 | ---- | C] () -- C:\Users\Jason i4\AppData\Local\recently-used.xbel
[2013/08/07 08:09:06 | 145,394,418 | ---- | C] () -- C:\Users\Jason i4\AppData\Local\ACCCx189.zip.aamdownload
[2013/08/07 08:09:06 | 000,001,726 | ---- | C] () -- C:\Users\Jason i4\AppData\Local\ACCCx189.zip.aamdownload.aamd
[2014/04/10 10:01:12 | 000,000,000 | ---D | M] -- C:\Users\Jason i4\AppData\Roaming\v9
C:\Program Files (x86)\Convert Files for Free
C:\Program Files (x86)\Highlightly
:Commands
[EmptyTemp]
[EMPTYJAVA]
[EMPTYFLASH]
[CREATERESTOREPOINT]
- Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
- Click the red Run Fix button.
- A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTL.exe

Please attach the log from OTL in your next reply.

Please download Junkware Removal Tool and save it to your Desktop.

- Disconnect from the Internet (unplug your connection to your router or modem).
- Please close your security software to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete, depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
- Restart your security software and reconnect to the Internet.
- Please post the contents of JRT.txt into your reply.

Please download the 64-bit version of Farbar Service Scanner and run it on the computer with the issue:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will create a log (FRST.txt) in the same directory the tool is run.
The first time the tool is run, it makes creates another log (Addition.txt).

Please attach both FRST.tst and Addition.txt.

Please post the log from Junkware Removal Tool, attach the logs from OTL, the two logs from FRST, and note any errors encountered.
actions · 2014-Apr-12 8:34 am · (locked)
ForumsThe SiteOld ForumsSecurity Cleanup
« Toshiba Laptop - Windows 7 - Lots of Services / IssuesKids downloaded junk »