Re-Markit: Can't get rid of this thing..

Mosely22 · Apr 11, 2014

i looked up how to remove this but nothing is working. looked on youtube and found some videos, and then some websites with instructions but this won't go away...

i use firefox and disabled and removed it from the add-on section. but its still there....

i went to my control panel and tried to remove/uninstall the program but it was not on the list of programs...

also "reset" firefox and still nothing changed..

its only affecting my internet use so at least its not my whole computer...any ideas on what i should do?

johnb35 · Apr 11, 2014

Do the following.

1.

Please download AdwCleaner by Xplode onto your Desktop.

•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

3.

Please download Malwarebytes' Anti-Malware and save it to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Please post the log that Malwarebytes displays on your screen.

4.

Download OTL to your Desktop

•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.

post the logs from the following 4 programs.

1. Adwcleaner
2. Junkware removal tool
3. Malwarebytes
4. OTL

Agent Smith · Apr 11, 2014

I would install StartupCPL. Once installed it will be in the control panel. You can see if it resides in the HKLM or somewhere else and view it's path. Find it and delete. I would also try Rkill and Adwcleaner. Run Rkill first.

Edit- I see I posted at the same time as John. LOL

Mosely22 · Apr 11, 2014

john, i have to do all of those 4 steps? or i can just try step 1 and then if it doesnt work, try step 2, etc?

Mosely22 · Apr 11, 2014

Agent Smith said:
I would install StartupCPL. Once installed it will be in the control panel. You can see if it resides in the HKLM or somewhere else and view it's path. Find it and delete. I would also try Rkill and Adwcleaner. Run Rkill first.

Edit- I see I posted at the same time as John. LOL

which rkill though? i see 3 mentioned in john's post

johnb35 · Apr 11, 2014

Do it all please. You only need to run rkill if malwarebytes doesn't want to open.

Mosely22 · Apr 11, 2014

johnb35 said:
Do it all please. You only need to run rkill if malwarebytes doesn't want to open.

ok so i'll do rkill first? which rkill though, there 3 ones in your first reply

johnb35 · Apr 11, 2014

I said there is no need to run rkill if malwarebytes will open and scan. There are certain infections that will stop malwarebytes from working properly. If malwarebytes opens then there is no need to run rkill.

Mosely22 · Apr 11, 2014

johnb35 said:
I said there is no need to run rkill if malwarebytes will open and scan. There are certain infections that will stop malwarebytes from working properly. If malwarebytes opens then there is no need to run rkill.

ok i gotcha. ill dl mlb and post back in here asap

Mosely22 · Apr 11, 2014

ok, i just completed step number 1 and so far it looks like its all gone! ive been testing my browser by visiting sites where i used to get tons of ads and re-directs

should i complete the next 3 steps though?
is it permanently gone?
if it comes back i will def have to follow the other steps

just wanted to see what you guys think

johnb35 · Apr 11, 2014

Just because you don't see any symptoms doesn't mean you are fully clean from malware. Please run all the steps in order and post the logs. So run the junkware removal tool next, then malwarebytes, then OTL.

Mosely22 · Apr 11, 2014

adw content:

# AdwCleaner v3.023 - Report created 10/04/2014 at 23:19:58
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Paul D. Aslanian - PAULDASLANIAN
# Running from : C:\Users\Paul D. Aslanian\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Users\Paul D. Aslanian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bho
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0053172.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0053172.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0054246.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0054246.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0054246.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0054246.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511421146}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312272}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422246}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425546}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426646}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544314472}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544424446}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511311172}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511421146}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511421146}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312272}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422246}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425546}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426646}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\smartbarbackup
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\installedbrowserextensions
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Uniblue
Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Paul D. Aslanian\AppData\Roaming\Mozilla\Firefox\Profiles\1mhcgdqe.default-1397143917212\prefs.js ]

Line Deleted : user_pref("extensions.crossrider.bic", "1454c4f30a7f57fd6765e0e06eedf035");

-\\ Google Chrome v

[ File : C:\Users\Paul D. Aslanian\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [14296 octets] - [10/04/2014 23:16:35]
AdwCleaner[R1].txt - [12134 octets] - [10/04/2014 23:18:48]
AdwCleaner[S0].txt - [2388 octets] - [10/04/2014 23:17:40]
AdwCleaner[S1].txt - [10143 octets] - [10/04/2014 23:19:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [10204 octets] ##########

Mosely22 · Apr 11, 2014

jrt log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7FB909E-E1A5-D4B5-DF6F-2915CC1FE2FC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7FB909E-E1A5-D4B5-DF6F-2915CC1FE2FC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E7FB909E-E1A5-D4B5-DF6F-2915CC1FE2FC}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\saveshare"
Successfully deleted: [Empty Folder] C:\Users\Paul D. Aslanian\appdata\local\{00D6D419-50A9-4A3F-A0F8-CDC8F0EA2E98}
Successfully deleted: [Empty Folder] C:\Users\Paul D. Aslanian\appdata\local\{22A96D36-AA0B-472F-A31E-45A8BDAEB35B}
Successfully deleted: [Empty Folder] C:\Users\Paul D. Aslanian\appdata\local\{2ED7F9DD-514D-4284-94C8-334935AAD342}
Successfully deleted: [Empty Folder] C:\Users\Paul D. Aslanian\appdata\local\{5FBC3B2A-47A4-435B-B548-A043A43D4DAE}
Successfully deleted: [Empty Folder] C:\Users\Paul D. Aslanian\appdata\local\{6389CC1B-D26E-4938-B118-6D0F5B171603}
Successfully deleted: [Empty Folder] C:\Users\Paul D. Aslanian\appdata\local\{6DB07D6E-E5D8-4260-AC9F-04F0DDCB1AFE}
Successfully deleted: [Empty Folder] C:\Users\Paul D. Aslanian\appdata\local\{9C3E576F-347A-4882-95F3-E310D0AC4A46}
Successfully deleted: [Empty Folder] C:\Users\Paul D. Aslanian\appdata\local\{A25EC527-CBF1-455F-80C2-C872BD4DAE9D}

~~~ FireFox

Successfully deleted the following from C:\Users\Paul D. Aslanian\AppData\Roaming\mozilla\firefox\profiles\1mhcgdqe.default-1397143917212\prefs.js

user_pref("extensions.crossrider.bic", "1454ecf18422127158606ca4204a38a1");
Emptied folder: C:\Users\Paul D. Aslanian\AppData\Roaming\mozilla\firefox\profiles\1mhcgdqe.default-1397143917212\minidumps [4 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 04/11/2014 at 9:07:11.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mosely22 · Apr 11, 2014

mbam log:

<?xml version="1.0" encoding="UTF-8" ?>
<logs>
<record severity="debug" LoggingEventType="2" datetime="2014-04-11T09:23:51.053329-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="1cb4d536-f876-44f7-9795-9293ea5dab9b" result="Starting" subtype="Malware Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-04-11T09:23:51.056329-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="35ee7022-1b77-4133-a7ed-1b19e57958d6" result="Started" subtype="Malware Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-04-11T09:23:51.075330-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="a994cb96-f2e9-41ed-a1b1-744cffe5dbaa" result="Starting" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="1" datetime="2014-04-11T09:23:58.737160-04:00" source="Manual" type="Update" username="SYSTEM" systemname="PAULDASLANIAN" fromVersion="2014.2.20.1" last_modified_tag="b2add48a-7c95-4404-8c31-113ddcfe8c6d" name="Rootkit Database" toVersion="2014.3.27.1"></record>
<record severity="debug" LoggingEventType="1" datetime="2014-04-11T09:24:02.200366-04:00" source="Manual" type="Update" username="SYSTEM" systemname="PAULDASLANIAN" fromVersion="2014.3.4.9" last_modified_tag="63946673-f678-4b59-badc-5b1ad3f3071f" name="Malware Database" toVersion="2014.4.11.6"></record>
<record severity="debug" LoggingEventType="1" datetime="2014-04-11T09:24:03.619968-04:00" source="Manual" type="Update" username="SYSTEM" systemname="PAULDASLANIAN" fromVersion="2.0.0.1000" last_modified_tag="9b9a1f27-308e-44d3-b167-6ce2424c4468" name="program" toVersion="2.0.1.1004"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-04-11T09:24:06.918774-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="027936ca-98b9-40f4-b4af-32de0fceacba" result="Started" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="0" datetime="2014-04-11T09:24:09.102778-04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="b9a7bdb1-c2d6-490f-a268-217e456b1b10" subtype="Malware Protection" action="Quarantine" filename="C:\ProgramData\Web Light\WebLight.dll" hash="75d4a15e19612313f0c3f695837ee41c" malwaretype="File" vendor="Spyware.Password"></record>
<record severity="debug" code="5" LoggingEventType="2" message="DeleteFile" datetime="2014-04-11T09:24:09.180778-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="fbeeeaf6-6fe5-4ad7-bc5e-8c32de695c6b" result="Failed" filename="C:\ProgramData\Web Light\WebLight.dll"></record>
<record severity="debug" code="5" LoggingEventType="4" message="DeleteFile" datetime="2014-04-11T09:24:09.180778-04:00" source="Protection" type="Error" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="fbeeeaf6-6fe5-4ad7-bc5e-8c32de695c6b" result="Failed" filename="C:\ProgramData\Web Light\WebLight.dll"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-04-11T09:24:43.641239-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="2ff563c1-213e-446e-b311-2296717073f9" result="Stopping" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-04-11T09:24:43.812839-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="77711601-40c3-4a81-aac6-932ae2abc9da" result="Stopped" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-04-11T09:24:43.812839-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="acaaf4ec-9b95-4cb2-bd96-57bd475d5c12" result="Stopping" subtype="Malware Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-04-11T09:24:44.015639-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="b5e1a515-3a0f-4817-9609-e79f01f5a1c8" result="Stopped" subtype="Malware Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-04-11T09:27:47.638405-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="96b91f08-8dd7-4f90-a44e-470bbb4a7fee" result="Starting" subtype="Malware Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-04-11T09:27:47.669605-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="aebe9328-3047-42c7-961d-ef706670e684" result="Started" subtype="Malware Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-04-11T09:27:47.700805-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="bb298051-af58-4b1c-abec-3fba5abc7c5f" result="Starting" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="1" datetime="2014-04-11T09:27:49.245208-04:00" source="Manual" type="Update" username="SYSTEM" systemname="PAULDASLANIAN" fromVersion="2014.2.20.1" last_modified_tag="9ce829e7-0d45-49b0-893f-f2059f273ebd" name="Rootkit Database" toVersion="2014.3.27.1"></record>
<record severity="debug" LoggingEventType="1" datetime="2014-04-11T09:27:51.054811-04:00" source="Manual" type="Update" username="SYSTEM" systemname="PAULDASLANIAN" fromVersion="2014.3.4.9" last_modified_tag="945bfd2d-6987-452e-a608-6804ff175a93" name="Malware Database" toVersion="2014.4.11.6"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-04-11T09:27:51.366812-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="77249029-dfc2-4d7a-b10b-deb44132f36c" result="Starting" subtype="Refresh"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-04-11T09:28:04.268035-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="83f1dc5b-ebee-4611-9775-0c3834258b1c" result="Started" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-04-11T09:28:04.299235-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="859a19c0-098c-4e48-b544-0acea234db95" result="Stopping" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-04-11T09:28:04.424035-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="dbd8fef8-4c0b-42e9-ad0e-e48152b85ddb" result="Stopped" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-04-11T09:28:06.873239-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="044597ff-1e98-40f9-b0dd-035dd0dc5827" result="Success" subtype="Refresh"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-04-11T09:28:06.888839-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="003c7efc-ddbc-41c8-9eda-c9471f1ecf2c" result="Starting" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-04-11T09:28:07.060439-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="98b0df55-0e61-4895-a3e6-66d890d536c2" result="Started" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="0" datetime="2014-04-11T09:28:19.524861-04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="5e0aae4a-738c-480e-a4eb-dc66830e56d4" subtype="Malware Protection" action="Quarantine" filename="C:\ProgramData\Web Light\WebLight.dll" hash="2ee4290043380c2aceb39ba8c83910f0" malwaretype="File" vendor="Spyware.Password"></record>
<record severity="debug" LoggingEventType="0" datetime="2014-04-11T09:28:24.544324-04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="78999877-f2be-49ba-aa53-00caea46c458" subtype="Malware Protection" action="Quarantine" filename="c:\programdata\web light\weblight.dll" hash="2ee4290043380c2aceb39ba8c83910f0" malwaretype="File" vendor="Spyware.Password"></record>
<record severity="debug" code="2" LoggingEventType="2" message="SDKQuarantine" datetime="2014-04-11T09:28:24.575524-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="a088a0e0-6f5b-403d-87dc-0ab171938f06" result="Failed" filename="c:\programdata\web light\weblight.dll"></record>
<record severity="debug" code="2" LoggingEventType="4" message="SDKQuarantine" datetime="2014-04-11T09:28:24.575524-04:00" source="Protection" type="Error" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="a088a0e0-6f5b-403d-87dc-0ab171938f06" result="Failed" filename="c:\programdata\web light\weblight.dll"></record>
<record severity="debug" LoggingEventType="0" datetime="2014-04-11T09:28:25.651926-04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="49f2a709-ff1f-4609-8842-c90bb8531f17" subtype="Malware Protection" action="Quarantine" filename="C:\Users\Paul D. Aslanian\AppData\Roaming\Mozilla\Firefox\Profiles\1mhcgdqe.default-1397143917212\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\180.js" hash="20f2f93059222a0c4ce4acb3956d36ca" malwaretype="File" vendor="PUP.Optional.CrossRider.A"></record>
<record severity="debug" LoggingEventType="0" datetime="2014-04-11T09:28:36.037364-04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="b6538573-12ac-4b6d-a485-3fe688ce4968" subtype="Malware Protection" action="Quarantine" filename="c:\programdata\web light\weblight.dll" hash="2ee4290043380c2aceb39ba8c83910f0" malwaretype="File" vendor="Spyware.Password"></record>
<record severity="debug" code="2" LoggingEventType="2" message="SDKQuarantine" datetime="2014-04-11T09:28:36.068564-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="6256a41c-a7f2-49d9-bb17-a6b9abc30f9e" result="Failed" filename="c:\programdata\web light\weblight.dll"></record>
<record severity="debug" code="2" LoggingEventType="4" message="SDKQuarantine" datetime="2014-04-11T09:28:36.068564-04:00" source="Protection" type="Error" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="6256a41c-a7f2-49d9-bb17-a6b9abc30f9e" result="Failed" filename="c:\programdata\web light\weblight.dll"></record>
<record severity="debug" LoggingEventType="0" datetime="2014-04-11T09:28:54.748437-04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="4a103a51-99ed-44ab-b27f-2ad7af533552" subtype="Malware Protection" action="Quarantine" filename="c:\programdata\web light\weblight.dll" hash="2ee4290043380c2aceb39ba8c83910f0" malwaretype="File" vendor="Spyware.Password"></record>
<record severity="debug" code="2" LoggingEventType="2" message="SDKQuarantine" datetime="2014-04-11T09:28:54.779637-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="2f02f534-6992-471b-a0b0-5d507e08d494" result="Failed" filename="c:\programdata\web light\weblight.dll"></record>
<record severity="debug" code="2" LoggingEventType="4" message="SDKQuarantine" datetime="2014-04-11T09:28:54.795237-04:00" source="Protection" type="Error" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="2f02f534-6992-471b-a0b0-5d507e08d494" result="Failed" filename="c:\programdata\web light\weblight.dll"></record>
<record severity="debug" LoggingEventType="1" datetime="2014-04-11T09:29:07.005278-04:00" source="Manual" type="Update" username="SYSTEM" systemname="PAULDASLANIAN" fromVersion="2014.4.11.6" last_modified_tag="7653a86a-d40d-4810-9d23-4477a86229d2" name="Malware Database" toVersion="2014.4.11.7"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-04-11T09:29:07.524080-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="03806c0e-1b67-4772-ac94-3d49e2e092dd" result="Starting" subtype="Refresh"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-04-11T09:29:07.527080-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="0e57e0b0-e517-4154-95a1-52be9f5ca17f" result="Stopping" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-04-11T09:29:07.642086-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="27b0f7a8-07e0-4dd6-b3bc-7d83d5c6c727" result="Stopped" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-04-11T09:29:10.567254-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="76222967-15d5-4f7e-9433-951024c61a8b" result="Success" subtype="Refresh"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-04-11T09:29:10.579254-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="a18b6eb0-2665-4ce6-9581-7535bc898afc" result="Starting" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2014-04-11T09:29:10.855270-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="a78bdd77-b35c-4b5d-869a-891bb8a5f5d0" result="Started" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="0" datetime="2014-04-11T09:30:00.140089-04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="35ec9166-4e85-4fa5-a175-fe49924a00a0" subtype="Malware Protection" action="Quarantine" filename="C:\Program Files (x86)\MediaPlayerplus\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-3.exe" hash="53c061c888f394a2cb5f0164897855ab" malwaretype="File" vendor="PUP.Optional.MediaPlayerplus.A"></record>
<record severity="debug" LoggingEventType="0" datetime="2014-04-11T09:31:00.144521-04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="9a6b1ccd-ac00-450c-a395-5a461388584c" subtype="Malware Protection" action="Quarantine" filename="C:\Program Files (x86)\MediaPlayerplus\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-4.exe" hash="c74cdf4a007be25469c1e5806a97d62a" malwaretype="File" vendor="PUP.Optional.MediaPlayerplus.A"></record>
<record severity="debug" LoggingEventType="0" datetime="2014-04-11T09:31:00.187524-04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="0c5c28d2-524a-443c-bdb6-9ab9dfe61379" subtype="Malware Protection" action="Quarantine" filename="C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe" hash="64afb970e09bcb6b65c53a2b2ad7ae52" malwaretype="File" vendor="PUP.Optional.MediaPlayerplus.A"></record>
<record severity="debug" LoggingEventType="0" datetime="2014-04-11T09:33:00.111383-04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="606206e6-e550-43b4-8575-46eba465c3d8" subtype="Malware Protection" action="Quarantine" filename="C:\Program Files (x86)\MediaPlayerplus\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-5.exe" hash="39da84a5c4b78ea8092171f458a9cc34" malwaretype="File" vendor="PUP.Optional.MediaPlayerplus.A"></record>
<record severity="debug" LoggingEventType="0" datetime="2014-04-11T09:33:00.132384-04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="195fc8bb-bfea-437d-a6a4-ff22bc409e8f" subtype="Malware Protection" action="Quarantine" filename="C:\Program Files (x86)\MediaPlayerplus\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-2.exe" hash="37dc240580fb58de0a200c599f62e61a" malwaretype="File" vendor="PUP.Optional.MediaPlayerplus.A"></record>
<record severity="debug" LoggingEventType="0" datetime="2014-04-11T09:35:09.031757-04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="795651c1-974c-4668-a7b9-9cb0b7eed112" subtype="Malware Protection" action="Quarantine" filename="C:\Program Files (x86)\Re-markit Corp\Re-markit158.dll" hash="46cdf831ed8ed75f24d576e9ed15f50b" malwaretype="File" vendor="PUP.Optional.ReMarkIt.A"></record>
<record severity="debug" LoggingEventType="0" datetime="2014-04-11T09:35:34.349205-04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="b6203c37-b6f1-4cb1-affe-5f1589a4c615" subtype="Malware Protection" action="Quarantine" filename="C:\Program Files (x86)\Re-markit Corp\Re-markit158.exe" hash="f51e75b439423600d0297ae5e12117e9" malwaretype="File" vendor="PUP.Optional.ReMarkIt.A"></record>
<record severity="debug" LoggingEventType="0" datetime="2014-04-11T09:35:34.545216-04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="e7103e3e-2dab-4cbf-ba8c-c39612810a81" subtype="Malware Protection" action="Quarantine" filename="c:\program files (x86)\re-markit corp\re-markit158.dll" hash="46cdf831ed8ed75f24d576e9ed15f50b" malwaretype="File" vendor="PUP.Optional.ReMarkIt.A"></record>
<record severity="debug" code="2" LoggingEventType="2" message="SDKQuarantine" datetime="2014-04-11T09:35:34.592219-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="3c767e8a-1514-41e2-81b8-b2454220ac3a" result="Failed" filename="c:\program files (x86)\re-markit corp\re-markit158.dll"></record>
<record severity="debug" code="2" LoggingEventType="4" message="SDKQuarantine" datetime="2014-04-11T09:35:34.595219-04:00" source="Protection" type="Error" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="3c767e8a-1514-41e2-81b8-b2454220ac3a" result="Failed" filename="c:\program files (x86)\re-markit corp\re-markit158.dll"></record>
<record severity="debug" LoggingEventType="0" datetime="2014-04-11T09:35:37.313374-04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="14d9efec-91a7-45aa-9515-395ab5fafbda" subtype="Malware Protection" action="Quarantine" filename="c:\program files (x86)\mediaplayerplus\mediaplayerplus-codedownloader.exe" hash="64afb970e09bcb6b65c53a2b2ad7ae52" malwaretype="File" vendor="PUP.Optional.MediaPlayerplus.A"></record>
<record severity="debug" code="2" LoggingEventType="2" message="SDKQuarantine" datetime="2014-04-11T09:35:37.367377-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="c48b268a-7910-406e-a17c-9391f3b30004" result="Failed" filename="c:\program files (x86)\mediaplayerplus\mediaplayerplus-codedownloader.exe"></record>
<record severity="debug" code="2" LoggingEventType="4" message="SDKQuarantine" datetime="2014-04-11T09:35:37.370378-04:00" source="Protection" type="Error" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="c48b268a-7910-406e-a17c-9391f3b30004" result="Failed" filename="c:\program files (x86)\mediaplayerplus\mediaplayerplus-codedownloader.exe"></record>
<record severity="debug" LoggingEventType="0" datetime="2014-04-11T09:35:45.336833-04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="23461850-a001-4983-96df-a23786d502ce" subtype="Malware Protection" action="Quarantine" filename="c:\program files (x86)\mediaplayerplus\84fec6d9-2ff8-4df1-af03-941a44d
<record severity="debug" code="2" LoggingEventType="2" message="SDKQuarantine" datetime="2014-04-11T09:36:07.248086-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="ac53f68c-36ef-48f0-95f4-6a1792f4b9a0" result="Failed" filename="c:\program files (x86)\mediaplayerplus\mediaplayerplus-codedownloader.exe"></record>
result="Failed" filename="c:\program files (x86)\mediaplayerplus\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-4.exe"></record>
<record severity="debug" code="2" LoggingEventType="4" message="SDKQuarantine" datetime="2014-04-11T09:35:45.386836-04:00" source="Protection" type="Error" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="d9e5c194-09be-41a7-b131-3cf2af50dba1" result="Failed" filename="c:\program files (x86)\mediaplayerplus\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-4.exe"></record>
<record severity="debug" LoggingEventType="0" datetime="2014-04-11T09:35:54.813375-04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="20ccb241-5a2f-42e4-aa50-cfe3337b09a7" subtype="Malware Protection" action="Quarantine" filename="c:\program files (x86)\re-markit corp\re-markit158.dll" hash="46cdf831ed8ed75f24d576e9ed15f50b" malwaretype="File" vendor="PUP.Optional.ReMarkIt.A"></record>
<record severity="debug" code="2" LoggingEventType="2" message="SDKQuarantine" datetime="2014-04-11T09:35:54.854378-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="d5c9cb28-2a44-4a4c-83eb-94f5bea8b58b" result="Failed" filename="c:\program files (x86)\re-markit corp\re-markit158.dll"></record>
<record severity="debug" code="2" LoggingEventType="4" message="SDKQuarantine" datetime="2014-04-11T09:35:54.858378-04:00" source="Protection" type="Error" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="d5c9cb28-2a44-4a4c-83eb-94f5bea8b58b" result="Failed" filename="c:\program files (x86)\re-markit corp\re-markit158.dll"></record>
<record severity="debug" LoggingEventType="0" datetime="2014-04-11T09:35:56.256458-04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="19cdfe59-d34d-4f31-b5c2-06e8da563f86" subtype="Malware Protection" action="Quarantine" filename="c:\program files (x86)\re-markit corp\re-markit158.exe" hash="f51e75b439423600d0297ae5e12117e9" malwaretype="File" vendor="PUP.Optional.ReMarkIt.A"></record>
<record severity="debug" code="2" LoggingEventType="2" message="SDKQuarantine" datetime="2014-04-11T09:35:56.298460-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="984adf08-d533-44b3-8e92-71cf6d30ef07" result="Failed" filename="c:\program files (x86)\re-markit corp\re-markit158.exe"></record>
<record severity="debug" code="2" LoggingEventType="4" message="SDKQuarantine" datetime="2014-04-11T09:35:56.300460-04:00" source="Protection" type="Error" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="984adf08-d533-44b3-8e92-71cf6d30ef07" result="Failed" filename="c:\program files (x86)\re-markit corp\re-markit158.exe"></record>
<record severity="debug" LoggingEventType="0" datetime="2014-04-11T09:35:56.456469-04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="49a16f8e-60b5-4cee-a39c-998835fb2480" subtype="Malware Protection" action="Quarantine" filename="c:\program files (x86)\mediaplayerplus\mediaplayerplus-codedownloader.exe" hash="64afb970e09bcb6b65c53a2b2ad7ae52" malwaretype="File" vendor="PUP.Optional.MediaPlayerplus.A"></record>
<record severity="debug" code="2" LoggingEventType="2" message="SDKQuarantine" datetime="2014-04-11T09:35:56.477470-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="b916c609-a8cf-4f98-b698-2791e3355dce" result="Failed" filename="c:\program files (x86)\mediaplayerplus\mediaplayerplus-codedownloader.exe"></record>
<record severity="debug" code="2
<record severity="debug" code="2" LoggingEventType="4" message="SDKQuarantine" datetime="2014-04-11T09:36:14.376494-04:00" source="Protection" type="Error" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="41e9898e-17a9-4953-86b8-8ea8584fdeec" result="Failed" filename="c:\program files (x86)\mediaplayerplus\mediaplayerplus-codedownloader.exe"></record>

<record severity="debug" code="2" LoggingEventType="4" message="SDKQuarantine" datetime="2014-04-11T09:36:51.325608-04:00" source="Protection" type="Error" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="054f5092-78d6-46d0-ba66-6e331d377a8c" result="Failed" filename="c:\program files (x86)\mediaplayerplus\mediaplayerplus-codedownloader.exe"></record>
last_modified_tag="d4a8260a-59d1-4e9d-9808-49c183277a25" result="Failed" filename="c:\program files (x86)\re-markit corp\re-markit158.exe"></record>
<record severity="debug" code="2" LoggingEventType="4" message="SDKQuarantine" datetime="2014-04-11T09:36:10.277260-04:00" source="Protection" type="Error" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="d4a8260a-59d1-4e9d-9808-49c183277a25" result="Failed" filename="c:\program files (x86)\re-markit corp\re-markit158.exe"></record>
<record severity="debug" code="2" LoggingEventType="2" message="SDKQuarantine" datetime="2014-04-11T09:36:10.284260-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="ff2f3538-24ee-452b-a182-9517a98068cf" result="Failed" filename="c:\program files (x86)\mediaplayerplus\mediaplayerplus-codedownloader.exe"></record>
<record severity="debug" LoggingEventType="0" datetime="2014-04-11T09:36:10.290260-04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="695056c4-4885-4a82-9df2-39f6d1e1f4fb" subtype="Malware Protection" action="Quarantine" filename="c:\program files (x86)\mediaplayerplus\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-4.exe" hash="c74cdf4a007be25469c1e5806a97d62a" malwaretype="File" vendor="PUP.Optional.MediaPlayerplus.A"></record>
<record severity="debug" code="2" LoggingEventType="4" message="SDKQuarantine" datetime="2014-04-11T09:36:10.294261-04:00" source="Protection" type="Error" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="ff2f3538-24ee-452b-a182-9517a98068cf" result="Failed" filename="c:\program files (x86)\mediaplayerplus\mediaplayerplus-codedownloader.exe"></record>
<record severity="debug" code="2" LoggingEventType="2" message="SDKQuarantine" datetime="2014-04-11T09:36:10.313262-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="0f1fecdb-1c20-4e1d-a509-4e4a3f171665" result="Failed" filename="c:\program files (x86)\mediaplayerplus\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-4.exe"></record>
<record severity="debug" code="2" LoggingEventType="4" message="SDKQuarantine" datetime="2014-04-11T09:36:10.317262-04:00" source="Protection" type="Error" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="0f1fecdb-1c20-4e1d-a509-4e4a3f171665" result="Failed" filename="c:\program files (x86)\mediaplayerplus\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-4.exe"></record>
<record severity="debug" LoggingEventType="0" datetime="2014-04-11T09:36:14.262488-04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="afa4f1fd-eb84-4474-a170-6104997da931" subtype="Malware Protection" action="Quarantine" filename="c:\program files (x86)\re-markit corp\re-markit158.dll" hash="46cdf831ed8ed75f24d576e9ed15f50b" malwaretype="File" vendor="PUP.Optional.ReMarkIt.A"></record>
<record severity="debug" LoggingEventType="0" datetime="2014-04-11T09:36:14.273488-04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="6d28c3ee-8a35-4f42-a564-28abbfcadd15" subtype="Malware Protection" action="Quarantine" filename="c:\program files (x86)\re-markit corp\re-markit158.exe" hash="f51e75b439423600d0297ae5e12117e9" malwaretype="File" vendor="PUP.Optional.ReMarkIt.A"></record>
<record severity="debug" LoggingEventType="0" datetime="2014-04-11T09:36:14.288489-04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="443fcb94-4495-4361-afed-488f6b507c2b" subtype="Malware Protection" action="Quarantine" filename="c:\program files (x86)\mediaplayerplus\mediaplayerplus-codedownloader.exe" hash="64afb970e09bcb6b65c53a2b2ad7ae52" malwaretype="File" vendor="PUP.Optional.MediaPlayerplus.A"></record>
<record severity="debug" LoggingEventType="0" datetime="2014-04-11T09:36:14.307490-04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="2694d8ca-88cb-40e7-b09b-38f692491e57" subtype="Malware Protection" action="Quarantine" filename="c:\program files (x86)\mediaplayerplus\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-4.exe" hash="c74cdf4a007be25469c1e5806a97d62a" malwaretype="File" vendor="PUP.Optional.MediaPlayerplus.A"></record>
<record severity="debug" code="2" LoggingEventType="2" message="SDKQuarantine" datetime="2014-04-11T09:36:14.350493-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="3765df42-8cf9-4376-bf52-fec3d607e87d" result="Failed" filename="c:\program files (x86)\re-markit corp\re-markit158.dll"></record>
<record severity="debug" code="2" LoggingEventType="4" message="SDKQuarantine" datetime="2014-04-11T09:36:14.356493-04:00" source="Protection" type="Error" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="3765df42-8cf9-4376-bf52-fec3d607e87d" result="Failed" filename="c:\program files (x86)\re-markit corp\re-markit158.dll"></record>
<record severity="debug" code="2" LoggingEventType="2" message="SDKQuarantine" datetime="2014-04-11T09:36:14.361493-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="01cb0c89-3386-4628-b240-294c6c39fa20" result="Failed" filename="c:\program files (x86)\mediaplayerplus\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-4.exe"></record>
<record severity="debug" code="2" LoggingEventType="4" message="SDKQuarantine" datetime="2014-04-11T09:36:14.368494-04:00" source="Protection" type="Error" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="01cb0c89-3386-4628-b240-294c6c39fa20" result="Failed" filename="c:\program files (x86)\mediaplayerplus\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-4.exe"></record>
<record severity="debug" code="2" LoggingEventType="4" message="SDKQuarantine" datetime="2014-04-11T09:36:14.375494-04:00" source="Protection" type="Error" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="7c13ec74-de3b-4b20-ab52-f248eb92949d" result="Failed" filename="c:\program files (x86)\re-markit corp\re-markit158.exe"></record>
<record severity="debug" LoggingEventType="0" datetime="2014-04-11T09:36:49.666513-04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="6e07ddb1-e9e2-4e7f-b54f-b1a116ac6122" subtype="Malware Protection" action="Quarantine" filename="c:\program files (x86)\re-markit corp\re-markit158.dll" hash="46cdf831ed8ed75f24d576e9ed15f50b" malwaretype="File" vendor="PUP.Optional.ReMarkIt.A"></record>
<record severity="debug" code="2" LoggingEventType="2" message="SDKQuarantine" datetime="2014-04-11T09:36:49.718516-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="a810c9d0-1a0d-433c-9c70-7e999053b567" result="Failed" filename="c:\program files (x86)\re-markit corp\re-markit158.dll"></record>
<record severity="debug" code="2" LoggingEventType="4" message="SDKQuarantine" datetime="2014-04-11T09:36:49.723516-04:00" source="Protection" type="Error" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="a810c9d0-1a0d-433c-9c70-7e999053b567" result="Failed" filename="c:\program files (x86)\re-markit corp\re-markit158.dll"></record>
<record severity="debug" LoggingEventType="0" datetime="2014-04-11T09:36:50.781576-04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="c7dcad46-f5f5-480c-9e5a-bf97b852bca9" subtype="Malware Protection" action="Quarantine" filename="c:\program files (x86)\re-markit corp\re-markit158.exe" hash="f51e75b439423600d0297ae5e12117e9" malwaretype="File" vendor="PUP.Optional.ReMarkIt.A"></record>
<record severity="debug" code="2" LoggingEventType="2" message="SDKQuarantine" datetime="2014-04-11T09:36:50.850580-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="c3378a71-5df9-47a8-8925-39cc68d40075" result="Failed" filename="c:\program files (x86)\re-markit corp\re-markit158.exe"></record>
<record severity="debug" code="2" LoggingEventType="4" message="SDKQuarantine" datetime="2014-04-11T09:36:50.854581-04:00" source="Protection" type="Error" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="c3378a71-5df9-47a8-8925-39cc68d40075" result="Failed" filename="c:\program files (x86)\re-markit corp\re-markit158.exe"></record>
<record severity="debug" LoggingEventType="0" datetime="2014-04-11T09:36:51.265604-04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="67213721-49e1-43d3-986f-45ecd48a37bc" subtype="Malware Protection" action="Quarantine" filename="c:\program files (x86)\mediaplayerplus\mediaplayerplus-codedownloader.exe" hash="64afb970e09bcb6b65c53a2b2ad7ae52" malwaretype="File" vendor="PUP.Optional.MediaPlayerplus.A"></record>
<record severity="debug" LoggingEventType="0" datetime="2014-04-11T09:36:51.271604-04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="8ca35d87-51cb-42da-aac0-25e68eede424" subtype="Malware Protection" action="Quarantine" filename="c:\program files (x86)\mediaplayerplus\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-4.exe" hash="c74cdf4a007be25469c1e5806a97d62a" malwaretype="File" vendor="PUP.Optional.MediaPlayerplus.A"></record>
<record severity="debug" code="2" LoggingEventType="2" message="SDKQuarantine" datetime="2014-04-11T09:36:51.321607-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="054f5092-78d6-46d0-ba66-6e331d377a8c" result="Failed" filename="c:\program files (x86)\mediaplayerplus\mediaplayerplus-codedownloader.exe"></record>
<record severity="debug" code="2" LoggingEventType="2" message="SDKQuarantine" datetime="2014-04-11T09:36:51.323607-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="3d013acc-1e7c-4c54-a8f2-51d8fc985444" result="Failed" filename="c:\program files (x86)\mediaplayerplus\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-4.exe"></record>
<record severity="debug" code="2" LoggingEventType="4" message="SDKQuarantine" datetime="2014-04-11T09:36:51.328608-04:00" source="Protection" type="Error" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="3d013acc-1e7c-4c54-a8f2-51d8fc985444" result="Failed" filename="c:\program files (x86)\mediaplayerplus\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-4.exe"></record>
<record severity="debug" LoggingEventType="0" datetime="2014-04-11T09:42:56.441381-04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PAULDASLANIAN" last_modified_tag="8c58733e-0d1a-4d5b-ac0c-b03f947062e5" subtype="Malware Protection" action="Quarantine" filename="C:\Users\Paul D. Aslanian\AppData\Roaming\Mozilla\Firefox\Profiles\1mhcgdqe.default-1397143917212\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\defaults\preferences\prefs.js" hash="8a89d95047343afc134838275aa8c838" malwaretype="File" vendor="PUP.Optional.CrossRider.A"></record>
</logs>

johnb35 · Apr 11, 2014

That is not the correct log from malwarebytes. Which version do you download and install? Was it 1.75 or 2.0?

Never mind, it looks like you installed the latest version. Do this to get the correct log.

Open malwarebytes, click on the history button up top, click on the protection logs button on the left and open the scan log. Click on copy to clipboard button. Then come back into your reply and right click and click on paste.

Mosely22 · Apr 11, 2014

johnb35 said:
That is not the correct log from malwarebytes. Which version do you download and install? Was it 1.75 or 2.0?

well there were 2 options to save. i tried the .txt and then it stopped responding (i already scanned and deleted everything though. just the .txt i couldnt get)....the other option to save was .html or something similar so thats what i posted...is everything ok?

Mosely22 · Apr 11, 2014

here is the otl.txt

OTL logfile created on: 4/11/2014 9:54:43 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Paul D. Aslanian\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.79 Gb Total Physical Memory | 4.36 Gb Available Physical Memory | 75.42% Memory free
11.57 Gb Paging File | 9.96 Gb Available in Paging File | 86.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 675.44 Gb Total Space | 634.18 Gb Free Space | 93.89% Space Free | Partition Type: NTFS

Computer Name: PAULDASLANIAN | User Name: Paul D. Aslanian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Paul D. Aslanian\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe ()
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe (Samsung)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe (Samsung Electronics)
PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (SEC)
PRC - C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe ()
MOD - C:\Program Files (x86)\Samsung\Easy Software Manager\SWMFuncDLL.dll ()
MOD - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll ()
MOD - C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe (McAfee, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (25a98636) -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe (Symantec Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (ZAtheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (SamsungDeviceConfigurationWinService) -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe ()
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121226.002\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121226.002\eng64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121225.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121130.005\BHDrvx64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.facebook.com"
FF - prefs.js..extensions.enabledAddons: ee5ad154-f909-4cc0-aa51-d7e94e3fb0af%4036204afd-f43e-4917-9c71-8384e2e4d3ad.com:0.94.36
FF - prefs.js..extensions.enabledAddons: a9719e64-232b-4695-ae9c-a89cd7f2aa84%40ca1279df-bc0d-44a8-97ef-19301c922b68.com:0.94.20
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/10/28 19:25:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2014/04/11 09:28:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/03/29 12:01:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8c46fde2-8f22-4b77-9d6b-47daa604b639}: C:\Program Files (x86)\Re-markit Corp\158.xpi
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/03/29 12:01:08 | 000,000,000 | ---D | M]

[2012/10/28 12:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul D. Aslanian\AppData\Roaming\Mozilla\Extensions
[2014/04/11 09:46:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul D. Aslanian\AppData\Roaming\Mozilla\Firefox\Profiles\1mhcgdqe.default-1397143917212\extensions
[2014/03/29 12:01:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/29 12:01:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\PAUL D. ASLANIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1MHCGDQE.DEFAULT-1397143917212\EXTENSIONS\A9719E64-232B-4695-AE9C-A89CD7F2AA84@CA1279DF-BC0D-44A8-97EF-19301C922B68.COM
File not found (No name found) -- C:\USERS\PAUL D. ASLANIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1MHCGDQE.DEFAULT-1397143917212\EXTENSIONS\EE5AD154-F909-4CC0-AA51-D7E94E3FB0AF@36204AFD-F43E-4917-9C71-8384E2E4D3AD.COM
[2012/06/28 11:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google

riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google

mniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google

ageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Paul D. Aslanian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Paul D. Aslanian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Paul D. Aslanian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Paul D. Aslanian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Paul D. Aslanian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Paul D. Aslanian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Leave a note for Been users - res://C:\Program Files (x86)\GoodShop\Basement\BackgroundEngine.exe/205 File not found
O8:64bit: - Extra context menu item: &Remove from Been Clickstream - res://C:\Program Files (x86)\GoodShop\Basement\BackgroundEngine.exe/206 File not found
O8:64bit: - Extra context menu item: &Save as Been Favorite - res://C:\Program Files (x86)\GoodShop\Basement\BackgroundEngine.exe/204 File not found
O8:64bit: - Extra context menu item: &Thumbs Down - res://C:\Program Files (x86)\GoodShop\Basement\BackgroundEngine.exe/202 File not found
O8:64bit: - Extra context menu item: &Thumbs Up - res://C:\Program Files (x86)\GoodShop\Basement\BackgroundEngine.exe/201 File not found
O8 - Extra context menu item: &Leave a note for Been users - res://C:\Program Files (x86)\GoodShop\Basement\BackgroundEngine.exe/205 File not found
O8 - Extra context menu item: &Remove from Been Clickstream - res://C:\Program Files (x86)\GoodShop\Basement\BackgroundEngine.exe/206 File not found
O8 - Extra context menu item: &Save as Been Favorite - res://C:\Program Files (x86)\GoodShop\Basement\BackgroundEngine.exe/204 File not found
O8 - Extra context menu item: &Thumbs Down - res://C:\Program Files (x86)\GoodShop\Basement\BackgroundEngine.exe/202 File not found
O8 - Extra context menu item: &Thumbs Up - res://C:\Program Files (x86)\GoodShop\Basement\BackgroundEngine.exe/201 File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D795A491-5ACF-4C36-9AA9-9886A7BC9D76}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\WEBLIG~1\WEBLIG~1.DLL) - C:\ProgramData\Web Light\WebLight_x64.dll ()
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\progra~3\weblig~1\weblight.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4a69a9f6-8a7b-11e3-ada2-72b7c32336e4}\Shell - "" = AutoRun
O33 - MountPoints2\{4a69a9f6-8a7b-11e3-ada2-72b7c32336e4}\Shell\AutoRun\command - "" = E:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{60dc2547-3be0-11e3-b176-72b7c32336e4}\Shell - "" = AutoRun
O33 - MountPoints2\{60dc2547-3be0-11e3-b176-72b7c32336e4}\Shell\AutoRun\command - "" = E:\VZW_Software_upgrade_assistant.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/11 09:23:50 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/11 09:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/11 09:23:11 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/04/11 09:23:11 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/04/11 09:23:11 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/04/11 09:23:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/11 09:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/11 08:59:35 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/04/10 23:16:20 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/10 17:21:15 | 002,212,656 | ---- | C] (ELAN Microelectronics Corp.) -- C:\windows\ETDUninst.dll
[2014/04/09 21:35:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2014/04/09 21:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HQ-Vpro-1.9
[2014/04/09 21:30:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Re-markit Corp
[2014/04/08 00:22:05 | 000,000,000 | ---D | C] -- C:\Users\Paul D. Aslanian\Documents\Youcam
[2014/04/08 00:22:02 | 000,000,000 | ---D | C] -- C:\Users\Paul D. Aslanian\AppData\Roaming\CyberLink
[2014/04/04 21:18:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/03/29 12:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/03/25 22:40:36 | 000,000,000 | ---D | C] -- C:\Users\Paul D. Aslanian\AppData\Local\Windows Live
[2014/03/21 23:18:35 | 000,000,000 | ---D | C] -- C:\Users\Paul D. Aslanian\Documents\Avery Templates
[1 C:\Users\Paul D. Aslanian\AppData\Local\*.tmp files -> C:\Users\Paul D. Aslanian\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/04/11 09:49:03 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/11 09:42:56 | 000,048,202 | ---- | M] () -- C:\Users\Paul D. Aslanian\Desktop\mbam.xml
[2014/04/11 09:33:54 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/11 09:33:54 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/11 09:32:22 | 000,783,464 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/04/11 09:32:22 | 000,663,102 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/04/11 09:32:22 | 000,122,680 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/04/11 09:26:27 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2014/04/11 09:26:06 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/04/11 09:26:01 | 1918,406,655 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/11 09:24:50 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/11 09:22:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/04/10 23:10:26 | 001,426,178 | ---- | M] () -- C:\Users\Paul D. Aslanian\Desktop\AdwCleaner.exe
[2014/04/10 14:04:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2014/04/10 10:09:39 | 000,181,151 | ---- | M] () -- C:\Users\Paul D. Aslanian\Desktop\bookmarks-2014-04-10.json
[2014/04/10 10:00:51 | 000,168,653 | ---- | M] () -- C:\Users\Paul D. Aslanian\Desktop\bookmarks3.html
[2014/04/09 21:55:34 | 000,000,378 | ---- | M] () -- C:\windows\tasks\APSnotifierPP3.job
[2014/04/09 21:51:15 | 000,000,380 | ---- | M] () -- C:\windows\tasks\APSnotifierPP1.job
[2014/04/09 21:31:52 | 000,000,378 | ---- | M] () -- C:\windows\tasks\APSnotifierPP2.job
[2014/04/09 21:31:47 | 000,002,850 | ---- | M] () -- C:\Users\Paul D. Aslanian\AppData\Roaming\aps.scan.results
[2014/04/09 21:31:47 | 000,001,198 | ---- | M] () -- C:\Users\Paul D. Aslanian\AppData\Roaming\aps.scan.quick.results
[2014/04/09 21:31:47 | 000,000,314 | ---- | M] () -- C:\Users\Paul D. Aslanian\AppData\Roaming\aps.uninstall.scan.results
[2014/04/09 21:30:18 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/03/13 10:38:46 | 000,277,504 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[1 C:\Users\Paul D. Aslanian\AppData\Local\*.tmp files -> C:\Users\Paul D. Aslanian\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/04/11 09:49:50 | 000,048,202 | ---- | C] () -- C:\Users\Paul D. Aslanian\Desktop\mbam.xml
[2014/04/11 09:23:15 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/10 23:09:50 | 001,426,178 | ---- | C] () -- C:\Users\Paul D. Aslanian\Desktop\AdwCleaner.exe
[2014/04/10 10:09:38 | 000,181,151 | ---- | C] () -- C:\Users\Paul D. Aslanian\Desktop\bookmarks-2014-04-10.json
[2014/04/10 10:00:51 | 000,168,653 | ---- | C] () -- C:\Users\Paul D. Aslanian\Desktop\bookmarks3.html
[2014/04/09 21:49:42 | 000,000,378 | ---- | C] () -- C:\windows\tasks\APSnotifierPP3.job
[2014/04/09 21:31:52 | 000,000,378 | ---- | C] () -- C:\windows\tasks\APSnotifierPP2.job
[2014/04/09 21:31:48 | 000,000,380 | ---- | C] () -- C:\windows\tasks\APSnotifierPP1.job
[2014/04/09 21:31:41 | 000,002,850 | ---- | C] () -- C:\Users\Paul D. Aslanian\AppData\Roaming\aps.scan.results
[2014/04/09 21:31:41 | 000,001,198 | ---- | C] () -- C:\Users\Paul D. Aslanian\AppData\Roaming\aps.scan.quick.results
[2014/04/09 21:31:41 | 000,000,314 | ---- | C] () -- C:\Users\Paul D. Aslanian\AppData\Roaming\aps.uninstall.scan.results
[2014/01/30 20:58:54 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/11/04 13:35:58 | 000,776,078 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/04/18 06:31:19 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2012/04/18 05:51:01 | 000,001,610 | ---- | C] () -- C:\windows\HotFixList.ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/12 17:55:55 | 000,000,000 | ---D | M] -- C:\Users\Paul D. Aslanian\AppData\Roaming\Audacity
[2012/12/03 09:00:09 | 000,000,000 | ---D | M] -- C:\Users\Paul D. Aslanian\AppData\Roaming\Nico Mak Computing
[2014/04/09 21:54:49 | 000,000,000 | ---D | M] -- C:\Users\Paul D. Aslanian\AppData\Roaming\SoftGrid Client
[2012/11/06 12:50:09 | 000,000,000 | ---D | M] -- C:\Users\Paul D. Aslanian\AppData\Roaming\SystemRequirementsLab
[2012/11/04 13:36:38 | 000,000,000 | ---D | M] -- C:\Users\Paul D. Aslanian\AppData\Roaming\TP
[2014/04/04 11:51:14 | 000,000,000 | ---D | M] -- C:\Users\Paul D. Aslanian\AppData\Roaming\uTorrent
[2012/10/28 17:03:14 | 000,000,000 | ---D | M] -- C:\Users\Paul D. Aslanian\AppData\Roaming\WildTangent

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720

< End of report >

johnb35 · Apr 11, 2014

Mosely22 said:
well there were 2 options to save. i tried the .txt and then it stopped responding (i already scanned and deleted everything though. just the .txt i couldnt get)....the other option to save was .html or something similar so thats what i posted...is everything ok?

I edited that last post. you posted the wrong log. follow my instructions and post the correct one.

Mosely22 · Apr 11, 2014

johnb35 said:
That is not the correct log from malwarebytes. Which version do you download and install? Was it 1.75 or 2.0?

Never mind, it looks like you installed the latest version. Do this to get the correct log.

Open malwarebytes, click on the history button up top, click on the protection logs button on the left and open the scan log. Click on copy to clipboard button. Then come back into your reply and right click and click on paste.

when i dl'ed it i had to update it so it was the 2.0.1.1004

Mosely22 · Apr 11, 2014

every time i try and save the log in .txt from mbam it says it had "stopped working" and i have to close...what's going on here?

Re-Markit: Can't get rid of this thing..

Member

Administrator

Well-Known Member

Member

Member

Administrator

Member

Administrator

Member

Member

Administrator

Member

Member

Member

Administrator

Member

Member

Administrator

Member

Member