Scan Logs

CharmPeddler

New Member
# AdwCleaner v3.023 - Report created 18/05/2014 at 07:58:57
# Updated 01/04/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Family
# Running from : C:\Users\Family\Desktop\Scans\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : 70e6ca8c
Service Found : FastFreeConverterUpdt
Service Found : LPTSystemUpdater
Service Found : Re-markit

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
File Found : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
File Found : C:\Users\Public\Desktop\eBay.lnk
File Found : C:\WINDOWS\System32\roboot64.exe
File Found : C:\WINDOWS\System32\Tasks\Re-markit Update
File Found : C:\WINDOWS\System32\Tasks\UpdaterEX
File Found : C:\WINDOWS\Tasks\Re-markit Update.job
File Found : C:\WINDOWS\Tasks\UpdaterEX.job
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\Fast Free Converter
Folder Found C:\Program Files (x86)\File Type Helper
Folder Found C:\Program Files (x86)\HiDefMedia
Folder Found C:\Program Files (x86)\LPT
Folder Found C:\Program Files (x86)\Mysearchdial
Folder Found C:\Program Files (x86)\Optimizer Pro
Folder Found C:\Program Files (x86)\RegClean Pro
Folder Found C:\Program Files (x86)\Surf Canyon
Folder Found C:\Program Files (x86)\w3i
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Found C:\ProgramData\w3i
Folder Found C:\Users\Family\AppData\Local\LPT
Folder Found C:\Users\Family\AppData\Local\Smartbar
Folder Found C:\Users\Family\AppData\Local\Temp\Smartbar
Folder Found C:\Users\Family\AppData\Local\Tuguu_SL
Folder Found C:\Users\Family\AppData\LocalLow\Conduit
Folder Found C:\Users\Family\AppData\LocalLow\Fast Free Converter
Folder Found C:\Users\Family\AppData\LocalLow\Smartbar
Folder Found C:\Users\Family\AppData\Roaming\Mysearchdial
Folder Found C:\Users\Family\AppData\Roaming\Systweak
Folder Found C:\Users\Family\AppData\Roaming\UpdaterEX
Folder Found C:\Users\Family\Documents\Optimizer Pro
Folder Found C:\Users\Steve\AppData\LocalLow\Fast Free Converter
Folder Found C:\WINDOWS\SysWOW64\AI_RecycleBin

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\optimi~1\optpro~1.dll
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\installedbrowserextensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F5580E24-8416-4DFD-90B3-078D4EDF4FCB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F5580E24-8416-4DFD-90B3-078D4EDF4FCB}
Key Found : HKCU\Software\mysearchdial
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\smartbarbackup
Key Found : HKCU\Software\smartbarlog
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Surf Canyon
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\UpdaterEX
Key Found : HKCU\Software\WEDLMNGR
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\installedbrowserextensions
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKCU\Software\mysearchdial
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\SmartBar
Key Found : [x64] HKCU\Software\smartbarbackup
Key Found : [x64] HKCU\Software\smartbarlog
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\Surf Canyon
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\UpdaterEX
Key Found : [x64] HKCU\Software\WEDLMNGR
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A3514F71-E63F-440B-8076-14226E21B2BF}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\surfcanyon.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F5580E24-8416-4DFD-90B3-078D4EDF4FCB}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0054246.BHO
Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bho
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Found : HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Key Found : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite
Key Found : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BA3105E9-5DE6-4A1E-A819-6F5046AB67F5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\Software\Fast Free Converter
Key Found : HKLM\Software\installedbrowserextensions
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5580E24-8416-4DFD-90B3-078D4EDF4FCB}
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\systweak
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\installedbrowserextensions
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17037

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X1cXlCYsL-kPu2rCBxotfGiOllZmcTQKvTM7N93t44i8MD7dx7cLmDKrhLejB3mAxCK7_sh5z0vniHJSaECIXPT738NBfNw_w-H3rNV5lPdrELe6iPlsINfoNIiUIxAZw,,
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X1cXlCYsL-kPu2rCBxotfGiOllZmcTQKvTM7N93t44i8MD7dx7cLmDKrhLejB3mAxCGRuQtZxqsNDzdSSluYo2dzApJPViEU6mgTqBLj_tjJMEGvLp32YhSACLt1WpDxg,,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X1cXlCYsL-kPu2rCBxotfGiOllZmcTQKvTM7N93t44i8MD7dx7cLmDKrhLejB3mAxCGRuQtZxqsNDzdSSluYo2dzApJPViEU6mgTqBLj_tjJMEGvLp32YhSACLt1WpDxg,,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X1cXlCYsL-kPu2rCBxotfGiOllZmcTQKvTM7N93t44i8MD7dx7cLmDKrhLejB3mAxCGRuQtZxqsNDzdSSluYo2dzApJPViEU6mgTqBLj_tjJMEGvLp32YhSACLt1WpDxg,,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X1cXlCYsL-kPu2rCBxotfGiOllZmcTQKvTM7N93t44i8MD7dx7cLmDKrhLejB3mAxCGRuQtZxqsNDzdSSluYo2dzApJPViEU6mgTqBLj_tjJMEGvLp32YhSACLt1WpDxg,,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X1cXlCYsL-kPu2rCBxotfGiOllZmcTQKvTM7N93t44i8MD7dx7cLmDKrhLejB3mAxCGRuQtZxqsNDzdSSluYo2dzApJPViEU6mgTqBLj_tjJMEGvLp32YhSACLt1WpDxg,,&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X1cXlCYsL-kPu2rCBxotfGiOllZmcTQKvTM7N93t44i8MD7dx7cLmDKrhLejB3mAxCGRuQtZxqsNDzdSSluYo2dzApJPViEU6mgTqBLj_tjJMEGvLp32YhSACLt1WpDwQ,,&q={searchTerms}

-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage

*************************

AdwCleaner[R0].txt - [15295 octets] - [18/05/2014 07:58:57]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [15356 octets] ##########





# AdwCleaner v3.023 - Report created 18/05/2014 at 08:07:10
# Updated 01/04/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Family - KAREN
# Running from : C:\Users\Family\Desktop\Scans\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : 70e6ca8c
Service Deleted : FastFreeConverterUpdt
Service Deleted : LPTSystemUpdater
Service Deleted : Re-markit

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\w3i
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Fast Free Converter
Folder Deleted : C:\Program Files (x86)\File Type Helper
Folder Deleted : C:\Program Files (x86)\HiDefMedia
Folder Deleted : C:\Program Files (x86)\LPT
Folder Deleted : C:\Program Files (x86)\Mysearchdial
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\RegClean Pro
Folder Deleted : C:\Program Files (x86)\Surf Canyon
Folder Deleted : C:\Program Files (x86)\w3i
Folder Deleted : C:\WINDOWS\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Users\Steve\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Users\Family\AppData\Local\LPT
Folder Deleted : C:\Users\Family\AppData\Local\Smartbar
Folder Deleted : C:\Users\Family\AppData\Local\Tuguu_SL
Folder Deleted : C:\Users\Family\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\Family\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Family\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Users\Family\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\Family\AppData\Roaming\Mysearchdial
Folder Deleted : C:\Users\Family\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Family\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\Family\Documents\Optimizer Pro
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
File Deleted : C:\WINDOWS\System32\roboot64.exe
File Deleted : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
File Deleted : C:\WINDOWS\Tasks\Re-markit Update.job
File Deleted : C:\WINDOWS\System32\Tasks\Re-markit Update
File Deleted : C:\WINDOWS\Tasks\UpdaterEX.job
File Deleted : C:\WINDOWS\System32\Tasks\UpdaterEX

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\surfcanyon.DLL
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bho
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite
Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0054246.BHO
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A3514F71-E63F-440B-8076-14226E21B2BF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F5580E24-8416-4DFD-90B3-078D4EDF4FCB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BA3105E9-5DE6-4A1E-A819-6F5046AB67F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5580E24-8416-4DFD-90B3-078D4EDF4FCB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F5580E24-8416-4DFD-90B3-078D4EDF4FCB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F5580E24-8416-4DFD-90B3-078D4EDF4FCB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\mysearchdial
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\smartbarbackup
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Surf Canyon
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Fast Free Converter
Key Deleted : HKLM\Software\installedbrowserextensions
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\systweak
Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\optimi~1\optpro~1.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17037

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [15569 octets] - [18/05/2014 07:58:57]
AdwCleaner[S0].txt - [13373 octets] - [18/05/2014 08:07:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13434 octets] ##########





OTL Extras logfile created on: 5/18/2014 8:48:05 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Family\Desktop\Scans
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17031)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.57 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 62.06% Memory free
4.45 Gb Paging File | 3.06 Gb Available in Paging File | 68.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.16 Gb Total Space | 395.02 Gb Free Space | 88.94% Space Free | Partition Type: NTFS
Drive D: | 19.78 Gb Total Space | 2.43 Gb Free Space | 12.28% Space Free | Partition Type: NTFS

Computer Name: KAREN | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0293E8F1-175F-4B6F-B921-38C8F2C4FF15}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4D0C6BA5-A3B9-4205-BA34-E89D48431DAE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{7973006D-D804-497C-8050-D55550FC3AD9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0051E85E-71FE-453D-9D75-1E1DEC7B6F48}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{01C956EE-6940-4B08-892D-73562972ACAF}" = dir=out | name=windows_ie_ac_001 |
"{027CC838-274E-4AC6-B5C7-1CF73AD910AD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0BC581C0-52C5-418C-88DB-F161AD6CE7DC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0E0D8813-B5A1-49CE-8026-5ADE8F10996A}" = dir=out | name=hp+ |
"{11FE9A79-9117-4809-B981-84BBA117D8B6}" = dir=out | name=iheartradio |
"{120722BB-4399-4AB9-A900-C09ED772BFFE}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{130E8C90-12D3-4959-9DF1-D9C8AFF668DF}" = dir=out | name=getting started with windows 8 |
"{1C86BE93-0432-4895-B96B-63029E583133}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{1CDB9091-0E5E-4613-AE22-E9D0716B3526}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{237B7FBE-2EB9-4088-ACCC-D6C46AA8376F}" = dir=out | name=sonicwall mobile connect |
"{241950C0-A3B4-452D-A0A6-2EB9A849BFF3}" = dir=out | name=microsoft mahjong |
"{27F64A95-AF78-4662-8584-5095205671BA}" = dir=in | name=hp printer control |
"{2818D4A0-1D3E-421A-BD7C-15B4599E1EF2}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{289AC9B4-8FC8-47B7-9DB5-AA03AA66B48B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{295FB97A-C843-44F4-84D1-4FE9369363A8}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{2CA030BC-3FB8-456C-BC24-A427BAB148C7}" = dir=out | name=@{microsoft.bingsports_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{33103745-0871-49F3-9430-2CDA5320242A}" = dir=out | name=hp registration |
"{33E2BD53-1CCA-45D3-9CFC-6CADDD8AF8FA}" = dir=out | name=@{microsoft.zunevideo_2.2.886.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{35514EA6-8AF8-4C49-9D7E-CAC554BEE0AE}" = dir=out | name=windows_ie_ac_001 |
"{3581212A-5F52-4734-810D-38790CE200EC}" = dir=out | name=hp+ |
"{35E062FB-1960-43CA-9C14-FE349D7BC101}" = dir=in | name=f5 vpn |
"{374D96E1-7897-43AE-A787-01BF3981C3F1}" = dir=out | name=@{microsoft.bingfinance_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{3E2CF8F9-197C-45EB-AB12-059604333938}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{3F053E3B-1BAE-436E-8A38-D199F00E735D}" = dir=in | name=skype |
"{3F3229A0-DE29-42F7-956F-2E3077102744}" = dir=out | name=iheartradio |
"{3FD86D72-459B-40DE-91BD-25F26C87A32D}" = dir=out | name=hp printer control |
"{4173852E-7CC6-4DAB-918D-B570C0BDE6E0}" = dir=out | name=skype |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{42F07222-AFB5-4A74-BE70-420CF13E9C3A}" = dir=out | name=check point vpn |
"{45100D51-7FC6-4E9C-BEAD-B685D183BC02}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{456483FC-00E5-41CE-8698-9833AF0F444E}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{47832DCD-A9B9-49FE-9614-E63177350C11}" = dir=in | name=hp+ |
"{4DDABB6F-BE7F-4816-960E-D470D473D5C8}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{5206E6D2-D9D3-439A-822C-AF5A0E3A1FB7}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{52F30641-F4BB-47E5-A5E7-E6CA0C4020CD}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{5A4850BB-C85B-48D2-AE3B-30FEF32C55D2}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{5BE2EF86-4628-49EB-82D3-B60C1430C372}" = dir=in | app=c:\users\family\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{5D21597E-B30E-43B5-9A0A-B8C0B9AD2704}" = dir=out | name=netflix |
"{5D64C454-63EF-4CB4-B991-995E348C01F2}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{6191106D-98F1-454C-B1B8-0ECEE203AD02}" = dir=in | name=skype |
"{61B8807F-4106-4126-915C-E48D1538D962}" = dir=out | name=kindle |
"{6432DED6-5D3E-4629-BB20-1C0163832190}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6635B102-2DEF-4EDA-A64A-94B7C66253EE}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{70DB2683-AE32-4D1B-A549-4169B8D2B600}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{759A7C08-FBE6-43B9-B215-C152614B83F1}" = dir=in | name=check point vpn |
"{767EB1B4-C17C-4CF5-9639-1346BE47FD52}" = dir=out | name=norton studio |
"{78251618-9F67-44E1-92CB-64B2829983F4}" = dir=in | name=kindle |
"{7C5A5A7F-F0C0-438D-8DF3-FB6953A72D99}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{7D026915-8E73-49E4-A7EF-BF10780B8972}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{8241C2C7-968B-4302-A859-2C0AB8975713}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{84C19C3B-D1DA-41B8-BA20-CF2EA35C2CFC}" = dir=out | name=@{microsoft.bingmaps_2.0.2530.2317_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{86B0AD2C-4EB0-44DB-BF24-1FED607635A2}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{88287A8D-4521-453B-AC39-24610BD75207}" = dir=out | name=skype |
"{8DCFB847-8D2D-4797-81A7-2F13C008F09D}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{901C06A6-3E02-47A2-90F2-1741C0CA9A38}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{933C44D9-A930-4A5B-AF0F-15648D06DAD9}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{967C67BD-91A3-48AC-9D2F-6B758FB24510}" = dir=in | name=getting started with windows 8 |
"{983BC1B4-CFAF-4330-91A9-D607E81C24B2}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{98DFFEA6-1EE4-48B1-8D5C-B81E7126AA52}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{996DECF5-F2EE-4494-815B-20C2376DD079}" = dir=out | name=hp registration |
"{99D249C1-2EE9-482F-AF6E-977C534EA764}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{99D7A69B-17E4-4102-B434-AFFEB4119085}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9DCAC824-F53D-4EA1-8638-6ACDCACD879F}" = dir=out | name=hp connected photo powered by snapfish |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{ACE03C1F-F23F-4DFB-AABD-4BC6466D0186}" = dir=in | name=ebay |
"{B2556A28-2442-46F2-9AA0-CFAEC997FB03}" = dir=in | name=sonicwall mobile connect |
"{BAB27E1F-15CA-469A-9CD2-62699F872E55}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{BED18C7A-41C3-4E86-9951-6C3AFF66501B}" = dir=out | name=ebay |
"{C33B55FF-0F24-4785-B125-D2CD83E7477B}" = dir=out | name=microsoft solitaire collection |
"{C6762BD5-FCF0-40B5-A4B5-3D6260BA5CD2}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{C879ABC9-2AD1-4626-8CE1-D08506464B59}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{CB1AD64B-3B2C-4CCC-BAC9-F212B4987567}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{CBB512E9-DBB2-462C-B187-C95ED6319553}" = dir=out | name=@{microsoft.bingtravel_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{D0CC00E8-9365-46B7-BFD1-6AB20DA839B8}" = dir=out | name=@{microsoft.zunemusic_1.4.18.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{D41CD376-7E77-41D0-A0A8-290B7683658A}" = dir=in | name=juniper networks junos pulse |
"{D5BC934A-F153-48C1-8F5C-960E49233E1B}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{D9EC66A1-DBF1-4A4C-B482-9E44809E660F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{E0B1ADCB-5B8F-4C74-8C9D-0DE233C9410D}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{E3542B34-BD13-44C5-BA20-5BA0854D7133}" = dir=out | name=@{microsoft.zunemusic_2.2.886.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{E3A8AFB8-D012-4B7B-9B8B-DBD88B68FD0E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{E56C662D-057A-4E42-A591-42052DF7268D}" = dir=out | name=@{microsoft.bingweather_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{E6CEBBAE-9A93-4971-9A10-F12F282B70CC}" = dir=out | name=f5 vpn |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{EDF591F5-8FEA-4E33-ABB6-CB89BF22AD61}" = dir=out | name=getting started with windows 8 |
"{F0B516A0-1D8D-43CA-9CEA-EECAA0E27C7F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F65C5411-51A1-4D33-8D0B-9A6640FE8B26}" = dir=out | name=juniper networks junos pulse |
"{F6F5549C-C35A-42E8-9DDA-D961C06006CC}" = dir=out | name=@{microsoft.bingnews_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"TCP Query User{52AFFF59-87B1-46DC-A534-561BF4533D31}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{922FA708-E252-469D-912D-18EB0B3ABC27}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}" = iTunes
"{0FA995CC-C849-4755-B14B-5404CC75DC24}" = Energy Star
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2E58F5E0-B5EF-844C-5B18-4C21F800CAD6}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5F769CF4-5263-4C7B-AEB2-C06A73AE4428}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}" = Apple Mobile Device Support
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.6
"O365HomePremRetail - en-us" = Microsoft Office 365 - en-us

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"Google Chrome" = Google Chrome

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HetaOni English" = HetaOni English
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ System Events ]
Error - 5/18/2014 9:47:02 AM | Computer Name = Karen | Source = DCOM | ID = 10010
Description =

Error - 5/18/2014 9:47:33 AM | Computer Name = Karen | Source = DCOM | ID = 10010
Description =

Error - 5/18/2014 9:48:03 AM | Computer Name = Karen | Source = DCOM | ID = 10010
Description =

Error - 5/18/2014 9:48:33 AM | Computer Name = Karen | Source = DCOM | ID = 10010
Description =

Error - 5/18/2014 9:49:03 AM | Computer Name = Karen | Source = DCOM | ID = 10010
Description =

Error - 5/18/2014 9:49:33 AM | Computer Name = Karen | Source = DCOM | ID = 10010
Description =

Error - 5/18/2014 9:50:07 AM | Computer Name = Karen | Source = DCOM | ID = 10010
Description =

Error - 5/18/2014 9:59:59 AM | Computer Name = Karen | Source = DCOM | ID = 10010
Description =

Error - 5/18/2014 10:03:06 AM | Computer Name = Karen | Source = DCOM | ID = 10010
Description =

Error - 5/18/2014 10:03:36 AM | Computer Name = Karen | Source = DCOM | ID = 10010
Description =


< End of report >
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Family on Sun 05/18/2014 at 8:29:46.49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511421146}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511311172}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511421146}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Family\appdata\locallow\surfcanyon"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 05/18/2014 at 8:43:50.02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/18/2014
Scan Time: 5:41:51 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.18.07
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Family

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 483861
Time Elapsed: 4 hr, 19 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe, 2892, Delete-on-Reboot, [728eb05033cd12ee2de0b0c8a45ee11f]

Modules: 0
(No malicious items detected)

Registry Keys: 34
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511311172}, Quarantined, [9e620ff114ec39c7b22a8ddf30d135cb],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511311172}, Quarantined, [9e620ff114ec39c7b22a8ddf30d135cb],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1993101592-2399183114-1533155077-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110511311172}, Quarantined, [9e620ff114ec39c7b22a8ddf30d135cb],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220522312272}, Quarantined, [9e620ff114ec39c7b22a8ddf30d135cb],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511311172}\INPROCSERVER32, Quarantined, [9e620ff114ec39c7b22a8ddf30d135cb],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511421146}, Quarantined, [5ba511ef54acd12f102e6cff37ca13ed],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511421146}, Quarantined, [5ba511ef54acd12f102e6cff37ca13ed],
PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-21-1993101592-2399183114-1533155077-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110511421146}, Quarantined, [5ba511ef54acd12f102e6cff37ca13ed],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220522422246}, Quarantined, [5ba511ef54acd12f102e6cff37ca13ed],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511421146}\INPROCSERVER32, Quarantined, [5ba511ef54acd12f102e6cff37ca13ed],
PUP.Optional.QuickShare.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [ff01f30deb15b8489dcd3d213ac87a86],
PUP.Optional.QuickShare.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [ff01f30deb15b8489dcd3d213ac87a86],
PUP.Optional.MySearchDial.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3004627E-F8E9-4E8B-909D-316753CBA923}, Quarantined, [a25e40c03bc5ee12c9d38ad47b87748c],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, Quarantined, [798713ede11fb54b73d91847df236a96],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, Quarantined, [f20e14ec28d8d32d34182936a9596898],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, Quarantined, [f20e14ec28d8d32d34182936a9596898],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, Quarantined, [f20e14ec28d8d32d34182936a9596898],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, Quarantined, [f20e14ec28d8d32d34182936a9596898],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, Quarantined, [f20e14ec28d8d32d34182936a9596898],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, Quarantined, [f20e14ec28d8d32d34182936a9596898],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, Quarantined, [f20e14ec28d8d32d34182936a9596898],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, Quarantined, [f20e14ec28d8d32d34182936a9596898],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, Quarantined, [f20e14ec28d8d32d34182936a9596898],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, Quarantined, [f20e14ec28d8d32d34182936a9596898],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, Quarantined, [f20e14ec28d8d32d34182936a9596898],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, Quarantined, [f20e14ec28d8d32d34182936a9596898],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, Quarantined, [f20e14ec28d8d32d34182936a9596898],
PUP.Optional.HQVideo.A, HKLM\SOFTWARE\WOW6432NODE\HQ-Vid-1.9f, Quarantined, [55ab778949b770905e4a40503bc723dd],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\MediaPlayerplus, Quarantined, [24dce7194db37e821bd18a0510f2a759],
PUP.Optional.FastFreeConverter.A, HKLM\SOFTWARE\WOW6432NODE\ZUPDATER\FastFreeConverterUpdt.exe, Quarantined, [f907a55b619f48b8324af49b27db7c84],
PUP.Optional.HQVideo.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQ-Vid-1.9f, Quarantined, [b05019e72ed2e0202086b3ddff036799],
PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus, Quarantined, [cd33e31d05fb33cdae40fb94d0321de3],
PUP.Optional.HQVideo.A, HKU\S-1-5-21-1993101592-2399183114-1533155077-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQ-Vid-1.9f, Quarantined, [837d629ea7596898baec711f8d7560a0],
PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-21-1993101592-2399183114-1533155077-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus, Quarantined, [dd23c13f7d83619f4da18a0552b004fc],

Registry Values: 1
PUP.Optional.ReMarkIT.A, HKU\S-1-5-21-1993101592-2399183114-1533155077-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{5ae66703-77f8-4623-8c81-9ba769053c03}, C:\Program Files (x86)\Re-markit Corp\158.xpi, Quarantined, [fc0413ed03fd857b2401315de919ca36]

Registry Data: 9
PUP.Optional.HelperBar.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X1cXlCYsL-kPu2rCBxotfGiOllZmcTQKvTM7N93t44i8MD7dx7cLmDKrhLejB3mAxCGRuQtZxqsNDzdSSluYo2dzApJPViEU6mgTqBLj_tjJMEGvLp32YhSACLt1WpDwg,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X1cXlCYsL-kPu2rCBxotfGiOllZmcTQKvTM7N93t44i8MD7dx7cLmDKrhLejB3mAxCGRuQtZxqsNDzdSSluYo2dzApJPViEU6mgTqBLj_tjJMEGvLp32YhSACLt1WpDwg,,&q={searchTerms}),Replaced,[cb35f50be51bb54bd07453f03acada26]
PUP.Optional.HelperBar.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X1cXlCYsL-kPu2rCBxotfGiOllZmcTQKvTM7N93t44i8MD7dx7cLmDKrhLejB3mAxCGRuQtZxqsNDzdSSluYo2dzApJPViEU6mgTqBLj_tjJMEGvLp32YhSACLt1WpDwg,,&q={searchTerms}, Good: (http://www.google.com), Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X1cXlCYsL-kPu2rCBxotfGiOllZmcTQKvTM7N93t44i8MD7dx7cLmDKrhLejB3mAxCGRuQtZxqsNDzdSSluYo2dzApJPViEU6mgTqBLj_tjJMEGvLp32YhSACLt1WpDwg,,&q={searchTerms}),Replaced,[97699a6631cfff019b92de6f4cb8ca36]
PUP.Optional.HelperBar.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X1cXlCYsL-kPu2rCBxotfGiOllZmcTQKvTM7N93t44i8MD7dx7cLmDKrhLejB3mAxCGRuQtZxqsNDzdSSluYo2dzApJPViEU6mgTqBLj_tjJMEGvLp32YhSACLt1WpDwg,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X1cXlCYsL-kPu2rCBxotfGiOllZmcTQKvTM7N93t44i8MD7dx7cLmDKrhLejB3mAxCGRuQtZxqsNDzdSSluYo2dzApJPViEU6mgTqBLj_tjJMEGvLp32YhSACLt1WpDwg,,&q={searchTerms}),Replaced,[f20e09f7b54b10f00d3843002dd7b44c]
PUP.Optional.HelperBar.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X1cXlCYsL-kPu2rCBxotfGiOllZmcTQKvTM7N93t44i8MD7dx7cLmDKrhLejB3mAxCGRuQtZxqsNDzdSSluYo2dzApJPViEU6mgTqBLj_tjJMEGvLp32YhSACLt1WpDwg,,&q={searchTerms}, Good: (http://www.google.com), Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X1cXlCYsL-kPu2rCBxotfGiOllZmcTQKvTM7N93t44i8MD7dx7cLmDKrhLejB3mAxCGRuQtZxqsNDzdSSluYo2dzApJPViEU6mgTqBLj_tjJMEGvLp32YhSACLt1WpDwg,,&q={searchTerms}),Replaced,[6799aa565ba5847c101e9ab326de619f]
PUP.Optional.HelperBar.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X1cXlCYsL-kPu2rCBxotfGiOllZmcTQKvTM7N93t44i8MD7dx7cLmDKrhLejB3mAxCGRuQtZxqsNDzdSSluYo2dzApJPViEU6mgTqBLj_tjJMEGvLp32YhSACLt1WpDwg,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X1cXlCYsL-kPu2rCBxotfGiOllZmcTQKvTM7N93t44i8MD7dx7cLmDKrhLejB3mAxCGRuQtZxqsNDzdSSluYo2dzApJPViEU6mgTqBLj_tjJMEGvLp32YhSACLt1WpDwg,,&q={searchTerms}),Replaced,[788820e057a9e0201b2c95ae29db53ad]
PUP.Optional.HelperBar.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X1cXlCYsL-kPu2rCBxotfGiOllZmcTQKvTM7N93t44i8MD7dx7cLmDKrhLejB3mAxCGRuQtZxqsNDzdSSluYo2dzApJPViEU6mgTqBLj_tjJMEGvLp32YhSACLt1WpDwg,,&q={searchTerms}, Good: (http://www.google.com), Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X1cXlCYsL-kPu2rCBxotfGiOllZmcTQKvTM7N93t44i8MD7dx7cLmDKrhLejB3mAxCGRuQtZxqsNDzdSSluYo2dzApJPViEU6mgTqBLj_tjJMEGvLp32YhSACLt1WpDwg,,&q={searchTerms}),Replaced,[8977827efa066997bd7359f4d034b24e]
PUP.Optional.HelperBar.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X1cXlCYsL-kPu2rCBxotfGiOllZmcTQKvTM7N93t44i8MD7dx7cLmDKrhLejB3mAxCGRuQtZxqsNDzdSSluYo2dzApJPViEU6mgTqBLj_tjJMEGvLp32YhSACLt1WpDwg,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X1cXlCYsL-kPu2rCBxotfGiOllZmcTQKvTM7N93t44i8MD7dx7cLmDKrhLejB3mAxCGRuQtZxqsNDzdSSluYo2dzApJPViEU6mgTqBLj_tjJMEGvLp32YhSACLt1WpDwg,,&q={searchTerms}),Replaced,[ed133fc155abd0302c1c9da6e32142be]
PUP.Optional.HelperBar.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X1cXlCYsL-kPu2rCBxotfGiOllZmcTQKvTM7N93t44i8MD7dx7cLmDKrhLejB3mAxCGRuQtZxqsNDzdSSluYo2dzApJPViEU6mgTqBLj_tjJMEGvLp32YhSACLt1WpDwg,,&q={searchTerms}, Good: (http://www.google.com), Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X1cXlCYsL-kPu2rCBxotfGiOllZmcTQKvTM7N93t44i8MD7dx7cLmDKrhLejB3mAxCGRuQtZxqsNDzdSSluYo2dzApJPViEU6mgTqBLj_tjJMEGvLp32YhSACLt1WpDwg,,&q={searchTerms}),Replaced,[d729d7290cf4f20e53de5af3d0346d93]
PUP.Optional.HelperBar.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X1cXlCYsL-kPu2rCBxotfGiOllZmcTQKvTM7N93t44i8MD7dx7cLmDKrhLejB3mAxCGRuQtZxqsNDzdSSluYo2dzApJPViEU6mgTqBLj_tjJMEGvLp32YhSACLt1WpDwg,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X1cXlCYsL-kPu2rCBxotfGiOllZmcTQKvTM7N93t44i8MD7dx7cLmDKrhLejB3mAxCGRuQtZxqsNDzdSSluYo2dzApJPViEU6mgTqBLj_tjJMEGvLp32YhSACLt1WpDwg,,&q={searchTerms}),Replaced,[649c53ad18e8a45c7fc4c380937156aa]

Folders: 3
PUP.Optional.MediaPlayerplus.A, C:\Program Files (x86)\MediaPlayerplus, Quarantined, [0af64ab6738d639d16d4355ae220837d],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit Corp, Delete-on-Reboot, [728eb05033cd12ee2de0b0c8a45ee11f],
PUP.Optional.HQVideo.A, C:\Program Files (x86)\HQ-Vid-1.9f, Quarantined, [847c43bd7888de225a5d9fd9d62cb14f],

Files: 66
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQ-Vid-1.9f\HQ-Vid-1.9f-bho64.dll, Quarantined, [9e620ff114ec39c7b22a8ddf30d135cb],
PUP.Optional.MediaPlayerplus.A, C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll, Quarantined, [5ba511ef54acd12f102e6cff37ca13ed],
PUP.Optional.Conduit.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3299872\plugins\TBVerifier.dll.vir, Quarantined, [ea16fa060ef21ce4d2dfb09202fe1be5],
PUP.Optional.MySearchDial.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialApp.dll.vir, Quarantined, [f10f58a8f20e60a016a0034f78897d83],
PUP.Optional.MySearchDial.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialEng.dll.vir, Quarantined, [06fa51afad53fa069125341ecd3442be],
PUP.Optional.MySearchDial.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialsrv.exe.vir, Quarantined, [ba462ed2e818a35de2d4c88a837eba46],
PUP.Optional.MySearchDial.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll.vir, Quarantined, [23dd40c0d7291be56254d77b22df827e],
PUP.Optional.MySearchDial.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\bh\mysearchdial.dll.vir, Quarantined, [9d6388782bd5f01022940d45ad54c739],
PUP.Optional.OptimizerPro, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProReminder.exe.vir, Quarantined, [fe02e51bb848ae52f5b60126a061f808],
PUP.Optional.OptimizerPro, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProSchedule.exe.vir, Quarantined, [cc34946c60a0af51dcd01512fc052ed2],
PUP.Optional.OptimizerPro, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe.vir, Quarantined, [fc048a76738de61a7f2ee1464eb356aa],
PUP.Optional.SmartBar.A, C:\AdwCleaner\Quarantine\C\Users\Family\AppData\Local\Smartbar\Application\SmartbarVersionsHelper.exe.vir, Quarantined, [9f6142bed52bdf216b6e35f2ef112ad6],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQ-Vid-1.9f\ae90d844-dbe8-423c-9d25-4fe3a9b6d29b-2.exe, Quarantined, [768a79877888827e36a60e5ecc35857b],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQ-Vid-1.9f\ae90d844-dbe8-423c-9d25-4fe3a9b6d29b-3.exe, Quarantined, [39c71be57c84f01034a81f4d5aa72fd1],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQ-Vid-1.9f\ae90d844-dbe8-423c-9d25-4fe3a9b6d29b-5.exe, Quarantined, [df2113ed7f8119e78854b1bb976a44bc],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQ-Vid-1.9f\utils.exe, Quarantined, [d729e11f1fe1ff01819107397090aa56],
PUP.Optional.AdLyrics.A, C:\Program Files (x86)\Re-markit Corp\ReMar.exe, Quarantined, [49b7c63a966a42be1487dd6040c0b050],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit Corp\Uninstall.exe, Quarantined, [d729a858c739a65af30377c55ba5e719],
PUP.Optional.Conduit.A, C:\Users\Family\Downloads\Installl_Converter.exe, Quarantined, [7d8313ed6c9458a883beb06c837e857b],
PUP.Optional.InstallIQ.A, C:\Users\Family\Downloads\intunemp3.exe, Quarantined, [6c941ae6a957f60a896bab6a4eb313ed],
PUP.Optional.AirAdInstaller, C:\Users\Family\Downloads\Setup (1).exe, Quarantined, [df21966a48b849b759b1e35738c8649c],
PUP.Optional.AirAdInstaller, C:\Users\Family\Downloads\Setup (2).exe, Quarantined, [af5135cb4ab66e92ab5f47f3d42cb34d],
PUP.Optional.AirAdInstaller, C:\Users\Family\Downloads\Setup (3).exe, Quarantined, [58a8b24e6f91be42bc4e60da15eb44bc],
PUP.Optional.AirAdInstaller, C:\Users\Family\Downloads\Setup (4).exe, Quarantined, [718f6e922bd5ac5429e157e34db32fd1],
PUP.Optional.Softonic, C:\Users\Family\Downloads\SoftonicDownloader_for_cabos.exe, Quarantined, [25db49b7d03016ea5118ee1616eb2ed2],
PUP.Optional.RocketFuel.A, C:\Users\Family\Downloads\TinyMediaPlayer_RocketFuelInstaller.exe, Quarantined, [44bcf30dba46f907780db76fea1a619f],
PUP.Optional.ArcadeFrontier.A, C:\Users\Family\Downloads\ArcadeFrontierGames (1).exe, Quarantined, [ee12d12fd12fcc34f01d550403fedd23],
PUP.Optional.ArcadeFrontier.A, C:\Users\Family\Downloads\ArcadeFrontierGames (10).exe, Quarantined, [e61a50b09e62c33db75676e32ed34db3],
PUP.Optional.ArcadeFrontier.A, C:\Users\Family\Downloads\ArcadeFrontierGames (2).exe, Quarantined, [738d4cb4fb0520e049c4cf8a49b8a65a],
PUP.Optional.ArcadeFrontier.A, C:\Users\Family\Downloads\ArcadeFrontierGames (3).exe, Quarantined, [11ef768a0bf5d030729b43168c75e31d],
PUP.Optional.ArcadeFrontier.A, C:\Users\Family\Downloads\ArcadeFrontierGames (4).exe, Quarantined, [d72907f9c739808051bc540541c0857b],
PUP.Optional.ArcadeFrontier.A, C:\Users\Family\Downloads\ArcadeFrontierGames (5).exe, Quarantined, [619f7c84b34d27d9ea237fda4fb2fd03],
PUP.Optional.ArcadeFrontier.A, C:\Users\Family\Downloads\ArcadeFrontierGames (6).exe, Quarantined, [c23e808016ea49b76ba23f1aca37d927],
PUP.Optional.ArcadeFrontier.A, C:\Users\Family\Downloads\ArcadeFrontierGames (7).exe, Quarantined, [768af20ead5303fd3fce7edb52afa957],
PUP.Optional.ArcadeFrontier.A, C:\Users\Family\Downloads\ArcadeFrontierGames (8).exe, Quarantined, [19e7af5146ba4fb18f7e9ebbea17c53b],
PUP.Optional.ArcadeFrontier.A, C:\Users\Family\Downloads\ArcadeFrontierGames (9).exe, Quarantined, [45bb70909e62d030e92485d4000135cb],
PUP.Optional.ArcadeFrontier.A, C:\Users\Family\Downloads\ArcadeFrontierGames.exe, Quarantined, [9c649d63ff0117e9f91490c9877a659b],
PUP.Optional.InstallIQ.A, C:\Users\Family\Downloads\musicoasis.exe, Quarantined, [ed137a86e71923dd49ab888d7889728e],
PUP.Optional.CrossRider.A, C:\Windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-2.job, Quarantined, [fd03ef1105fb7e828fd4018e61a19070],
PUP.Optional.CrossRider.A, C:\Windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3.job, Quarantined, [847c44bc9070da26e67de0afd23019e7],
PUP.Optional.CrossRider.A, C:\Windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-4.job, Quarantined, [d12fa858e11f5da36af9d1be8c762ad6],
PUP.Optional.CrossRider.A, C:\Windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-5.job, Quarantined, [768a788851af31cf2241781721e117e9],
PUP.Optional.CrossRider.A, C:\Windows\Tasks\ae90d844-dbe8-423c-9d25-4fe3a9b6d29b-2.job, Quarantined, [36cad62a5da3946c2340ddb2758da060],
PUP.Optional.CrossRider.A, C:\Windows\Tasks\ae90d844-dbe8-423c-9d25-4fe3a9b6d29b-3.job, Quarantined, [f0107e82748cc838ea79a1ee2bd7649c],
PUP.Optional.CrossRider.A, C:\Windows\Tasks\ae90d844-dbe8-423c-9d25-4fe3a9b6d29b-5.job, Quarantined, [6c94e61af40cbb451c47c8c724de9d63],
PUP.Optional.MediaPlayerplus.A, C:\Program Files (x86)\MediaPlayerplus\background.html, Quarantined, [0af64ab6738d639d16d4355ae220837d],
PUP.Optional.MediaPlayerplus.A, C:\Program Files (x86)\MediaPlayerplus\54246.crx, Quarantined, [0af64ab6738d639d16d4355ae220837d],
PUP.Optional.MediaPlayerplus.A, C:\Program Files (x86)\MediaPlayerplus\54246.xpi, Quarantined, [0af64ab6738d639d16d4355ae220837d],
PUP.Optional.MediaPlayerplus.A, C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus.ico, Quarantined, [0af64ab6738d639d16d4355ae220837d],
PUP.Optional.MediaPlayerplus.A, C:\Program Files (x86)\MediaPlayerplus\Uninstall.exe, Quarantined, [0af64ab6738d639d16d4355ae220837d],
PUP.Optional.ReMarkIt.A, C:\Windows\Tasks\Re-markit_wd.job, Quarantined, [35cb6a965fa1a45cd2eacfc2738f28d8],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit Corp\158.crx, Quarantined, [728eb05033cd12ee2de0b0c8a45ee11f],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit Corp\158.dat, Quarantined, [728eb05033cd12ee2de0b0c8a45ee11f],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit Corp\158.xpi, Quarantined, [728eb05033cd12ee2de0b0c8a45ee11f],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit Corp\a.db, Quarantined, [728eb05033cd12ee2de0b0c8a45ee11f],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit Corp\b.db, Quarantined, [728eb05033cd12ee2de0b0c8a45ee11f],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit Corp\Re-markit158.bin, Quarantined, [728eb05033cd12ee2de0b0c8a45ee11f],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit Corp\Re-markit158.exe, Quarantined, [728eb05033cd12ee2de0b0c8a45ee11f],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit Corp\Re-markit158.ini, Quarantined, [728eb05033cd12ee2de0b0c8a45ee11f],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe, Delete-on-Reboot, [728eb05033cd12ee2de0b0c8a45ee11f],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit Corp\Sqlite3.dll, Quarantined, [728eb05033cd12ee2de0b0c8a45ee11f],
PUP.Optional.HQVideo.A, C:\Program Files (x86)\HQ-Vid-1.9f\53172.crx, Quarantined, [847c43bd7888de225a5d9fd9d62cb14f],
PUP.Optional.HQVideo.A, C:\Program Files (x86)\HQ-Vid-1.9f\53172.xpi, Quarantined, [847c43bd7888de225a5d9fd9d62cb14f],
PUP.Optional.HQVideo.A, C:\Program Files (x86)\HQ-Vid-1.9f\background.html, Quarantined, [847c43bd7888de225a5d9fd9d62cb14f],
PUP.Optional.HQVideo.A, C:\Program Files (x86)\HQ-Vid-1.9f\HQ-Vid-1.9f.ico, Quarantined, [847c43bd7888de225a5d9fd9d62cb14f],
PUP.Optional.HQVideo.A, C:\Program Files (x86)\HQ-Vid-1.9f\Uninstall.exe, Quarantined, [847c43bd7888de225a5d9fd9d62cb14f],

Physical Sectors: 0
(No malicious items detected)


(end)
 
OTL logfile created on: 5/18/2014 8:48:05 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Family\Desktop\Scans
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17031)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.57 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 62.06% Memory free
4.45 Gb Paging File | 3.06 Gb Available in Paging File | 68.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.16 Gb Total Space | 395.02 Gb Free Space | 88.94% Space Free | Partition Type: NTFS
Drive D: | 19.78 Gb Total Space | 2.43 Gb Free Space | 12.28% Space Free | Partition Type: NTFS

Computer Name: | User Name: | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/03/29 14:50:08 | 000,077,312 | ---- | M] () -- C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe
PRC - [2014/03/06 21:23:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Family\Desktop\Scans\OTL.exe
PRC - [2012/06/07 22:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/29 14:50:08 | 000,077,312 | ---- | M] () -- C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe
MOD - [2012/06/08 13:34:06 | 000,016,400 | ---- | M] () -- c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/07 22:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/04/23 11:18:32 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/03/30 03:43:28 | 002,211,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/03/23 21:31:14 | 000,347,880 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/03/23 21:31:14 | 000,023,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/03/08 00:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/03/06 02:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/03/06 01:34:46 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/02/22 10:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/02/22 04:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/02/22 04:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/02/22 04:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/02/22 04:25:14 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/02/22 04:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/01/27 10:38:59 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2013/12/10 02:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/11/22 23:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/11/09 18:06:48 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2013/09/29 23:03:27 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013/09/26 20:02:26 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/08/22 07:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 06:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 06:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 06:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 06:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 06:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 05:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 05:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 04:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 04:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 04:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 04:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 04:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 04:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 04:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 04:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2013/11/09 18:06:50 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2013/11/09 18:06:48 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2013/11/09 18:06:47 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2013/11/04 19:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/29 23:03:26 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/08/22 07:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/21 22:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 21:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2012/07/13 20:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/03/23 21:30:57 | 000,257,880 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/03/23 21:30:57 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/03/23 21:27:03 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/03/19 22:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/03/13 07:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/03/08 15:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/03/08 15:35:45 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/02/22 11:00:25 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/02/22 10:50:31 | 000,054,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/02/22 10:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/02/22 10:49:49 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/02/22 10:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/02/22 10:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/02/22 10:49:47 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/02/22 10:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/02/22 07:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/12/02 17:32:18 | 002,483,376 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2013/11/10 21:48:41 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013/11/01 06:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/10/25 20:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/10/05 10:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/09/29 23:03:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/09/29 22:51:06 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/09/29 22:51:01 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/09/26 20:02:28 | 000,619,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/09/26 20:02:26 | 012,526,592 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/08/22 08:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 08:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 07:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 07:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 07:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 07:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 07:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 07:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 07:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 07:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 07:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 07:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 07:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 07:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 07:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 07:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 07:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 07:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 07:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 07:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 07:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 07:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 07:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 07:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 07:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 07:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 07:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 07:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 07:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 06:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 06:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 06:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 06:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 06:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 06:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 06:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 06:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 06:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 06:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 06:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 06:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 06:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 06:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 06:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 06:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 06:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 06:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 06:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 06:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 06:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 06:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 03:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 18:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 19:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 13:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 14:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/06/18 09:46:17 | 000,591,360 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/04 13:41:58 | 000,339,600 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012/06/25 12:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/03/31 01:49:08 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

========== Standard Registry (SafeList) ==========
 
========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
IE:64bit: - HKLM\..\SearchScopes\{C69A395C-89AB-4291-A3E2-26F222212560}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{F5C95058-367C-4723-8A88-C1386941E33B}: "URL" = http://search.yahoo.com/search?fr=mcafee&type=A011US636&p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Family\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5ae66703-77f8-4623-8c81-9ba769053c03}: C:\Program Files (x86)\Re-markit Corp\158.xpi [2014/03/29 14:50:28 | 000,013,169 | ---- | M] ()


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: HQ-Video-Pro-1.9 = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.31_0\crossrider
CHR - Extension: HQ-Video-Pro-1.9 = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.31_0\
CHR - Extension: HQ-Video-Pro-1.9 = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.55_0\crossrider
CHR - Extension: HQ-Video-Pro-1.9 = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.55_0\
CHR - Extension: Google Wallet = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/08/22 08:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HQ-Vid-1.9f) - {11111111-1111-1111-1111-110511311172} - C:\Program Files (x86)\HQ-Vid-1.9f\HQ-Vid-1.9f-bho64.dll (12289)
O2:64bit: - BHO: (MediaPlayerplus) - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll (Freeven)
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Fast Free Converter 3.0) - {DDA5D4B3-468F-4D62-9092-75142C6169B1} - C:\PROGRA~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL File not found
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5368B1CE-E33E-45DC-A83C-1775FA80E27D}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8500A964-37F0-4456-BA41-85966B9E5980}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{13ef3e1d-3606-11e2-be6e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{13ef3e1d-3606-11e2-be6e-806e6f6e6963}\Shell\AutoRun\command - "" = "E:\RunGame.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/18 08:29:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/05/17 22:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/05/17 22:41:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/05/17 22:27:04 | 000,000,000 | ---D | C] -- C:\Users\Family\Desktop\Scans
[2014/05/04 19:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\soavEr box
[2014/04/30 13:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\efb022d452618aab
[2014/04/30 13:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\soavEr box
[2014/04/27 16:24:15 | 000,000,000 | -HSD | C] -- C:\Users\Family\AppData\Local\EmieUserList
[2014/04/27 16:24:15 | 000,000,000 | -HSD | C] -- C:\Users\Family\AppData\Local\EmieSiteList
[2014/04/24 20:20:46 | 000,000,000 | R--D | C] -- C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/04/22 11:10:52 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\McAfee
[2014/04/20 15:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/04/20 15:09:43 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\Deployment
[2014/04/18 22:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Laflurla
[2013/05/01 12:45:35 | 002,152,104 | ---- | C] (Catalina Marketing Corp) -- C:\Users\Family\AppData\Local\BcsKtYcHW.dll
[1 C:\Users\Family\AppData\Local\*.tmp files -> C:\Users\Family\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/05/18 08:52:06 | 000,003,128 | ---- | M] () -- C:\WINDOWS\tasks\ae90d844-dbe8-423c-9d25-4fe3a9b6d29b-3.job
[2014/05/18 08:52:00 | 000,003,472 | ---- | M] () -- C:\WINDOWS\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3.job
[2014/05/18 08:52:00 | 000,002,446 | ---- | M] () -- C:\WINDOWS\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-4.job
[2014/05/18 08:27:55 | 000,001,600 | ---- | M] () -- C:\WINDOWS\tasks\ae90d844-dbe8-423c-9d25-4fe3a9b6d29b-5.job
[2014/05/18 08:27:30 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/18 08:27:14 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/05/18 08:27:07 | 000,001,444 | ---- | M] () -- C:\WINDOWS\tasks\ae90d844-dbe8-423c-9d25-4fe3a9b6d29b-2.job
[2014/05/18 08:26:51 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/18 08:26:50 | 000,001,682 | ---- | M] () -- C:\WINDOWS\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-5.job
[2014/05/18 08:26:50 | 000,001,526 | ---- | M] () -- C:\WINDOWS\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-2.job
[2014/05/18 08:26:50 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\Re-markit_wd.job
[2014/05/18 08:25:09 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/05/18 08:25:05 | 3070,300,160 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/18 08:21:00 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/17 22:54:25 | 000,005,466 | ---- | M] () -- C:\Users\Family\AppData\Roaming\Cabos.plist
[2014/05/17 22:53:23 | 000,269,130 | ---- | M] () -- C:\Users\Family\Documents\cc_20140517_225307.reg DO NOT DELETE.reg
[2014/05/17 22:31:10 | 000,956,476 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/05/17 22:31:10 | 000,794,884 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/05/17 22:31:10 | 000,161,140 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/05/17 21:37:01 | 000,000,944 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1993101592-2399183114-1533155077-1003UA.job
[2014/05/17 15:37:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1993101592-2399183114-1533155077-1003Core.job
[2014/05/14 16:41:03 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForFamily.job
[2014/04/27 09:17:28 | 000,002,305 | ---- | M] () -- C:\Users\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/24 19:57:34 | 000,484,272 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/04/19 21:18:34 | 000,376,832 | ---- | M] () -- C:\Users\Family\AppData\Local\ChromeHitoryDB
[1 C:\Users\Family\AppData\Local\*.tmp files -> C:\Users\Family\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/05/17 22:53:13 | 000,269,130 | ---- | C] () -- C:\Users\Family\Documents\cc_20140517_225307.reg DO NOT DELETE.reg
[2014/04/23 14:54:12 | 000,139,600 | ---- | C] () -- C:\WINDOWS\SysNative\systemsf.ebd
[2014/04/23 14:51:35 | 000,262,335 | ---- | C] () -- C:\WINDOWS\SysNative\dfpinc.dat
[2014/04/23 14:49:11 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/04/23 14:49:11 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysNative\WimBootCompress.ini
[2014/04/23 14:48:04 | 000,100,197 | ---- | C] () -- C:\WINDOWS\SysWow64\RacRules.xml
[2014/04/23 14:48:04 | 000,100,197 | ---- | C] () -- C:\WINDOWS\SysNative\RacRules.xml
[2014/04/23 14:47:55 | 000,007,762 | ---- | C] () -- C:\WINDOWS\SysWow64\connectedsearch-suggestions.searchconnector-ms
[2014/04/23 14:47:55 | 000,007,130 | ---- | C] () -- C:\WINDOWS\SysWow64\connectedsearch-zeroinput.searchconnector-ms
[2014/04/23 14:47:55 | 000,007,130 | ---- | C] () -- C:\WINDOWS\SysNative\connectedsearch-zeroinput.searchconnector-ms
[2014/04/23 14:47:52 | 000,007,762 | ---- | C] () -- C:\WINDOWS\SysNative\connectedsearch-suggestions.searchconnector-ms
[2014/04/23 14:47:36 | 000,011,109 | ---- | C] () -- C:\WINDOWS\SysWow64\connectedsearch-results.searchconnector-ms
[2014/04/23 14:47:36 | 000,011,109 | ---- | C] () -- C:\WINDOWS\SysNative\connectedsearch-results.searchconnector-ms
[2014/04/23 14:47:25 | 000,050,053 | ---- | C] () -- C:\WINDOWS\SysNative\srms.dat
[2014/04/23 14:47:16 | 000,002,440 | R-S- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk
[2014/04/23 11:56:11 | 000,387,210 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014/04/20 15:12:08 | 000,002,305 | ---- | C] () -- C:\Users\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/20 15:12:08 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/20 15:10:45 | 000,000,910 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/20 15:10:44 | 000,000,906 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/17 08:04:48 | 000,376,832 | ---- | C] () -- C:\Users\Family\AppData\Local\ChromeHitoryDB
[2014/03/31 18:41:24 | 000,000,010 | ---- | C] () -- C:\Users\Family\AppData\Local\sponge.last.runtime.cache
[2014/03/29 14:57:55 | 000,000,316 | ---- | C] () -- C:\Users\Family\AppData\Roaming\aps.uninstall.scan.results
[2014/03/29 14:50:41 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/03/17 17:45:48 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/02/23 18:13:10 | 000,000,838 | ---- | C] () -- C:\Users\Family\AppData\Local\recently-used.xbel
[2014/02/01 20:50:41 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2014/02/01 20:50:37 | 000,040,448 | ---- | C] () -- C:\WINDOWS\SysWow64\pdf995mon64.dll
[2013/12/17 18:09:06 | 000,392,620 | ---- | C] () -- C:\Users\Family\AppData\Local\census.cache
[2013/12/17 18:08:07 | 000,115,616 | ---- | C] () -- C:\Users\Family\AppData\Local\ars.cache
[2013/12/17 14:12:01 | 000,000,036 | ---- | C] () -- C:\Users\Family\AppData\Local\housecall.guid.cache
[2013/11/09 16:18:57 | 000,930,400 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/11/09 16:16:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013/09/26 20:02:38 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2013/09/26 20:02:38 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2013/09/26 20:02:36 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat
[2013/09/26 20:02:18 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2013/09/26 20:02:18 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2013/09/26 20:02:12 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2013/08/22 16:29:19 | 000,000,017 | ---- | C] () -- C:\Users\Family\AppData\Local\resmon.resmoncfg
[2013/08/22 10:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 10:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 09:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 02:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 22:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 18:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 18:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/05/01 12:45:33 | 000,888,133 | ---- | C] () -- C:\Users\Family\AppData\Local\a.zip
[2013/02/17 13:08:50 | 000,005,466 | ---- | C] () -- C:\Users\Family\AppData\Roaming\Cabos.plist
[2012/07/25 15:22:54 | 000,982,240 | ---- | C] () -- C:\WINDOWS\SysWow64\igkrng500.bin
[2012/07/25 15:22:54 | 000,439,308 | ---- | C] () -- C:\WINDOWS\SysWow64\igcompkrng500.bin
[2012/07/25 15:22:54 | 000,092,356 | ---- | C] () -- C:\WINDOWS\SysWow64\igfcg500m.bin

========== ZeroAccess Check ==========

[2013/11/13 01:44:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/27 04:12:37 | 021,225,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/27 02:48:28 | 018,679,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 04:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 21:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 04:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/05/17 22:54:25 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Cabos
[2013/02/17 12:48:22 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\com.w3i.intune
[2013/02/17 12:53:55 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\MusicOasis
[2013/07/25 18:22:39 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\ooVoo Details
[2014/03/28 21:07:15 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Oracle
[2014/02/01 21:01:38 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\pdf995
[2014/02/01 21:02:04 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\TaxCut
[2012/11/23 15:22:17 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\WildTangent
[2013/02/14 12:16:55 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\WinBatch

========== Purity Check ==========



< End of report >
 
I still see some leftover entries that need to be removed. When you post logs like this you need to let me know if you are still having issues or whatever. I'll wait to hear back from you before I have you run more fixes.
 
Well, I actually did put a little bit of info at the very beginning, but it looks like the system cut it off?

The PC is running MUCH better, but I'm unable to get "Fantapper" removed.
 
Please do the following.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
  • Download this file here :

    Combofix

  • When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
  • Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.

    cf-icon.jpg
  • We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

  • Close all open Windows including this one.
  • Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
    Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  • Please click on I agree on the disclaimer window.
  • ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.

    cf-preparing.jpg

  • ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.

    erunt.jpg

  • Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:

    recovery-console-prompt.jpg

  • At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  • Please click on yes in the next window to continue scanning for malware.
  • ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  • ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  • While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.

    still-scanning-clockchanges.jpg

  • When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  • This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  • When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  • Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.

If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.


In your next reply please post:
  • The ComboFix log
  • An update on how your computer is running
 
ComboFix says "ComboFix isnto meant to run in 'Compatibility Mode'. The program shall now exit"

Pretty sure i'm not in compatibility mode. Though I have not been in it with W8. lol
 
So they still haven't made combofix compatible with windows 8. What browser does fantapper appear in?

Hq video is basically malware. Is it listed in the installed programs?
 
it does not show up in the "programs and features", but it does show up in the CCleaner uninstaller. HQ Video also does not show up there OR in CCleaner.
 
Please rerun OTL but this time, copy and paste the following into the custom scan/fixes box at the bottom.

Code:
:OTL
PRC - [2014/03/29 14:50:08 | 000,077,312 | ---- | M] () -- C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe
MOD - [2014/03/29 14:50:08 | 000,077,312 | ---- | M] () -- C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=H PDTDFJS
O2 - BHO: (Fast Free Converter 3.0) - {DDA5D4B3-468F-4D62-9092-75142C6169B1} - C:\PROGRA~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL File not found
[2014/05/18 08:52:06 | 000,003,128 | ---- | M] () -- C:\WINDOWS\tasks\ae90d844-dbe8-423c-9d25-4fe3a9b6d29b-3.job
[2014/05/18 08:52:00 | 000,003,472 | ---- | M] () -- C:\WINDOWS\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3.job
[2014/05/18 08:52:00 | 000,002,446 | ---- | M] () -- C:\WINDOWS\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-4.job
[2014/05/18 08:27:55 | 000,001,600 | ---- | M] () -- C:\WINDOWS\tasks\ae90d844-dbe8-423c-9d25-4fe3a9b6d29b-5.job
[2014/05/18 08:27:07 | 000,001,444 | ---- | M] () -- C:\WINDOWS\tasks\ae90d844-dbe8-423c-9d25-4fe3a9b6d29b-2.job
[2014/05/18 08:26:50 | 000,001,682 | ---- | M] () -- C:\WINDOWS\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-5.job
[2014/05/18 08:26:50 | 000,001,526 | ---- | M] () -- C:\WINDOWS\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-2.job
[2014/05/18 08:26:50 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\Re-markit_wd.job

Then click on the run fix button.

Have you tried downloading and using revouninstaller?
 
Ok, I want to point out that the last time i ran a custom scan with OTL is when my sisters laptop locked me completely out by changing its own password. I had to have her ship the laptop to me and I had to wipe it clean. Is there any chance that this will happen again?

I have not tried revo on this system yet. i'll get it right now.

thanks.
 
========== OTL ==========
No active process named Re-markit_wd.exe was found!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DDA5D4B3-468F-4D62-9092-75142C6169B1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDA5D4B3-468F-4D62-9092-75142C6169B1}\ deleted successfully.
File C:\WINDOWS\tasks\ae90d844-dbe8-423c-9d25-4fe3a9b6d29b-3.job not found.
File C:\WINDOWS\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3.job not found.
File C:\WINDOWS\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-4.job not found.
File C:\WINDOWS\tasks\ae90d844-dbe8-423c-9d25-4fe3a9b6d29b-5.job not found.
File C:\WINDOWS\tasks\ae90d844-dbe8-423c-9d25-4fe3a9b6d29b-2.job not found.
File C:\WINDOWS\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-5.job not found.
File C:\WINDOWS\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-2.job not found.
File C:\WINDOWS\tasks\Re-markit_wd.job not found.

OTL by OldTimer - Version 3.2.69.0 log created on 05192014_203450
 
Ok. Let me know how revo works out. Do you know what browser fantapper shows up in? Have you checked browser addons or extensions? I can't see it listed in the logs.
 
I uninstalled and reinstalled Chrome. It no longer shows up. Maybe it was just the fantapper uninstaller that was left over?
 
Look in the windows add-remove programs list in control panel and tell me if fantapper is still listed. If so you can use something like revo uninstaller to fully remove the program. Sometimes the program gets removed but there is registry entry that didn't get deleted so that it still shows up in the installed programs list. I would use revo first before just allowed Ccleaner to just remove the entry.
 
Back
Top