Page 1 of 6 123 ... LastLast
Results 1 to 10 of 57
  1. #1
    Member
    Join Date
    Feb 2014
    Posts
    38
    Points
    4

    Default Internet explorer constantly crashes

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:03:34 AM, on 2/22/2014
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.16518)
    Boot mode: Normal

    Running processes:
    C:\Windows\SysWOW64\RunDll32.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 7\RealTimeProtector.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Users\Lawyermel\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Lawyermel\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Lawyermel\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Lawyermel\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Lawyermel\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Lawyermel\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - (no file)
    O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: FCTBPos00Pos - {FBB668AC-C5DC-44C1-99E7-46378D5E8BAB} - C:\Program Files (x86)\Hawaiian Airlines Rewards Bar\Toolbar.dll
    O3 - Toolbar: Hawaiian Airlines Rewards Bar - {E9818C32-D774-4FBC-87C8-8D42450123DF} - C:\Program Files (x86)\Hawaiian Airlines Rewards Bar\Toolbar.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Ebates Cash Back Toolbar - {DAFDB070-D4C5-4D7B-B4BE-A51E73F9C1A7} - C:\Program Files (x86)\Ebates Toolbar\tbcore3.dll
    O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    O4 - HKLM\..\RunOnce: [SpUninstallCleanUp] REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
    O4 - HKCU\..\Run: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-1334258738-2961168248-39751457-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-1334258738-2961168248-39751457-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'Default user')
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Copy to &Lightning Note - c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\WPLightningCopyToNote.hta
    O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\WPLauncher.hta
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {F2D239D7-B50A-4abe-82E1-30D7608178F7} - (no file) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.dell.com
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.6.0.cab
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductA...eX_Control.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://akamaicdn.webex.com/client/W...g/ieatgpc1.cab
    O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - (no file)
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    O23 - Service: Carbonite Mirror Image Service (Carbonite-Mirror-Image-Svc) - Carbonite, Inc. - C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe
    O23 - Service: CarboniteService - Carbonite, Inc. (Carbonite Cloud Backup Services - Online Computer Data Backup) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    O23 - Service: Dell System Manager Service (dcpsysmgrsvc) - Dell Inc. - c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
    O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\DRIVERS\o2flash.exe (file missing)
    O23 - Service: O2SDIOAssist - Unknown owner - c:\Windows\SysWOW64\srvany.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
    O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: NTRU TSS v1.2.1.34 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: WD Backup (WDBackup) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    O23 - Service: WD Drive Manager (WDDriveService) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel(R) Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless ZeroConfig Service (ZcfgSvc7) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe

    --
    End of file - 19077 bytes




    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 02/22/2014 at 01:16 AM

    Application Version : 5.7.1018

    Core Rules Database Version : 11056
    Trace Rules Database Version: 8868

    Scan type : Complete Scan
    Total Scan Time : 01:49:19

    Operating System Information
    Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC Off - Administrator

    Memory items scanned : 857
    Memory threats detected : 0
    Registry items scanned : 83603
    Registry threats detected : 0
    File items scanned : 133039
    File threats detected : 205

    Adware.Tracking Cookie
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\lawyermel@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\lawyermel@ad.yieldmanager[3].txt [ /ad.yieldmanager ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\lawyermel@ads.as4x.tmcs[1].txt [ /ads.as4x.tmcs ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\lawyermel@advertising[1].txt [ /advertising ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\lawyermel@interclick[1].txt [ /interclick ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\lawyermel@perf.overture[1].txt [ /perf.overture ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\lawyermel@segment-pixel.invitemedia[1].txt [ /segment-pixel.invitemedia ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\lawyermel@trafficmp[2].txt [ /trafficmp ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\lawyermel@zedo[1].txt [ /zedo ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\66JFFKO7.txt [ /webtrack.dhlglobalmail.com ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\HHDZIJMK.txt [ /eyeviewads.com ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\1376EDTQ.txt [ /legolas-media.com ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\NHMYL9HL.txt [ /www.supermediastore.com ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\0BU53F1E.txt [ /traveladvertising.com ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\PFAF2FWQ.txt [ /accounts.google.com ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\PGUZRE6Z.txt [ /amazon-adsystem.com ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\07SNBM2K.txt [ /lucidmedia.com ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\OSUJCRPH.txt [ /steelhousemedia.com ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\M4A349UP.txt [ /supermediastore.com ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\QSVTA60M.txt [ /account.mycricket.com ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\ZUJU22T1.txt [ /bactrack.com ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\195LRJVD.txt [ /liveperson.net ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\CWGMLSS7.txt [ /liveperson.net ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\6LTU2JRU.txt [ /traffic.prod.cobaltgroup.com ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\28AKLCUP.txt [ /accounts.google.com ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\L2K4DB8I.txt [ /liveperson.net ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\TNF53RPD.txt [ /account.woot.com ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\K6RIPHDN.txt [ /ads.yahoo.com ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\27Y0ZGXZ.txt [ /www.clarkcountycourts.us ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\W83QFY3J.txt [ /liveperson.net ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\WOZB8NJM.txt [ /www.bactrack.com ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\Q2B8PUMB.txt [ /picadmedia.com ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\2PDHVG44.txt [ /once.unicornmedia.com ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\V7DJPFDN.txt [ /engine.ecigmedia.com ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\LIWYAO26.txt [ /accountonline.com ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\KNSIW5Z7.txt [ /media.net ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\G3RRETNJ.txt [ /liveperson.net ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\TUI8R7JG.txt [ /lfstmedia.com ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\IQB5GY90.txt [ /saymedia.com ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\WUBNJF01.txt [ /clickfuse.com ]
    C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Cookies\8AYYICU1.txt [ /px.steelhousemedia.com ]
    C:\USERS\WORD PERFECT\AppData\Roaming\Microsoft\Windows\Cookies\Low\XQ9A6JKL.txt [ Cookie:word perfect@revsci.net/ ]
    C:\USERS\WORD PERFECT\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZY8YUE20.txt [ Cookie:word perfect@invitemedia.com/ ]
    C:\USERS\WORD PERFECT\AppData\Roaming\Microsoft\Windows\Cookies\Low\9SP1L2B9.txt [ Cookie:word perfect@c.atdmt.com/ ]
    C:\USERS\WORD PERFECT\AppData\Roaming\Microsoft\Windows\Cookies\Low\YLDN04U3.txt [ Cookie:word perfect@atdmt.com/ ]
    accounts.google.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .mediaplex.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .amazon-adsystem.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .amazon-adsystem.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .burstnet.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .linksynergy.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .ru4.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .atdmt.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .atdmt.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .imrworldwide.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .adtechus.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .smartadserver.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .smartadserver.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .advertising.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .advertising.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .ad.mlnadvertising.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    in.getclicky.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .apmebf.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    www.googleadservices.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .account.woot.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    www.googleadservices.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .elitehometheaterseating.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .elitehometheaterseating.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .insightexpressai.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .insightexpressai.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .revsci.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .wineenthusiast.112.2o7.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    www.googleadservices.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .casalemedia.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .zedo.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .zedo.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .interclick.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .interclick.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .collective-media.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .californiastateautomobileassociation.112.2o7.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    a.intentmedia.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    a.intentmedia.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .liveperson.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .burstnet.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    www.googleadservices.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .doubleclick.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    www.googleadservices.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .serving-sys.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .serving-sys.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .insightexpressai.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .insightexpressai.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .insightexpressai.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .burstnet.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .zedo.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .zedo.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    c1.adform.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    tracker.citizenhawk.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .linksynergy.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .linksynergy.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .linksynergy.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .serving-sys.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .questionmarket.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .statcounter.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .findcounseling.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .findcounseling.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .usnews.122.2o7.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .legolas-media.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .collective-media.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .eyeviewads.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .legolas-media.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    c1.adform.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .adform.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .casalemedia.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .casalemedia.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .casalemedia.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .adtech.de [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .imrworldwide.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .zedo.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .gostats.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .overture.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .zedo.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .ru4.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .ru4.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .ru4.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .ru4.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .ru4.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .ru4.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .ru4.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .ru4.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .mediaplex.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .msnbc.112.2o7.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    www.googleadservices.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .burstnet.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .adtechus.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .traveladvertising.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .traveladvertising.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .realmedia.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .realmedia.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .media6degrees.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .insightexpressai.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .insightexpressai.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .insightexpressai.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .insightexpressai.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .insightexpressai.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .smartadserver.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .burstnet.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .apmebf.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .mediaplex.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .insightexpressai.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .atdmt.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .media.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .media.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .questionmarket.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .insightexpressai.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .serving-sys.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .serving-sys.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .mohg.112.2o7.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .revsci.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .revsci.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .2o7.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .mediaplex.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .revsci.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .revsci.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .interclick.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .adlegend.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .advertising.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .serving-sys.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .liveperson.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .liveperson.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    account.mycricket.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    traffic.prod.cobaltgroup.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .gmcadillac.112.2o7.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    bridge.ame.admarketplace.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .admarketplace.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    adserving.autotrader.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .ads.pointroll.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .advertising.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .fastclick.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .at.atwola.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .casalemedia.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .advertising.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .burstnet.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .specificclick.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .casalemedia.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .casalemedia.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .casalemedia.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .casalemedia.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .media6degrees.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .interclick.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .media6degrees.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .media6degrees.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .media6degrees.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .media6degrees.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .media6degrees.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .lucidmedia.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .steelhousemedia.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .px.steelhousemedia.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .tribalfusion.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .questionmarket.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .questionmarket.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    accounts.google.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    accounts.google.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .doubleclick.net [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .histats.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
    .histats.com [ C:\USERS\LAWYERMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]




    Malwarebytes Anti-Malware 1.75.0.1300
    Malwarebytes : Free Anti-Malware

    Database version: v2014.02.22.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16518
    Lawyermel :: LAWYERMEL-PC [administrator]

    2/22/2014 1:24:03 AM
    mbam-log-2014-02-22 (01-24-03).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 585862
    Time elapsed: 1 hour(s), 29 minute(s), 26 second(s)

    Memory Processes Detected: 2
    C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe (PUP.Optional.Savingsbull) -> 5228 -> Delete on reboot.
    C:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe (PUP.Optional.SavingsBull.A) -> 4896 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 10
    HKLM\SYSTEM\CurrentControlSet\Services\Level Quality Watcher (PUP.Optional.Savingsbull) -> Quarantined and deleted successfully.
    HKCR\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SavingsbullFilterService64 (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    HKCU\Software\SavingsBull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    HKCU\Software\AppDataLow\Software\Savings Bull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    HKCU\Software\AppDataLow\Software\SavingsBull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\SavingsbullFilter (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 5
    C:\Program Files\SavingsbullFilter (PUP.Optional.SavingsBull.A) -> Delete on reboot.
    C:\Program Files\Level Quality Watcher\v1.01 (PUP.Optional.Adpeak) -> Delete on reboot.
    C:\Users\Lawyermel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Users\Lawyermel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0 (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.

    Files Detected: 121
    C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe (PUP.Optional.Savingsbull) -> Delete on reboot.
    C:\Program Files (x86)\SavingsBull\IEOptimizer.dll (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
    C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe (PUP.Optional.Savingsbull) -> Quarantined and deleted successfully.
    C:\Users\Lawyermel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COZHIEYG\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Lawyermel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PBWTOCPX\spstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Lawyermel\AppData\Local\Temp\nsaEE1E.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Lawyermel\AppData\Local\Temp\nsgF0AF.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Lawyermel\AppData\Local\Temp\nsj4EEF.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Lawyermel\AppData\Local\Temp\nsvBFAB.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Lawyermel\AppData\Local\Temp\nsvC26A.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Lawyermel\AppData\Local\Temp\nsv91F6\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Program Files\SavingsbullFilter\sample.dll (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files\SavingsbullFilter\Installbat64.dll (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files\SavingsbullFilter\Microsoft.Deployment.WindowsInstaller.dll (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files\SavingsbullFilter\Microsoft.Deployment.WindowsInstaller.xml (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files\SavingsbullFilter\nfapi.dll (PUP.Optional.SavingsBull.A) -> Delete on reboot.
    C:\Program Files\SavingsbullFilter\nfregdrv.exe (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files\SavingsbullFilter\ProtocolFilters.dll (PUP.Optional.SavingsBull.A) -> Delete on reboot.
    C:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe (PUP.Optional.SavingsBull.A) -> Delete on reboot.
    C:\Users\Lawyermel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\background.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Users\Lawyermel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\bootstrap.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Users\Lawyermel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\icon128.png (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Users\Lawyermel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\icon16.png (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Users\Lawyermel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\icon32.png (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Users\Lawyermel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\icon48.png (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Users\Lawyermel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\icon64.png (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Users\Lawyermel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\icon8.png (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Users\Lawyermel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\manifest.json (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Users\Lawyermel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\marcopolo.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\bootstrap.js.old (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\CustomActionInstall (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\CustomActionUninstall (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_addonkit_page-mod.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_addonkit_private-browsing.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_addonkit_request.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_addonkit_windows.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_addon_runner.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_api-utils.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_base64.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_byte-streams.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_collection.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_content.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_cortex.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_cuddlefish.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_deprecate.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_environment.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_errors.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_events.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_file.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_functional.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_globals.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_heritage.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_hidden-frame.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_light-traits.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_list.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_loader.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_match-pattern.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_memory.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_namespace.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_observer-service.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_plain-text-console.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_preferences-service.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_promise.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_querystring.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_runtime.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_sandbox.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_self.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_system.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_text-streams.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_timer.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_traceback.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_traits.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_unload.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_url.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_uuid.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_window-utils.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_xhr.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_xpcom.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_base_xul-app.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_bootstrap.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_content_content-proxy.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_content_content-worker.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_content_loader.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_content_symbiont.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_content_worker.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_dom_events.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_events_assembler.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_event_core.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_event_target.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_harness-options.json (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_icon.png (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_icon64.png (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_install.rdf (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_l10n_core.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_l10n_html.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_l10n_loader.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_l10n_locale.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_l10n_prefs.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_locales.json (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_main.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_main.js.old (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_prefs.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_privatebrowsing_utils.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_system_events.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_tabs_events.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_tabs_observer.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_tabs_tab.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_tabs_utils.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_traits_core.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_utils_data.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_utils_object.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_utils_registry.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_utils_thumbnail.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_windows_dom.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_windows_loader.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_windows_observer.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_windows_tabs.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\ff_window_utils.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\Microsoft.Deployment.WindowsInstaller.dll (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\Microsoft.Deployment.WindowsInstaller.xml (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SavingsBull\SendJson.dll (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.

    (end)

  2. #2
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi lawyermel,

    Welcome to Help2Go!

    I do apologize for the delay in responding.

    I see that SuperAntiSpyware and Malwarebytes removed a lot of tracking cookies and PUP's (Potentially Unwanted Programs). Let's see what the following scans will remove and display.

    Please download Junkware Removal Tool to your desktop.

    • Disable your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking on XP. Or right click and select Run as Administrator Vista/Win7 and above.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    Next:

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double-click AdwCleaner.exe to run the tool.
      Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
    • Click the Scan button.
    • AdwCleaner will begin. Be patient as the scan may take some time to complete.
    • The contents of the scan results may be confusing. If you see a program name that you know should not be removed, uncheck the results and please let me know about it.
    • Click the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.


    Next:

    Please download OTL to your Desktop
    • Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox
      and
    • Check the option for All under the Extra Registry section
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.

    Please post the contents of both OTL.txt and Extras.txt files in your next reply.

    In your next reply, please post the following logs:

    JRT.txt
    AdwCleaner[S0].txt
    OTL.txt
    Extras.txt


    Thank you,
    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  3. The Following User Says Thank You to DonnaB For This Useful Post:


  4. #3
    Member
    Join Date
    Feb 2014
    Posts
    38
    Points
    4

    Default Internet explorer constantly crashes - logs attached

    OTL Extras logfile created on: 2/23/2014 12:59:45 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lawyermel\Downloads
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16518)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.92 Gb Total Physical Memory | 5.64 Gb Available Physical Memory | 71.26% Memory free
    15.83 Gb Paging File | 13.56 Gb Available in Paging File | 85.64% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 453.57 Gb Total Space | 214.41 Gb Free Space | 47.27% Space Free | Partition Type: NTFS
    Drive D: | 14.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive H: | 29.49 Gb Total Space | 29.49 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

    Computer Name: LAWYERMEL-PC | User Name: Lawyermel | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
    .hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    .js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
    .txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1334258738-2961168248-39751457-1001\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- C:\Users\Lawyermel\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02ED89EC-F43B-4A82-AAAE-4F7B916316FA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{0964B26D-7421-4B03-8BE0-0E4BB75253EF}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{0C1783E2-5330-4C34-94F1-40EEC282F0BD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{235A4EE2-2374-4278-A0C7-B9AE5A0DF22D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{29247589-8178-4E90-B1F2-2762FD560DF6}" = lport=61117 | protocol=17 | dir=in | name=trend micro client/server security agent broadcast |
    "{2E2564AB-D592-4E74-A27B-D3676A1E8122}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
    "{47D6BDEF-FB77-47F6-B32C-59EE5E04D796}" = rport=139 | protocol=6 | dir=out | app=system |
    "{4A84A687-7D27-426E-A590-313467D7142B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{4B6C2A2B-C5DE-488E-8F7E-7C6D7FDB8045}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{5A1111EC-2E68-4698-913C-105CC5D95105}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent update |
    "{62B0766D-85D0-4C89-9763-23E030DAE42D}" = rport=445 | protocol=6 | dir=out | app=system |
    "{64B87860-51E3-4615-A31D-64946034B9ED}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{73AF9A1E-EAD9-4D38-AE5D-E8755DD1CB21}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{74D6C73D-5662-46F5-8F86-DC2AE2C6DACF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{7A64B940-19BF-4DC2-A548-84B1F545116A}" = lport=445 | protocol=6 | dir=in | app=system |
    "{7BDEFFA6-39E4-4FD0-BC0C-7572E700AEE1}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{7DCCF662-BE8E-4965-A69E-D12935D8430B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{8691B8EE-87C3-4342-939B-2FA1D08A6D9C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{89D960E0-3B6B-4B34-B6A0-40C4B9309AC6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{8FF99020-F010-45FE-BCC9-2F8897F6410D}" = lport=139 | protocol=6 | dir=in | app=system |
    "{9B4938ED-8214-40AB-B88D-899B2978EEF9}" = rport=138 | protocol=17 | dir=out | app=system |
    "{AFA5B2C9-EBA3-4115-84C7-28C6D82C37C8}" = rport=137 | protocol=17 | dir=out | app=system |
    "{B1CD955E-5C87-4538-BB85-F603D2E9C5A8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{BBE2A32F-6702-4FE3-AC60-8E6266079182}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{BFD6E1F2-9B61-4288-A997-05512267E26F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{CB59F1D6-9451-4B2F-81B7-232E05E9EB61}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D2EC7C19-64D3-4348-B712-904796D7742D}" = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener |
    "{D323975C-0280-4255-BA1D-AE33460970EB}" = lport=49184 | protocol=6 | dir=in | name=akamai netsession interface |
    "{DAED28CD-70BE-4C8E-89C1-2C6FBE5EC499}" = lport=137 | protocol=17 | dir=in | app=system |
    "{E041B1A3-9320-4991-9E6B-72FA7D853D04}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{E4A7CEF4-3B7B-4E19-B979-85F50AC977A3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E6611C78-56E0-4A7E-A8ED-05DD60BB814F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{074B2782-6F2A-4EDA-B25E-D6D2B981C81D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{0C29B8BB-E55A-4612-BE21-ED5938720D34}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{1DC42B96-79A9-4569-9F8E-DAA1D8BD27E5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{21017230-FA08-412D-9C17-A7FE55DDB48F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{215FA57C-FB50-44F0-B30D-4CAC8E124E3E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{26D0BC26-8A1C-484D-A704-17617BFFBD3E}" = protocol=17 | dir=in | app=c:\users\lawyermel\appdata\local\akamai\netsession_win.exe |
    "{3364148F-0A2A-4264-939E-03AB5F7B5476}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{384AA700-6E6F-4C5C-8D4E-83E74D336F6D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{3925596E-894E-478D-BA1B-648AABDE753F}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
    "{3AA59A8E-AB8A-4A2D-84E1-5DAC3365713A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
    "{3BFA2DE2-FEB5-458C-8BBC-8997EFFB1975}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{413AD915-785D-4359-B4F9-31766BDBCACA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{46EB3153-E028-4E66-8133-C65D2F255661}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{4FA900AD-309D-489D-B55B-ABBE6AC99A03}" = protocol=6 | dir=in | app=c:\program files (x86)\hawaiian airlines rewards bar\toolbarupdate.exe |
    "{5529FF6A-51DB-4A32-8F62-BF9D51B678C1}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
    "{55346408-E91C-4C46-9404-188E2FF66912}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{5879B1D7-FD34-4FD6-BCB2-083421C119A1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{59CDA04C-0773-4484-A111-F14283131D57}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{5A996013-FC49-43EE-9E37-A8D432E3EC1B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{61021E76-C93B-45B5-9C75-397E2538F313}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{673BBF79-BC69-4F09-85B8-64A7BD7D8961}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{76A4AB73-CA8E-4321-A4F4-2E4FE2590AFA}" = protocol=6 | dir=out | app=system |
    "{7F7BA465-223B-4297-B673-C4AEF69F04BA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8D1B11E0-AB74-46E0-8F55-A78BB844E069}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{8E6E4F55-7F06-4917-8049-9843A89537B3}" = protocol=6 | dir=in | app=c:\users\lawyermel\appdata\roaming\dropbox\bin\dropbox.exe |
    "{8E848AD8-C998-4EA1-9445-C0B255B8A6AC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
    "{8F0A2EF9-D86C-452E-95C9-A8C6F8D0C4A2}" = protocol=17 | dir=in | app=c:\users\lawyermel\appdata\roaming\dropbox\bin\dropbox.exe |
    "{9232B351-0971-4623-B3C0-368856CB1917}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{99409EEF-CA1B-4D1E-B0E8-B096B8BFFD5A}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
    "{A247BDCB-A498-4657-B809-6C8DE8CC12FC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{A51E329A-2E99-456E-ADBA-1C1318081786}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A7F97CF0-787E-41E3-B111-B9E1B1C6C2F7}" = protocol=6 | dir=in | app=c:\program files (x86)\hawaiian airlines rewards bar\troubleshooter.exe |
    "{B6814C49-D97F-4585-B1B8-A9C9E8783E2D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{BA19B3B4-87E7-45D0-BE32-4AFCFFDA5433}" = protocol=6 | dir=in | app=c:\users\lawyermel\appdata\local\akamai\netsession_win.exe |
    "{BB2B040B-A991-4EAB-9D98-5857B482D64E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{BEC81103-55B6-49A5-93E9-398C578B5AC7}" = protocol=17 | dir=in | app=c:\program files (x86)\hawaiian airlines rewards bar\troubleshooter.exe |
    "{BEF67B58-F452-405D-A033-E07B0B88E79C}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
    "{C0382D5F-F2D9-435F-ACA3-E8075C3EC218}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C18B3A25-0DBF-42E3-9968-2DD1B774289C}" = dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |
    "{C474CB9A-0A5F-4C44-9A57-E583DEFD53DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{D2459649-F6D2-43BB-BB22-218FCE5DC647}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{D3A984A3-13A3-4757-9E68-17B22EA99166}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{D4EB9ADF-8400-4453-9944-0FD12EFD470F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{E09BFD82-BC22-4AC9-BABC-A958270BD70B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{E296285B-FC65-466D-B1D5-95B69B79BC1B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{E4269B07-398C-4E61-999B-244A666360E8}" = protocol=17 | dir=in | app=c:\program files (x86)\hawaiian airlines rewards bar\toolbarupdate.exe |
    "{EED8D5A6-8419-466E-A9A7-30DFD722A68E}" = dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
    "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
    "{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}" = iTunes
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}" = WordPerfect Office IFilter 64-bit
    "{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
    "{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}" = PC-CCID
    "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
    "{444085BE-389B-4330-A291-3FC258B846EC}" = Canon MF4800 Series
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}" = Intel(R) PROSet/Wireless WiFi Software
    "{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
    "{75E0B85A-085F-4BA3-B2BF-1995AFD8024D}" = NTRU TCG Software Stack
    "{7C8B25EE-665F-49B8-B839-29E06900A543}" = Carbonite Mirror Image (64-bit)
    "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
    "{813BA625-B0FA-48D8-9B75-59759C88C219}" = SavingsbullFilter
    "{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A6B4FE2-7CC4-4DAC-BC68-D9E170B758FD}" = Dell ControlVault Host Components Installer 64 bit
    "{8C9B6B1F-0A8E-402A-A60C-110BBB38D67E}" = Intel(R) Network Connections 15.7.176.1
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{91CE5F03-3A2A-4268-935A-04944F058AE9}" = Gemalto
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{975DFE7C-8E56-45BC-A329-401E6B1F8102}" = Dell Backup and Recovery Manager
    "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
    "{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A7C403DA-B8D9-4CA0-93D9-6C7F00772240}" = WD SmartWare
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 327.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 327.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 140.75
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.14.17
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B93A5C71-1F05-47c6-A9CD-DB6183CC8B30}" = Canon MF4360-4390
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D4F66BBA-D79E-4F11-9B06-70C3D75A2958}" = Adobe Photoshop Lightroom 3.6 64-bit
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
    "{F52ABC1D-5EA4-4FDD-8E5F-CA31428570C0}" = Wave Infrastructure Installer
    "{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
    "{FBCA6D68-2FBE-4A52-8EAA-856CFEA714C8}" = Intel® PROSet/Wireless WiMAX Software
    "{FDF509ED-9624-4FDE-9BAA-9566C186AB96}" = Dell System Manager
    "{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}" = Apple Mobile Device Support
    "9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
    "CCleaner" = CCleaner
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "PC-Doctor for Windows" = My Dell
    "ProInst" = Intel PROSet Wireless
    "PROSetDX" = Intel(R) Network Connections 15.7.176.1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{26D6D2A4-F08A-4212-86E7-7F1F75033610}" = WordPerfect Office X6
    "{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
    "{069793F3-E123-47B9-88DB-5DE76FF32ADB}" = WordPerfect Office X6 - Quattro Pro Files
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
    "{0F1A3568-7419-4115-A207-512B9F688267}" = Creative Memories Memory Manager 2
    "{0F7A0D0F-6576-489E-B20B-B7C8F95BBCC3}" = WordPerfect Office X6 - WT
    "{10FFE1D7-6A72-4483-9856-1A2FBBC5A425}" = WordPerfect Office X6 - Quattro Pro Files English
    "{14BC4AAD-7C28-4BAB-A4F8-7DB7F3CEA7B8}_is1" = ADATASync 1.3.2.18
    "{166FCF01-AC98-4288-A01C-90BEB808C059}" = Sony RAW Driver
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19B4CD07-1919-4002-B28F-A5D2027026E0}" = WordPerfect Office X5 - IPM
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1A3A92EC-A218-4FEE-8A51-05BCD409A048}" = Windows Migration Assistant
    "{1DF03ECE-6AF4-414E-B118-C316F151A9A2}" = WordPerfect Office IFilter 32-bit
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{230100D9-27B4-49A3-A30F-D44B51EF56AA}" = WordPerfect Office X6 - IPM
    "{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
    "{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 51
    "{26D6D2A4-F08A-4212-86E7-7F1F75033610}" = WordPerfect Office X6 - Setup Files
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel(R) Identity Protection Technology 1.0.71.0
    "{315FE707-7A15-4B1B-8C5A-955428AAA01D}" = WordPerfect Office X6 - Common Files
    "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{361BEAD7-E748-412C-908A-BFA0B13E4787}" = Micro D Player
    "{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
    "{440F51A9-8CA3-41D7-AFD5-F47820895949}" = WordPerfect Office X6 - Lightning Files
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
    "{507B1304-194A-4204-A9D9-9BAAF51EF760}" = WD Quick View
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{521D6EE7-E5B6-4E9B-837A-BEF39247FF07}" = RealLegal E-Transcript Bundle Viewer
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
    "{5F3783B7-F809-45A7-8A92-A44B441FDA7C}" = DIRECTV Player
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
    "{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf13
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68E9A0DF-ED47-11D5-A3F2-00A0CC5DF8D2}" = Intellex Player
    "{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}" = SavingsBull
    "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
    "{6FE2F5A6-8DC6-41B9-84AE-9FB32BCF7C02}" = Natural Color Pro
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{72E40002-8CEC-47C1-A099-83AC8E173BF0}" = WD Drive Utilities
    "{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
    "{8265A0B4-D9AF-4603-94B1-51452E4F9611}" = Canon P-150 Driver
    "{8270ABE3-53A5-4046-BF84-EB5FBB0F5B10}" = WordPerfect Office X6 - System Files
    "{83270912-15C7-4336-822E-E8F1B1BBCA60}" = WD Security
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
    "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
    "{86ACFB25-0FA5-4A01-96B5-EE8F229D456E}" = WordPerfect Office X6 - Presentations Files English
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
    "{87BB4097-8385-4DF9-8350-74EA7F3D696E}" = update
    "{8959569B-D9BA-43A9-972A-D509EE7D4BA9}" = WordPerfect Office X6 - Oxford
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
    "{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
    "{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}" = Apple Application Support
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB97C068-725F-49FC-AFC0-7A9CF641DD1F}" = Liberty Court Player 6.5 (build 517)
    "{AC76BA86-1033-0000-7760-000000000005}" = Adobe Acrobat X Pro
    "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
    "{ba99df5b-3e46-419e-81e2-544352772fda}" = WD SmartWare Installer
    "{BE5FF923-8AD2-4C72-BDFF-4DBA64CF605A}" = P-150 CaptureOnTouch
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C4D92146-95DE-415A-99CC-51FBFF7C10CF}" = WordPerfect Office X6 - Lightning Files English
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
    "{CCADD122-70A5-47A6-8722-1BD5267B85F5}" = WordPerfect Office X6 - WordPerfect Files
    "{CD29C36F-2C6D-4ED3-BC21-B20C8038E9A5}" = WordPerfect Office X6 - WordPerfect Files English
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E1AF3785-AA77-471E-ABC5-4C2B459B877A}" = WordPerfect Office X6 - Common Files English
    "{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
    "{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{EAA5C699-6DB5-4508-BD64-B79EB9409C9D}" = WordPerfect Office X6 - Presentations Files
    "{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
    "{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
    "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
    "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F6582F6F-6CD1-4B62-8BC6-EACF98AF410F}" = WordPerfect Office X6
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "ActiveTouchMeetingClient" = Cisco WebEx Meetings
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
    "Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
    "Advanced SystemCare 7_is1" = Advanced SystemCare 7
    "Akamai" = Akamai NetSession Interface Service
    "AudibleDownloadManager" = Audible Download Manager
    "avast" = avast! Internet Security
    "Canon RAW Codec" = Canon RAW Codec
    "Carbonite Backup" = Carbonite
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "Chuzzle Deluxe 1.01" = Chuzzle Deluxe 1.01
    "Dell Webcam Central" = Dell Webcam Central
    "Ebates Cash Back Toolbar" = Ebates Cash Back Toolbar
    "FileZilla Client" = FileZilla Client 3.6.0.2
    "GoToAssist" = GoToAssist Corporate
    "Hawaiian Airlines Rewards Bar" = Hawaiian Airlines Rewards Bar
    "InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
    "InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
    "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
    "Mahjongg Master 4" = Mahjongg Master 4
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
    "PremElem90" = Adobe Premiere Elements 9
    "RealPlayer 16.0" = RealPlayer
    "VLC media player" = VLC media player 2.1.3
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1334258738-2961168248-39751457-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "Hawaiian Airlines MileFinder" = Hawaiian Airlines MileFinder
    "Mahjongg Master 5" = Mahjongg Master 5
    "Natural Color Test ROES" = Natural Color Test ROES

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 2/23/2014 4:32:11 AM | Computer Name = Lawyermel-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 2/23/2014 4:32:30 AM | Computer Name = Lawyermel-PC | Source = PerfNet | ID = 2004
    Description =

    [ System Events ]
    Error - 2/23/2014 4:32:14 AM | Computer Name = Lawyermel-PC | Source = Service Control Manager | ID = 7001
    Description = The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services
    service which failed to start because of the following error: %%0

    Error - 2/23/2014 4:33:34 AM | Computer Name = Lawyermel-PC | Source = DCOM | ID = 10016
    Description =

    Error - 2/23/2014 4:33:34 AM | Computer Name = Lawyermel-PC | Source = DCOM | ID = 10016
    Description =

    Error - 2/23/2014 4:34:11 AM | Computer Name = Lawyermel-PC | Source = Service Control Manager | ID = 7034
    Description = The LiveUpdate service terminated unexpectedly. It has done this
    1 time(s).


    < End of report >

  5. #4
    Member
    Join Date
    Feb 2014
    Posts
    38
    Points
    4

    Default Internet explorer constantly crashes - logs attached

    OTL logfile created on: 2/23/2014 12:59:45 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lawyermel\Downloads
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16518)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.92 Gb Total Physical Memory | 5.64 Gb Available Physical Memory | 71.26% Memory free
    15.83 Gb Paging File | 13.56 Gb Available in Paging File | 85.64% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 453.57 Gb Total Space | 214.41 Gb Free Space | 47.27% Space Free | Partition Type: NTFS
    Drive D: | 14.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive H: | 29.49 Gb Total Space | 29.49 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

    Computer Name: LAWYERMEL-PC | User Name: Lawyermel | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found --
    PRC - [2014/02/23 00:36:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lawyermel\Downloads\OTL.exe
    PRC - [2014/01/31 02:16:45 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2014/01/31 02:16:44 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2014/01/31 02:16:24 | 000,113,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
    PRC - [2013/12/18 10:42:34 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/12/09 19:01:50 | 001,056,264 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    PRC - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
    PRC - [2013/12/04 02:22:32 | 001,364,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2013/11/02 15:01:42 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    PRC - [2013/11/02 14:54:34 | 000,270,704 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    PRC - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2010/12/03 15:20:18 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/12/03 15:20:16 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/11/29 09:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    PRC - [2010/10/15 16:07:52 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    PRC - [2010/08/13 17:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- c:\Windows\SysWOW64\SDIOAssist.exe
    PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () -- c:\Windows\SysWOW64\srvany.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/10/21 23:40:17 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2014/02/06 02:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2014/01/31 02:16:44 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2014/01/31 02:16:24 | 000,113,704 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
    SRV:64bit: - [2013/12/09 18:50:52 | 007,628,296 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
    SRV:64bit: - [2013/10/10 14:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2013/04/18 12:07:50 | 006,443,072 | ---- | M] (Carbonite, Inc.) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe -- (Carbonite-Mirror-Image-Svc)
    SRV:64bit: - [2011/01/20 08:33:20 | 000,517,488 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
    SRV:64bit: - [2010/12/23 11:23:48 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2010/12/23 11:14:10 | 000,992,256 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe -- (ZcfgSvc7)
    SRV:64bit: - [2010/12/23 11:07:12 | 000,845,584 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2010/12/07 19:43:40 | 000,275,968 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2010/11/07 08:04:00 | 000,499,200 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
    SRV:64bit: - [2010/11/07 07:56:30 | 000,869,376 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
    SRV:64bit: - [2010/11/03 13:48:42 | 002,117,120 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
    SRV:64bit: - [2010/10/28 11:05:50 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
    SRV:64bit: - [2010/10/28 11:05:48 | 001,035,680 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
    SRV:64bit: - [2010/10/16 13:17:30 | 003,427,176 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
    SRV:64bit: - [2010/10/15 16:07:52 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2010/09/22 15:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/09/21 21:05:24 | 000,165,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
    SRV:64bit: - [2010/02/10 17:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
    SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
    SRV - [2014/02/20 19:31:34 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/12/18 10:42:34 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7)
    SRV - [2013/12/04 02:22:32 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2013/12/03 16:10:24 | 002,151,200 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
    SRV - [2013/11/02 15:01:42 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
    SRV - [2013/11/02 14:54:34 | 000,270,704 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
    SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
    SRV - [2013/07/01 11:18:40 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
    SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2011/06/10 10:33:31 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
    SRV - [2010/12/03 15:20:18 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/12/03 15:20:16 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/11/29 09:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
    SRV - [2010/11/25 02:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
    SRV - [2010/11/25 02:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
    SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
    SRV - [2010/07/13 11:02:32 | 001,629,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
    SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- c:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2014/07/21 17:05:29 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2014/07/21 16:45:46 | 000,440,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswndisflt.sys -- (aswNdisFlt)
    DRV:64bit: - [2014/01/31 02:16:50 | 001,038,072 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2014/01/31 02:16:50 | 000,421,704 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
    DRV:64bit: - [2014/01/31 02:16:50 | 000,080,184 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
    DRV:64bit: - [2014/01/31 02:16:50 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2013/12/27 02:26:00 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
    DRV:64bit: - [2013/12/17 16:09:02 | 000,061,592 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\netfilter64.sys -- (netfilter64)
    DRV:64bit: - [2013/12/04 02:22:56 | 000,032,544 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
    DRV:64bit: - [2013/12/04 02:22:54 | 000,300,320 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
    DRV:64bit: - [2013/10/21 23:40:18 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2013/10/21 23:40:18 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
    DRV:64bit: - [2013/10/21 23:40:13 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
    DRV:64bit: - [2013/10/01 18:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2013/07/25 15:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
    DRV:64bit: - [2013/04/30 00:51:09 | 000,040,616 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
    DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2013/03/27 21:30:43 | 000,038,768 | ---- | M] (GN Netcom A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\JabraMobileCsrDfuX64.sys -- (JabraDFU)
    DRV:64bit: - [2013/02/11 20:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/08/10 22:44:18 | 000,482,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
    DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/05/06 03:09:52 | 000,348,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
    DRV:64bit: - [2011/05/06 03:09:52 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2011/05/06 03:09:52 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2011/05/06 03:09:52 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2011/05/06 03:09:52 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2011/03/28 10:37:28 | 012,256,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/03/23 13:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
    DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/01/05 20:47:12 | 000,343,160 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2011/01/03 14:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
    DRV:64bit: - [2011/01/03 12:04:44 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)
    DRV:64bit: - [2010/12/21 11:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
    DRV:64bit: - [2010/12/13 14:09:14 | 000,172,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2010/12/13 06:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
    DRV:64bit: - [2010/12/07 19:43:40 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2010/11/20 19:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
    DRV:64bit: - [2010/11/20 19:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010/11/20 19:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
    DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/05 18:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/10/25 21:56:24 | 000,173,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
    DRV:64bit: - [2010/10/25 21:56:18 | 000,081,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
    DRV:64bit: - [2010/10/25 21:56:14 | 000,075,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
    DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/08/24 14:46:02 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
    DRV:64bit: - [2010/08/20 08:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
    DRV:64bit: - [2010/03/19 00:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/09/16 13:08:48 | 000,172,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
    DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 16:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
    DRV:64bit: - [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/06/04 10:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.bing.com
    IE - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 07 D3 1D 7F 64 ED CD 01 [binary data]
    IE - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://wine.woot.com/
    IE - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\..\SearchScopes,DefaultScope = {F615CE42-1043-4E1E-90E3-013A2E2CCF05}
    IE - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\..\SearchScopes\{F615CE42-1043-4E1E-90E3-013A2E2CCF05}: "URL" = https://www.google.com/search?q={searchTerms}
    IE - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    IE - HKU\S-1-5-21-1334258738-2961168248-39751457-1004\..\SearchScopes,DefaultScope =


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\system32\npdeployJava1.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@nds.com/PCShowPlugin: C:\Users\Lawyermel\AppData\Local\DIRECTV Player\npPCShowPlugin.dll (NDS)
    FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\Lawyermel\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lawyermel\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lawyermel\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Users\Lawyermel\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014/02/18 22:45:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/11 19:31:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/09/11 19:31:54 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - Extension: No name found = C:\Users\Lawyermel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: No name found = C:\Users\Lawyermel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0\
    CHR - Extension: No name found = C:\Users\Lawyermel\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi\3.0.1.30_0\
    CHR - Extension: No name found = C:\Users\Lawyermel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\
    CHR - Extension: No name found = C:\Users\Lawyermel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: No name found = C:\Users\Lawyermel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
    CHR - Extension: No name found = C:\Users\Lawyermel\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
    CHR - Extension: No name found = C:\Users\Lawyermel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
    CHR - Extension: No name found = C:\Users\Lawyermel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
    CHR - Extension: No name found = C:\Users\Lawyermel\AppData\Local\Google\Chrome\User Data\Default\Extensions\opipfjckgjfngncmiophknlgjlbdinko\1.2.4.4_0\
    CHR - Extension: No name found = C:\Users\Lawyermel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
    O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
    O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    O2 - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
    O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Hawaiian Airlines Rewards Bar BHO) - {FBB668AC-C5DC-44C1-99E7-46378D5E8BAB} - C:\Program Files (x86)\Hawaiian Airlines Rewards Bar\Toolbar.dll ()
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Ebates Cash Back Toolbar) - {DAFDB070-D4C5-4D7B-B4BE-A51E73F9C1A7} - C:\Program Files (x86)\Ebates Toolbar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (Hawaiian Airlines Rewards Bar) - {E9818C32-D774-4FBC-87C8-8D42450123DF} - C:\Program Files (x86)\Hawaiian Airlines Rewards Bar\Toolbar.dll ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Hawaiian Airlines Rewards Bar) - {E9818C32-D774-4FBC-87C8-8D42450123DF} - C:\Program Files (x86)\Hawaiian Airlines Rewards Bar\Toolbar.dll ()
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Hawaiian Airlines Rewards Bar) - {E9818C32-D774-4FBC-87C8-8D42450123DF} - C:\Program Files (x86)\Hawaiian Airlines Rewards Bar\Toolbar.dll ()
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
    O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart File not found
    O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart File not found
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1334258738-2961168248-39751457-1001..\Run: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe ()
    O4 - HKU\S-1-5-21-1334258738-2961168248-39751457-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-21-1334258738-2961168248-39751457-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
    O7 - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Copy to &Lightning Note - c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\WPLightningCopyToNote.hta ()
    O8:64bit: - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\WPLauncher.hta ()
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Copy to &Lightning Note - c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\WPLightningCopyToNote.hta ()
    O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\WPLauncher.hta ()
    O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\..Trusted Domains: apple.com ([store] https in Trusted sites)
    O15 - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\..Trusted Domains: dell.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\..Trusted Domains: localhost ([]* in Local intranet)
    O15 - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\..Trusted Domains: mlifeinsider.com ([www] https in Trusted sites)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanage...ex-2.2.6.0.cab (DLM Control)
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductA...eX_Control.cab (Photo Upload Plugin Class)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/W...g/ieatgpc1.cab (GpcContainer Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D9675B9-3BE2-40EE-9C64-7A16E6A11735}: DhcpNameServer = 172.20.10.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{330E8ED7-2F85-4472-8D11-E7B6A1F1A906}: DhcpNameServer = 172.26.38.1 172.26.38.2
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{503686B7-BE95-4303-8F03-0C8D8AC9776C}: DhcpNameServer = 192.168.42.129
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A720B0F4-D247-43AD-BBB4-F5B8A0D18E75}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\tmpx - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\tmpx - No CLSID value found
    O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.)
    O30 - LSA: Authentication Packages - (wvauth) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{199df63b-c5d8-11e0-a892-90004eed9c7c}\Shell - "" = AutoRun
    O33 - MountPoints2\{199df63b-c5d8-11e0-a892-90004eed9c7c}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe
    O33 - MountPoints2\{a602829b-93e2-11e1-b7b3-84cad3ea8918}\Shell - "" = AutoRun
    O33 - MountPoints2\{a602829b-93e2-11e1-b7b3-84cad3ea8918}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/07/21 17:05:29 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
    [2014/07/21 17:05:29 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
    [2014/07/21 17:05:29 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
    [2014/07/21 17:05:29 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
    [2014/07/21 17:05:29 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
    [2014/07/21 17:05:29 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
    [2014/02/23 00:28:10 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/02/22 23:47:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/02/21 23:11:24 | 000,000,000 | ---D | C] -- C:\Users\Lawyermel\AppData\Roaming\SUPERAntiSpyware.com
    [2014/02/21 23:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2014/02/21 23:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2014/02/21 23:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2014/02/21 21:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
    [2014/02/21 19:15:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2014/02/21 19:13:01 | 000,000,000 | ---D | C] -- C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2014/02/18 15:58:51 | 000,000,000 | ---D | C] -- C:\Users\Lawyermel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
    [2014/02/15 21:48:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV
    [2014/02/15 21:48:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV
    [2014/02/15 21:41:48 | 006,573,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
    [2014/02/15 21:41:48 | 005,693,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
    [2014/02/15 21:38:09 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
    [2014/02/15 21:37:57 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
    [2014/02/15 21:37:57 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
    [2014/02/15 21:37:56 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
    [2014/02/15 21:37:55 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
    [2014/02/15 21:37:55 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
    [2014/02/15 21:37:55 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
    [2014/02/15 21:37:55 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
    [2014/02/15 21:37:55 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
    [2014/02/15 21:37:55 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
    [2014/02/15 21:37:55 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
    [2014/02/15 21:37:55 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
    [2014/02/15 21:37:55 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
    [2014/02/15 21:37:54 | 001,147,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
    [2014/02/15 21:37:53 | 001,057,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdvidcrl.dll
    [2014/02/15 21:37:53 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdvidcrl.dll
    [2014/02/15 21:33:03 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
    [2014/02/15 21:33:03 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
    [2014/02/11 23:30:55 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2014/02/11 23:30:20 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
    [2014/02/11 23:30:20 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2014/02/11 23:30:19 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2014/02/11 23:30:19 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2014/02/11 23:30:18 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2014/02/11 23:30:18 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2014/02/11 23:30:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
    [2014/02/11 23:30:16 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2014/02/11 23:30:16 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2014/02/11 23:30:16 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2014/02/11 23:30:16 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2014/02/11 23:30:15 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
    [2014/02/11 23:30:15 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2014/02/11 23:30:15 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
    [2014/02/11 23:30:15 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
    [2014/02/11 23:30:15 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2014/02/11 23:30:14 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
    [2014/02/11 23:30:14 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
    [2014/02/11 23:30:14 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
    [2014/02/11 23:30:14 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
    [2014/02/11 23:30:12 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2014/02/11 23:30:12 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2014/02/11 23:30:09 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2014/02/11 19:49:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
    [2014/02/11 19:49:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
    [2014/02/11 19:49:38 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
    [2014/02/11 19:49:38 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
    [2014/02/11 19:49:38 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
    [2014/02/11 19:49:37 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
    [2014/02/11 19:49:37 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
    [2014/02/11 19:49:35 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
    [2014/02/11 19:49:34 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
    [2014/02/11 19:49:34 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
    [2014/02/11 19:49:33 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
    [2014/02/11 19:49:33 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
    [2014/02/11 19:49:33 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
    [2014/02/11 19:49:33 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
    [2014/02/11 19:49:33 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
    [2014/02/11 19:49:33 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
    [2014/02/11 19:49:33 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
    [2014/02/11 19:49:33 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
    [2014/02/11 19:49:33 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
    [2014/02/11 19:49:31 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
    [2014/02/11 19:49:30 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
    [2014/02/07 13:20:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2014/02/06 00:47:24 | 000,000,000 | ---D | C] -- C:\Windows\Migration
    [2014/02/06 00:06:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
    [2014/02/05 08:42:44 | 000,000,000 | ---D | C] -- C:\Users\Lawyermel\AppData\Roaming\Dell
    [2014/02/05 08:42:25 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
    [2014/02/05 08:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr
    [2014/02/05 08:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
    [2014/02/05 08:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\My Dell
    [2014/02/05 08:36:54 | 000,000,000 | ---D | C] -- C:\Users\Lawyermel\AppData\Roaming\PCDr
    [2014/02/05 08:36:44 | 000,000,000 | ---D | C] -- C:\temp
    [4 C:\Users\Lawyermel\Desktop\*.tmp files -> C:\Users\Lawyermel\Desktop\*.tmp -> ]
    [1 C:\Users\Lawyermel\Documents\*.tmp files -> C:\Users\Lawyermel\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/07/21 17:05:29 | 003,174,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
    [2014/07/21 17:05:29 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
    [2014/07/21 17:05:29 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
    [2014/07/21 17:05:29 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
    [2014/07/21 17:05:29 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
    [2014/07/21 17:05:29 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
    [2014/07/21 16:45:46 | 000,440,672 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswndisflt.sys
    [2014/02/23 00:54:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/02/23 00:42:26 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/02/23 00:42:26 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/02/23 00:42:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1334258738-2961168248-39751457-1001UA.job
    [2014/02/23 00:39:13 | 000,801,302 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/02/23 00:39:13 | 000,676,570 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/02/23 00:39:13 | 000,126,834 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014/02/23 00:33:45 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/02/23 00:33:27 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\WDPABKP.dat
    [2014/02/23 00:31:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/02/23 00:31:25 | 2079,100,927 | -HS- | M] () -- C:\hiberfil.sys
    [2014/02/22 23:55:06 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
    [2014/02/22 23:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/02/22 23:11:00 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 6d1a5037-d289-4fbb-83e9-d8644191cc7f.job
    [2014/02/22 02:00:03 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task a4a43ed7-2ee9-4a32-b66d-c6b7eff3e757.job
    [2014/02/21 12:11:46 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1334258738-2961168248-39751457-1001Core.job
    [2014/02/20 19:31:34 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2014/02/20 19:31:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2014/02/18 22:35:58 | 000,532,417 | ---- | M] () -- C:\Users\Lawyermel\Desktop\Mariott Reservation Laguna Cliffs.pdf
    [2014/02/14 23:52:37 | 000,531,996 | ---- | M] () -- C:\Users\Lawyermel\Desktop\Amazon card bill with issues.pdf
    [2014/02/11 23:54:22 | 000,000,017 | ---- | M] () -- C:\Users\Lawyermel\AppData\Local\resmon.resmoncfg
    [2014/02/11 23:36:03 | 000,793,916 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2014/02/11 13:12:04 | 084,165,125 | ---- | M] () -- C:\Users\Lawyermel\Desktop\HALGAT1174 - r_OPL_HTC Evo 4G Cellphone Report.pdf
    [2014/02/06 14:08:55 | 000,116,056 | ---- | M] () -- C:\MemeoSendAddin
    [2014/02/06 03:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
    [2014/02/06 03:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2014/02/06 03:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
    [2014/02/06 02:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2014/02/06 02:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2014/02/06 02:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2014/02/06 02:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
    [2014/02/06 02:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
    [2014/02/06 02:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2014/02/06 02:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
    [2014/02/06 02:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2014/02/06 02:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2014/02/06 02:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
    [2014/02/06 01:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2014/02/06 01:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2014/02/06 01:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2014/02/06 01:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2014/02/06 01:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2014/02/06 01:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
    [2014/02/06 01:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2014/02/06 01:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2014/02/06 00:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
    [2014/02/06 00:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
    [2014/01/31 02:16:50 | 001,038,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2014/01/31 02:16:50 | 000,421,704 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
    [2014/01/31 02:16:50 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2014/01/31 02:16:50 | 000,080,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
    [2014/01/31 02:16:50 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2014/01/31 02:16:48 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [4 C:\Users\Lawyermel\Desktop\*.tmp files -> C:\Users\Lawyermel\Desktop\*.tmp -> ]
    [1 C:\Users\Lawyermel\Documents\*.tmp files -> C:\Users\Lawyermel\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/02/22 23:55:06 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
    [2014/02/21 23:11:33 | 000,000,518 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 6d1a5037-d289-4fbb-83e9-d8644191cc7f.job
    [2014/02/21 23:11:32 | 000,000,518 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task a4a43ed7-2ee9-4a32-b66d-c6b7eff3e757.job
    [2014/02/18 22:30:36 | 000,532,417 | ---- | C] () -- C:\Users\Lawyermel\Desktop\Mariott Reservation Laguna Cliffs.pdf
    [2014/02/17 20:44:33 | 084,165,125 | ---- | C] () -- C:\Users\Lawyermel\Desktop\HALGAT1174 - r_OPL_HTC Evo 4G Cellphone Report.pdf
    [2014/02/14 23:52:36 | 000,531,996 | ---- | C] () -- C:\Users\Lawyermel\Desktop\Amazon card bill with issues.pdf
    [2014/02/11 23:54:22 | 000,000,017 | ---- | C] () -- C:\Users\Lawyermel\AppData\Local\resmon.resmoncfg
    [2013/10/19 14:30:42 | 000,000,259 | ---- | C] () -- C:\Windows\Brpfx04a.ini
    [2013/10/19 14:30:42 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
    [2013/10/19 14:30:11 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2013/10/19 14:30:11 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\bd9840cd.dat
    [2013/10/19 14:30:11 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
    [2013/10/19 14:28:34 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
    [2013/10/19 14:28:25 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
    [2013/10/19 14:28:19 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
    [2013/07/31 17:28:03 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\WDPABKP.dat
    [2013/02/12 18:09:12 | 000,000,229 | ---- | C] () -- C:\Windows\pixcache.ini
    [2013/02/12 18:08:47 | 000,000,151 | ---- | C] () -- C:\Windows\setscan.ini
    [2013/01/07 00:11:32 | 000,001,146 | ---- | C] () -- C:\Users\Lawyermel\WD SmartWare.lnk
    [2013/01/07 00:10:18 | 000,001,119 | ---- | C] () -- C:\Users\Lawyermel\WD Drive Utilities.lnk
    [2012/10/12 10:46:52 | 011,265,780 | ---- | C] () -- C:\Program Files (x86)\data2.cab
    [2012/10/12 10:46:52 | 002,574,159 | ---- | C] () -- C:\Program Files (x86)\data1.cab
    [2012/10/12 10:46:52 | 000,040,562 | ---- | C] () -- C:\Program Files (x86)\data1.hdr
    [2012/10/12 10:46:52 | 000,000,475 | ---- | C] () -- C:\Program Files (x86)\layout.bin
    [2012/06/19 19:24:15 | 000,000,028 | ---- | C] () -- C:\Windows\GeoLan.ini
    [2012/06/19 19:24:14 | 000,000,061 | ---- | C] () -- C:\Windows\GeoDebug61.ini
    [2012/01/23 23:31:04 | 000,000,000 | ---- | C] () -- C:\Users\Lawyermel\AppData\Local\rx_image32.Cache
    [2011/06/03 15:18:09 | 000,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2011/02/16 12:55:24 | 000,364,047 | ---- | C] () -- C:\Program Files (x86)\setup.ibt
    [2011/02/15 18:55:24 | 000,245,095 | ---- | C] () -- C:\Program Files (x86)\setup.inx
    [2011/02/15 18:55:24 | 000,000,446 | ---- | C] () -- C:\Program Files (x86)\setup.ini
    [2004/07/16 20:09:36 | 000,461,268 | ---- | C] () -- C:\Program Files (x86)\engine32.cab

    ========== ZeroAccess Check ==========

    [2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    < End of report >
    Last edited by lawyermel; 02-24-2014 at 05:56 AM.

  6. #5
    Member
    Join Date
    Feb 2014
    Posts
    38
    Points
    4

    Default

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.2 (02.20.2014:1)
    OS: Windows 7 Professional x64
    Ran by Lawyermel on Sat 02/22/2014 at 23:58:17.84
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\tbcommonutils.dll
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\tbhelper.exe
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\distromatic
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\speedypc software
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\freecause
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\au__rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\au__rasmancs
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000063395.FCTB000063395Pos
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000063395.FCTB000063395Pos.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000063395.IEToolbar
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000063395.IEToolbar.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000063395.JSOptionsImpl
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000063395.JSOptionsImpl.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB07987.IEToolbar
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB07987.IEToolbar.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB07987.TBSB07987
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB07987.TBSB07987.3
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000063395.FCTB000063395Pos
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000063395.FCTB000063395Pos.1
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000063395.IEToolbar
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000063395.IEToolbar.1
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000063395.JSOptionsImpl
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000063395.JSOptionsImpl.1
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TBSB07987.IEToolbar
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TBSB07987.IEToolbar.1
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TBSB07987.TBSB07987
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TBSB07987.TBSB07987.3
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] C:\Users\Lawyermel\AppData\LocalLow\FCTB000063395
    Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
    Successfully deleted: [Folder] "C:\Users\Lawyermel\AppData\Roaming\drivercure"
    Successfully deleted: [Folder] "C:\Users\Lawyermel\AppData\Roaming\speedypc software"
    Successfully deleted: [Folder] "C:\Users\Lawyermel\AppData\Roaming\systweak"
    Successfully deleted: [Folder] "C:\Users\Lawyermel\appdata\locallow\toolbar4"
    Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
    Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\spigot"
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{0045DB96-6DFE-47C5-811B-51EC68BB80B6}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{07019180-5309-4B36-A219-D89D29255212}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{1FE6F297-B0D8-47A2-BFBE-6BB8C7E8A590}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{2202B07A-B13F-4AAA-BBA2-F96C0239B74A}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{2A62D795-385D-4CAF-B9C9-22EA929BC94D}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{31605276-AD1C-4502-919F-73D2B6C29EA8}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{372899FE-0EA8-46B8-8914-E07E598131CA}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{38BE5BD5-722C-41A6-A597-008B2A21C4FF}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{3DB0F000-549F-4D0D-822C-12532C4F2205}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{584BBFB6-D4A9-43E5-A8C0-80D9F448EAF7}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{5AA2759C-CAE1-4827-BEA4-F342C5CDB1FE}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{652DF5A5-6B13-4A7D-B0C0-D3669426A0D2}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{6F1B18BA-320D-40DC-A6DF-7796E2166169}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{6F810684-F733-420F-8157-F318A50D75F4}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{7220EA25-8FAA-457C-95F0-AD99D9348DDB}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{7619ED07-FC94-40AB-8BC8-D63470A74BAA}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{7A24F8E3-4600-4AE7-BB71-1CAB13F6BCA5}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{7D7C87EB-74B2-4E46-85A9-4E3F0EA2074B}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{87129317-38F5-4828-9099-D43385E3A197}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{92C725D7-2E1B-4B82-A5DA-293A647D08AA}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{96CCD620-3379-496F-A1E4-873A7D1B7AA7}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{97330B88-7731-4CC9-B572-3CFF77A37700}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{985DEDF2-18EA-4770-86DB-EFA751AF8A9D}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{98E2D15D-83D2-4AA8-8D6D-CE988BD53849}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{9B44D2C6-E391-4C3F-8AC5-3648ADB14E10}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{9B7CA9F9-A235-4578-9B05-8695158032CA}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{A0A47326-BDC2-4F4B-A43B-AE962FAD9818}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{ABD9A58F-D5D6-48E7-A9FD-F6E7EE6944D0}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{AF228E92-A0A9-4453-8C38-B0F6F82754D0}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{B243C692-E0E0-4E95-AE5D-4B22A17B9209}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{B5E006D4-8029-4F17-BB16-79DBF7BEC777}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{B6E5FE39-480F-4859-9F35-A14601A8BFC3}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{BFE96EAC-4324-4EC1-A25C-7BF903CABD31}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{C0EE5851-22D3-4F8A-ACCD-CFAC8044A1BF}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{C2E00316-5A67-432B-885F-30753D60A902}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{C5420BBF-A450-4D96-837F-A41033433212}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{C64F2DCE-EDA7-4498-9C1C-C346A2173B01}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{C8180442-D44A-4567-B32D-3511248A713F}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{C9E3F012-8E87-4529-A9D8-D6267DD2F5C5}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{D259CC5C-F63E-4321-9B48-DD7507E9CCE2}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{E01496A6-707C-42C2-89EA-F692802EE761}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{E9D5D426-BF9E-4137-BFF5-FC322F66EE3C}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{EBF8740E-8ECA-469E-892C-0DC84864CBA9}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{F7585AF3-C5F4-45E7-B296-05EA7F9A492F}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{FAF18227-7166-45B3-884C-273C4A65DC64}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{FF395545-D708-4B79-B221-488D9BEF6F46}
    Successfully deleted: [Empty Folder] C:\Users\Lawyermel\appdata\local\{FFD52F22-4724-4B85-BDD0-7DB0C4253353}



    ~~~ Chrome

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 02/23/2014 at 0:02:14.44
    Computer was rebooted
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    # AdwCleaner v3.019 - Report created 23/02/2014 at 00:30:25
    # Updated 17/02/2014 by Xplode
    # Operating System : Windows 7 Professional Service Pack 1 (64 bits)
    # Username : Lawyermel - LAWYERMEL-PC
    # Running from : C:\Users\Lawyermel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEYB1GBO\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Program Files\Level Quality Watcher
    Folder Deleted : C:\Users\Lawyermel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
    Key Deleted : HKLM\Software\SpeedyPC Software

    ***** [ Browsers ] *****


    -\\ Internet Explorer v11.0.9600.16518


    -\\ Google Chrome v

    [ File : C:\Users\Lawyermel\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted : homepage
    Deleted : icon_url

    *************************

    AdwCleaner[R0].txt - [4048 octets] - [23/02/2014 00:28:33]
    AdwCleaner[S0].txt - [3369 octets] - [23/02/2014 00:30:25]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3429 octets] ##########
    Last edited by lawyermel; 02-24-2014 at 06:14 AM.

  7. #6
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi lawyermel,

    Internet Explorer (IE) appears to be outdated. Please open IE and click on Help > About Internet Explorer. If IE11 is not displayed, please place a checkmark to the left of Install new versions automatically then access Windows Updates via the Control Panel and click on Check for Updates. Let me know if you have success updating to IE11, or not....

    JRT and AdwCleaner removed a plethora of residual files related to spyware, adware, toolbars, etc. that was lurking deep within your system.

    It appears that IObit's Advanced SystemCare 7 software did not do it's job at detecting and removing those threats. IObit's Advanced SystemCare is not a very desirable program and includes a registry cleaner. We advise not to use this or any registry cleaner as there have been reports of them clearing out needed registry entries and messing up PCs. In addition, what they do clean up is so small that little or no advantages are noticed. Modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. No registry cleaner is completely safe and the potential is ever present to cause more problems than they claim to fix.

    Personally, I would suggest uninstalling the software along with the following from Programs and Features:

    • SavingsbullFilter
    • SavingsBull
    • Ebates Cash Back Toolbar
    • Hawaiian Airlines Rewards Bar
    • Advanced SystemCare 7


    The above programs are optional removals, of course, though you use at your own risk if you choose to keep them.

    We need to remove leftovers that include files associated with the programs I suggested for removal above. If you wish to keep any of the programs, please let me know before you continue with the fix below so I can alter it a bit to meet your wishes:

    • Double click on the to open the program. (On Vista/Win7/Win8 right click select Run As Administrator). If prompted by UAC, please allow it.
    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

      :COMMANDS
      [CREATERESTOREPOINT]

      :OTL
      PRC - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
      SRV - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7)
      SRV - [2013/12/03 16:10:24 | 002,151,200 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
      FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\system32\npdeployJava1.dll File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      O2:64bit: - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
      O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
      O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
      O2 - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
      O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
      O2 - BHO: (Hawaiian Airlines Rewards Bar BHO) - {FBB668AC-C5DC-44C1-99E7-46378D5E8BAB} - C:\Program Files (x86)\Hawaiian Airlines Rewards Bar\Toolbar.dll ()
      O3 - HKLM\..\Toolbar: (Ebates Cash Back Toolbar) - {DAFDB070-D4C5-4D7B-B4BE-A51E73F9C1A7} - C:\Program Files (x86)\Ebates Toolbar\tbcore3.dll ()
      O3 - HKLM\..\Toolbar: (Hawaiian Airlines Rewards Bar) - {E9818C32-D774-4FBC-87C8-8D42450123DF} - C:\Program Files (x86)\Hawaiian Airlines Rewards Bar\Toolbar.dll ()
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Hawaiian Airlines Rewards Bar) - {E9818C32-D774-4FBC-87C8-8D42450123DF} - C:\Program Files (x86)\Hawaiian Airlines Rewards Bar\Toolbar.dll ()
      O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart File not found
      O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart File not found
      O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O4 - HKU\S-1-5-21-1334258738-2961168248-39751457-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O1364bit: - gopher Prefix: missing
      O13 - gopher Prefix: missing
      O15 - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\..Trusted Domains: apple.com ([store] https in Trusted sites)
      O15 - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\..Trusted Domains: dell.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\..Trusted Domains: localhost ([]* in Local intranet)
      O15 - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\..Trusted Domains: mlifeinsider.com ([www] https in Trusted sites)
      O33 - MountPoints2\{199df63b-c5d8-11e0-a892-90004eed9c7c}\Shell - "" = AutoRun
      O33 - MountPoints2\{199df63b-c5d8-11e0-a892-90004eed9c7c}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe
      O33 - MountPoints2\{a602829b-93e2-11e1-b7b3-84cad3ea8918}\Shell - "" = AutoRun
      O33 - MountPoints2\{a602829b-93e2-11e1-b7b3-84cad3ea8918}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe


      :Files
      ipconfig /flushdns /c

      :Commands
      [emptytemp]
      [resethosts]
    • Make sure all other windows are closed.
    • Click the Run Fix button at the top
    • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
    • Post the log that is found in C:\_OTL\Moved Files in your next reply.
    • Open OTL again and click the Quick Scan button.


    Please post the following logs in your next reply:

    C:\_OTL\Moved Files
    OTL.txt


    How is the system behaving? Is IE still crashing??

    Thank you,
    Donna
    Last edited by DonnaB; 02-25-2014 at 06:45 AM.
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  8. The Following User Says Thank You to DonnaB For This Useful Post:


  9. #7
    Member
    Join Date
    Feb 2014
    Posts
    38
    Points
    4

    Default

    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    Error: Unable to interpret < :OTL> in the current context!
    Error: Unable to interpret < PRC - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe> in the current context!
    Error: Unable to interpret < SRV - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7)> in the current context!
    Error: Unable to interpret < SRV - [2013/12/03 16:10:24 | 002,151,200 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)> in the current context!
    Error: Unable to interpret < FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found> in the current context!
    Error: Unable to interpret < FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\system32\npdeployJava1.dll File not found> in the current context!
    Error: Unable to interpret < FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found> in the current context!
    Error: Unable to interpret < FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found> in the current context!
    Error: Unable to interpret < O2:64bit: - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.> in the current context!
    Error: Unable to interpret < O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.> in the current context!
    Error: Unable to interpret < O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.> in the current context!
    Error: Unable to interpret < O2 - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.> in the current context!
    Error: Unable to interpret < O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)> in the current context!
    Error: Unable to interpret < O2 - BHO: (Hawaiian Airlines Rewards Bar BHO) - {FBB668AC-C5DC-44C1-99E7-46378D5E8BAB} - C:\Program Files (x86)\Hawaiian Airlines Rewards Bar\Toolbar.dll ()> in the current context!
    Error: Unable to interpret < O3 - HKLM\..\Toolbar: (Ebates Cash Back Toolbar) - {DAFDB070-D4C5-4D7B-B4BE-A51E73F9C1A7} - C:\Program Files (x86)\Ebates Toolbar\tbcore3.dll ()> in the current context!
    Error: Unable to interpret < O3 - HKLM\..\Toolbar: (Hawaiian Airlines Rewards Bar) - {E9818C32-D774-4FBC-87C8-8D42450123DF} - C:\Program Files (x86)\Hawaiian Airlines Rewards Bar\Toolbar.dll ()> in the current context!
    Error: Unable to interpret < O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
    Error: Unable to interpret < O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Hawaiian Airlines Rewards Bar) - {E9818C32-D774-4FBC-87C8-8D42450123DF} - C:\Program Files (x86)\Hawaiian Airlines Rewards Bar\Toolbar.dll ()> in the current context!
    Error: Unable to interpret < O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart File not found> in the current context!
    Error: Unable to interpret < O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart File not found> in the current context!
    Error: Unable to interpret < O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found> in the current context!
    Error: Unable to interpret < O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found> in the current context!
    Error: Unable to interpret < O4 - HKU\S-1-5-21-1334258738-2961168248-39751457-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found> in the current context!
    Error: Unable to interpret < O1364bit: - gopher Prefix: missing> in the current context!
    Error: Unable to interpret < O13 - gopher Prefix: missing> in the current context!
    Error: Unable to interpret < O15 - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\..Trusted Domains: apple.com ([store] https in Trusted sites)> in the current context!
    Error: Unable to interpret < O15 - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\..Trusted Domains: dell.com ([]* in Trusted sites)> in the current context!
    Error: Unable to interpret < O15 - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\..Trusted Domains: localhost ([]* in Local intranet)> in the current context!
    Error: Unable to interpret < O15 - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\..Trusted Domains: mlifeinsider.com ([www] https in Trusted sites)> in the current context!
    Error: Unable to interpret < O33 - MountPoints2\{199df63b-c5d8-11e0-a892-90004eed9c7c}\Shell - "" = AutoRun> in the current context!
    Error: Unable to interpret < O33 - MountPoints2\{199df63b-c5d8-11e0-a892-90004eed9c7c}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe> in the current context!
    Error: Unable to interpret < O33 - MountPoints2\{a602829b-93e2-11e1-b7b3-84cad3ea8918}\Shell - "" = AutoRun> in the current context!
    Error: Unable to interpret < O33 - MountPoints2\{a602829b-93e2-11e1-b7b3-84cad3ea8918}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe> in the current context!
    Error: Unable to interpret < :Files> in the current context!
    Error: Unable to interpret < ipconfig /flushdns /c> in the current context!
    Error: Unable to interpret < :Commands> in the current context!

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 57472 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 51537 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Lawyermel
    ->Temp folder emptied: 6381487 bytes
    ->Temporary Internet Files folder emptied: 37039573 bytes
    ->Java cache emptied: 19344077 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 58730 bytes

    User: Public

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56475 bytes

    User: Word Perfect
    ->Temp folder emptied: 76962093 bytes
    ->Temporary Internet Files folder emptied: 4360282 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 56967 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 136410 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 138.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.69.0 log created on 02252014_022731

    Files\Folders moved on Reboot...
    C:\Users\Lawyermel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
    File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

  10. #8
    Member
    Join Date
    Feb 2014
    Posts
    38
    Points
    4

    Default

    I removed the programs requested, but could not find savingsbullfilter or savingsbull in my list of programs to uninstall. IE was up to date and running 11. It is running a little better, but still crashed before I ran the fix requested.

  11. #9
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Gosh darn it anyhow!

    Lawyermel, I'm going to have to ask you to run the fix again. Oversight on my part. OTL was downloaded to the Downloads folder instead of the desktop. Sometimes it matters, sometimes it doesn't. I should have had you move it anyway. My apologies.

    C:\Users\Lawyermel\Downloads\OTL.exe

    Could you please drag and drop OTL's .exe from that folder to the desktop? Once the fix has been executed, please provide another OTL log as requested.

    I'll go ahead and post the instructions again so you don't have to scroll upwards.

    • Double click on the to open the program. (On Vista/Win7/Win8 right click select Run As Administrator). If prompted by UAC, please allow it.
    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

      :COMMANDS
      [CREATERESTOREPOINT]

      :OTL
      PRC - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
      SRV - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7)
      SRV - [2013/12/03 16:10:24 | 002,151,200 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
      FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\system32\npdeployJava1.dll File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      O2:64bit: - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
      O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
      O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
      O2 - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
      O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
      O2 - BHO: (Hawaiian Airlines Rewards Bar BHO) - {FBB668AC-C5DC-44C1-99E7-46378D5E8BAB} - C:\Program Files (x86)\Hawaiian Airlines Rewards Bar\Toolbar.dll ()
      O3 - HKLM\..\Toolbar: (Ebates Cash Back Toolbar) - {DAFDB070-D4C5-4D7B-B4BE-A51E73F9C1A7} - C:\Program Files (x86)\Ebates Toolbar\tbcore3.dll ()
      O3 - HKLM\..\Toolbar: (Hawaiian Airlines Rewards Bar) - {E9818C32-D774-4FBC-87C8-8D42450123DF} - C:\Program Files (x86)\Hawaiian Airlines Rewards Bar\Toolbar.dll ()
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Hawaiian Airlines Rewards Bar) - {E9818C32-D774-4FBC-87C8-8D42450123DF} - C:\Program Files (x86)\Hawaiian Airlines Rewards Bar\Toolbar.dll ()
      O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart File not found
      O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart File not found
      O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O4 - HKU\S-1-5-21-1334258738-2961168248-39751457-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O1364bit: - gopher Prefix: missing
      O13 - gopher Prefix: missing
      O15 - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\..Trusted Domains: apple.com ([store] https in Trusted sites)
      O15 - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\..Trusted Domains: dell.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\..Trusted Domains: localhost ([]* in Local intranet)
      O15 - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\..Trusted Domains: mlifeinsider.com ([www] https in Trusted sites)
      O33 - MountPoints2\{199df63b-c5d8-11e0-a892-90004eed9c7c}\Shell - "" = AutoRun
      O33 - MountPoints2\{199df63b-c5d8-11e0-a892-90004eed9c7c}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe
      O33 - MountPoints2\{a602829b-93e2-11e1-b7b3-84cad3ea8918}\Shell - "" = AutoRun
      O33 - MountPoints2\{a602829b-93e2-11e1-b7b3-84cad3ea8918}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe

      :Files
      ipconfig /flushdns /c

      :Commands
      [emptytemp]
      [resethosts]
    • Make sure all other windows are closed.
    • Click the Run Fix button at the top
    • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
    • Post the log that is found in C:\_OTL\Moved Files in your next reply.
    • Open OTL again and click the Quick Scan button.


    Please post the following logs in your next reply:

    C:\_OTL\Moved Files
    OTL.txt



    IE was up to date and running 11. It is running a little better, but still crashed before I ran the fix requested.
    Wonderful! I have no idea why IE displays as IE9 on Win7 in an OTL log from time to time, though I do like to verify to make sure. Good to hear that your computer is running a tad batter. Once you initiate the script above, browse around a bit and let me know if IE still crashes. We do have another scan (or two) that I would like to run to ensure nothing is hiding in the shadows.

    Thank you kindly,

    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  12. The Following User Says Thank You to DonnaB For This Useful Post:


  13. #10
    Member
    Join Date
    Feb 2014
    Posts
    38
    Points
    4

    Default

    I moved it to the desktop as requested.

    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    Error: Unable to interpret < :OTL> in the current context!
    Error: Unable to interpret < PRC - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe> in the current context!
    Error: Unable to interpret < SRV - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7)> in the current context!
    Error: Unable to interpret <SRV - [2013/12/03 16:10:24 | 002,151,200 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)> in the current context!
    Error: Unable to interpret < FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found> in the current context!
    Error: Unable to interpret < FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\system32\npdeployJava1.dll File not found> in the current context!
    Error: Unable to interpret < FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found> in the current context!
    Error: Unable to interpret < FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found> in the current context!
    Error: Unable to interpret < O2:64bit: - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.> in the current context!
    Error: Unable to interpret < O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.> in the current context!
    Error: Unable to interpret < O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.> in the current context!
    Error: Unable to interpret < O2 - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.> in the current context!
    Error: Unable to interpret < O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)> in the current context!
    Error: Unable to interpret < O2 - BHO: (Hawaiian Airlines Rewards Bar BHO) - {FBB668AC-C5DC-44C1-99E7-46378D5E8BAB} - C:\Program Files (x86)\Hawaiian Airlines Rewards Bar\Toolbar.dll ()> in the current context!
    Error: Unable to interpret < O3 - HKLM\..\Toolbar: (Ebates Cash Back Toolbar) - {DAFDB070-D4C5-4D7B-B4BE-A51E73F9C1A7} - C:\Program Files (x86)\Ebates Toolbar\tbcore3.dll ()> in the current context!
    Error: Unable to interpret < O3 - HKLM\..\Toolbar: (Hawaiian Airlines Rewards Bar) - {E9818C32-D774-4FBC-87C8-8D42450123DF} - C:\Program Files (x86)\Hawaiian Airlines Rewards Bar\Toolbar.dll ()> in the current context!
    Error: Unable to interpret < O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
    Error: Unable to interpret < O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Hawaiian Airlines Rewards Bar) - {E9818C32-D774-4FBC-87C8-8D42450123DF} - C:\Program Files (x86)\Hawaiian Airlines Rewards Bar\Toolbar.dll ()> in the current context!
    Error: Unable to interpret < O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart File not found> in the current context!
    Error: Unable to interpret < O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart File not found> in the current context!
    Error: Unable to interpret < O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found> in the current context!
    Error: Unable to interpret < O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found> in the current context!
    Error: Unable to interpret < O4 - HKU\S-1-5-21-1334258738-2961168248-39751457-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found> in the current context!
    Error: Unable to interpret < O1364bit: - gopher Prefix: missing> in the current context!
    Error: Unable to interpret < O13 - gopher Prefix: missing> in the current context!
    Error: Unable to interpret < O15 - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\..Trusted Domains: apple.com ([store] https in Trusted sites)> in the current context!
    Error: Unable to interpret < O15 - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\..Trusted Domains: dell.com ([]* in Trusted sites)> in the current context!
    Error: Unable to interpret < O15 - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\..Trusted Domains: localhost ([]* in Local intranet)> in the current context!
    Error: Unable to interpret < O15 - HKU\S-1-5-21-1334258738-2961168248-39751457-1001\..Trusted Domains: mlifeinsider.com ([www] https in Trusted sites)> in the current context!
    Error: Unable to interpret < O33 - MountPoints2\{199df63b-c5d8-11e0-a892-90004eed9c7c}\Shell - "" = AutoRun> in the current context!
    Error: Unable to interpret < O33 - MountPoints2\{199df63b-c5d8-11e0-a892-90004eed9c7c}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe> in the current context!
    Error: Unable to interpret < O33 - MountPoints2\{a602829b-93e2-11e1-b7b3-84cad3ea8918}\Shell - "" = AutoRun> in the current context!
    Error: Unable to interpret < O33 - MountPoints2\{a602829b-93e2-11e1-b7b3-84cad3ea8918}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe> in the current context!
    Error: Unable to interpret < :Files> in the current context!
    Error: Unable to interpret < ipconfig /flushdns /c> in the current context!
    Error: Unable to interpret < :Commands> in the current context!

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Lawyermel
    ->Temp folder emptied: 1517 bytes
    ->Temporary Internet Files folder emptied: 3948709 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Word Perfect
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
    RecycleBin emptied: 1806336 bytes

    Total Files Cleaned = 5.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.69.0 log created on 02252014_100522

    Files\Folders moved on Reboot...
    C:\Users\Lawyermel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Lawyermel\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
    C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

Page 1 of 6 123 ... LastLast