Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

NYMI.IB.ADNXS.COM popup problem-Removal?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby luvfishn » January 21st, 2013, 10:40 am

Hello. I have been unsuccessful removing this popup site in IE9 and Firefox ver 18.0.1. I have used several malware programs with no success.
I would appreciate any help you can provide. Other people on this forum have has the same problem. It appears
the solution to the issue may be specific to the individual users pc.
Thanks in advance!




DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_37
Run by Luvfishn at 10:18:40 on 2013-01-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8099.5423 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\windows\Explorer.EXE
C:\ProgramData\CloudSoft\SaveByClick\SaveByClick.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\igfxtray.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe
C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Luvfishn\AppData\Local\SecureKey\1.1.3149.6452\SecureKey.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\palmOne\HOTSYNC.EXE
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\PDF Architect\HelperService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\PDF Architect\ConversionService.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\windows\system32\dmwu.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\alg.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\windows\system32\UI0Detect.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
c:\program files (x86)\real\realplayer\RealPlay.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.theglobeandmail.com/globe-in ... ist/?ord=0
uDefault_Page_URL = hxxp://start.toshiba.com/
uURLSearchHooks: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - <orphaned>
uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\6.6\iobitappsToolbarIE.dll
mURLSearchHooks: uTorrentControl Toolbar: {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files (x86)\uTorrentControl\prxtbuTor.dll
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\6.6\iobitappsToolbarIE.dll
BHO: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - <orphaned>
BHO: {300BEC06-B743-4D19-86B9-11DC711D7FFB} - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
BHO: PDF Architect Helper: {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SaveByclick: {E70B2CE3-F509-3628-8315-4E317E51390E} - C:\ProgramData\SaveByclick\50f8306023048.dll
BHO: uTorrentControl Toolbar: {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files (x86)\uTorrentControl\prxtbuTor.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: uTorrentControl Toolbar: {E9DF9360-97F8-4690-AFE6-996C80790DA4} - C:\Program Files (x86)\uTorrentControl\prxtbuTor.dll
TB: uTorrentControl Toolbar: {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files (x86)\uTorrentControl\prxtbuTor.dll
TB: PDF Architect Toolbar: {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\6.6\iobitappsToolbarIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SecureKey] "C:\Users\Luvfishn\AppData\Local\SecureKey\1.1.3149.6452\SecureKey.exe" -l Default
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [CCPrt] "C:\Program Files (x86)\Cisco Systems\Cisco Connect\CCPrt.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe "C:\Program Files (x86)\HP\HP UT\"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [SMessaging] C:\Users\Luvfishn\AppData\Local\Strongvault Online Backup\SMessaging.exe
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
mRun: [ADBlocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe -tray
mRun: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
StartupFolder: C:\Users\Luvfishn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\HOTSYN~1.LNK - C:\Program Files (x86)\palmOne\HOTSYNC.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0 ... rol_32.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{7F5AFABA-0126-46CF-A3DC-83D522BEA15C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7F5AFABA-0126-46CF-A3DC-83D522BEA15C}\24F6266244F6E6E61675962756C6563737D27657563747 : DHCPNameServer = 192.168.3.1
TCP: Interfaces\{7F5AFABA-0126-46CF-A3DC-83D522BEA15C}\34963736F65343234313 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7F5AFABA-0126-46CF-A3DC-83D522BEA15C}\363626235353432313232623 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7F5AFABA-0126-46CF-A3DC-83D522BEA15C}\441697370294E6E6 : DHCPNameServer = 64.71.255.198 198.164.30.2 208.67.222.222
TCP: Interfaces\{7F5AFABA-0126-46CF-A3DC-83D522BEA15C}\4556E676F694E6475627E65647021323E213 : DHCPNameServer = 10.28.96.1
TCP: Interfaces\{7F5AFABA-0126-46CF-A3DC-83D522BEA15C}\4556E676F694E6475627E656470235775656477716475627021333 : DHCPNameServer = 10.28.97.1
TCP: Interfaces\{7F5AFABA-0126-46CF-A3DC-83D522BEA15C}\4556E676F694E6475627E656470235775656477716475627021343 : DHCPNameServer = 10.28.97.1
TCP: Interfaces\{A713D883-06B0-46A4-8361-69CE6657BE74} : DHCPNameServer = 192.168.1.1
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll
Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files (x86)\TurboTax 2012\ic2012pp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\saveby~1\sprote~1.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://start.toshiba.com/
x64-mDefault_Page_URL = hxxp://start.toshiba.com/
x64-BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 /MAXX3
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [TOSHIBA Face Recognition] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - <orphaned>
x64-Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_ve ... /s/account
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =800236&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt\plugins\NPPDFArchitectPreviewerPlugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Luvfishn\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-12-20 09:40; plugin@selectionlinks.com; C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\plugin@selectionlinks.com
FF - ExtSQL: 2013-01-01 10:04; FFPDFArchitectConverter@pdfarchitect.com; C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF - ExtSQL: 2013-01-01 10:24; 50e2ed76c32a0@50e2ed76c32d9.com; C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\50e2ed76c32a0@50e2ed76c32d9.com
FF - ExtSQL: 2013-01-04 09:39; iobitapps@mybrowserbar.com; C:\Program Files (x86)\IObit Apps Toolbar\FF
FF - ExtSQL: 2013-01-04 09:39; wtxpcom@mybrowserbar.com; C:\Program Files (x86)\Common Files\Spigot\wtxpcom
FF - ExtSQL: 2013-01-17 13:15; 50f8306022eb7@50f8306022ef1.com; C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\50f8306022eb7@50f8306022ef1.com
FF - ExtSQL: !HIDDEN! 2012-05-20 14:31; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQCnz ... 26&search=
FF - user.js: extensions.incredibar_i.id - 1258c0fd00000000000074e50b7aba97
FF - user.js: extensions.incredibar_i.instlDay - 15524
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1418:25:46
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQCnzubnG
FF - user.js: extensions.incredibar_i.upn2n - 92543168626306504
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10669
FF - user.js: extensions.incredibar_i.ppd - 123%5F1
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extensions.funmoods.hmpg - false
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=downlo ... 2036181127
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=downlo ... 2036181127
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=downlo ... 6181127&q=
FF - user.js: extensions.funmoods.id - DC0EA13B5126C0FD
FF - user.js: extensions.funmoods.instlDay - 15645
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.228:39:43
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - download
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - download
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - true
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 SmartDefragDriver;SmartDefragDriver;C:\windows\System32\drivers\SmartDefragDriver.sys [2012-5-15 17720]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-3-25 35392]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2011-12-24 482384]
R1 asdnet;asdnet;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2013-1-16 19280]
R1 asdrm;asdrm;C:\windows\System32\drivers\asdrm.sys [2013-1-16 18768]
R1 RapportCerberus_43926;RapportCerberus_43926;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-30 505720]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-9-22 55096]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-9-22 297240]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 ADBlockerSrv;AD Blocker Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2013-1-16 279368]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-24 1026432]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-11-28 793600]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;C:\windows\System32\drivers\asdrs.sys [2013-1-16 23376]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-20 735592]
R2 asdws;AnviSmartDefender Web Guard;C:\windows\System32\drivers\asdws.sys [2013-1-16 17232]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-3-19 821592]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-12-24 126392]
R2 PDF Architect Helper Service;PDF Architect Helper Service;C:\Program Files (x86)\PDF Architect\HelperService.exe [2012-11-22 1522312]
R2 PDF Architect Service;PDF Architect Service;C:\Program Files (x86)\PDF Architect\ConversionService.exe [2012-11-22 905864]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-9-22 976728]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2012-9-6 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2012-9-6 185640]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-24 2656280]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-9-19 1151424]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-9-19 248248]
R2 WDRulesService;WD Rules;C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-9-19 1177536]
R2 Web Assistant Updater;Web Assistant Updater;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-7-3 188760]
R2 WebOptimizer;WebOptimizer;C:\windows\System32\dmwu.exe [2012-9-13 1259888]
R3 CeKbFilter;CeKbFilter;C:\windows\System32\drivers\CeKbFilter.sys [2011-12-24 20592]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-1-4 21384]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2011-8-5 25496]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-12-24 38096]
R3 RapportKE64;RapportKE64;C:\windows\System32\drivers\RapportKE64.sys [2012-9-27 101688]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2013-1-4 33224]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-12-24 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-1 828856]
R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2013-1-4 21904]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-8-3 352248]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\windows\System32\drivers\hitmanpro37.sys [2013-1-17 32152]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2011-8-5 34200]
S3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2011-5-26 174680]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-6-1 340240]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-11-29 19456]
S3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-11-29 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-11-29 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-3-18 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-01-20 16:32:29 -------- d-----w- C:\Users\Luvfishn\AppData\Roaming\SUPERAntiSpyware.com
2013-01-20 16:32:23 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-01-20 16:32:23 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-01-20 14:06:32 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{24733854-2B4B-44B3-B077-3BFDED9D81F5}\mpengine.dll
2013-01-20 13:58:19 -------- d-----w- C:\IObit
2013-01-18 13:18:41 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-17 17:23:04 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-17 17:23:04 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-01-17 17:07:06 -------- d-----w- C:\ProgramData\CLSoft LTD
2013-01-17 17:07:00 -------- d-----w- C:\ProgramData\CloudSoft
2013-01-17 17:06:54 -------- d-----w- C:\Program Files (x86)\SaveByClick
2013-01-17 17:06:24 705536 ----a-w- C:\windows\isRS-000.tmp
2013-01-17 17:06:20 137000 ----a-w- C:\windows\SysWow64\MSMAPI32.OCX
2013-01-17 17:06:16 103936 ----a-w- C:\windows\System32\pdfcmon.dll
2013-01-17 17:06:15 23552 ----a-w- C:\windows\SysWow64\MSMPIDE.DLL
2013-01-17 16:14:45 -------- d-----w- C:\Users\Luvfishn\AppData\Roaming\SpeedyPC Software
2013-01-17 16:14:27 -------- d-----w- C:\ProgramData\SpeedyPC Software
2013-01-17 15:48:34 32152 ----a-w- C:\windows\System32\drivers\hitmanpro37.sys
2013-01-17 15:28:03 -------- d-----w- C:\Program Files (x86)\TurboTax 2012
2013-01-17 15:20:03 -------- d-----w- C:\ProgramData\HitmanPro
2013-01-17 14:26:44 -------- d-----w- C:\Users\Luvfishn\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
2013-01-17 14:26:02 -------- d-----w- C:\ProgramData\Virtualized Applications
2013-01-16 22:02:59 -------- d-----w- C:\Users\Luvfishn\AppData\Roaming\Anvisoft
2013-01-16 22:02:48 23376 ----a-w- C:\windows\System32\drivers\asdrs.sys
2013-01-16 22:02:48 18768 ----a-w- C:\windows\System32\drivers\asdrm.sys
2013-01-16 22:02:48 17232 ----a-w- C:\windows\System32\drivers\asdws.sys
2013-01-16 22:02:35 -------- d-----w- C:\ProgramData\Anvisoft
2013-01-16 22:02:28 -------- d-----w- C:\Program Files (x86)\Anvisoft
2013-01-09 15:29:48 750592 ----a-w- C:\windows\System32\win32spl.dll
2013-01-09 15:29:48 492032 ----a-w- C:\windows\SysWow64\win32spl.dll
2013-01-09 15:29:35 2002432 ----a-w- C:\windows\System32\msxml6.dll
2013-01-09 15:29:35 1882624 ----a-w- C:\windows\System32\msxml3.dll
2013-01-09 15:29:35 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll
2013-01-09 15:29:35 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2013-01-09 15:29:03 307200 ----a-w- C:\windows\System32\ncrypt.dll
2013-01-09 15:29:03 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
2013-01-09 15:26:54 424448 ----a-w- C:\windows\System32\KernelBase.dll
2013-01-09 15:25:52 68608 ----a-w- C:\windows\System32\taskhost.exe
2013-01-09 15:24:21 3149824 ----a-w- C:\windows\System32\win32k.sys
2013-01-07 15:16:01 -------- d-----w- C:\Users\Luvfishn\AppData\Roaming\Malwarebytes
2013-01-07 15:15:40 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-07 15:15:39 24176 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-01-07 15:15:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-04 13:28:52 -------- d-----w- C:\Program Files (x86)\IObit Apps Toolbar
2013-01-02 13:39:44 -------- d-----w- C:\Users\Luvfishn\AppData\Roaming\PDF Architect
2013-01-01 15:21:50 -------- d-----w- C:\Users\Luvfishn\AppData\Local\IsolatedStorage
2013-01-01 14:27:38 -------- d-----w- C:\Users\Luvfishn\AppData\Roaming\Strongvault
2013-01-01 14:27:18 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2013-01-01 14:27:10 -------- d-----w- C:\Users\Luvfishn\AppData\Local\Stronghold_LLC
2013-01-01 14:27:01 -------- d-sh--w- C:\windows\SysWow64\AI_RecycleBin
2013-01-01 14:21:53 662288 ----a-w- C:\windows\SysWow64\MSCOMCT2.OCX
2013-01-01 14:21:51 -------- d-----w- C:\Users\Luvfishn\AppData\Roaming\OpenCandy
2013-01-01 14:05:06 -------- d-----w- C:\ProgramData\SaveByclick
2013-01-01 14:05:02 -------- d-----w- C:\Users\Luvfishn\AppData\Roaming\APP_NAME_NON_STRING
2013-01-01 14:04:32 -------- d-----w- C:\Program Files (x86)\PDF Architect
2013-01-01 13:55:02 -------- d-----w- C:\Users\Luvfishn\AppData\Local\Programs
2013-01-01 00:05:19 -------- d-----w- C:\Program Files (x86)\Amazon
2012-12-23 14:41:33 -------- d-----w- C:\Users\Luvfishn\AppData\Roaming\RealNetworks
2012-12-23 14:40:44 -------- d-----w- C:\Program Files (x86)\RealNetworks
2012-12-23 14:40:42 -------- d-----w- C:\ProgramData\RealNetworks
2012-12-23 14:40:29 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-12-23 14:39:35 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2012-12-23 14:39:35 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2012-12-22 16:50:49 46080 ----a-w- C:\windows\System32\atmlib.dll
2012-12-22 16:50:49 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2012-12-22 16:50:47 367616 ----a-w- C:\windows\System32\atmfd.dll
2012-12-22 16:50:46 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
.
==================== Find3M ====================
.
2013-01-09 18:52:36 1070152 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs
2012-12-06 16:11:40 11518976 ----a-w- C:\windows\System32\drivers\Netwsw00.sys
2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2012-11-30 04:54:00 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-29 14:29:55 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2012-11-29 14:29:55 458712 ----a-w- C:\windows\System32\drivers\cng.sys
2012-11-29 14:29:55 340992 ----a-w- C:\windows\System32\schannel.dll
2012-11-29 14:29:55 247808 ----a-w- C:\windows\SysWow64\schannel.dll
2012-11-29 14:29:55 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-11-29 14:29:55 154480 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-11-29 14:29:55 1448448 ----a-w- C:\windows\System32\lsasrv.dll
2012-11-22 05:44:23 800768 ----a-w- C:\windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\windows\SysWow64\usp10.dll
2012-11-16 20:28:25 102248 ----a-w- C:\Users\Luvfishn\GoToAssistDownloadHelper.exe
2012-11-16 16:14:21 260 ----a-w- C:\windows\SysWow64\cmdVBS.vbs
2012-11-16 16:14:21 256 ----a-w- C:\windows\SysWow64\MSIevent.bat
2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-11-13 20:29:04 354216 ----a-w- C:\windows\SysWow64\DivXControlPanelApplet.cpl
2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll
2012-10-25 07:12:26 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 07:12:26 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
.
============= FINISH: 10:20:11.24 ===============
ATTACH
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/18/2012 10:06:05 AM
System Uptime: 1/21/2013 9:08:14 AM (1 hours ago)
.
Motherboard: TOSHIBA | | PEQAA
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz | CPU 1 | 2501/400mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 580 GiB total, 376.437 GiB free.
D: is CDROM ()
E: is CDROM (UDF)
S: is FIXED (NTFS) - 2794 GiB total, 2194.412 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C309a series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C309a series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart 7510 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Photosmart 7510 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart C309a series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart C309a series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
==== System Restore Points ===================
.
RP314: 1/16/2013 10:32:16 AM - Microsoft Antimalware Checkpoint
RP315: 1/16/2013 10:45:41 AM - Removed Adobe Reader X (10.1.5) MUI.
RP316: 1/16/2013 1:48:32 PM - Installed Rapport
RP317: 1/17/2013 10:06:07 AM - Installed Rapport
RP318: 1/17/2013 10:15:08 AM - Windows Update
RP319: 1/17/2013 11:27:48 AM - Installed TurboTax 2012.
RP320: 1/17/2013 1:11:39 PM - Installed Rapport
RP322: 1/17/2013 1:19:41 PM - Microsoft Antimalware Checkpoint
RP323: 1/18/2013 9:41:25 AM - Installed Rapport
RP324: 1/19/2013 8:08:43 AM - Installed Rapport
RP326: 1/19/2013 8:18:55 AM - Microsoft Antimalware Checkpoint
RP328: 1/20/2013 10:03:58 AM - Microsoft Antimalware Checkpoint
RP329: 1/20/2013 7:07:23 PM - Installed Rapport
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
AD Blocker
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Advanced SystemCare 6
AnswerWorks 5.0 English Runtime
Anvi Smart Defender 1.8
Apple Application Support
Apple Software Update
µTorrent
Bejeweled 3
Big Fish Games: Game Manager
BufferChm
C309a
Cisco Connect
ConvertXtoDVD 4.0.9.322
Coupon Printer for Windows
D3DX10
DeLorme Street Atlas USA 2011
Destinations
DeviceDiscovery
DivX Setup
DocProc
eReg
FATE - The Traitor Soul
Fax
Garmin BaseCamp
Garmin City Navigator North America NT 2013.10 Update
Garmin Lifetime Updater
Garmin USB Drivers
Garmin WebUpdater
Google Earth
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.0.0
Hidden Expedition &reg;: Titanic
honestech VHS to DVD 5.0 Deluxe
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP LaserJet P1000 series
HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 5
HP Photosmart Essential 3.5
HP Product Detection
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
hppMSRedist
HPProductAssistant
hppusgP1000
HPSSupply
Hulu Desktop
IHA_MessageCenter
ImgBurn
Intel PROSet Wireless
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Rapid Storage Technology
Intel(R) WiDi
Intel(R) Wireless Display
IObit Apps Toolbar v6.6
IObit Malware Fighter
Java Auto Updater
Java(TM) 6 Update 37
JMicron Flash Media Controller Driver
Junk Mail filter update
KeePass Password Safe 1.21
Label@Once 1.0
Letters from Nowhere 2
Logitech SetPoint 6.32
Logitech Unifying Software 2.00
Machete 3.8
Magic Ball 2 New Worlds
Malwarebytes Anti-Malware version 1.70.0.1100
MarketResearch
Matroska Pack
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Access database engine 2010 (English)
Microsoft Application Error Reporting
Microsoft Office 2000 Professional
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel Viewer
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Starter 2010 - English
Microsoft Office Word Viewer 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Streets & Trips 2011
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 18.0.1 (x86 en-US)
Mozilla Maintenance Service
MrvlUsgTracking
MrvlUsgTracking64
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network64
NVIDIA Drivers
OCR Software by I.R.I.S. 14.0
Palm Desktop
PDF Architect
PDFCreator
Penguins!
Picasa 3
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Polar Bowler
PS_AIO_05_C309_Software_Min
Quicken 2010
QuickTime
QuickTransfer
Rainlendar2 (remove only)
Rapport
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
Renesas Electronics USB 3.0 Host Controller Driver
RollerCoaster Tycoon 3: Platinum
SaveByClick
Scan
SecureKey
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Shop for HP Supplies
Skype Launcher
Skype™ 5.10
Smart Defrag 2
SmartWebPrinting
SolutionCenter
Status
Strongvault Online Backup
SUPERAntiSpyware
Synaptics Pointing Device Driver
Tales of Lagoona
Toolbox
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA VIDEO PLAYER
TOSHIBA Web Camera Application
TOSHIBA Wireless Display Monitor
TOSHIBARegistration
TrayApp
TurboTax 2011
TurboTax 2012
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
USB2.0 VIDBOX NW03
Utility Common Driver
uTorrentControl Toolbar
VC80CRTRedist - 8.0.50727.6195
Verizon Download Manager
Vz In Home Agent
WD Drive Utilities
WD SmartWare
Web Assistant 2.0.0.485
Web Optimizer
WebReg
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinRAR 4.11 (64-bit)
YouTube Free Downloader
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
1/21/2013 9:15:39 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
1/21/2013 9:12:07 AM, Error: Service Control Manager [7001] - The WD Backup service depends on the WD Rules service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
1/21/2013 9:12:07 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
1/21/2013 9:12:04 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.
1/21/2013 9:12:04 AM, Error: Service Control Manager [7000] - The Application Virtualization Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/21/2013 9:11:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WD Rules service to connect.
1/21/2013 9:11:22 AM, Error: Service Control Manager [7000] - The WD Rules service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/21/2013 9:10:06 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IHA_MessageCenter service to connect.
1/21/2013 9:10:06 AM, Error: Service Control Manager [7000] - The IHA_MessageCenter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/21/2013 9:08:46 AM, Error: volmgr [46] - Crash dump initialization failed!
1/20/2013 11:20:17 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.376.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/18/2013 9:42:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
1/18/2013 9:37:01 AM, Error: Service Control Manager [7024] - The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error The operation completed successfully..
1/17/2013 11:49:18 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AD Blocker Service service to connect.
1/17/2013 11:49:18 AM, Error: Service Control Manager [7000] - The AD Blocker Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
Last edited by NonSuch on January 21st, 2013, 3:08 pm, edited 2 times in total.
Reason: Topic edited to remove extraneous post. Do not reply to your topic until you've received a response from a helper.
luvfishn
Regular Member
 
Posts: 28
Joined: January 21st, 2013, 10:03 am
Location: Canada/USA
Advertisement
Register to Remove

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby pgmigg » January 22nd, 2013, 1:27 am

Hello luvfishn,

Welcome to the forum! :)

My nickname is pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby pgmigg » January 22nd, 2013, 2:13 am

Hello luvfishn,

P2P Advisory!
IMPORTANT: There are sign of P2P (Peer to Peer) File Sharing Program installed on your computer:

µTorrent
uTorrentControl Toolbar


As long as you have the P2P program(s) installed, per Forum Policy, I can offer you no further assistance.
If you choose NOT to remove the program(s), please indicate that in your next reply and this topic will be closed.

Otherwise, please perform the following steps:

Step 1.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without the word Code: into the open text entry box:
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    µTorrent
    uTorrentControl Toolbar
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.
  6. Reboot you computer.

By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program
itself, may be safe but the files may not - use P2P at your own risk!
Keep in mind that this practice may be the source of your current malware infestation.
Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware

Then:
Please tell me, is this computer used for business purposes or connected to any business network?
I need to know it - so I can provide the proper instructions.

Step 2.
Run CKScanner
  1. Please download CKScanner from Here
  2. Important: - Save it to your Desktop.
  3. Right-click CKScanner.exe and select "Run as administrator...", then click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 3.
Run CodeCheck Scan
  1. Please download codecheck from here to your Desktop.
  2. Make sure that codecheck.exe is on the your Desktop before running the application!
  3. Right-click on codecheck.exe and select "Run as administrator..." to run it.
  4. After a very short time a codecheck.txt icon will appear on your Desktop
  5. Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

Please include in your next reply:
  1. Your decision about P2P program.
  2. Do you have any problems executing the instructions?
  3. Answer for my question related to type of using of your computer.
  4. Contents of a log created by CKFiles.txt
  5. Contents of the codecheck.txt log file
  6. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby luvfishn » January 23rd, 2013, 9:09 am

Thank you pgmigg for assisting with this problem. It is totally aoppreciated. In response to your questions...
My pc is for personal use only and is nor used for business.
Actions completed by me:
1) P2P program and toolbar has been removed.
2) Executing your instructions have been completed without a problem.
3) The following is the content of the log files you requested.

4) CKFiles.txt
CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
c:\users\luvfishn\desktop\from maxtor\maxtor 5100le\documents\pny files saved\zuma_crack_install_read me first.txt
c:\users\luvfishn\desktop\from maxtor\maxtor 5100le\documents\recipes\flax crackers.doc
c:\users\luvfishn\desktop\from maxtor\maxtor 5100le\documents\recipes\appetizers\flax crackers.doc
c:\users\luvfishn\desktop\from maxtor\maxtor 5100le\documents and settings\bob beaton\desktop\desk top prog\games\zuma_crack_install_read me first.txt
c:\users\luvfishn\desktop\from maxtor\maxtor 5100le\documents and settings\bob beaton\my documents\pny files saved\zuma_crack_install_read me first.txt
c:\users\luvfishn\desktop\from maxtor\maxtor 5100le\documents and settings\bob beaton\my documents\recipes\flax crackers.doc
c:\users\luvfishn\desktop\from maxtor\maxtor 5100le\documents and settings\bob beaton\my documents\recipes\appetizers\flax crackers.doc
c:\users\luvfishn\documents\song lyrics\70's\crackl~1.doc
c:\users\luvfishn\documents\song lyrics\cowpie-songs\w\williams_don\cracker-jack_diamond.crd
c:\users\luvfishn\documents\song lyrics\cowpie-songs\w\williams_lucinda\metal_firecracker.crd
scanner sequence 3.CG.11.EMNARB
----- EOF -----

5) Codecheck.txt
Codecheck Version 1.0

01023

6) I haven't noticed any changes to my pc since my original posting a couple of days ago. The original problem still persists as of this post.

Hopefully I have completed these instructions to your satisfaction. I will advise you if there is any change.

Thanks again for your assistance!
luvfishn
Regular Member
 
Posts: 28
Joined: January 21st, 2013, 10:03 am
Location: Canada/USA

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby luvfishn » January 23rd, 2013, 11:21 am

This additional information may be of interest to you for your annalysis. When opening/using IE browser my MS Security essential detects the following Adware.
Adware:win32/fastsave app

The description of the file is:
c:\users\luvfishn\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\llik21ab\fs[1].js

I select the remove option, however it always returns. Should this be handled as a new problem post or can it be resolved under this topic?

Thanks!
luvfishn
Regular Member
 
Posts: 28
Joined: January 21st, 2013, 10:03 am
Location: Canada/USA

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby pgmigg » January 23rd, 2013, 2:38 pm

Hello luvfishn,
1) P2P program and toolbar has been removed.
Thank you for your decision - let start our treatment...
I select the remove option, however it always returns. Should this be handled as a new problem post or can it be resolved under this topic?
Definitely not - everything you have already or will be found later, we will treat under this one topic until "All Clean" note...

Firstly, I would like to mention that sometime ago you installed Rapport from Trusteer, Ltd. which is a lightweight security software solution that protects web communication between enterprises, such as banks, and their customers and tries to focus on preventing online fraud.

I highly recommend you to uninstall the Rapport for this machine to be fixed - you can reinstall this when we are finished as it is known to interfere with our tools.

Secondary, I see you have Advanced SystemCare 6 installed as well as other products (Apps Toolbar v6.6, Malware Fighter) of IOBit - the company which has a checkered past. Also, it functions as an antivirus and you already have Microsoft Security Essentials. There is a strong probability that your original problems were came from IOBit products. There are more of IOBit products installed but they are hidden and I will removed them separately. So, now I advise you to uninstall all of them.

Now, please perform the following steps:

Step 1.
For safety reason (to have a good registry to restore if needed), I will ask you to create a System Restore Point (SRP) before
most of my instructions sets...
Create a System Restore Point
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point... we can proceed.
If you have NOT successfully created a System Restore Point... do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 2.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without the word Code: into the open text entry box:
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    Advanced SystemCare 6
    IObit Apps Toolbar v6.6
    IObit Malware Fighter
    Java Auto Updater
    Java(TM) 6 Update 37
    Rapport
    SUPERAntiSpyware
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.

Note:
During Rapport removing process, you probably will see the following selection screens opened:
  1. You may be presented with three options, choose "Continue":
    Image
  2. You must choose "No thanks, Uninstall now" and be sure that you checked the box labeled "Delete all users settings" for:
    Image
  3. You now need to enter the characters and click "Shutdown" for the uninstall sequence to begin:
    Image

Step 3.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL - Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of a OTL.txt log file
  3. Contents of a Extras.txt log file
  4. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby luvfishn » January 24th, 2013, 9:16 am

Hi pgmigg .....I tried posting the results OTL twice. However I don't see appended to this tread?
luvfishn
Regular Member
 
Posts: 28
Joined: January 21st, 2013, 10:03 am
Location: Canada/USA

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby luvfishn » January 24th, 2013, 9:30 am

I will send the text results of the OTL scan in two posts to see if it registers.

Extras text

OTL Extras logfile created on: 1/23/2013 6:28:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Luvfishn\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 5.69 Gb Available Physical Memory | 71.99% Memory free
19.77 Gb Paging File | 17.34 Gb Available in Paging File | 87.70% Paging File free
Paging file location(s): c:\pagefile.sys 12147 12147 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 579.64 Gb Total Space | 377.86 Gb Free Space | 65.19% Space Free | Partition Type: NTFS
Drive E: | 22.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BOBS_LAPTOP | User Name: Luvfishn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002B0049-D928-4091-9322-79570BB78E4C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{062D5069-CF6B-4903-9576-CCEB824A91A6}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{063B6785-5A33-41E1-BF5D-276616CBE3E9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0980943E-1E11-408E-8849-11CB9F893C19}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0A7BFD4D-58AA-40DB-91AD-761BE9308915}" = lport=138 | protocol=17 | dir=in | app=system |
"{14DD193B-E5E6-4AF8-B670-3909834A1F65}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C5BC630-2E36-4506-9EAA-E62F69873691}" = lport=50001 | protocol=17 | dir=in | name=iha_messagecenter |
"{24A8C5C3-E507-47FF-B970-0642F830205E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{25351FC6-E61A-4D59-B2F0-0ECE60BCEF7A}" = lport=137 | protocol=17 | dir=in | app=system |
"{274EB5A9-3BDD-40C4-971F-4586C8DCC3D9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{28ED2480-B807-47CB-83C9-42D891EF4F8C}" = rport=445 | protocol=6 | dir=out | app=system |
"{2A30B4A9-E16C-4ACE-A3F1-DBE5F8CED1D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2AEF6444-50EF-44FA-92B1-9E15282F0B6A}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2F264077-3BAB-42C2-8808-92568871B7CA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2FDC904D-4FC2-4CC2-B225-B85101C5D2B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{385F4254-F84E-4E38-B374-209A464FA28B}" = lport=139 | protocol=6 | dir=in | app=system |
"{3B820C80-62DD-43B7-83F6-9A72226EBAC6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{452A6A94-6BE9-4A79-8EB2-61B0BDB79D20}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4ED2F8AC-263F-4A72-BEE5-43EB5583DA3C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5450716C-A89B-49DA-A7EB-39BCE09ABC90}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5908E83F-A67E-4D95-B275-37A845D908C0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{65C85A20-CF58-4DB9-B948-F1EC9EFFE930}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F76C405-315A-443F-A149-7494713CC304}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{732B9E7E-AC50-498C-9EDF-0514087DBA31}" = rport=138 | protocol=17 | dir=out | app=system |
"{74CD130B-F99E-40CF-A2F5-D67B0E1E7314}" = lport=7000 | protocol=17 | dir=in | name=windows easy transfer udp port |
"{7F4A6643-8D65-494D-8163-67AE2926EF43}" = rport=137 | protocol=17 | dir=out | app=system |
"{8877C794-2B8F-4062-8AD5-4EAF89EE5EE8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8D4B1698-5522-4731-884B-62E35660B4F0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{91776914-7706-4988-9E4F-520B228D88B2}" = lport=50001 | protocol=17 | dir=in | name=iha_messagecenter |
"{9787E718-936F-4188-BC5A-0EC18A911E20}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A3C40DBC-4ABC-46D4-A13B-28A9030D1C8D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A608F4BC-9FBB-4647-9E6A-2CED9C99DA90}" = rport=139 | protocol=6 | dir=out | app=system |
"{B0FABD18-5E21-49E8-B399-56F1120973DE}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B121D3DF-E1D9-411A-8E89-5DF0FB228844}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B601BC64-9822-4D72-B2C2-0D078A9FD176}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B8C39C84-E386-483C-BE2B-497DAB751D46}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BEA0D911-8C9A-407F-BAD0-6746CEA0587A}" = lport=445 | protocol=6 | dir=in | app=system |
"{CE72B0B2-95C3-4988-A454-7083899C5F4B}" = lport=7000 | protocol=6 | dir=in | name=windows easy transfer tcp port |
"{D0915438-777E-484C-9120-C932795E8ACE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D19C23D8-220C-4D61-BB4A-DF4EFC14BEAA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DB4BBA55-DFBD-4482-9B00-4B482F81D9FA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EB6119DE-5CBA-48E3-BF5D-52BE3934F895}" = rport=2869 | protocol=6 | dir=out | app=system |
"{F7628304-DC68-4649-9A14-5315F5E95D04}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F84D1531-0F5D-4BB6-9A1F-5658B0279797}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{F9CEC696-7DD9-45AB-A03F-EE6EE20514A8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FD07D9B4-CC76-4C1A-8F89-E9C6762465D8}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{FF4009F4-9540-4AAD-9608-BA87521B98CC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{076E2680-3082-4A3C-8777-9715AFD5211F}" = protocol=17 | dir=in | app=c:\users\luvfishn\appdata\local\temp\7zsb4be.tmp\symnrt.exe |
"{079924EB-641A-47D9-9C4B-59A5AF47F788}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{0A97033B-6C2C-4A0F-9530-528353089BBA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{14F238E0-5D87-457F-9A4F-08BF95E2FCFC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{179BEE0F-9040-421E-A3F9-6E410FCAFD8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{19425CC1-5A8F-4109-BFDD-FD297EB81496}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe |
"{1CCCF3D2-C389-4CB8-A18D-890BF51DA58C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{22E41E40-82A5-48BB-A86F-48D33C46952E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{265E1BCA-8C1D-4CBE-AE24-8BDA5C24B692}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{28D15142-0865-4487-87B9-AE1CF6065983}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{29A5A828-1A17-4DB8-9310-8E8A14E06242}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{2A1D4656-3B17-4355-A7CC-718A0C10D159}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2F769ADD-455C-42DF-BAB2-808028DB25B7}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{360D7532-D9E7-40C3-B7E1-AEF8E807E66A}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{3C5DB9B3-8746-41BA-B9D9-1A7884F8F1C0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{3C87C12A-58FC-4681-BBFD-A45260BAAB41}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{3F0CE717-5F74-4157-8885-84A2A5A3590E}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{3FAC0900-5C32-4E0B-84D3-1584DFEB4F50}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{403409CA-8539-4313-8436-A64D7AACB1C2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{40693332-1CCC-4981-962F-AC9F55C85A22}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{43FA3CF6-3CD6-4D11-ABD6-318114E644D9}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{44CB2F30-135D-40CC-8556-E10B5C7EC6B6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{47937346-5A8A-4E47-AD27-ACAF4EE5147D}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{52D5517E-46AA-4E78-8682-81D022AF970B}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{53259CA0-0B9D-41B4-9F55-03CCC8FDD6E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{53C30A38-375B-4EAC-A4FC-7255FEE57685}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{571CC6DC-F98E-42BD-9E2E-51562CB499B0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{60E52F89-DEDC-447F-AB23-B6EC99A157C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{61BEFF84-2F59-4997-9CFC-9CC13C5DC34D}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{680FCCE5-695C-4A86-A151-4240238DEB55}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{70917B04-5122-46CE-9398-A8BC752F72E8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{71F9730D-27FC-4332-90CC-34DDC7DA107F}" = protocol=6 | dir=out | app=system |
"{7CE12B62-6DAD-466C-B0C5-24A87E076959}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{88C5A3E7-4BAD-4728-BDBF-AA0EA731E850}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8EE473FB-B0B9-459F-AEB6-1733A7CB5BEB}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe |
"{9504C784-6F7B-482D-BEB3-D6705DE593D1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{9A177E1D-C131-482D-B1D1-8FB79357C010}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{9ED72962-9B41-4F57-A6D2-5FE1FD672260}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{A9857C0D-9FBD-42EA-A25D-09D4A94464AB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{AAE59403-2D69-40DF-ABB6-4211433C8255}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{AC17A5BF-653D-4631-B409-EE438CE8A58E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{ACADFF57-A062-4803-9C74-8A1A88391191}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{AD08950C-F53B-4BAA-909A-71BEF7BC6BC6}" = protocol=6 | dir=in | app=c:\users\luvfishn\appdata\local\temp\7zsb4be.tmp\symnrt.exe |
"{B237A923-DFE7-493B-AC20-3E0EA834EA6E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B290D3B9-6DAE-4C18-A2D2-FC6F65D6D4EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B2F51FCB-80C9-4A69-B84A-402FA81EA810}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{B877E973-7294-4168-BA11-1B58551E9BE4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C8580AE8-161A-47C8-A222-6EAFC2D911F8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{C872428A-EEC0-4859-981B-44A990B4821D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{D316DC4F-AEDB-4F88-836F-6243E1BE562D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D411B4F3-A78F-4C1C-A455-C5E714D47214}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{D62399BE-7D6B-4B8C-849F-36DD92B7FD46}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{D7431A5E-8DB2-46A0-9AB7-7D95A170C48C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{D7B61FFB-C80D-4464-9514-AABC44D29AB9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{DA529D3F-A87C-4FC2-B6B8-AE5D27840B8E}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{DE57120F-CDB7-4620-B213-AB57E1BE826D}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{DF12F3A9-92EA-47FB-BA7F-0ADDFB08EA0C}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{E3993706-FF06-4CC3-9705-BB068E238672}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E5FB9C7E-C550-49AF-BC69-4CBD6A1624AE}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{E64ADEDF-1008-494B-87C7-3316A8FF4D95}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EA3ADFBA-90DD-4194-83F0-410C3D9736B0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{EAF673D7-624B-4FC8-B08E-E876F0509C6D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{ED796C4E-7889-48B5-93EB-49B81B88C32C}" = dir=in | app=c:\users\luvfishn\appdata\local\temp\7zs556f\setup\hpznui40.exe |
"{F0D0D8AA-D856-4130-9382-BD7E42ED55E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F258C17B-C1AD-445A-AFFB-3228A2CEBD66}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{F4D96F5F-0D48-4F68-972E-2A0C680672BB}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{FDE529BD-7B1B-4CE6-998E-04E9BE2694A7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{0A943857-FAB4-448A-9E5A-087D20E7ECF1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{1C39489A-611E-4436-ACF5-F8BA1E99AFA7}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{6E9C0B30-12D4-4AF0-8371-F3350B23E7B1}C:\users\luvfishn\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\luvfishn\desktop\utorrent.exe |
"TCP Query User{BE5275DB-CEE9-40CD-9E63-7992F7CDEF89}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{CA69E02A-6188-417D-9C6A-07EB913FBFCE}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{4A5B7364-32D7-4543-87A9-BD765B736772}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{5506C222-41EA-43BF-BE11-B8FFC5924A3E}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{71AC7422-B0C5-4E31-BB09-7852E955DD59}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{9E12A92F-779B-4E65-BFD6-D57A9B6EF229}C:\users\luvfishn\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\luvfishn\desktop\utorrent.exe |
"UDP Query User{C2F8D3FD-74EE-4E75-8AC6-A5F627130FBE}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{22A51951-1F45-4C8A-B888-306527F9C45F}" = WD SmartWare
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.485
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
"{42F0FD29-7EB3-4CAA-AF10-BC2619B96D80}" = MrvlUsgTracking64
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{71C4F928-136A-4222-A191-310E081FB96B}" = HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 5
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}" = TOSHIBA eco Utility
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FA0DC1C2-34A4-4478-A693-7C8621EEE334}" = SaveByClick
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Logitech Unifying" = Logitech Unifying Software 2.00
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"SaveByClick" =
"Shop for HP Supplies" = Shop for HP Supplies
"sp6" = Logitech SetPoint 6.32
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.11 (64-bit)
"WNLT" = Web Optimizer

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00FE2935-FB56-4410-AB5F-D6E70C1771D2}" = Garmin WebUpdater
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}" = Vz In Home Agent
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}" = Garmin Lifetime Updater
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12CAA28E-56CA-4C3D-B3F2-7311540DD410}" = TurboTax 2011
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{22613FA5-4D3B-4EE5-8E4A-39EBE649324E}" = Garmin BaseCamp
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26B5A6D1-1F75-3B59-5825-E4D4CAE3445D}" =
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB2.0 VIDBOX NW03
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3BE24392-35A7-4A84-AA82-EF53EFCA2AF8}" = Machete 3.8
"{3D12E3F0-3E73-4267-B452-2BBF140343E6}" = Verizon Download Manager
"{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}" = Garmin USB Drivers
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E9C9EE1-1964-4519-BF80-652E7F415ECF}" = WD Drive Utilities
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{44FF002B-5AB3-4447-8F98-614387B63EE6}" = honestech VHS to DVD 5.0 Deluxe
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{59E44523-0F0F-4454-9F37-E951BBA55B84}" = C309a
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5E33D30D-D896-4D92-B033-5F45819B2937}" = Strongvault Online Backup
"{617773AE-ADBA-4479-BB04-65FE7758B35C}" = TOSHIBA Wireless Display Monitor
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA VIDEO PLAYER
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7257132D-7F65-41E6-A90F-43BF6099461A}" = Intel(R) WiDi
"{726DDC29-79B3-41B4-BDBF-97DF25BF1EA8}" = TurboTax 2012
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth
"{834265C4-CDF4-44D3-BD24-31531617EFB8}" = IHA_MessageCenter
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B542C2E-D2AC-4460-B9F2-BA5A907A544F}" = honestech VHS to DVD 5.0 Deluxe
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-00D1-0409-0000-0000000FF1CE}" = Microsoft Access database engine 2010 (English)
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A6C3D5F0-3C6C-46BF-A8D0-06EE92E02E9E}_is1" = AD Blocker
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC015C45-1667-40A4-A126-966EE5629062}" = Quicken 2010
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C31337DE-0CDC-45A9-9A32-F099AC78D557}" = Toshiba Book Place
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{C82185E8-C27B-4EF4-2011-4444BC2C2B6D}" = Microsoft Streets & Trips 2011
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0AE9222-C133-4135-BE5B-BE6ED6D6D78B}" = DeLorme Street Atlas USA 2011
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE2E1909-12C2-4249-8003-7978BEA3A14F}" = Garmin City Navigator North America NT 2013.10 Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1AC923B-2A52-4C5D-8011-5FC83CD58CF4}" = hppusgP1000
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FA0E7183-6B11-4899-B25F-2C490543967E}" = PS_AIO_05_C309_Software_Min
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Anvi Smart Defender" = Anvi Smart Defender 1.8
"BFGC" = Big Fish Games: Game Manager
"BFG-Hidden Expedition - Titanic" = Hidden Expedition &reg;: Titanic
"BFG-Magic Ball 2 New Worlds" = Magic Ball 2 New Worlds
"Cisco Connect" = Cisco Connect
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DivX Setup" = DivX Setup
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"ImgBurn" = ImgBurn
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"KeePass Password Safe_is1" = KeePass Password Safe 1.21
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Matroska Pack" = Matroska Pack
"Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"Rainlendar2" = Rainlendar2 (remove only)
"RealPlayer 16.0" = RealPlayer
"Smart Defrag 2_is1" = Smart Defrag 2
"SP_661c9f97" =
"SP_a8235b05" = Search Assistant SoftQuick 1.66
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WTA-2f485546-2f39-4fd4-bd43-84fbd11f6664" = RollerCoaster Tycoon 3: Platinum
"WTA-31115219-cfb3-4b1b-a545-50604171683d" = Bejeweled 3
"WTA-46c72ae7-1ebe-4bd2-9d11-18c33159e5c5" = Tales of Lagoona
"WTA-92fb430d-f2ef-4fd0-80c6-7076da88e682" = Zuma's Revenge
"WTA-94779ac0-4973-410b-9579-c91c390837d0" = Plants vs. Zombies - Game of the Year
"WTA-af48de5f-568c-4f97-83a2-1f6dcaf59c27" = FATE - The Traitor Soul
"WTA-bfa5f194-6483-4b42-b089-4bf5aa2913f0" = Penguins!
"WTA-c49b7352-4bbc-4f16-a77f-713ed645bf8a" = Polar Bowler
"WTA-fe977a71-0bc6-48ef-8157-31fd98284823" = Letters from Nowhere 2
"YouTube Free Downloader" = YouTube Free Downloader

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HuluDesktop" = Hulu Desktop
"SecureKey" = SecureKey

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/6/2012 4:44:03 PM | Computer Name = Bobs_Laptop | Source = SecureKey | ID = 131328
Description =

Error - 11/6/2012 4:44:03 PM | Computer Name = Bobs_Laptop | Source = SecureKey | ID = 131328
Description =

Error - 11/6/2012 4:44:33 PM | Computer Name = Bobs_Laptop | Source = SecureKey | ID = 131328
Description =

Error - 11/6/2012 4:44:33 PM | Computer Name = Bobs_Laptop | Source = SecureKey | ID = 131328
Description =

Error - 11/6/2012 4:44:33 PM | Computer Name = Bobs_Laptop | Source = SecureKey | ID = 131328
Description =

Error - 11/6/2012 4:45:04 PM | Computer Name = Bobs_Laptop | Source = SecureKey | ID = 131328
Description =

Error - 11/6/2012 4:47:34 PM | Computer Name = Bobs_Laptop | Source = SecureKey | ID = 131328
Description =

Error - 11/6/2012 4:49:04 PM | Computer Name = Bobs_Laptop | Source = SecureKey | ID = 131328
Description =

Error - 11/8/2012 12:15:44 PM | Computer Name = Bobs_Laptop | Source = WinMgmt | ID = 10
Description =

Error - 11/8/2012 12:17:52 PM | Computer Name = Bobs_Laptop | Source = Toshiba App Place | ID = 0
Description =

[ Media Center Events ]
Error - 7/22/2012 6:15:09 AM | Computer Name = Bobs_Laptop | Source = MCUpdate | ID = 0
Description = 7:15:08 AM - Failed to retrieve SportsSchedule (Error: The operation
has timed out)

Error - 8/23/2012 6:39:38 AM | Computer Name = Bobs_Laptop | Source = MCUpdate | ID = 0
Description = 7:39:27 AM - Error connecting to the internet. 7:39:27 AM - Unable
to contact server..

Error - 9/16/2012 1:51:38 PM | Computer Name = Bobs_Laptop | Source = MCUpdate | ID = 0
Description = 2:51:38 PM - Error connecting to the internet. 2:51:38 PM - Unable
to contact server..

Error - 9/16/2012 1:51:56 PM | Computer Name = Bobs_Laptop | Source = MCUpdate | ID = 0
Description = 2:51:44 PM - Error connecting to the internet. 2:51:44 PM - Unable
to contact server..

Error - 9/16/2012 2:52:04 PM | Computer Name = Bobs_Laptop | Source = MCUpdate | ID = 0
Description = 3:52:04 PM - Error connecting to the internet. 3:52:04 PM - Unable
to contact server..

Error - 9/16/2012 2:52:14 PM | Computer Name = Bobs_Laptop | Source = MCUpdate | ID = 0
Description = 3:52:09 PM - Error connecting to the internet. 3:52:09 PM - Unable
to contact server..

Error - 9/16/2012 3:52:18 PM | Computer Name = Bobs_Laptop | Source = MCUpdate | ID = 0
Description = 4:52:18 PM - Error connecting to the internet. 4:52:18 PM - Unable
to contact server..

Error - 9/16/2012 3:52:24 PM | Computer Name = Bobs_Laptop | Source = MCUpdate | ID = 0
Description = 4:52:23 PM - Error connecting to the internet. 4:52:23 PM - Unable
to contact server..

Error - 9/16/2012 4:52:28 PM | Computer Name = Bobs_Laptop | Source = MCUpdate | ID = 0
Description = 5:52:28 PM - Error connecting to the internet. 5:52:28 PM - Unable
to contact server..

Error - 9/16/2012 4:52:33 PM | Computer Name = Bobs_Laptop | Source = MCUpdate | ID = 0
Description = 5:52:33 PM - Error connecting to the internet. 5:52:33 PM - Unable
to contact server..

[ System Events ]
Error - 1/23/2013 5:47:18 PM | Computer Name = Bobs_Laptop | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the IHA_MessageCenter
service to connect.

Error - 1/23/2013 5:47:18 PM | Computer Name = Bobs_Laptop | Source = Service Control Manager | ID = 7000
Description = The IHA_MessageCenter service failed to start due to the following
error: %%1053

Error - 1/23/2013 5:47:33 PM | Computer Name = Bobs_Laptop | Source = Service Control Manager | ID = 7000
Description = The Rapport Management Service service failed to start due to the
following error: %%2

Error - 1/23/2013 6:07:16 PM | Computer Name = Bobs_Laptop | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 1/23/2013 6:07:16 PM | Computer Name = Bobs_Laptop | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 1/23/2013 6:07:45 PM | Computer Name = Bobs_Laptop | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 1/23/2013 6:10:10 PM | Computer Name = Bobs_Laptop | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the WD
Rules service to connect.

Error - 1/23/2013 6:10:10 PM | Computer Name = Bobs_Laptop | Source = Service Control Manager | ID = 7000
Description = The WD Rules service failed to start due to the following error: %%1053

Error - 1/23/2013 6:10:52 PM | Computer Name = Bobs_Laptop | Source = Service Control Manager | ID = 7001
Description = The WD Backup service depends on the WD Rules service which failed
to start because of the following error: %%1053

Error - 1/23/2013 6:20:48 PM | Computer Name = Bobs_Laptop | Source = ipnathlp | ID = 31004
Description =


< End of report >
luvfishn
Regular Member
 
Posts: 28
Joined: January 21st, 2013, 10:03 am
Location: Canada/USA

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby luvfishn » January 24th, 2013, 9:34 am

Here is the OTL log file.....OTL logfile created on: 1/23/2013 6:28:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Luvfishn\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 5.69 Gb Available Physical Memory | 71.99% Memory free
19.77 Gb Paging File | 17.34 Gb Available in Paging File | 87.70% Paging File free
Paging file location(s): c:\pagefile.sys 12147 12147 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 579.64 Gb Total Space | 377.86 Gb Free Space | 65.19% Space Free | Partition Type: NTFS
Drive E: | 22.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BOBS_LAPTOP | User Name: Luvfishn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/23 18:21:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Luvfishn\Desktop\OTL.exe
PRC - [2013/01/07 15:53:22 | 000,340,992 | ---- | M] () -- C:\ProgramData\CloudSoft\SaveByClick\SaveByClick.exe
PRC - [2012/12/23 10:39:38 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/12/21 09:26:34 | 000,979,816 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe
PRC - [2012/12/20 22:43:14 | 001,434,984 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
PRC - [2012/12/20 22:43:12 | 000,735,592 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
PRC - [2012/11/29 22:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/28 16:41:36 | 001,123,720 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012/11/28 16:34:18 | 000,793,600 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2012/11/23 06:54:12 | 001,537,304 | ---- | M] (SecureKey Technologies Inc.) -- C:\Users\Luvfishn\AppData\Local\SecureKey\1.1.3149.6452\SecureKey.exe
PRC - [2012/11/22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe
PRC - [2012/11/22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe
PRC - [2012/11/13 14:18:00 | 000,279,368 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
PRC - [2012/09/06 09:46:00 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
PRC - [2012/09/06 09:45:58 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
PRC - [2012/09/06 09:45:46 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
PRC - [2012/09/03 08:13:08 | 000,188,760 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012/06/14 10:04:26 | 001,177,536 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2012/06/14 10:04:24 | 001,151,424 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2012/06/14 09:58:24 | 005,235,128 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2012/06/14 09:57:20 | 000,248,248 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2012/05/11 15:19:42 | 001,599,832 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2012/01/06 15:30:00 | 001,446,760 | ---- | M] (Garmin) -- C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/12 01:45:18 | 002,433,024 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
PRC - [2011/07/19 11:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
PRC - [2011/02/01 17:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 17:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/12/25 20:05:54 | 001,716,144 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
PRC - [2010/08/16 14:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2010/06/04 20:32:58 | 000,252,792 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
PRC - [2009/05/11 09:45:18 | 000,024,576 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
PRC - [2004/04/13 16:03:10 | 000,299,008 | ---- | M] (Palm, Inc.) -- C:\Program Files (x86)\palmOne\HOTSYNC.EXE


========== Modules (No Company Name) ==========

MOD - [2013/01/09 15:04:48 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b95e7795ea5951d09521cddfc03b5c4e\Microsoft.VisualBasic.ni.dll
MOD - [2013/01/09 14:22:58 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 14:22:32 | 000,310,784 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\eb4fa29ea9ab56d453b36696edbe6423\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2013/01/09 14:22:31 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/09 14:22:25 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 14:22:20 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 14:22:17 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/09 14:21:51 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 14:21:47 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/01/09 12:02:29 | 000,393,216 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\84068bac0b3859c94652214e0b90dfc6\System.Xml.Linq.ni.dll
MOD - [2013/01/09 12:01:20 | 001,801,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cbb7db665b3ba25a931258eb702527f5\System.Xaml.ni.dll
MOD - [2013/01/09 11:45:33 | 018,002,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f28a346ae10e2eec581608f591cf7116\PresentationFramework.ni.dll
MOD - [2013/01/09 11:45:26 | 013,199,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\08fca556cf3fe582233fa080cdbec8f1\System.Windows.Forms.ni.dll
MOD - [2013/01/09 11:45:13 | 011,451,904 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8983c040161b34c64474f195bff5e2de\PresentationCore.ni.dll
MOD - [2013/01/09 11:45:07 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7d6b122bee0977d953ee2409d74c3c25\PresentationFramework.Aero.ni.dll
MOD - [2013/01/09 11:45:01 | 000,745,984 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\2953bd325cbadeb5da550379e3185950\System.Security.ni.dll
MOD - [2013/01/09 11:44:59 | 007,069,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\08bebcf66ad666dfdf2a4a934d79c0f9\System.Core.ni.dll
MOD - [2013/01/09 11:44:56 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d884c684ee3f738a60e3c50dd5d88caa\System.Xml.ni.dll
MOD - [2013/01/09 11:44:56 | 003,858,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\5dbabea688adfc665e3453561736699a\WindowsBase.ni.dll
MOD - [2013/01/09 11:44:51 | 001,667,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b83993cc955262507c8ead67567c8060\System.Drawing.ni.dll
MOD - [2013/01/09 11:44:48 | 009,094,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\df418085cedae9fa2efee87e20a419a4\System.ni.dll
MOD - [2013/01/09 11:44:41 | 014,413,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\60c214b6ad5691e368a16ec65d127c27\mscorlib.ni.dll
MOD - [2012/12/21 09:26:34 | 000,979,816 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe
MOD - [2012/12/20 22:43:24 | 000,785,256 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\sqlite3.dll
MOD - [2012/11/29 22:07:48 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012/11/29 22:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/08/19 15:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2011/08/12 01:45:26 | 000,198,144 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll
MOD - [2011/08/12 01:45:18 | 002,433,024 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
MOD - [2010/12/12 06:58:14 | 000,502,784 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_xrc_vc_rny.dll
MOD - [2010/12/12 06:58:00 | 000,131,584 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxbase28u_xml_vc_rny.dll
MOD - [2010/12/12 06:57:56 | 000,485,376 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_html_vc_rny.dll
MOD - [2010/12/12 06:57:44 | 000,707,584 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_adv_vc_rny.dll
MOD - [2010/12/12 06:57:36 | 002,633,216 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_core_vc_rny.dll
MOD - [2010/12/12 06:56:46 | 001,205,760 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxbase28u_vc_rny.dll
MOD - [2010/05/23 14:20:08 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\lfs.dll
MOD - [2010/05/23 14:20:04 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\lua51.dll
MOD - [2005/01/02 09:22:48 | 000,776,192 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/13 09:26:50 | 001,259,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (WebOptimizer)
SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/09/03 08:13:08 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2011/07/01 15:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/06/10 01:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/06/01 16:38:30 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/06/01 16:23:40 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/06/01 16:19:58 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/05/24 13:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/05/17 18:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/10/20 18:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/08/22 09:26:52 | 000,535,608 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV - [2013/01/19 11:42:22 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/19 09:05:34 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/20 22:43:12 | 000,735,592 | ---- | M] (Anvisoft) [Auto | Running] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe -- (asdsrv)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/28 16:34:18 | 000,793,600 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/11/22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012/11/22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2012/11/13 14:18:00 | 000,279,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe -- (ADBlockerSrv)
SRV - [2012/09/06 09:46:00 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm)
SRV - [2012/09/06 09:45:58 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm)
SRV - [2012/08/03 16:22:18 | 000,352,248 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2012/06/14 10:04:26 | 001,177,536 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2012/06/14 10:04:24 | 001,151,424 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2012/06/14 09:57:20 | 000,248,248 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2012/06/07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/07/19 11:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/11 21:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/01 17:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 17:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/18 09:36:56 | 000,032,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2012/12/06 12:11:40 | 011,518,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/11/29 10:30:40 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/11/29 10:30:39 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/11/29 10:30:39 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/11/07 03:16:18 | 000,017,232 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\asdws.sys -- (asdws)
DRV:64bit: - [2012/11/07 03:16:16 | 000,023,376 | ---- | M] (Anvisoft) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\asdrs.sys -- (asdrs)
DRV:64bit: - [2012/11/07 03:16:16 | 000,018,768 | ---- | M] (Anvisoft) [File_System | System | Running] -- C:\Windows\SysNative\drivers\asdrm.sys -- (asdrm)
DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/06/26 16:37:59 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2012/04/18 14:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2012/04/12 21:30:40 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/24 06:04:01 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/08/05 16:34:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/08/05 16:34:00 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/06/27 13:55:50 | 012,231,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/06/09 23:28:22 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2011/05/26 08:21:28 | 000,174,680 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 18:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 18:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/02/08 23:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 23:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/12 21:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/26 17:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 20:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/03/22 14:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/31 00:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/29 20:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/19 23:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/25 16:23:26 | 000,035,392 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2012/09/07 13:52:02 | 000,019,280 | ---- | M] () [File_System | System | Running] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys -- (asdnet)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{8F4C1368-E852-41DB-8F35-CF7ECA9E6AA6}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=bd ... 48c15be&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{904F4B4E-2A11-4D1C-B20D-E036D2A72F52}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.soft-quick.info/
IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKLM\..\SearchScopes\{904F4B4E-2A11-4D1C-B20D-E036D2A72F52}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.soft-quick.info/?l=1&q={searchTerms}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {904F4B4E-2A11-4D1C-B20D-E036D2A72F52}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {904F4B4E-2A11-4D1C-B20D-E036D2A72F52}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.dishpointer.com/http:/ [Binary data over 200 bytes]
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.investcom.com/page/toronto.html
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E B0 A5 2C 34 E8 CD 01 [binary data]
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://investdb.theglobeandmail.com/inv ... de=SECLIST
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes,DefaultScope = {4E778202-4B72-48B6-9807-3F47E180F166}
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{48639E64-816C-1E71-A11F-AF2D7041DC94}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z013&form=ZGAIDF
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{48D4B666-7434-421B-B72C-2944CCD531AF}: "URL" = http://cnet.search.com/search?chkpt=ast ... ch.cnet&q={searchTerms}&tag=srch
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{4E778202-4B72-48B6-9807-3F47E180F166}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =800236&p={searchTerms}
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{5B291E6C-9A74-4034-971B-A4B007A0B315}: "URL" = http://radiobar.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7TSHB_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=NYVtCTU9 ... CuOV4h0?q={searchTerms}
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{8F4C1368-E852-41DB-8F35-CF7ECA9E6AA6}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=bd ... 48c15be&q={searchTerms}
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{904F4B4E-2A11-4D1C-B20D-E036D2A72F52}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS475
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{93D74BA3-49E8-4412-8089-53F624378339}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{A2073805-171C-433F-8870-86ECA7DB6DDD}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =642886&p={searchTerms}
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.soft-quick.info/?l=1&q={searchTerms}
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{C6C63773-426A-494F-A399-77BE17BF9AE9}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6PQCnzubnG&i=26
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{E8930232-4B31-4251-986C-98061BDC75B4}: "URL" = http://www.ant.com/web/{searchTerms}/
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{FC27A2BA-163E-495D-9A2D-FF54C3C6931F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://websearch.soft-quick.info/?l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=800236"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/|https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2|https://account.netzero.net/s/account"
FF - prefs.js..extensions.enabledAddons: DeviceDetection%40logitech.com:1.24.0.9
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40incredibar.com:1.5.0
FF - prefs.js..extensions.enabledAddons: %7Bbf7380fa-e3b4-4db2-af3e-9d8783a45bfc%7D:3.16.0.3
FF - prefs.js..extensions.enabledAddons: %7Be9df9360-97f8-4690-afe6-996c80790da4%7D:3.16.0.3
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: plugin%40selectionlinks.com:1.5
FF - prefs.js..extensions.enabledAddons: FFPDFArchitectConverter%40pdfarchitect.com:1.0
FF - prefs.js..extensions.enabledAddons: abb%40amazon.com:3.0.20121129
FF - prefs.js..extensions.enabledAddons: wtxpcom%40mybrowserbar.com:6.6
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Luvfishn\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/09/13 08:45:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/20 13:31:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/09/13 08:45:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/12/16 13:30:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/23 10:40:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013/01/01 10:04:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/12/23 10:40:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 09:05:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/19 09:05:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/20 13:31:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 09:05:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/19 09:05:18 | 000,000,000 | ---D | M]

[2012/03/18 13:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Extensions
[2013/01/23 17:35:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions
[2012/11/30 12:56:08 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/11/23 06:55:02 | 000,000,000 | ---D | M] (SecureKey Extension) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{214ccfbe-f58a-4668-8403-eca590d20530}
[2012/11/09 06:42:16 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/11/09 06:42:20 | 000,000,000 | ---D | M] (uTorrentControl Community Toolbar) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}
[2013/01/01 10:24:09 | 000,000,000 | ---D | M] (SaveByclick) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\50e2ed76c32a0@50e2ed76c32d9.com
[2013/01/17 13:15:36 | 000,000,000 | ---D | M] (SaveByclick) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\50f8306022eb7@50f8306022ef1.com
[2013/01/21 22:42:00 | 000,000,000 | ---D | M] (continuetosave) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\50fe01324d42b@50fe01324d464.com
[2012/05/09 15:07:07 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\DeviceDetection@logitech.com
[2012/07/03 17:25:46 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\ffxtlbr@incredibar.com
[2012/12/20 09:40:46 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\plugin@selectionlinks.com
[2013/01/02 10:06:09 | 000,491,479 | ---- | M] () (No name found) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\abb@amazon.com.xpi
[2012/11/21 12:21:34 | 006,263,553 | ---- | M] () (No name found) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{214ccfbe-f58a-4668-8403-eca590d20530}\securekey.unsigned.xpi
[2013/01/21 22:39:38 | 000,000,553 | ---- | M] () -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\searchplugins\WebSearch.xml
[2013/01/23 17:37:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/19 09:05:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/01/19 09:05:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/01/11 09:24:30 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2012/12/16 13:30:49 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013/01/01 10:04:35 | 000,000,000 | ---D | M] (PDF Architect Converter For Firefox) -- C:\PROGRAM FILES (X86)\PDF ARCHITECT\FFPDFARCHITECTEXT
[2013/01/19 09:05:35 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 11:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/06 11:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/12/23 10:40:06 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/08/30 06:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/20 06:12:28 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://websearch.soft-quick.info/
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.0_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\iejjikafebghfjoodkkipahmnijbglpi\1.1.3149.6452_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej\3.0_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidljmjkobeoidolpjpcgdoblhpmiond\1_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.3_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcddbapmmbmogepeclfoenegoopnidb\1\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam\1.0_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2 - BHO: (no name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found.
O2 - BHO: (no name) - {300BEC06-B743-4D19-86B9-11DC711D7FFB} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (SaveByclick) - {E70B2CE3-F509-3628-8315-4E317E51390E} - C:\ProgramData\SaveByclick\50f8306023048.dll ()
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\Toolbar\WebBrowser: (no name) - {E9DF9360-97F8-4690-AFE6-996C80790DA4} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TOSHIBA Face Recognition] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ADBlocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe ()
O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CCPrt] C:\Program Files (x86)\Cisco Systems\Cisco Connect\CCPrt.exe (Cisco Consumer Products LLC)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SMessaging] C:\Users\Luvfishn\AppData\Local\Strongvault Online Backup\SMessaging.exe File not found
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-941371534-4025170946-3007303680-1000..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
O4 - HKU\S-1-5-21-941371534-4025170946-3007303680-1000..\Run: [SecureKey] C:\Users\Luvfishn\AppData\Local\SecureKey\1.1.3149.6452\SecureKey.exe (SecureKey Technologies Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files (x86)\palmOne\HOTSYNC.EXE (Palm, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0 ... rol_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F5AFABA-0126-46CF-A3DC-83D522BEA15C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A713D883-06B0-46A4-8361-69CE6657BE74}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\intu-tt2011 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-tt2012 - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2012 {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files (x86)\TurboTax 2012\ic2012pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~2\saveby~1\sprote~1.dll) - c:\Program Files (x86)\SaveByClick\sprotector.dll ()
O20 - AppInit_DLLs: (c:\progra~2\softqu~1\sprote~1.dll) - c:\Program Files (x86)\SoftQuick\sprotector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/02 14:14:20 | 000,000,082 | ---- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{3e3993f3-24d9-11e2-a8fc-dc0ea13b5126}\Shell - "" = AutoRun
O33 - MountPoints2\{3e3993f3-24d9-11e2-a8fc-dc0ea13b5126}\Shell\AutoRun\command - "" = G:\SkStartup.exe
O33 - MountPoints2\{478620fe-fa91-11e1-9aed-dc0ea13b5126}\Shell - "" = AutoRun
O33 - MountPoints2\{478620fe-fa91-11e1-9aed-dc0ea13b5126}\Shell\AutoRun\command - "" = E:\unlock.exe -- [2011/03/09 15:27:17 | 003,728,752 | ---- | M] (Western Digital)
O33 - MountPoints2\{756b32ef-2294-11e2-ac80-dc0ea13b5126}\Shell - "" = AutoRun
O33 - MountPoints2\{756b32ef-2294-11e2-ac80-dc0ea13b5126}\Shell\AutoRun\command - "" = E:\unlock.exe -- [2011/03/09 15:27:17 | 003,728,752 | ---- | M] (Western Digital)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/23 18:23:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Luvfishn\Desktop\OTL.exe
[2013/01/23 18:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
[2013/01/23 18:04:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trusteer
[2013/01/23 17:59:40 | 000,247,640 | ---- | C] (Trusteer Ltd.) -- C:\Users\Luvfishn\Desktop\RapportSetup.exe
[2013/01/21 22:39:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftQuick
[2013/01/21 22:39:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ContinueToSave
[2013/01/21 22:38:55 | 000,000,000 | ---D | C] -- C:\ProgramData\continuetosave
[2013/01/21 10:18:40 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/01/21 10:18:07 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\Desktop\MalwareRemoval
[2013/01/20 12:32:29 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Roaming\SUPERAntiSpyware.com
[2013/01/20 12:29:06 | 023,357,120 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Luvfishn\Desktop\SUPERAntiSpyware.exe
[2013/01/20 09:58:19 | 000,000,000 | ---D | C] -- C:\IObit
[2013/01/19 09:05:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/17 13:23:04 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/01/17 13:23:04 | 000,074,248 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/17 13:07:06 | 000,000,000 | ---D | C] -- C:\ProgramData\CLSoft LTD
[2013/01/17 13:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\CloudSoft
[2013/01/17 13:06:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaveByClick
[2013/01/17 13:06:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013/01/17 13:06:20 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSMAPI32.OCX
[2013/01/17 13:06:16 | 000,103,936 | ---- | C] (pdfforge GbR) -- C:\windows\SysNative\pdfcmon.dll
[2013/01/17 13:06:15 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSMPIDE.DLL
[2013/01/17 12:14:45 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Roaming\SpeedyPC Software
[2013/01/17 12:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2013/01/17 11:28:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TurboTax 2012
[2013/01/17 11:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/01/17 11:15:50 | 009,703,176 | ---- | C] (SurfRight B.V.) -- C:\Users\Luvfishn\Desktop\HitmanPro_x64.exe
[2013/01/17 11:04:34 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Luvfishn\Desktop\tdsskiller.exe
[2013/01/17 10:26:44 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
[2013/01/17 10:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Virtualized Applications
[2013/01/16 18:02:59 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Roaming\Anvisoft
[2013/01/16 18:02:48 | 000,023,376 | ---- | C] (Anvisoft) -- C:\windows\SysNative\drivers\asdrs.sys
[2013/01/16 18:02:48 | 000,018,768 | ---- | C] (Anvisoft) -- C:\windows\SysNative\drivers\asdrm.sys
[2013/01/16 18:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\anvisoft
[2013/01/16 18:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2013/01/16 18:02:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2013/01/09 11:29:48 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013/01/09 11:29:48 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2013/01/09 11:29:03 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2013/01/09 11:28:56 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll
[2013/01/09 11:28:40 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs
[2013/01/09 11:28:40 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs
[2013/01/09 11:28:40 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs
[2013/01/09 11:28:40 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs
[2013/01/09 11:28:40 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs
[2013/01/09 11:28:40 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs
[2013/01/09 11:28:40 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs
[2013/01/09 11:28:40 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs
[2013/01/09 11:28:40 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs
[2013/01/09 11:28:40 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs
[2013/01/09 11:28:40 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs
[2013/01/09 11:28:40 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs
[2013/01/09 11:28:40 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs
[2013/01/09 11:28:40 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs
[2013/01/09 11:28:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs
[2013/01/09 11:28:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs
[2013/01/09 11:28:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs
[2013/01/09 11:28:40 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs
[2013/01/09 11:28:40 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs
[2013/01/09 11:28:39 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll
[2013/01/09 11:28:39 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll
[2013/01/09 11:28:39 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll
[2013/01/09 11:28:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs
[2013/01/09 11:28:38 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll
[2013/01/09 11:28:38 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs
[2013/01/09 11:28:38 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs
[2013/01/09 11:28:38 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs
[2013/01/09 11:28:38 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs
[2013/01/09 11:28:38 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs
[2013/01/09 11:28:38 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs
[2013/01/09 11:28:38 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs
[2013/01/09 11:28:38 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs
[2013/01/09 11:26:54 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2013/01/09 11:26:53 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2013/01/09 11:26:53 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2013/01/09 11:26:53 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2013/01/09 11:26:53 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013/01/09 11:26:53 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013/01/09 11:26:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2013/01/09 11:26:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2013/01/09 11:26:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013/01/09 11:26:52 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 11:26:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 11:26:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 11:26:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013/01/09 11:26:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 11:26:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 11:26:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 11:26:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 11:26:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 11:26:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 11:26:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 11:26:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 11:26:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013/01/09 11:26:51 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013/01/09 11:26:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 11:26:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 11:26:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 11:26:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 11:26:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 11:26:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 11:26:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013/01/09 11:25:52 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe
[2013/01/07 11:16:01 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Roaming\Malwarebytes
[2013/01/07 11:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/07 11:15:39 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/01/07 11:15:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/02 09:39:44 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Roaming\PDF Architect
[2013/01/01 11:21:50 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Local\IsolatedStorage
[2013/01/01 10:27:38 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Roaming\Strongvault
[2013/01/01 10:27:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2013/01/01 10:27:10 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Local\Stronghold_LLC
[2013/01/01 10:27:01 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\AI_RecycleBin
[2013/01/01 10:21:53 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSCOMCT2.OCX
[2013/01/01 10:21:51 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Roaming\OpenCandy
[2013/01/01 10:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveByclick
[2013/01/01 10:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveByclick
[2013/01/01 10:05:02 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Roaming\APP_NAME_NON_STRING
[2013/01/01 10:04:51 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\Documents\PDF Architect Files
[2013/01/01 10:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
[2013/01/01 10:04:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Architect
[2013/01/01 09:55:02 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Local\Programs
[2012/12/31 20:05:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2012/06/26 16:37:59 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Luvfishn\AppData\Roaming\pcouffin.sys
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/23 18:21:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Luvfishn\Desktop\OTL.exe
[2013/01/23 18:18:30 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/23 18:18:30 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/23 18:11:35 | 000,000,437 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.ics
[2013/01/23 18:08:26 | 000,000,392 | -H-- | M] () -- C:\windows\tasks\{70C8A1B6-1D07-4DE3-9566-1A43422BADFE}.job
[2013/01/23 18:07:37 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/01/23 18:07:20 | 2074,099,711 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/23 17:59:41 | 000,247,640 | ---- | M] (Trusteer Ltd.) -- C:\Users\Luvfishn\Desktop\RapportSetup.exe
[2013/01/23 17:59:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/01/20 12:32:06 | 023,357,120 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Luvfishn\Desktop\SUPERAntiSpyware.exe
[2013/01/19 11:42:22 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/01/19 11:42:22 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/18 09:36:56 | 000,032,152 | ---- | M] () -- C:\windows\SysNative\drivers\hitmanpro37.sys
[2013/01/18 09:35:15 | 000,017,966 | ---- | M] () -- C:\windows\SysNative\.crusader
[2013/01/17 22:54:59 | 000,000,017 | ---- | M] () -- C:\windows\SysWow64\shortcut_ex.dat
[2013/01/17 13:06:24 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013/01/17 13:05:05 | 000,779,788 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/01/17 13:05:05 | 000,665,232 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/01/17 13:05:05 | 000,125,678 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/01/17 11:48:01 | 000,321,024 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/01/17 11:18:33 | 009,703,176 | ---- | M] (SurfRight B.V.) -- C:\Users\Luvfishn\Desktop\HitmanPro_x64.exe
[2013/01/17 11:06:24 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Luvfishn\Desktop\tdsskiller.exe
[2013/01/16 18:02:52 | 000,001,195 | ---- | M] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk
[2013/01/16 18:02:37 | 000,001,511 | ---- | M] () -- C:\Users\Public\Desktop\Anvi AD Blocker.lnk
[2013/01/16 12:42:12 | 029,016,792 | ---- | M] () -- C:\Users\Luvfishn\Desktop\asdsetup.exe
[2013/01/11 11:39:42 | 000,103,936 | ---- | M] (pdfforge GbR) -- C:\windows\SysNative\pdfcmon.dll
[2013/01/09 14:52:36 | 001,070,152 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MSCOMCTL.OCX
[2013/01/09 11:46:36 | 000,765,700 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/01/07 11:15:44 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/04 11:49:59 | 000,107,283 | ---- | M] () -- C:\windows\SysNative\tmp.xml
[2013/01/04 10:45:58 | 000,007,144 | ---- | M] () -- C:\Users\Luvfishn\Desktop\Sun Trust Nov Statement.pdf
[2013/01/04 10:44:24 | 000,009,131 | ---- | M] () -- C:\Users\Luvfishn\Desktop\Sun Trust Dec Statement.pdf
[2013/01/01 10:05:05 | 000,001,004 | ---- | M] () -- C:\Users\Luvfishn\Desktop\PDF Architect.lnk
[2013/01/01 09:50:11 | 000,096,409 | ---- | M] () -- C:\Users\Luvfishn\Desktop\Staples Photo Paper rebate 1Jan13.pdf
[2013/01/01 09:48:44 | 000,093,762 | ---- | M] () -- C:\Users\Luvfishn\Desktop\__www.stapleseasyrebates.com_staples_Confirmation.do.pdf
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/17 22:54:59 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat
[2013/01/17 13:23:05 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/01/17 13:07:01 | 000,000,392 | -H-- | C] () -- C:\windows\tasks\{70C8A1B6-1D07-4DE3-9566-1A43422BADFE}.job
[2013/01/17 13:06:24 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013/01/17 11:48:34 | 000,032,152 | ---- | C] () -- C:\windows\SysNative\drivers\hitmanpro37.sys
[2013/01/17 11:46:23 | 000,017,966 | ---- | C] () -- C:\windows\SysNative\.crusader
[2013/01/16 18:02:52 | 000,001,195 | ---- | C] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk
[2013/01/16 18:02:48 | 000,017,232 | ---- | C] () -- C:\windows\SysNative\drivers\asdws.sys
[2013/01/16 18:02:37 | 000,001,511 | ---- | C] () -- C:\Users\Public\Desktop\Anvi AD Blocker.lnk
[2013/01/16 12:37:34 | 029,016,792 | ---- | C] () -- C:\Users\Luvfishn\Desktop\asdsetup.exe
[2013/01/07 11:15:44 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/04 10:45:57 | 000,007,144 | ---- | C] () -- C:\Users\Luvfishn\Desktop\Sun Trust Nov Statement.pdf
[2013/01/04 10:44:24 | 000,009,131 | ---- | C] () -- C:\Users\Luvfishn\Desktop\Sun Trust Dec Statement.pdf
[2013/01/01 10:05:05 | 000,001,004 | ---- | C] () -- C:\Users\Luvfishn\Desktop\PDF Architect.lnk
[2013/01/01 09:50:11 | 000,096,409 | ---- | C] () -- C:\Users\Luvfishn\Desktop\Staples Photo Paper rebate 1Jan13.pdf
[2013/01/01 09:48:42 | 000,093,762 | ---- | C] () -- C:\Users\Luvfishn\Desktop\__www.stapleseasyrebates.com_staples_Confirmation.do.pdf
[2012/11/16 16:28:23 | 000,102,248 | ---- | C] () -- C:\Users\Luvfishn\GoToAssistDownloadHelper.exe
[2012/08/31 12:48:41 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2012/06/26 16:40:40 | 000,001,041 | ---- | C] () -- C:\Users\Luvfishn\AppData\Roaming\vso_ts_preview.xml
[2012/06/26 16:37:59 | 000,099,384 | ---- | C] () -- C:\Users\Luvfishn\AppData\Roaming\inst.exe
[2012/06/26 16:37:59 | 000,007,859 | ---- | C] () -- C:\Users\Luvfishn\AppData\Roaming\pcouffin.cat
[2012/06/26 16:37:59 | 000,001,167 | ---- | C] () -- C:\Users\Luvfishn\AppData\Roaming\pcouffin.inf
[2012/05/20 13:28:17 | 000,220,615 | ---- | C] () -- C:\windows\hpoins35.dat
[2012/05/20 13:28:17 | 000,000,778 | ---- | C] () -- C:\windows\hpomdl35.dat
[2012/05/18 07:42:03 | 000,000,017 | ---- | C] () -- C:\Users\Luvfishn\AppData\Local\resmon.resmoncfg
[2012/05/03 15:26:20 | 000,005,632 | ---- | C] () -- C:\Users\Luvfishn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/26 08:53:06 | 000,000,149 | ---- | C] () -- C:\windows\QUICKEN.INI
[2012/03/18 12:37:47 | 000,765,700 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/06/27 13:53:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/06/27 13:53:58 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/06/27 13:53:58 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/06/27 13:48:58 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011/06/27 13:28:08 | 013,899,776 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011/02/03 23:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 09:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 09:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 09:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/04/30 18:15:50 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2012/04/30 18:15:50 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2013/01/16 18:02:59 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\Anvisoft
[2013/01/01 10:05:02 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\APP_NAME_NON_STRING
[2012/12/04 13:01:29 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\Book Place
[2012/03/19 08:55:04 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\DeLorme
[2012/10/21 06:42:19 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\DriverCure
[2012/05/13 09:22:38 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\Foxreal
[2012/06/25 13:58:24 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\Garmin
[2012/05/06 08:11:56 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\ImgBurn
[2012/10/24 06:21:47 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\IObit
[2012/03/23 15:54:15 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\KeePass
[2012/05/09 15:13:54 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\Leadertech
[2012/08/28 12:01:00 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\Machete
[2012/05/13 08:15:33 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\Moyea
[2013/01/01 10:21:51 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\OpenCandy
[2012/03/23 16:50:56 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\OpenOffice.org
[2012/06/23 07:49:12 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\PCCUStubInstaller
[2013/01/09 14:28:55 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\PDF Architect
[2013/01/17 13:06:24 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\pdfforge
[2012/04/30 06:59:58 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\POP Peeper
[2013/01/23 10:40:02 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\SoftGrid Client
[2012/10/21 06:42:19 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\SpeedMaxPc
[2013/01/17 12:14:45 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\SpeedyPC Software
[2013/01/01 10:27:38 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\Strongvault
[2012/03/18 09:42:32 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\Tific
[2012/10/25 09:49:30 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\Toshiba
[2012/06/21 09:04:27 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\TP
[2013/01/23 10:56:52 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\uTorrent
[2012/10/24 06:29:55 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\Vso
[2012/03/18 09:06:27 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\WinBatch
[2012/04/30 09:42:16 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\Windows Live Writer
[2012/12/04 12:31:39 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\YouTubeFreeDownloader
[2013/01/17 10:26:44 | 000,000,000 | ---D | M] -- C:\Users\Luvfishn\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:090FB735
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:1992908D

< End of report >
Thanks again!
luvfishn
Regular Member
 
Posts: 28
Joined: January 21st, 2013, 10:03 am
Location: Canada/USA

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby pgmigg » January 24th, 2013, 12:03 pm

Hello luvfishn,

Let continue...

Step 1.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without the word Code: into the open text entry box:
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    Smart Defrag 2
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.
  6. Reboot you computer.

Step 2.
  1. Special FIX Download
    Right-click on the filename link below and select "Save target as..." or "Save Link as...", and save it to your Desktop as filename: Fix.txt.
    SQW7-Vista_x64.TXT
  2. OTL - Run Fix Script
    You should still have OTL.exe on your desktop.
    Important! Close all applications and windows so that you have nothing open and are at your Desktop.
    1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    2. Underneath Output at the top, make sure Standard Output is selected.
    3. Click the Run Fix button at the top. You will see a popup dialog reporting "No fix has been provided. Click OK to load from a file or Cancel".
    4. Click the OK button. An Open dialog will be displayed.
    5. Navigate to the Desktop, scroll to find the file named Fix.txt and click Open button. Some text will appear in the Custom scans/Fixes box.
    6. Click the Run Fix button.
    7. Let the program run unhindered and reboot the PC when it is done.
      When the computer reboots, and you start your usual account, a Notepad text file will appear.
    8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 3.
SystemLook
Please download SystemLook_x64.exe by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries into SystemLook's main text entry window:
    Code: Select all
    :filefind
    *uTorrent*
    *alotappbar*
    *Bandoo*
    *Blekko*
    *Conduit*
    *Fun4IM*
    *Funmoods*
    *GadgetBox*
    *gboxapp*
    *iLivid*
    *Incredibar*
    *IObit*
    *Rapport*
    *Trusteer*
    *trolltech*
    *whitesmoke*
    *Yontoo*
    
    :folderfind
    *uTorrent*
    *alotappbar*
    *Bandoo*
    *Blekko*
    *Conduit*
    *Fun4IM*
    *Funmoods*
    *GadgetBox*
    *gboxapp*
    *iLivid*
    *Incredibar*
    *IObit*
    *Rapport*
    *Trusteer*
    *trolltech*
    *whitesmoke*
    *Yontoo*
    
    :Regfind
    uTorrent
    alotappbar
    Bandoo
    Blekko
    Conduit
    Fun4IM
    Funmoods
    GadgetBox
    gboxapp
    iLivid
    Incredibar
    IObit
    Rapport
    Trusteer
    trolltech
    whitesmoke
    Yontoo
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Step 4.
TDSSKiller - Rootkit Removal Tool - Scan only
Please download the TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
  1. Right click on TDSSKiller.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If TDSSKiller does not run, please rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. zarodinu.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Please select Skip instead of Cure (default).
  5. Then click Continue, then Close and then Close again.
  6. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory (usually Local Disk C:).
  7. Copy and paste the contents of that file in your next reply.

Step 5.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file OTL.txt <-- Will be opened, maximized
  6. Please post the content of OTL.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the SystemLook.txt log file
  4. Contents of the TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt log file
  5. Contents of a OTL.txt log file
  6. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby luvfishn » January 24th, 2013, 1:47 pm

Hi again pgmigg :) Thanks for your continued support.
I will post the results of the scans you requested into 2 or more
segments to avoid file size issues. Here are the results from 'Run Fix'
option in the OTL program ......

File name 01242013_132100

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\DataMngr_Toolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\ilivid\ not found.
Registry key HKEY_CURRENT_USER\Software\searchqutoolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Save video on Savevid.com\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASAPI 32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASMAN CS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchqu.com\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA942DEC3AFA384B94ECC932BD3DC5A\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFE82A48FED40644C984C808A1785C7F\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFB5D9F3E46440D4A9C379467CEADEBB\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toobar not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B0118C8-8D12-46CD-A083-2116D587A11F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B0118C8-8D12-46CD-A083-2116D587A11F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C39DB3DF-7935-4821-9BD7-170D277DA935} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39DB3DF-7935-4821-9BD7-170D277DA935}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B2163BE-A595-4E6E-AAF0-E22A29D38262} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B2163BE-A595-4E6E-AAF0-E22A29D38262}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A49227EB-05C7-449A-9BB6-18F653936F32} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A49227EB-05C7-449A-9BB6-18F653936F32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B0118C8-8D12-46CD-A083-2116D587A11F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B0118C8-8D12-46CD-A083-2116D587A11F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C39DB3DF-7935-4821-9BD7-170D277DA935} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39DB3DF-7935-4821-9BD7-170D277DA935}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B2163BE-A595-4E6E-AAF0-E22A29D38262} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B2163BE-A595-4E6E-AAF0-E22A29D38262}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A49227EB-05C7-449A-9BB6-18F653936F32} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A49227EB-05C7-449A-9BB6-18F653936F32}\ not found.
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\\@|"ISearchQueryHelper" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
========== FILES ==========
File/Folder C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\SearchquWebSearch.xml not found.
File/Folder C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\searchqutoolbar not found.
File/Folder C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
File/Folder C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\*@sweetim[1].txt not found.
File/Folder C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[1].txt not found.
File/Folder C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[2].txt not found.
File/Folder C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[1].txt not found.
File/Folder C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[2].txt not found.
File/Folder C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@stats.ilivid[1].txt not found.
File/Folder C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@sweetim[1].txt not found.
File/Folder C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[2].txt not found.
File/Folder C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[3].txt not found.
File/Folder C:\Users\Luvfishn\AppData\Local\Ilivid Player not found.
File/Folder C:\Users\Luvfishn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iLividSetupV1.exe not found.
File/Folder C:\Users\Luvfishn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ilivid[1].7z not found.
File/Folder C:\Users\Luvfishn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SetupDataMngr_Searchqu[1].exe not found.
File/Folder C:\Users\Luvfishn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SweetImSetup.exe not found.
File/Folder C:\Users\Luvfishn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BandooV6[1].exe not found.
File/Folder C:\Users\Luvfishn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\searchqu_net[1].htm not found.
File/Folder C:\Users\Luvfishn\AppData\Local\Temp\BandooFiles not found.
File/Folder C:\Users\Luvfishn\AppData\Local\Temp\BandooV6.exe not found.
File/Folder C:\Users\Luvfishn\AppData\Local\Temp\SetupDataMngr_Searchqu.exe not found.
File/Folder C:\Users\Luvfishn\AppData\Local\Temp\SweetIMReinstall not found.
File/Folder C:\Users\Luvfishn\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe not found.
File/Folder C:\Users\Luvfishn\AppData\Local\Temp\ilivid.7z not found.
File/Folder C:\Users\Luvfishn\AppData\Local\Temp\searchqu.ini not found.
File/Folder C:\Users\Luvfishn\AppData\Local\Temp\searchqutoolbar-manifest.xml not found.
File/Folder C:\Users\Luvfishn\AppData\LocalLow\searchquband not found.
File/Folder C:\Users\Luvfishn\AppData\LocalLow\searchqutoolbar not found.
File/Folder C:\Users\Luvfishn\Downloads\SweetImSetup.exe not found.
File/Folder C:\Users\Luvfishn\Downloads\iLividSetupV1.exe not found.
File/Folder C:\Users\Luvfishn\AppData\LocalLow\DataMngr not found.
File/Folder C:\Users\Luvfishn\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3AJVC1WF\www.ilivid[1].xml not found.
File/Folder C:\Users\Luvfishn\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\TYBUQFS4\www.searchqu[1].xml not found.
File\Folder C:\Windows\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-4EFDDDEA.pf not found.
File\Folder C:\Program Files\Windows iLivid Toolbar not found.
File\Folder C:\Program Files\iLivid not found.
File\Folder C:\Windows\Prefetch\ILIVID* not found.
File\Folder C:\Windows\Prefetch\SEARCHQUMEDIABAR* not found.
File\Folder C:\Windows\Prefetch\SETUPDATAMNGR* not found.
File\Folder C:\Program Files (x86)\iLivid not found.
File\Folder C:\Program Files (x86)\Windows Savevid Toolbar not found.
File\Folder C:\Program Files (x86)\Savevid not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Luvfishn\Desktop\cmd.bat deleted successfully.
C:\Users\Luvfishn\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Luvfishn
->Temp folder emptied: 19318834 bytes
->Temporary Internet Files folder emptied: 26748135 bytes
->Java cache emptied: 99203 bytes
->FireFox cache emptied: 72095497 bytes
->Google Chrome cache emptied: 6194139 bytes
->Flash cache emptied: 537 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 705536 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10360563 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 3192983 bytes
RecycleBin emptied: 13267448 bytes

Total Files Cleaned = 145.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01242013_132100

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I'll post this now and continue with an additional post later.
luvfishn
Regular Member
 
Posts: 28
Joined: January 21st, 2013, 10:03 am
Location: Canada/USA

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby luvfishn » January 24th, 2013, 2:07 pm

Results from SystemLook text file as follows.....

========== filefind ==========

Searching for "*uTorrent*"
C:\Users\Luvfishn\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\KSFD0CVG\bar.utorrent[1].xml --a---- 84 bytes [15:24 19/03/2012] [15:24 19/03/2012] 591937C6F16A114013600FBD296AC82C
C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@utorrent[2].txt --a---- 355 bytes [01:34 29/04/2011] [01:34 29/04/2011] 174EFCA433F4EDF1984790DC28FB09FF
C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Recent\utorrent.lnk --a---- 11728 bytes [13:07 22/01/2013] [13:07 22/01/2013] CAAD4EEDEF78DC94F8B62C4A5CF54ADC
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar --a---- 717887 bytes [16:27 08/11/2012] [16:09 08/11/2012] 1FBE78C449ABCC6679F2688BEA67710C
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\chrome\utorrentcontrol.jar --a---- 718086 bytes [16:27 08/11/2012] [04:56 07/11/2012] 4B31FAB438A7F2DFA2D1B1CD46C39C7D
C:\Users\Luvfishn\AppData\Roaming\uTorrent\utorrent.lng --a---- 1156771 bytes [12:51 11/12/2012] [12:51 11/12/2012] 7E5AD4AEB310437A16D22FC353937766

Searching for "*alotappbar*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Blekko*"
No files found.

Searching for "*Conduit*"
C:\Program Files (x86)\palmOne\ConduitConfig.dll --a---- 61440 bytes [20:03 13/04/2004] [20:03 13/04/2004] 05CB56DC5DF9C679E6F813E72B541D2B
C:\Program Files (x86)\palmOne\ocpConduitUI.dll --a---- 139264 bytes [20:02 13/04/2004] [20:02 13/04/2004] E18CF1B5F4F356D8881B75D4628B0E3B
C:\Program Files (x86)\palmOne\OutlookConduit.cnt --a---- 740 bytes [20:02 13/04/2004] [20:02 13/04/2004] F80D19994311306F9895618B47C5DEE0
C:\Program Files (x86)\palmOne\OutlookConduit.hlp --a---- 27948 bytes [20:02 13/04/2004] [20:02 13/04/2004] B60E6E184402797FF8FD2036BF85398F
C:\Users\Luvfishn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\1IDKEM6G\appsmetadata_toolbar_conduit-services_com[1].txt --a---- 1795 bytes [10:24 21/08/2012] [10:24 21/08/2012] B599618A2E339B580B73C4A7507A2761
C:\Users\Luvfishn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\WLDF2BMN\conduit[1].htm --a---- 3513 bytes [15:40 04/07/2012] [15:40 04/07/2012] 60799561A9729CE70BD1553F0F534D2C
C:\Users\Luvfishn\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1463703_1459357_US.xml --a---- 192 bytes [15:24 19/03/2012] [21:36 21/01/2013] C8BFFBA687D0F78B9DCCC74D5CC469A4
C:\Users\Luvfishn\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_997308_993027_CA.xml --a---- 184 bytes [14:46 25/10/2012] [14:52 25/10/2012] F6825A4890E46D206849B4F47EE98B38
C:\Users\Luvfishn\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\N25XG8XL\apps.conduit[1].xml --a---- 13 bytes [14:46 25/10/2012] [14:46 25/10/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Luvfishn\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\PRUT3BE7\youtube.conduitapps[1].xml --a---- 13 bytes [17:52 16/08/2012] [17:52 16/08/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Luvfishn\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\W9FMZX7Q\facebook.conduitapps[1].xml --a---- 13 bytes [15:24 19/03/2012] [15:24 19/03/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.js --a---- 9181 bytes [16:27 08/11/2012] [16:09 08/11/2012] 6E6B7E00632DF1BA5A48D74E1B41ABE3
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.xpt --a---- 166 bytes [16:27 08/11/2012] [16:09 08/11/2012] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.xml --a---- 925 bytes [16:27 08/11/2012] [16:09 08/11/2012] EC559A6ABEC972452F52CFB3A2AA9F7E
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\components\ConduitAutoCompleteSearch.js --a---- 9181 bytes [16:27 08/11/2012] [04:56 07/11/2012] 6E6B7E00632DF1BA5A48D74E1B41ABE3
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\components\ConduitAutoCompleteSearch.xpt --a---- 166 bytes [16:27 08/11/2012] [04:56 07/11/2012] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\searchplugin\conduit.xml --a---- 933 bytes [16:27 08/11/2012] [04:56 07/11/2012] BE154DBED6CFCD64804F6ABE16E453C9

Searching for "*Fun4IM*"
No files found.

Searching for "*Funmoods*"
No files found.

Searching for "*GadgetBox*"
No files found.

Searching for "*gboxapp*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*Incredibar*"
C:\Users\Luvfishn\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\W9FMZX7Q\mystart.incredibar[1].xml --a---- 13 bytes [09:48 04/07/2012] [09:48 04/07/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Luvfishn\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\W9FMZX7Q\search.incredibar[1].xml --a---- 281 bytes [12:13 13/08/2012] [16:27 16/01/2013] 8668610FB1AC58601EE90AE3939B1AB4
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\ffxtlbr@incredibar.com\content\incredibar.css --a---- 1674 bytes [22:16 21/01/2012] [22:16 21/01/2012] 6F21358198F51CAD4033860281A7A75D
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\ffxtlbr@incredibar.com\content\incredibar.xul --a---- 1530 bytes [16:46 23/01/2012] [16:46 23/01/2012] 88049F60C881841357267BB3EBB67425

Searching for "*IObit*"
C:\Boot\BCD.iobit --a---- 28672 bytes [19:59 18/01/2013] [02:45 22/01/2013] BA475F15FE96E02DB050E6E486878519
C:\Program Files (x86)\IObit Toolbar\IE\6.6\iobitToolbarIE.dll --a---- 1230216 bytes [20:42 28/11/2012] [20:42 28/11/2012] 612538856CD6EE99E62EA68AB1B3BF9A
C:\Program Files (x86)\IObit Toolbar\Res\iobit_logo.gif --a---- 1668 bytes [21:13 17/11/2010] [21:13 17/11/2010] 7FBA98931D2A8E856DC70101A342CB55
C:\Program Files (x86)\IObit Toolbar\Res\iobit_logo_hover.gif --a---- 1654 bytes [21:13 17/11/2010] [21:13 17/11/2010] 5A80794DFBB70CA8E1427BA2C51F7EC7
C:\Users\Luvfishn\ntuser.dat.iobit --a---- 5980160 bytes [19:59 18/01/2013] [02:45 22/01/2013] 963DEEE7E5A9EEECC3F63EE73E47CE5C
C:\Users\Luvfishn\AppData\Local\Microsoft\Windows\UsrClass.dat.iobit --a---- 9216000 bytes [19:59 18/01/2013] [02:45 22/01/2013] E890FA648A1B2D5443C0DA34C51E6B31
C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\bob@iobit[2].txt --a---- 120 bytes [12:14 15/01/2011] [12:14 15/01/2011] 6D7A0763FEEC3BE97477528EA3CAC16D
C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\bob@www.iobit[1].txt --a---- 245 bytes [12:14 15/01/2011] [12:14 15/01/2011] 4DC89AED51F38C3AF098B082575A342C
C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\bob@www.iobit[2].txt --a---- 333 bytes [20:33 21/09/2010] [20:33 21/09/2010] 15BEDFE954783AF5E1B25CAEF88AA732
C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.iobit[1].txt --a---- 283 bytes [17:59 08/06/2010] [17:59 08/06/2010] 8C8E3212E7520F1E698972D66EE025A3
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\{F0B1CEAC-7C0D-407c-B25E-623D7CBECCCB}\iobit.lock --a---- 1 bytes [16:27 28/03/2012] [16:27 28/03/2012] 7215EE9C7D9DC229D2921A40E899EC5F
C:\Users\Luvfishn\Desktop\Desktop Icons\Security & Maintenance Tools\IObit Malware Fighter.lnk --a---- 1184 bytes [10:10 17/10/2012] [10:10 17/10/2012] F08E726759A481F44723CA615AE20C40
C:\Users\Luvfishn\Favorites\IObit Freeware (1).url --a---- 138 bytes [18:30 08/06/2010] [09:47 31/05/2012] DCB2FB90741AE316A9826D30AD19401C
C:\Users\Luvfishn\Favorites\IObit Freeware.URL --a---- 166 bytes [14:00 29/04/2012] [09:47 31/05/2012] A974D127E1941E168510D7531A68B711
C:\Users\Luvfishn\Favorites\From Internet Explorer\IObit Freeware.URL --a---- 166 bytes [14:00 29/04/2012] [09:47 31/05/2012] A974D127E1941E168510D7531A68B711
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.iobit --a---- 249856 bytes [19:59 18/01/2013] [02:45 22/01/2013] 3F8ED6A583B43CA893716AA752BEF2BA
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.iobit --a---- 262144 bytes [19:59 18/01/2013] [02:45 22/01/2013] EDE9E3659E63E1D73B65A4D6E80104C2
C:\Windows\System32\config\DEFAULT.iobit --a---- 311296 bytes [19:59 18/01/2013] [19:59 18/01/2013] 6E34DAA208355DB56B29EE4A3EACF292
C:\Windows\System32\config\SAM.iobit --a---- 57344 bytes [19:59 18/01/2013] [19:59 18/01/2013] C641834F76E72CD7C3FF04AE3A14890B
C:\Windows\System32\config\SECURITY.iobit --a---- 28672 bytes [19:59 18/01/2013] [19:59 18/01/2013] 82C0EDB6A8E5708D98341C51C6AD83B4
C:\Windows\System32\config\SOFTWARE.iobit --a---- 82587648 bytes [19:59 18/01/2013] [19:59 18/01/2013] 1C97D2D7539641374D5A5C70C8314AFD
C:\Windows\System32\config\SYSTEM.iobit --a---- 24195072 bytes [19:59 18/01/2013] [19:59 18/01/2013] EE9E7680AFA76BC694F3F22BE7C1AE8D

Searching for "*Rapport*"
C:\Users\Luvfishn\Desktop\RapportSetup.exe --a---- 247640 bytes [21:59 23/01/2013] [21:59 23/01/2013] C95B500DB31CF64036BDEC486C8FC00B

Searching for "*Trusteer*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*uTorrent*"
C:\Users\Luvfishn\AppData\Roaming\uTorrent d------ [13:52 19/03/2012]

Searching for "*alotappbar*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Blekko*"
No folders found.

Searching for "*Conduit*"
C:\Program Files (x86)\Conduit d------ [13:56 19/03/2012]
C:\Users\Luvfishn\AppData\Local\Conduit d------ [13:56 19/03/2012]
C:\Users\Luvfishn\AppData\LocalLow\Conduit d------ [13:56 19/03/2012]
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\conduitCommon d------ [13:56 19/03/2012]

Searching for "*Fun4IM*"
No folders found.

Searching for "*Funmoods*"
No folders found.

Searching for "*GadgetBox*"
No folders found.

Searching for "*gboxapp*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*Incredibar*"
C:\Users\Luvfishn\AppData\Local\Temp\mt_ffx\Incredibar.com d------ [21:25 03/07/2012]
C:\Users\Luvfishn\AppData\Local\Temp\mt_ffx\Incredibar.com\incredibar d------ [21:25 03/07/2012]
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\ffxtlbr@incredibar.com d------ [21:25 03/07/2012]

Searching for "*IObit*"
C:\IObit d------ [13:58 20/01/2013]
C:\Program Files (x86)\IObit d------ [18:05 18/03/2012]
C:\Program Files (x86)\IObit Toolbar d------ [23:35 04/12/2012]
C:\Program Files (x86)\IObit\IObit Malware Fighter d------ [01:51 20/03/2012]
C:\ProgramData\IObit d------ [18:06 18/03/2012]
C:\Users\All Users\IObit d------ [18:06 18/03/2012]
C:\Users\Default\AppData\Roaming\IObit d------ [10:12 23/04/2012]
C:\Users\Default\AppData\Roaming\IObit\IObit Malware Fighter d------ [22:15 30/04/2012]
C:\Users\Luvfishn\AppData\LocalLow\IObit d------ [16:34 28/03/2012]
C:\Users\Luvfishn\AppData\Roaming\IObit d------ [18:05 18/03/2012]
C:\Users\Luvfishn\AppData\Roaming\IObit\IObit Malware Fighter d------ [01:51 20/03/2012]
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit d------ [19:54 18/03/2012]

Searching for "*Rapport*"
C:\ProgramData\Trusteer\Rapport d------ [11:01 27/07/2012]
C:\Users\All Users\Trusteer\Rapport d------ [11:01 27/07/2012]
C:\Users\Default\AppData\Local\Trusteer\Rapport d------ [09:51 09/08/2012]
C:\Users\Luvfishn\AppData\Local\Trusteer\Rapport d------ [11:03 27/07/2012]

Searching for "*Trusteer*"
C:\ProgramData\Trusteer d------ [11:01 27/07/2012]
C:\Users\All Users\Trusteer d------ [11:01 27/07/2012]
C:\Users\Default\AppData\Local\Trusteer d------ [09:51 09/08/2012]
C:\Users\Luvfishn\AppData\Local\Trusteer d------ [11:03 27/07/2012]

Searching for "*trolltech*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "uTorrent"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\utorrent.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.c
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com]
[HKEY_CURRENT_USER\Software\SpeedMaxPc\SpeedMaxPc\ScanSettings\File Sharing History\uTorrent 1.x]
[HKEY_CURRENT_USER\Software\SpeedyPC Software\SpeedyPC Pro\ScanSettings\File Sharing History\uTorrent 1.x]
[HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe]
[HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe\shell\open\command]
@=""C:\Program Files (x86)\uTorrent\uTorrent.exe" "%1""
[HKEY_CURRENT_USER\Software\Classes\btdna\DefaultIcon]
@=""C:\Program Files (x86)\uTorrent\uTorrent.exe" ",0"
[HKEY_CURRENT_USER\Software\Classes\btdna\shell\open\command]
@=""C:\Program Files (x86)\uTorrent\uTorrent.exe" "/DNA""
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\uTorrent\uTorrent.exe"="µTorrent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\AppPaths\client]
"AppPath"="C:\Program Files (x86)\uTorrent\uTorrent.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{6E9C0B30-12D4-4AF0-8371-F3350B23E7B1}C:\users\luvfishn\desktop\utorrent.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\luvfishn\desktop\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=TRUE|Defer=App|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{9E12A92F-779B-4E65-BFD6-D57A9B6EF229}C:\users\luvfishn\desktop\utorrent.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\luvfishn\desktop\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=TRUE|Defer=App|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{6E9C0B30-12D4-4AF0-8371-F3350B23E7B1}C:\users\luvfishn\desktop\utorrent.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\luvfishn\desktop\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=TRUE|Defer=App|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{9E12A92F-779B-4E65-BFD6-D57A9B6EF229}C:\users\luvfishn\desktop\utorrent.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\luvfishn\desktop\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=TRUE|Defer=App|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{6E9C0B30-12D4-4AF0-8371-F3350B23E7B1}C:\users\luvfishn\desktop\utorrent.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\luvfishn\desktop\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=TRUE|Defer=App|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{9E12A92F-779B-4E65-BFD6-D57A9B6EF229}C:\users\luvfishn\desktop\utorrent.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\luvfishn\desktop\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=TRUE|Defer=App|"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\DOMStorage\utorrent.com]
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com]
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\SpeedMaxPc\SpeedMaxPc\ScanSettings\File Sharing History\uTorrent 1.x]
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\SpeedyPC Software\SpeedyPC Pro\ScanSettings\File Sharing History\uTorrent 1.x]
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\Applications\uTorrent.exe]
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\Applications\uTorrent.exe\shell\open\command]
@=""C:\Program Files (x86)\uTorrent\uTorrent.exe" "%1""
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\btdna\DefaultIcon]
@=""C:\Program Files (x86)\uTorrent\uTorrent.exe" ",0"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\btdna\shell\open\command]
@=""C:\Program Files (x86)\uTorrent\uTorrent.exe" "/DNA""
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\uTorrent\uTorrent.exe"="µTorrent"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000_Classes\Applications\uTorrent.exe]
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000_Classes\Applications\uTorrent.exe\shell\open\command]
@=""C:\Program Files (x86)\uTorrent\uTorrent.exe" "%1""
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000_Classes\btdna\DefaultIcon]
@=""C:\Program Files (x86)\uTorrent\uTorrent.exe" ",0"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000_Classes\btdna\shell\open\command]
@=""C:\Program Files (x86)\uTorrent\uTorrent.exe" "/DNA""
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\uTorrent\uTorrent.exe"="µTorrent"

Searching for "alotappbar"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Blekko"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.c
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.c
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
"WSG_temp_referer"="http://search.conduit.com/Results.aspx?q=win32%2Ffastsaveapp&ctid=CT3072254&octid=CT3072254&SearchSource=1&CUI=SB_CUI/|#|old_value|||8641358353609802"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
"WSG_referrer"="http://search.conduit.com/Results.aspx|||8641348824975391"
[HKEY_CURRENT_USER\Software\Palm\Outlook Conduits]
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Application1]
"Conduit"="SgPqiCn.dll"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Application10]
"Conduit"="photos.dll"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Application2]
"Conduit"="SgCalendarCn.dll"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Application3]
"Conduit"="SgContactsCnC.dll"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Application4]
"Conduit"="SgTasksCn.dll"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Application5]
"Conduit"="SgMemosCnC.dll"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Application6]
"Conduit"="SgCalendarCn.dll"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Application7]
"Conduit"="SgContactsCn.dll"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Application8]
"Conduit"="SgTasksCn.dll"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Application9]
"Conduit"="SgMemosCn.dll"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Component0]
"Conduit"="expcn20.dll"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Component1]
"Conduit"="notepad.dll"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Component2]
"Conduit"="voicememo.dll"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Core]
"InstallerConduitState"="0"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\HotSync Manager]
"BackupConduit"="bakcn20.dll"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\HotSync Manager\InstallConduit1]
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\HotSync Manager\InstallConduit2]
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\HotSync Manager\InstallConduit3]
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\SgPrefs]
"IncompatibleUiMessage"="A conflict in the installed conduits has been detected. This is caused when two different conduits are using the same PIM data type (e.g., Address Book vs. Contacts). To fix this problem, use the HotSync Custom dialog to change one set of conduits to "Do Nothing"."
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Community Alerts]
"Path"="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\AppDataLow\Software\Conduit]
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
"WSG_temp_referer"="http://search.conduit.com/Results.aspx?q=win32%2Ffastsaveapp&ctid=CT3072254&octid=CT3072254&SearchSource=1&CUI=SB_CUI/|#|old_value|||8641358353609802"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
"WSG_referrer"="http://search.conduit.com/Results.aspx|||8641348824975391"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Palm\Outlook Conduits]
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\Application1]
"Conduit"="SgPqiCn.dll"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\Application10]
"Conduit"="photos.dll"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\Application2]
"Conduit"="SgCalendarCn.dll"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\Application3]
"Conduit"="SgContactsCnC.dll"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\Application4]
"Conduit"="SgTasksCn.dll"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\Application5]
"Conduit"="SgMemosCnC.dll"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\Application6]
"Conduit"="SgCalendarCn.dll"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\Application7]
"Conduit"="SgContactsCn.dll"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\Application8]
"Conduit"="SgTasksCn.dll"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\Application9]
"Conduit"="SgMemosCn.dll"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\Component0]
"Conduit"="expcn20.dll"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\Component1]
"Conduit"="notepad.dll"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\Component2]
"Conduit"="voicememo.dll"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\Core]
"InstallerConduitState"="0"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\HotSync Manager]
"BackupConduit"="bakcn20.dll"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\HotSync Manager\InstallConduit1]
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\HotSync Manager\InstallConduit2]
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\HotSync Manager\InstallConduit3]
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\SgPrefs]
"IncompatibleUiMessage"="A conflict in the installed conduits has been detected. This is caused when two different conduits are using the same PIM data type (e.g., Address Book vs. Contacts). To fix this problem, use the HotSync Custom dialog to change one set of conduits to "Do Nothing"."

Searching for "Fun4IM"
No data found.

Searching for "Funmoods"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.c
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="soft-quick.info searchfunmoods.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsSetup_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsSetup_RASMANCS]
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="soft-quick.info searchfunmoods.com"

Searching for "GadgetBox"
No data found.

Searching for "gboxapp"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.c
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"

Searching for "iLivid"
No data found.

Searching for "Incredibar"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\incredibar.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}]
"URL"="http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6PQCnzubnG&i=26"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1]
"Publisher"="IncrediBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncredibarToolbar_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncredibarToolbar_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\incredibar_install_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\incredibar_install_RASMANCS]
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\incredibar.com]
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}]
"URL"="http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6PQCnzubnG&i=26"

Searching for "IObit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\IObit]
[HKEY_CURRENT_USER\Software\IObit]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.c
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\IObit\Advanced SystemCare 6\Suc10_Uninstal.exe"="Uninstall Programs"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\IObit\Advanced SystemCare 6\unins000.exe"="Setup/Uninstall"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\IObit Malware Fighter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\//\//\IObit Cloud Anti-Malwre]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\IObit Malware Fighter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\IObit Malware Fighter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E5D7A28B1734BBF4793EA1C766649A33]
"ProductName"="IObit Toolbar v6.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E5D7A28B1734BBF4793EA1C766649A33\SourceList]
"PackageName"="iobitToolbar.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\IObit Malware Fighter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
"AppPath"="C:\Program Files (x86)\IObit Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RDP-WinIP-Package-MiniLP~31bf3856ad364e35~amd64~en-US~7.1.7601.16398]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2592687.cab_Temp\26F4AAED-379F-4111-9D6F-E519AA239E46\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RDP-WinIP-Package-TopLevel~31bf3856ad364e35~amd64~~7.1.7601.16398]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2592687.cab_Temp\26F4AAED-379F-4111-9D6F-E519AA239E46\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RDP-WinIP-Package~31bf3856ad364e35~amd64~en-US~7.1.7601.16398]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2592687.cab_Temp\26F4AAED-379F-4111-9D6F-E519AA239E46\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RDP-WinIP-Package~31bf3856ad364e35~amd64~~7.1.7601.16398]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2592687.cab_Temp\26F4AAED-379F-4111-9D6F-E519AA239E46\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RemoteDesktopClient-WinIP-Package~31bf3856ad364e35~amd64~en-US~7.1.7601.16398]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2592687.cab_Temp\26F4AAED-379F-4111-9D6F-E519AA239E46\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RemoteDesktopClient-WinIP-Package~31bf3856ad364e35~amd64~~7.1.7601.16398]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2592687.cab_Temp\26F4AAED-379F-4111-9D6F-E519AA239E46\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RemoteDesktopService-WinIP-Package~31bf3856ad364e35~amd64~en-US~7.1.7601.16398]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2592687.cab_Temp\26F4AAED-379F-4111-9D6F-E519AA239E46\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RemoteDesktopService-WinIP-Package~31bf3856ad364e35~amd64~~7.1.7601.16398]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2592687.cab_Temp\26F4AAED-379F-4111-9D6F-E519AA239E46\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2675157~31bf3856ad364e35~amd64~~9.4.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2675157.cab_Temp\6B49F6B0-93E1-454D-8B44-5B325E9CFAC2\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2709981~31bf3856ad364e35~amd64~~6.1.2.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2709981.cab_Temp\CBD65FB9-7258-459C-A844-F4ED5378343B\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_26_for_KB2574819~31bf3856ad364e35~amd64~~6.1.1.7]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2574819.cab_Temp\4DC2ED97-50AD-4999-BFD5-1E2E6CFB5089\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_27_for_KB2574819~31bf3856ad364e35~amd64~~6.1.1.7]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2574819.cab_Temp\4DC2ED97-50AD-4999-BFD5-1E2E6CFB5089\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_29_for_KB2574819~31bf3856ad364e35~amd64~~6.1.1.7]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2574819.cab_Temp\4DC2ED97-50AD-4999-BFD5-1E2E6CFB5089\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2653956.cab_Temp\96D2D4E3-1F02-4EF4-97F5-117D92C426D0\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2679255~31bf3856ad364e35~amd64~~6.1.2.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2679255.cab_Temp\072C0885-7440-4D56-982F-6CD2C238AB66\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_3_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2653956.cab_Temp\96D2D4E3-1F02-4EF4-97F5-117D92C426D0\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_3_for_KB2679255~31bf3856ad364e35~amd64~~6.1.2.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2679255.cab_Temp\072C0885-7440-4D56-982F-6CD2C238AB66\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_9_for_KB2679255~31bf3856ad364e35~amd64~~6.1.2.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2679255.cab_Temp\072C0885-7440-4D56-982F-6CD2C238AB66\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2574819_SP1~31bf3856ad364e35~amd64~~6.1.1.7]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2574819.cab_Temp\4DC2ED97-50AD-4999-BFD5-1E2E6CFB5089\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2574819~31bf3856ad364e35~amd64~~6.1.1.7]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2574819.cab_Temp\4DC2ED97-50AD-4999-BFD5-1E2E6CFB5089\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2653956_SP1~31bf3856ad364e35~amd64~~6.1.1.5]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2653956.cab_Temp\96D2D4E3-1F02-4EF4-97F5-117D92C426D0\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2653956.cab_Temp\96D2D4E3-1F02-4EF4-97F5-117D92C426D0\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2675157_RTM~31bf3856ad364e35~amd64~~9.4.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2675157.cab_Temp\6B49F6B0-93E1-454D-8B44-5B325E9CFAC2\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2675157~31bf3856ad364e35~amd64~~9.4.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2675157.cab_Temp\6B49F6B0-93E1-454D-8B44-5B325E9CFAC2\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2679255_RTM~31bf3856ad364e35~amd64~~6.1.2.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2679255.cab_Temp\072C0885-7440-4D56-982F-6CD2C238AB66\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2679255_SP1~31bf3856ad364e35~amd64~~6.1.2.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2679255.cab_Temp\072C0885-7440-4D56-982F-6CD2C238AB66\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2679255~31bf3856ad364e35~amd64~~6.1.2.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2679255.cab_Temp\072C0885-7440-4D56-982F-6CD2C238AB66\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2709981_SP1~31bf3856ad364e35~amd64~~6.1.2.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2709981.cab_Temp\CBD65FB9-7258-459C-A844-F4ED5378343B\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2709981~31bf3856ad364e35~amd64~~6.1.2.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2709981.cab_Temp\CBD65FB9-7258-459C-A844-F4ED5378343B\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\IObit Toolbar\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\IObit Toolbar\Res\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\IObit Toolbar\Res\Lang\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\IObit Toolbar\FF\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\IObit Toolbar\FF\chrome\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\IObit Toolbar\IE\6.6\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\IObit Toolbar\IE\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\227891B259797954E88A157FD9F260A0]
"E5D7A28B1734BBF4793EA1C766649A33"="C:\Program Files (x86)\IObit Toolbar\WidgiHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23B4B261A2ECC1943BE70631F436E48A]
"E5D7A28B1734BBF4793EA1C766649A33"="C:\Program Files (x86)\IObit Toolbar\Res\Lang\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\31DCED2B089CF994E8AE06ACC68A5EE9]
"E5D7A28B1734BBF4793EA1C766649A33"="C:\Program Files (x86)\IObit Toolbar\Res\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49EFEF44F9F9E174D88D2367B8D09298]
"E5D7A28B1734BBF4793EA1C766649A33"="C:\Program Files (x86)\IObit Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7F690F9F1CABCA34A98316B70CEF929B]
"E5D7A28B1734BBF4793EA1C766649A33"="C:\Program Files (x86)\IObit Toolbar\IE\6.6\iobitToolbarIE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8AA3AE5B29805BA45936E77BE5D17854]
"E5D7A28B1734BBF4793EA1C766649A33"="C?\Program Files (x86)\IObit Toolbar\FF\install.rdf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98726D23C6BC87F4FAC2D95AE4948E72]
"E5D7A28B1734BBF4793EA1C766649A33"="C?\Program Files (x86)\IObit Toolbar\FF\chrome\chrome.jar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A2A9776E1D82C384AAF9A1C74B6EFF03]
"E5D7A28B1734BBF4793EA1C766649A33"="C?\Program Files (x86)\IObit Toolbar\FF\chrome.manifest"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C8B34D3806072054880CD17980F94CCF]
"E5D7A28B1734BBF4793EA1C766649A33"="C:\Program Files (x86)\IObit Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E5D7A28B1734BBF4793EA1C766649A33\InstallProperties]
"InstallLocation"="C:\Program Files (x86)\IObit Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E5D7A28B1734BBF4793EA1C766649A33\InstallProperties]
"DisplayName"="IObit Toolbar v6.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Application Updater\Subscriptions\41]
"regpath"="Software\IObit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
"serverURL"="http://iobit.mybrowserbar.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
"partnerName"="IObit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
"partnerNameSafe"="iobit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
"ffext_path"="C:\Program Files (x86)\IObit Toolbar\FF\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
"installDir"="C:\Program Files (x86)\IObit Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\Advanced SystemCare 6]
"installpath"="C:\Program Files (x86)\IObit\Advanced SystemCare 6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\IObit Malware Fighter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\RegistryDefragBoot]
"LogPath"="\??\C:\Program Files (x86)\IObit\Advanced SystemCare 6\BootTimeLog\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iobitappsToolbar-stub-1_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iobitappsToolbar-stub-1_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IObitToolbar-stub-1_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IObitToolbar-stub-1_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter"
[HKEY_USERS\.DEFAULT\Software\IObit]
[HKEY_USERS\.DEFAULT\Software\IObit\Advanced SystemCare 6]
"OldPath"="C:\Program Files (x86)\IObit\Advanced SystemCare 5\unins000.exe"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\AppDataLow\Software\IObit]
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\IObit]
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\IObit\Advanced SystemCare 6\Suc10_Uninstal.exe"="Uninstall Programs"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\IObit\Advanced SystemCare 6\unins000.exe"="Setup/Uninstall"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\IObit\Advanced SystemCare 6\Suc10_Uninstal.exe"="Uninstall Programs"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\IObit\Advanced SystemCare 6\unins000.exe"="Setup/Uninstall"
[HKEY_USERS\S-1-5-18\Software\IObit]
[HKEY_USERS\S-1-5-18\Software\IObit\Advanced SystemCare 6]
"OldPath"="C:\Program Files (x86)\IObit\Advanced SystemCare 5\unins000.exe"

Searching for "Rapport"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Trusteer\Rapport\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Trusteer\Rapport\bin\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Trusteer\Rapport\bin\x64\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\184F97B0114E2454F945388651600D21]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19681\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30B6297A103051A4EA88586B82CF8953]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19917\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3AF252B42455C054A8C5D582418D33E4]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4998D4CAFB29ED2429752DD6A2EBC7C2]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\KoanLight_41311.rpkg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4998D4CAFB29ED2429752DD6A2EBC7C2]
"10000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4DAA008A16873814EB34949637601218]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\NikkoLight_39820.rpkg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4DAA008A16873814EB34949637601218]
"10000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6406074B7A68DFE4A9D05C641274D19C]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\18481\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69EC7AEB378309D4484447304851332C]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19417\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D8ED67F246AE484AAC5070B6D19A1E1]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\17053\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94F383FCE0103DB45AAF8A9C449ADBCA]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\18130\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D2261D0CC4D1694DB1EC5877F83BA85]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\TanzanLight_39750.rpkg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D2261D0CC4D1694DB1EC5877F83BA85]
"10000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A14715CD5BFDF43B0DE6BCAF4E5728]
"10000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A14715CD5BFDF43B0DE6BCAF4E5728]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF61A5397EF5DEE48A8DD633E51DC755]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS_39624.rpkg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF61A5397EF5DEE48A8DD633E51DC755]
"10000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E568096D548215947887D41B47F21743]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\RapportGP_38854.rpkg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E568096D548215947887D41B47F21743]
"10000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E69EE9F6EBC26FD4CAB2AD12D31485A9]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\19514\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}]
"DisplayName"="Rapport"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility Assistant]
"ExecutablestoExclude"="C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RapportMgmtService_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RapportMgmtService_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RapportService_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RapportService_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RapportSetup_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RapportSetup_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Trusteer\Rapport]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_34302]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000]
"Service"="RapportCerberus_34302"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000]
"DeviceDesc"="RapportCerberus_34302"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_42020]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000]
"Service"="RapportCerberus_42020"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000]
"DeviceDesc"="RapportCerberus_42020"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_43926]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000]
"Service"="RapportCerberus_43926"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000]
"DeviceDesc"="RapportCerberus_43926"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_44365]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000]
"Service"="RapportCerberus_44365"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000]
"DeviceDesc"="RapportCerberus_44365"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTEI64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTEI64\0000]
"Service"="RapportEI64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTEI64\0000]
"DeviceDesc"="RapportEI64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTKE64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTPG64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTPG64\0000]
"Service"="RapportPG64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTPG64\0000]
"DeviceDesc"="RapportPG64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_34302]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000]
"Service"="RapportCerberus_34302"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000]
"DeviceDesc"="RapportCerberus_34302"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_42020]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000]
"Service"="RapportCerberus_42020"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000]
"DeviceDesc"="RapportCerberus_42020"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_43926]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000]
"Service"="RapportCerberus_43926"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000]
"DeviceDesc"="RapportCerberus_43926"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_44365]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000]
"Service"="RapportCerberus_44365"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000]
"DeviceDesc"="RapportCerberus_44365"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTEI64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTEI64\0000]
"Service"="RapportEI64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTEI64\0000]
"DeviceDesc"="RapportEI64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTKE64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTPG64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTPG64\0000]
"Service"="RapportPG64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTPG64\0000]
"DeviceDesc"="RapportPG64"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_34302]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000]
"Service"="RapportCerberus_34302"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000]
"DeviceDesc"="RapportCerberus_34302"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_42020]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000]
"Service"="RapportCerberus_42020"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000]
"DeviceDesc"="RapportCerberus_42020"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_43926]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000]
"Service"="RapportCerberus_43926"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000]
"DeviceDesc"="RapportCerberus_43926"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_44365]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000]
"Service"="RapportCerberus_44365"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000]
"DeviceDesc"="RapportCerberus_44365"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTEI64]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTEI64\0000]
"Service"="RapportEI64"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTEI64\0000]
"DeviceDesc"="RapportEI64"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTKE64]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTPG64]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTPG64\0000]
"Service"="RapportPG64"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTPG64\0000]
"DeviceDesc"="RapportPG64"
[HKEY_USERS\.DEFAULT\Software\Trusteer\Rapport]
[HKEY_USERS\S-1-5-18\Software\Trusteer\Rapport]

Searching for "Trusteer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Trusteer\Rapport\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Trusteer\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Trusteer\Rapport\bin\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Trusteer\Rapport\bin\x64\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\184F97B0114E2454F945388651600D21]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19681\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30B6297A103051A4EA88586B82CF8953]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19917\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3AF252B42455C054A8C5D582418D33E4]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4998D4CAFB29ED2429752DD6A2EBC7C2]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\KoanLight_41311.rpkg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4998D4CAFB29ED2429752DD6A2EBC7C2]
"10000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4DAA008A16873814EB34949637601218]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\NikkoLight_39820.rpkg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4DAA008A16873814EB34949637601218]
"10000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6406074B7A68DFE4A9D05C641274D19C]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\18481\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69EC7AEB378309D4484447304851332C]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19417\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D8ED67F246AE484AAC5070B6D19A1E1]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\17053\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94F383FCE0103DB45AAF8A9C449ADBCA]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\18130\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D2261D0CC4D1694DB1EC5877F83BA85]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\TanzanLight_39750.rpkg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D2261D0CC4D1694DB1EC5877F83BA85]
"10000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A14715CD5BFDF43B0DE6BCAF4E5728]
"10000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A14715CD5BFDF43B0DE6BCAF4E5728]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF61A5397EF5DEE48A8DD633E51DC755]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS_39624.rpkg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF61A5397EF5DEE48A8DD633E51DC755]
"10000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E568096D548215947887D41B47F21743]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\RapportGP_38854.rpkg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E568096D548215947887D41B47F21743]
"10000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E69EE9F6EBC26FD4CAB2AD12D31485A9]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\19514\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}]
"Publisher"="Trusteer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility Assistant]
"ExecutablestoExclude"="C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Trusteer]
[HKEY_USERS\.DEFAULT\Software\Trusteer]
[HKEY_USERS\S-1-5-18\Software\Trusteer]

Searching for "trolltech"
No data found.

Searching for "whitesmoke"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.c
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"

Searching for "Yontoo"
No data found.

-= EOF =-

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I'll post this and continue with the balance on another post.
Thanks.
luvfishn
Regular Member
 
Posts: 28
Joined: January 21st, 2013, 10:03 am
Location: Canada/USA

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby luvfishn » January 24th, 2013, 2:39 pm

I'm back pgmigg!

1) TDSSKILLER scan returned results were 'No Threats Found'. Therefore, it didn't produce a log file, or
atleast I could not find one!


2) Here is the content from the file generated by the fresh OTL scan ...

File Name = Extras.Txt

OTL Extras logfile created on: 1/24/2013 2:16:25 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Luvfishn\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 5.68 Gb Available Physical Memory | 71.84% Memory free
19.77 Gb Paging File | 17.37 Gb Available in Paging File | 87.88% Paging File free
Paging file location(s): c:\pagefile.sys 12147 12147 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 579.64 Gb Total Space | 377.06 Gb Free Space | 65.05% Space Free | Partition Type: NTFS
Drive E: | 22.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive S: | 2794.49 Gb Total Space | 2194.24 Gb Free Space | 78.52% Space Free | Partition Type: NTFS

Computer Name: BOBS_LAPTOP | User Name: Luvfishn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002B0049-D928-4091-9322-79570BB78E4C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{062D5069-CF6B-4903-9576-CCEB824A91A6}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{063B6785-5A33-41E1-BF5D-276616CBE3E9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0980943E-1E11-408E-8849-11CB9F893C19}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0A7BFD4D-58AA-40DB-91AD-761BE9308915}" = lport=138 | protocol=17 | dir=in | app=system |
"{14DD193B-E5E6-4AF8-B670-3909834A1F65}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C5BC630-2E36-4506-9EAA-E62F69873691}" = lport=50001 | protocol=17 | dir=in | name=iha_messagecenter |
"{24A8C5C3-E507-47FF-B970-0642F830205E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{25351FC6-E61A-4D59-B2F0-0ECE60BCEF7A}" = lport=137 | protocol=17 | dir=in | app=system |
"{274EB5A9-3BDD-40C4-971F-4586C8DCC3D9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{28ED2480-B807-47CB-83C9-42D891EF4F8C}" = rport=445 | protocol=6 | dir=out | app=system |
"{2A30B4A9-E16C-4ACE-A3F1-DBE5F8CED1D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2AEF6444-50EF-44FA-92B1-9E15282F0B6A}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2F264077-3BAB-42C2-8808-92568871B7CA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2FDC904D-4FC2-4CC2-B225-B85101C5D2B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{385F4254-F84E-4E38-B374-209A464FA28B}" = lport=139 | protocol=6 | dir=in | app=system |
"{3B820C80-62DD-43B7-83F6-9A72226EBAC6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{452A6A94-6BE9-4A79-8EB2-61B0BDB79D20}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4ED2F8AC-263F-4A72-BEE5-43EB5583DA3C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5450716C-A89B-49DA-A7EB-39BCE09ABC90}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5908E83F-A67E-4D95-B275-37A845D908C0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{65C85A20-CF58-4DB9-B948-F1EC9EFFE930}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F76C405-315A-443F-A149-7494713CC304}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{732B9E7E-AC50-498C-9EDF-0514087DBA31}" = rport=138 | protocol=17 | dir=out | app=system |
"{74CD130B-F99E-40CF-A2F5-D67B0E1E7314}" = lport=7000 | protocol=17 | dir=in | name=windows easy transfer udp port |
"{7F4A6643-8D65-494D-8163-67AE2926EF43}" = rport=137 | protocol=17 | dir=out | app=system |
"{8877C794-2B8F-4062-8AD5-4EAF89EE5EE8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8D4B1698-5522-4731-884B-62E35660B4F0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{91776914-7706-4988-9E4F-520B228D88B2}" = lport=50001 | protocol=17 | dir=in | name=iha_messagecenter |
"{9787E718-936F-4188-BC5A-0EC18A911E20}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A3C40DBC-4ABC-46D4-A13B-28A9030D1C8D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A608F4BC-9FBB-4647-9E6A-2CED9C99DA90}" = rport=139 | protocol=6 | dir=out | app=system |
"{B0FABD18-5E21-49E8-B399-56F1120973DE}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B121D3DF-E1D9-411A-8E89-5DF0FB228844}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B601BC64-9822-4D72-B2C2-0D078A9FD176}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B8C39C84-E386-483C-BE2B-497DAB751D46}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BEA0D911-8C9A-407F-BAD0-6746CEA0587A}" = lport=445 | protocol=6 | dir=in | app=system |
"{CE72B0B2-95C3-4988-A454-7083899C5F4B}" = lport=7000 | protocol=6 | dir=in | name=windows easy transfer tcp port |
"{D0915438-777E-484C-9120-C932795E8ACE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D19C23D8-220C-4D61-BB4A-DF4EFC14BEAA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DB4BBA55-DFBD-4482-9B00-4B482F81D9FA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EB6119DE-5CBA-48E3-BF5D-52BE3934F895}" = rport=2869 | protocol=6 | dir=out | app=system |
"{F7628304-DC68-4649-9A14-5315F5E95D04}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F84D1531-0F5D-4BB6-9A1F-5658B0279797}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{F9CEC696-7DD9-45AB-A03F-EE6EE20514A8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FD07D9B4-CC76-4C1A-8F89-E9C6762465D8}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{FF4009F4-9540-4AAD-9608-BA87521B98CC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{076E2680-3082-4A3C-8777-9715AFD5211F}" = protocol=17 | dir=in | app=c:\users\luvfishn\appdata\local\temp\7zsb4be.tmp\symnrt.exe |
"{079924EB-641A-47D9-9C4B-59A5AF47F788}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{0A97033B-6C2C-4A0F-9530-528353089BBA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{14F238E0-5D87-457F-9A4F-08BF95E2FCFC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{179BEE0F-9040-421E-A3F9-6E410FCAFD8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{19425CC1-5A8F-4109-BFDD-FD297EB81496}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe |
"{1CCCF3D2-C389-4CB8-A18D-890BF51DA58C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{22E41E40-82A5-48BB-A86F-48D33C46952E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{265E1BCA-8C1D-4CBE-AE24-8BDA5C24B692}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{28D15142-0865-4487-87B9-AE1CF6065983}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{29A5A828-1A17-4DB8-9310-8E8A14E06242}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{2A1D4656-3B17-4355-A7CC-718A0C10D159}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2F769ADD-455C-42DF-BAB2-808028DB25B7}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{360D7532-D9E7-40C3-B7E1-AEF8E807E66A}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{3C5DB9B3-8746-41BA-B9D9-1A7884F8F1C0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{3C87C12A-58FC-4681-BBFD-A45260BAAB41}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{3F0CE717-5F74-4157-8885-84A2A5A3590E}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{3FAC0900-5C32-4E0B-84D3-1584DFEB4F50}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{403409CA-8539-4313-8436-A64D7AACB1C2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{40693332-1CCC-4981-962F-AC9F55C85A22}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{43FA3CF6-3CD6-4D11-ABD6-318114E644D9}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{44CB2F30-135D-40CC-8556-E10B5C7EC6B6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{47937346-5A8A-4E47-AD27-ACAF4EE5147D}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{52D5517E-46AA-4E78-8682-81D022AF970B}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{53259CA0-0B9D-41B4-9F55-03CCC8FDD6E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{53C30A38-375B-4EAC-A4FC-7255FEE57685}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{571CC6DC-F98E-42BD-9E2E-51562CB499B0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{60E52F89-DEDC-447F-AB23-B6EC99A157C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{61BEFF84-2F59-4997-9CFC-9CC13C5DC34D}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{680FCCE5-695C-4A86-A151-4240238DEB55}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{70917B04-5122-46CE-9398-A8BC752F72E8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{71F9730D-27FC-4332-90CC-34DDC7DA107F}" = protocol=6 | dir=out | app=system |
"{7CE12B62-6DAD-466C-B0C5-24A87E076959}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{88C5A3E7-4BAD-4728-BDBF-AA0EA731E850}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8EE473FB-B0B9-459F-AEB6-1733A7CB5BEB}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe |
"{9504C784-6F7B-482D-BEB3-D6705DE593D1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{9A177E1D-C131-482D-B1D1-8FB79357C010}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{9ED72962-9B41-4F57-A6D2-5FE1FD672260}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{A9857C0D-9FBD-42EA-A25D-09D4A94464AB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{AAE59403-2D69-40DF-ABB6-4211433C8255}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{AC17A5BF-653D-4631-B409-EE438CE8A58E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{ACADFF57-A062-4803-9C74-8A1A88391191}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{AD08950C-F53B-4BAA-909A-71BEF7BC6BC6}" = protocol=6 | dir=in | app=c:\users\luvfishn\appdata\local\temp\7zsb4be.tmp\symnrt.exe |
"{B237A923-DFE7-493B-AC20-3E0EA834EA6E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B290D3B9-6DAE-4C18-A2D2-FC6F65D6D4EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B2F51FCB-80C9-4A69-B84A-402FA81EA810}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{B877E973-7294-4168-BA11-1B58551E9BE4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C8580AE8-161A-47C8-A222-6EAFC2D911F8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{C872428A-EEC0-4859-981B-44A990B4821D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{D316DC4F-AEDB-4F88-836F-6243E1BE562D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D411B4F3-A78F-4C1C-A455-C5E714D47214}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{D62399BE-7D6B-4B8C-849F-36DD92B7FD46}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{D7431A5E-8DB2-46A0-9AB7-7D95A170C48C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{D7B61FFB-C80D-4464-9514-AABC44D29AB9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{DA529D3F-A87C-4FC2-B6B8-AE5D27840B8E}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{DE57120F-CDB7-4620-B213-AB57E1BE826D}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{DF12F3A9-92EA-47FB-BA7F-0ADDFB08EA0C}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{E3993706-FF06-4CC3-9705-BB068E238672}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E5FB9C7E-C550-49AF-BC69-4CBD6A1624AE}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{E64ADEDF-1008-494B-87C7-3316A8FF4D95}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EA3ADFBA-90DD-4194-83F0-410C3D9736B0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{EAF673D7-624B-4FC8-B08E-E876F0509C6D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{ED796C4E-7889-48B5-93EB-49B81B88C32C}" = dir=in | app=c:\users\luvfishn\appdata\local\temp\7zs556f\setup\hpznui40.exe |
"{F0D0D8AA-D856-4130-9382-BD7E42ED55E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F258C17B-C1AD-445A-AFFB-3228A2CEBD66}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{F4D96F5F-0D48-4F68-972E-2A0C680672BB}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{FDE529BD-7B1B-4CE6-998E-04E9BE2694A7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{0A943857-FAB4-448A-9E5A-087D20E7ECF1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{1C39489A-611E-4436-ACF5-F8BA1E99AFA7}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{6E9C0B30-12D4-4AF0-8371-F3350B23E7B1}C:\users\luvfishn\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\luvfishn\desktop\utorrent.exe |
"TCP Query User{BE5275DB-CEE9-40CD-9E63-7992F7CDEF89}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{CA69E02A-6188-417D-9C6A-07EB913FBFCE}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{4A5B7364-32D7-4543-87A9-BD765B736772}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{5506C222-41EA-43BF-BE11-B8FFC5924A3E}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{71AC7422-B0C5-4E31-BB09-7852E955DD59}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{9E12A92F-779B-4E65-BFD6-D57A9B6EF229}C:\users\luvfishn\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\luvfishn\desktop\utorrent.exe |
"UDP Query User{C2F8D3FD-74EE-4E75-8AC6-A5F627130FBE}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{22A51951-1F45-4C8A-B888-306527F9C45F}" = WD SmartWare
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.485
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
"{42F0FD29-7EB3-4CAA-AF10-BC2619B96D80}" = MrvlUsgTracking64
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{71C4F928-136A-4222-A191-310E081FB96B}" = HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 5
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}" = TOSHIBA eco Utility
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FA0DC1C2-34A4-4478-A693-7C8621EEE334}" = SaveByClick
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Logitech Unifying" = Logitech Unifying Software 2.00
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"SaveByClick" =
"Shop for HP Supplies" = Shop for HP Supplies
"sp6" = Logitech SetPoint 6.32
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.11 (64-bit)
"WNLT" = Web Optimizer

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00FE2935-FB56-4410-AB5F-D6E70C1771D2}" = Garmin WebUpdater
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}" = Vz In Home Agent
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}" = Garmin Lifetime Updater
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12CAA28E-56CA-4C3D-B3F2-7311540DD410}" = TurboTax 2011
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{22613FA5-4D3B-4EE5-8E4A-39EBE649324E}" = Garmin BaseCamp
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26B5A6D1-1F75-3B59-5825-E4D4CAE3445D}" =
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB2.0 VIDBOX NW03
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3BE24392-35A7-4A84-AA82-EF53EFCA2AF8}" = Machete 3.8
"{3D12E3F0-3E73-4267-B452-2BBF140343E6}" = Verizon Download Manager
"{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}" = Garmin USB Drivers
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E9C9EE1-1964-4519-BF80-652E7F415ECF}" = WD Drive Utilities
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{44FF002B-5AB3-4447-8F98-614387B63EE6}" = honestech VHS to DVD 5.0 Deluxe
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{59E44523-0F0F-4454-9F37-E951BBA55B84}" = C309a
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5E33D30D-D896-4D92-B033-5F45819B2937}" = Strongvault Online Backup
"{617773AE-ADBA-4479-BB04-65FE7758B35C}" = TOSHIBA Wireless Display Monitor
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA VIDEO PLAYER
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7257132D-7F65-41E6-A90F-43BF6099461A}" = Intel(R) WiDi
"{726DDC29-79B3-41B4-BDBF-97DF25BF1EA8}" = TurboTax 2012
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth
"{834265C4-CDF4-44D3-BD24-31531617EFB8}" = IHA_MessageCenter
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B542C2E-D2AC-4460-B9F2-BA5A907A544F}" = honestech VHS to DVD 5.0 Deluxe
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-00D1-0409-0000-0000000FF1CE}" = Microsoft Access database engine 2010 (English)
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A6C3D5F0-3C6C-46BF-A8D0-06EE92E02E9E}_is1" = AD Blocker
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC015C45-1667-40A4-A126-966EE5629062}" = Quicken 2010
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C31337DE-0CDC-45A9-9A32-F099AC78D557}" = Toshiba Book Place
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{C82185E8-C27B-4EF4-2011-4444BC2C2B6D}" = Microsoft Streets & Trips 2011
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0AE9222-C133-4135-BE5B-BE6ED6D6D78B}" = DeLorme Street Atlas USA 2011
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE2E1909-12C2-4249-8003-7978BEA3A14F}" = Garmin City Navigator North America NT 2013.10 Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1AC923B-2A52-4C5D-8011-5FC83CD58CF4}" = hppusgP1000
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FA0E7183-6B11-4899-B25F-2C490543967E}" = PS_AIO_05_C309_Software_Min
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Anvi Smart Defender" = Anvi Smart Defender 1.8
"BFGC" = Big Fish Games: Game Manager
"BFG-Hidden Expedition - Titanic" = Hidden Expedition &reg;: Titanic
"BFG-Magic Ball 2 New Worlds" = Magic Ball 2 New Worlds
"Cisco Connect" = Cisco Connect
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DivX Setup" = DivX Setup
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"ImgBurn" = ImgBurn
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"KeePass Password Safe_is1" = KeePass Password Safe 1.21
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Matroska Pack" = Matroska Pack
"Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"Rainlendar2" = Rainlendar2 (remove only)
"RealPlayer 16.0" = RealPlayer
"SP_661c9f97" =
"SP_a8235b05" = Search Assistant SoftQuick 1.66
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WTA-2f485546-2f39-4fd4-bd43-84fbd11f6664" = RollerCoaster Tycoon 3: Platinum
"WTA-31115219-cfb3-4b1b-a545-50604171683d" = Bejeweled 3
"WTA-46c72ae7-1ebe-4bd2-9d11-18c33159e5c5" = Tales of Lagoona
"WTA-92fb430d-f2ef-4fd0-80c6-7076da88e682" = Zuma's Revenge
"WTA-94779ac0-4973-410b-9579-c91c390837d0" = Plants vs. Zombies - Game of the Year
"WTA-af48de5f-568c-4f97-83a2-1f6dcaf59c27" = FATE - The Traitor Soul
"WTA-bfa5f194-6483-4b42-b089-4bf5aa2913f0" = Penguins!
"WTA-c49b7352-4bbc-4f16-a77f-713ed645bf8a" = Polar Bowler
"WTA-fe977a71-0bc6-48ef-8157-31fd98284823" = Letters from Nowhere 2
"YouTube Free Downloader" = YouTube Free Downloader

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HuluDesktop" = Hulu Desktop
"SecureKey" = SecureKey

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/6/2012 4:43:33 PM | Computer Name = Bobs_Laptop | Source = SecureKey | ID = 131328
Description =

Error - 11/6/2012 4:44:03 PM | Computer Name = Bobs_Laptop | Source = SecureKey | ID = 131328
Description =

Error - 11/6/2012 4:44:03 PM | Computer Name = Bobs_Laptop | Source = SecureKey | ID = 131328
Description =

Error - 11/6/2012 4:44:03 PM | Computer Name = Bobs_Laptop | Source = SecureKey | ID = 131328
Description =

Error - 11/6/2012 4:44:33 PM | Computer Name = Bobs_Laptop | Source = SecureKey | ID = 131328
Description =

Error - 11/6/2012 4:44:33 PM | Computer Name = Bobs_Laptop | Source = SecureKey | ID = 131328
Description =

Error - 11/6/2012 4:44:33 PM | Computer Name = Bobs_Laptop | Source = SecureKey | ID = 131328
Description =

Error - 11/6/2012 4:45:04 PM | Computer Name = Bobs_Laptop | Source = SecureKey | ID = 131328
Description =

Error - 11/6/2012 4:47:34 PM | Computer Name = Bobs_Laptop | Source = SecureKey | ID = 131328
Description =

Error - 11/6/2012 4:49:04 PM | Computer Name = Bobs_Laptop | Source = SecureKey | ID = 131328
Description =

[ Media Center Events ]
Error - 7/22/2012 6:15:09 AM | Computer Name = Bobs_Laptop | Source = MCUpdate | ID = 0
Description = 7:15:08 AM - Failed to retrieve SportsSchedule (Error: The operation
has timed out)

Error - 8/23/2012 6:39:38 AM | Computer Name = Bobs_Laptop | Source = MCUpdate | ID = 0
Description = 7:39:27 AM - Error connecting to the internet. 7:39:27 AM - Unable
to contact server..

Error - 9/16/2012 1:51:38 PM | Computer Name = Bobs_Laptop | Source = MCUpdate | ID = 0
Description = 2:51:38 PM - Error connecting to the internet. 2:51:38 PM - Unable
to contact server..

Error - 9/16/2012 1:51:56 PM | Computer Name = Bobs_Laptop | Source = MCUpdate | ID = 0
Description = 2:51:44 PM - Error connecting to the internet. 2:51:44 PM - Unable
to contact server..

Error - 9/16/2012 2:52:04 PM | Computer Name = Bobs_Laptop | Source = MCUpdate | ID = 0
Description = 3:52:04 PM - Error connecting to the internet. 3:52:04 PM - Unable
to contact server..

Error - 9/16/2012 2:52:14 PM | Computer Name = Bobs_Laptop | Source = MCUpdate | ID = 0
Description = 3:52:09 PM - Error connecting to the internet. 3:52:09 PM - Unable
to contact server..

Error - 9/16/2012 3:52:18 PM | Computer Name = Bobs_Laptop | Source = MCUpdate | ID = 0
Description = 4:52:18 PM - Error connecting to the internet. 4:52:18 PM - Unable
to contact server..

Error - 9/16/2012 3:52:24 PM | Computer Name = Bobs_Laptop | Source = MCUpdate | ID = 0
Description = 4:52:23 PM - Error connecting to the internet. 4:52:23 PM - Unable
to contact server..

Error - 9/16/2012 4:52:28 PM | Computer Name = Bobs_Laptop | Source = MCUpdate | ID = 0
Description = 5:52:28 PM - Error connecting to the internet. 5:52:28 PM - Unable
to contact server..

Error - 9/16/2012 4:52:33 PM | Computer Name = Bobs_Laptop | Source = MCUpdate | ID = 0
Description = 5:52:33 PM - Error connecting to the internet. 5:52:33 PM - Unable
to contact server..

[ System Events ]
Error - 1/24/2013 1:24:46 PM | Computer Name = Bobs_Laptop | Source = Service Control Manager | ID = 7031
Description = The Shell Hardware Detection service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 1/24/2013 1:24:46 PM | Computer Name = Bobs_Laptop | Source = Service Control Manager | ID = 7031
Description = The Themes service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 60000 milliseconds: Restart the
service.

Error - 1/24/2013 1:24:46 PM | Computer Name = Bobs_Laptop | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 1/24/2013 1:25:10 PM | Computer Name = Bobs_Laptop | Source = DCOM | ID = 10010
Description =

Error - 1/24/2013 1:25:46 PM | Computer Name = Bobs_Laptop | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Shell Hardware Detection service,
but this action failed with the following error: %%1056

Error - 1/24/2013 1:25:46 PM | Computer Name = Bobs_Laptop | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Server service, but this action
failed with the following error: %%1056

Error - 1/24/2013 1:26:46 PM | Computer Name = Bobs_Laptop | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 1/24/2013 1:26:46 PM | Computer Name = Bobs_Laptop | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Remote Access Connection Manager
service, but this action failed with the following error: %%1056

Error - 1/24/2013 1:26:46 PM | Computer Name = Bobs_Laptop | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the User Profile Service service,
but this action failed with the following error: %%1056

Error - 1/24/2013 1:26:46 PM | Computer Name = Bobs_Laptop | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Multimedia Class Scheduler
service, but this action failed with the following error: %%1056


< End of report >

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I response to your questions .....

1) I had no problems executing the instructions.
2) OTL log file has been posted.
3) Systemlook log file has been posted
4) TDSSKILLER found no threats .... therefore no log file?
5) Contents of fresh OTL log file has been posted
6) The pc seems to be operating normally. I don't know if the issues are resolved yet as
I will be surfing the net after I finish this post.

One again thank you for your help and perseverance!
luvfishn
Regular Member
 
Posts: 28
Joined: January 21st, 2013, 10:03 am
Location: Canada/USA

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby pgmigg » January 24th, 2013, 4:08 pm

Hello luvfishn,

Very good job! :D
2) Here is the content from the file generated by the fresh OTL scan ...

File Name = Extras.Txt
But there is one exception: you posted Extra.txt log instead of OTL.txt I requested. Don't worry now - I received enough data for the new set of instructions and will ask you to make fresh OTL scan at the end of that set - please be a little bit more attentive...
6) The pc seems to be operating normally. I don't know if the issues are resolved yet as
I will be surfing the net after I finish this post.
No, we are not finished yet and your computer contains a lot of stuff should be removed. If you return back to my first initial post, you can find there the sentence 'Please, continue responding, until I give you the "All Clean!" :cheers:'

Let continue...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Files
    C:\Users\Luvfishn\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\KSFD0CVG\bar.utorrent[1].xml
    C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@utorrent[2].txt
    C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Recent\utorrent.lnk
    C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar
    C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\chrome\utorrentcontrol.jar
    C:\Users\Luvfishn\AppData\Roaming\uTorrent\utorrent.lng
    C:\Users\Luvfishn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\1IDKEM6G\appsmetadata_toolbar_conduit-services_com[1].txt
    C:\Users\Luvfishn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\WLDF2BMN\conduit[1].htm
    C:\Users\Luvfishn\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1463703_1459357_US.xml
    C:\Users\Luvfishn\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_997308_993027_CA.xml
    C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.js
    C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.xpt
    C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.xml
    C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\components\ConduitAutoCompleteSearch.js
    C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\components\ConduitAutoCompleteSearch.xpt
    C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\searchplugin\conduit.xml
    C:\Users\Luvfishn\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\W9FMZX7Q\mystart.incredibar[1].xml
    C:\Users\Luvfishn\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\W9FMZX7Q\search.incredibar[1].xml
    C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\ffxtlbr@incredibar.com\content\incredibar.css
    C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\ffxtlbr@incredibar.com\content\incredibar.xul
    C:\Boot\BCD.iobit
    C:\Program Files (x86)\IObit Toolbar\IE\6.6\iobitToolbarIE.dll
    C:\Program Files (x86)\IObit Toolbar\Res\iobit_logo.gif
    C:\Program Files (x86)\IObit Toolbar\Res\iobit_logo_hover.gif
    C:\Users\Luvfishn\ntuser.dat.iobit
    C:\Users\Luvfishn\AppData\Local\Microsoft\Windows\UsrClass.dat.iobit
    C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\bob@iobit[2].txt
    C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\bob@www.iobit[1].txt
    C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\bob@www.iobit[2].txt
    C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.iobit[1].txt
    C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\{F0B1CEAC-7C0D-407c-B25E-623D7CBECCCB}\iobit.lock
    C:\Users\Luvfishn\Desktop\Desktop Icons\Security & Maintenance Tools\IObit Malware Fighter.lnk
    C:\Users\Luvfishn\Favorites\IObit Freeware (1).url
    C:\Users\Luvfishn\Favorites\IObit Freeware.URL
    C:\Users\Luvfishn\Favorites\From Internet Explorer\IObit Freeware.URL
    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.iobit
    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.iobit
    C:\Windows\System32\config\DEFAULT.iobit
    C:\Windows\System32\config\SAM.iobit
    C:\Windows\System32\config\SECURITY.iobit
    C:\Windows\System32\config\SOFTWARE.iobit
    C:\Windows\System32\config\SYSTEM.iobit
    C:\Users\Luvfishn\AppData\Roaming\uTorrent
    C:\Program Files (x86)\Conduit
    C:\Users\Luvfishn\AppData\Local\Conduit
    C:\Users\Luvfishn\AppData\LocalLow\Conduit
    C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\conduitCommon
    C:\Users\Luvfishn\AppData\Local\Temp\mt_ffx\Incredibar.com
    C:\Users\Luvfishn\AppData\Local\Temp\mt_ffx\Incredibar.com\incredibar
    C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\ffxtlbr@incredibar.com
    C:\IObit
    C:\Program Files (x86)\IObit
    C:\Program Files (x86)\IObit Toolbar
    C:\Program Files (x86)\IObit\IObit Malware Fighter
    C:\ProgramData\IObit
    C:\Users\All Users\IObit
    C:\Users\Default\AppData\Roaming\IObit
    C:\Users\Default\AppData\Roaming\IObit\IObit Malware Fighter
    C:\Users\Luvfishn\AppData\LocalLow\IObit
    C:\Users\Luvfishn\AppData\Roaming\IObit
    C:\Users\Luvfishn\AppData\Roaming\IObit\IObit Malware Fighter
    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit
    C:\ProgramData\Trusteer
    C:\Users\All Users\Trusteer
    C:\Users\Default\AppData\Local\Trusteer
    C:\Users\Luvfishn\AppData\Local\Trusteer
    
    :Reg
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\utorrent.com]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_whiteList"=-
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com]
    [-HKEY_CURRENT_USER\Software\SpeedMaxPc\SpeedMaxPc\ScanSettings\File Sharing History\uTorrent 1.x]
    [-HKEY_CURRENT_USER\Software\SpeedyPC Software\SpeedyPC Pro\ScanSettings\File Sharing History\uTorrent 1.x]
    [-HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe]
    [HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe\shell\open\command]
    @=""
    [HKEY_CURRENT_USER\Software\Classes\btdna\DefaultIcon]
    @=""
    [HKEY_CURRENT_USER\Software\Classes\btdna\shell\open\command]
    @=""
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\uTorrent\uTorrent.exe"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\AppPaths\client]
    "AppPath"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "TCP Query User{6E9C0B30-12D4-4AF0-8371-F3350B23E7B1}C:\users\luvfishn\desktop\utorrent.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "UDP Query User{9E12A92F-779B-4E65-BFD6-D57A9B6EF229}C:\users\luvfishn\desktop\utorrent.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "TCP Query User{6E9C0B30-12D4-4AF0-8371-F3350B23E7B1}C:\users\luvfishn\desktop\utorrent.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "UDP Query User{9E12A92F-779B-4E65-BFD6-D57A9B6EF229}C:\users\luvfishn\desktop\utorrent.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "TCP Query User{6E9C0B30-12D4-4AF0-8371-F3350B23E7B1}C:\users\luvfishn\desktop\utorrent.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "UDP Query User{9E12A92F-779B-4E65-BFD6-D57A9B6EF229}C:\users\luvfishn\desktop\utorrent.exe"=-
    [-HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\DOMStorage\utorrent.com]
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_whiteList"=-
    [-HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com]
    [-HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\SpeedMaxPc\SpeedMaxPc\ScanSettings\File Sharing History\uTorrent 1.x]
    [-HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\SpeedyPC Software\SpeedyPC Pro\ScanSettings\File Sharing History\uTorrent 1.x]
    [-HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\Applications\uTorrent.exe]
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\Applications\uTorrent.exe\shell\open\command]
    @=""
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\btdna\DefaultIcon]
    @=""
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\btdna\shell\open\command]
    @=""
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\uTorrent\uTorrent.exe"=-
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000_Classes\Applications\uTorrent.exe]
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000_Classes\Applications\uTorrent.exe\shell\open\command]
    @=""
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000_Classes\btdna\DefaultIcon]
    @=""
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000_Classes\btdna\shell\open\command]
    @=""
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\uTorrent\uTorrent.exe"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_whiteList"=-
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_whiteList"=-
    [-HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_whiteList"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_temp_referer"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_referrer"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
    @=""
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Community Alerts]
    "Path"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
    @=""
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\AppDataLow\Software\Conduit]
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_whiteList"=-
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_temp_referer"=-
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_referrer"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_whiteList"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
    "DoNotAskAgain"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsSetup_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsSetup_RASMANCS]
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_whiteList"=-
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\SearchScopes]
    "DoNotAskAgain"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_whiteList"=-
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_whiteList"=-
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\incredibar.com]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}]
    "URL"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1]
    "Publisher"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncredibarToolbar_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncredibarToolbar_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\incredibar_install_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\incredibar_install_RASMANCS]
    [-HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\incredibar.com]
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}]
    "URL"=-
    [-HKEY_CURRENT_USER\Software\AppDataLow\Software\IObit]
    [-HKEY_CURRENT_USER\Software\IObit]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_whiteList"=-
    "{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.c
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\IObit\Advanced SystemCare 6\Suc10_Uninstal.exe"=-
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\IObit\Advanced SystemCare 6\unins000.exe"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\IObit Malware Fighter]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\//\//\IObit Cloud Anti-Malwre]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32]
    @=""
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\IObit Malware Fighter]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\IObit Malware Fighter]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E5D7A28B1734BBF4793EA1C766649A33]
    "ProductName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E5D7A28B1734BBF4793EA1C766649A33\SourceList]
    "PackageName"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\IObit Malware Fighter]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
    "AppPath"="C:\Program Files (x86)\IObit Toolbar\"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RDP-WinIP-Package-MiniLP~31bf3856ad364e35~amd64~en-US~7.1.7601.16398]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RDP-WinIP-Package-TopLevel~31bf3856ad364e35~amd64~~7.1.7601.16398]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RDP-WinIP-Package~31bf3856ad364e35~amd64~en-US~7.1.7601.16398]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RDP-WinIP-Package~31bf3856ad364e35~amd64~~7.1.7601.16398]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RemoteDesktopClient-WinIP-Package~31bf3856ad364e35~amd64~en-US~7.1.7601.16398]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RemoteDesktopClient-WinIP-Package~31bf3856ad364e35~amd64~~7.1.7601.16398]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RemoteDesktopService-WinIP-Package~31bf3856ad364e35~amd64~en-US~7.1.7601.16398]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RemoteDesktopService-WinIP-Package~31bf3856ad364e35~amd64~~7.1.7601.16398]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2675157~31bf3856ad364e35~amd64~~9.4.1.0]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2709981~31bf3856ad364e35~amd64~~6.1.2.0]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_26_for_KB2574819~31bf3856ad364e35~amd64~~6.1.1.7]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_27_for_KB2574819~31bf3856ad364e35~amd64~~6.1.1.7]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_29_for_KB2574819~31bf3856ad364e35~amd64~~6.1.1.7]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2679255~31bf3856ad364e35~amd64~~6.1.2.0]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_3_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_3_for_KB2679255~31bf3856ad364e35~amd64~~6.1.2.0]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_9_for_KB2679255~31bf3856ad364e35~amd64~~6.1.2.0]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2574819_SP1~31bf3856ad364e35~amd64~~6.1.1.7]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2574819~31bf3856ad364e35~amd64~~6.1.1.7]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2653956_SP1~31bf3856ad364e35~amd64~~6.1.1.5]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2675157_RTM~31bf3856ad364e35~amd64~~9.4.1.0]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2675157~31bf3856ad364e35~amd64~~9.4.1.0]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2679255_RTM~31bf3856ad364e35~amd64~~6.1.2.0]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2679255_SP1~31bf3856ad364e35~amd64~~6.1.2.0]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2679255~31bf3856ad364e35~amd64~~6.1.2.0]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2709981_SP1~31bf3856ad364e35~amd64~~6.1.2.0]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2709981~31bf3856ad364e35~amd64~~6.1.2.0]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\IObit Toolbar\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\IObit Toolbar\Res\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\IObit Toolbar\Res\Lang\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\IObit Toolbar\FF\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\IObit Toolbar\FF\chrome\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\IObit Toolbar\IE\6.6\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\IObit Toolbar\IE\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\227891B259797954E88A157FD9F260A0]
    "E5D7A28B1734BBF4793EA1C766649A33"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23B4B261A2ECC1943BE70631F436E48A]
    "E5D7A28B1734BBF4793EA1C766649A33"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\31DCED2B089CF994E8AE06ACC68A5EE9]
    "E5D7A28B1734BBF4793EA1C766649A33"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49EFEF44F9F9E174D88D2367B8D09298]
    "E5D7A28B1734BBF4793EA1C766649A33"="-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7F690F9F1CABCA34A98316B70CEF929B]
    "E5D7A28B1734BBF4793EA1C766649A33"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8AA3AE5B29805BA45936E77BE5D17854]
    "E5D7A28B1734BBF4793EA1C766649A33"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98726D23C6BC87F4FAC2D95AE4948E72]
    "E5D7A28B1734BBF4793EA1C766649A33"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A2A9776E1D82C384AAF9A1C74B6EFF03]
    "E5D7A28B1734BBF4793EA1C766649A33"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C8B34D3806072054880CD17980F94CCF]
    "E5D7A28B1734BBF4793EA1C766649A33"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E5D7A28B1734BBF4793EA1C766649A33\InstallProperties]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E5D7A28B1734BBF4793EA1C766649A33\InstallProperties]
    "DisplayName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Application Updater\Subscriptions\41]
    "regpath"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
    "serverURL"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
    "partnerName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
    "partnerNameSafe"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
    "ffext_path"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
    "installDir"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\Advanced SystemCare 6]
    "installpath"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\IObit Malware Fighter]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\RegistryDefragBoot]
    "LogPath"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iobitappsToolbar-stub-1_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iobitappsToolbar-stub-1_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IObitToolbar-stub-1_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IObitToolbar-stub-1_RASMANCS]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
    @=""
    [-HKEY_USERS\.DEFAULT\Software\IObit]
    [HKEY_USERS\.DEFAULT\Software\IObit\Advanced SystemCare 6]
    "OldPath"=-
    [-HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\AppDataLow\Software\IObit]
    [-HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\IObit]
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_whiteList"=-
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\IObit\Advanced SystemCare 6\Suc10_Uninstal.exe"=-
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\IObit\Advanced SystemCare 6\unins000.exe"=-
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\IObit\Advanced SystemCare 6\Suc10_Uninstal.exe"=-
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\IObit\Advanced SystemCare 6\unins000.exe"=-
    [-HKEY_USERS\S-1-5-18\Software\IObit]
    [HKEY_USERS\S-1-5-18\Software\IObit\Advanced SystemCare 6]
    "OldPath"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Trusteer\Rapport\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Trusteer\Rapport\bin\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Trusteer\Rapport\bin\x64\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\184F97B0114E2454F945388651600D21]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30B6297A103051A4EA88586B82CF8953]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3AF252B42455C054A8C5D582418D33E4]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4998D4CAFB29ED2429752DD6A2EBC7C2]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4998D4CAFB29ED2429752DD6A2EBC7C2]
    "10000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4DAA008A16873814EB34949637601218]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4DAA008A16873814EB34949637601218]
    "10000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6406074B7A68DFE4A9D05C641274D19C]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69EC7AEB378309D4484447304851332C]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D8ED67F246AE484AAC5070B6D19A1E1]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94F383FCE0103DB45AAF8A9C449ADBCA]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D2261D0CC4D1694DB1EC5877F83BA85]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D2261D0CC4D1694DB1EC5877F83BA85]
    "10000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A14715CD5BFDF43B0DE6BCAF4E5728]
    "10000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A14715CD5BFDF43B0DE6BCAF4E5728]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF61A5397EF5DEE48A8DD633E51DC755]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF61A5397EF5DEE48A8DD633E51DC755]
    "10000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E568096D548215947887D41B47F21743]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E568096D548215947887D41B47F21743]
    "10000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E69EE9F6EBC26FD4CAB2AD12D31485A9]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}]
    "DisplayName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility Assistant]
    "ExecutablestoExclude"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RapportMgmtService_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RapportMgmtService_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RapportService_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RapportService_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RapportSetup_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RapportSetup_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Trusteer\Rapport]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_34302]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_42020]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_43926]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_44365]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTEI64]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTEI64\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTEI64\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTKE64]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTPG64]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTPG64\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTPG64\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_34302]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_42020]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_43926]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_44365]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTEI64]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTEI64\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTEI64\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTKE64]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTPG64]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTPG64\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTPG64\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_34302]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_42020]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_43926]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_44365]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTEI64]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTEI64\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTEI64\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTKE64]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTPG64]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTPG64\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTPG64\0000]
    "DeviceDesc"=-
    [-HKEY_USERS\.DEFAULT\Software\Trusteer\Rapport]
    [-HKEY_USERS\S-1-5-18\Software\Trusteer\Rapport]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Trusteer\Rapport\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Trusteer\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Trusteer\Rapport\bin\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Trusteer\Rapport\bin\x64\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\184F97B0114E2454F945388651600D21]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30B6297A103051A4EA88586B82CF8953]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3AF252B42455C054A8C5D582418D33E4]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4998D4CAFB29ED2429752DD6A2EBC7C2]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4998D4CAFB29ED2429752DD6A2EBC7C2]
    "10000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4DAA008A16873814EB34949637601218]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Micros-oft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4DAA008A16873814EB34949637601218]
    "10000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6406074B7A68DFE4A9D05C641274D19C]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69EC7AEB378309D4484447304851332C]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D8ED67F246AE484AAC5070B6D19A1E1]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94F383FCE0103DB45AAF8A9C449ADBCA]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D2261D0CC4D1694DB1EC5877F83BA85]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D2261D0CC4D1694DB1EC5877F83BA85]
    "10000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A14715CD5BFDF43B0DE6BCAF4E5728]
    "10000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A14715CD5BFDF43B0DE6BCAF4E5728]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF61A5397EF5DEE48A8DD633E51DC755]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF61A5397EF5DEE48A8DD633E51DC755]
    "10000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E568096D548215947887D41B47F21743]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E568096D548215947887D41B47F21743]
    "10000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E69EE9F6EBC26FD4CAB2AD12D31485A9]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}]
    "Publisher"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility Assistant]
    "ExecutablestoExclude"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Trusteer]
    [-HKEY_USERS\.DEFAULT\Software\Trusteer]
    [-HKEY_USERS\S-1-5-18\Software\Trusteer]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_whiteList"=-
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_whiteList"=-
    
    :Commands
    [CREATERESTOREPOINT]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
SystemLook
Please download SystemLook_x64.exe by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries into SystemLook's main text entry window:
    Code: Select all
    :filefind
    *uTorrent*
    *Conduit*
    *Incredibar*
    *IObit*
    *Rapport*
    
    :folderfind
    *uTorrent*
    *Conduit*
    *Incredibar*
    *IObit*
    *Rapport*
    *Trusteer*
    
    :Regfind
    uTorrent
    Blekko
    Conduit
    Funmoods
    gboxapp
    Incredibar
    IObit
    Rapport
    Trusteer
    whitesmoke
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Step 3.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Scan All Users
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file OTL.txt <-- Will be opened, maximized
  6. Please post the content of OTL.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the SystemLook.txt log file
  4. Contents of a OTL.txt log file
  5. Do you see any changes in computer behavior?


Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby luvfishn » January 24th, 2013, 7:03 pm

Hi pgmigg :)
Sorry about posting the wrong file "Extras.txt" after running OTL. I forgot the scan produces 2 text files and and was focused on you comment
about "extra registry > use safelist". being checked. Thus I grabbed that text file. Anyway on with the progression of solving the issues!

First stumblng block!

I ran the QTL : Run Fix Sript aa instructed.
It appears to have ``hung`. It ran for 2 hours and 17 minutes with the egg timer shown. Microsoft showed it as `program not responding`.
I will cancel it and retry hoping for better results. Will be back to you later!
Stay Tuned!
luvfishn
Regular Member
 
Posts: 28
Joined: January 21st, 2013, 10:03 am
Location: Canada/USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 288 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware