Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

NYMI.IB.ADNXS.COM popup problem-Removal?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby pgmigg » January 25th, 2013, 2:56 am

Hello luvfishn,
First stumblng block!

I ran the QTL : Run Fix Sript aa instructed.
It appears to have ``hung`. It ran for 2 hours and 17 minutes with the egg timer shown. Microsoft showed it as `program not responding`.
I will cancel it and retry hoping for better results. Will be back to you later!
Stay Tuned!
It is possible - please don't worry! :)

Let split OTL - Run Fix Script instruction to two parts:

Step 1. Part 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Files
    C:\Users\Luvfishn\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\KSFD0CVG\bar.utorrent[1].xml
    C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@utorrent[2].txt
    C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Recent\utorrent.lnk
    C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar
    C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\chrome\utorrentcontrol.jar
    C:\Users\Luvfishn\AppData\Roaming\uTorrent\utorrent.lng
    C:\Users\Luvfishn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\1IDKEM6G\appsmetadata_toolbar_conduit-services_com[1].txt
    C:\Users\Luvfishn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\WLDF2BMN\conduit[1].htm
    C:\Users\Luvfishn\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1463703_1459357_US.xml
    C:\Users\Luvfishn\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_997308_993027_CA.xml
    C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.js
    C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.xpt
    C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.xml
    C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\components\ConduitAutoCompleteSearch.js
    C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\components\ConduitAutoCompleteSearch.xpt
    C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\searchplugin\conduit.xml
    C:\Users\Luvfishn\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\W9FMZX7Q\mystart.incredibar[1].xml
    C:\Users\Luvfishn\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\W9FMZX7Q\search.incredibar[1].xml
    C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\ffxtlbr@incredibar.com\content\incredibar.css
    C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\ffxtlbr@incredibar.com\content\incredibar.xul
    C:\Boot\BCD.iobit
    C:\Program Files (x86)\IObit Toolbar\IE\6.6\iobitToolbarIE.dll
    C:\Program Files (x86)\IObit Toolbar\Res\iobit_logo.gif
    C:\Program Files (x86)\IObit Toolbar\Res\iobit_logo_hover.gif
    C:\Users\Luvfishn\ntuser.dat.iobit
    C:\Users\Luvfishn\AppData\Local\Microsoft\Windows\UsrClass.dat.iobit
    C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\bob@iobit[2].txt
    C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\bob@www.iobit[1].txt
    C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\bob@www.iobit[2].txt
    C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.iobit[1].txt
    C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\{F0B1CEAC-7C0D-407c-B25E-623D7CBECCCB}\iobit.lock
    C:\Users\Luvfishn\Desktop\Desktop Icons\Security & Maintenance Tools\IObit Malware Fighter.lnk
    C:\Users\Luvfishn\Favorites\IObit Freeware (1).url
    C:\Users\Luvfishn\Favorites\IObit Freeware.URL
    C:\Users\Luvfishn\Favorites\From Internet Explorer\IObit Freeware.URL
    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.iobit
    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.iobit
    C:\Windows\System32\config\DEFAULT.iobit
    C:\Windows\System32\config\SAM.iobit
    C:\Windows\System32\config\SECURITY.iobit
    C:\Windows\System32\config\SOFTWARE.iobit
    C:\Windows\System32\config\SYSTEM.iobit
    C:\Users\Luvfishn\AppData\Roaming\uTorrent
    C:\Program Files (x86)\Conduit
    C:\Users\Luvfishn\AppData\Local\Conduit
    C:\Users\Luvfishn\AppData\LocalLow\Conduit
    C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\conduitCommon
    C:\Users\Luvfishn\AppData\Local\Temp\mt_ffx\Incredibar.com
    C:\Users\Luvfishn\AppData\Local\Temp\mt_ffx\Incredibar.com\incredibar
    C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\ffxtlbr@incredibar.com
    C:\IObit
    C:\Program Files (x86)\IObit
    C:\Program Files (x86)\IObit Toolbar
    C:\Program Files (x86)\IObit\IObit Malware Fighter
    C:\ProgramData\IObit
    C:\Users\All Users\IObit
    C:\Users\Default\AppData\Roaming\IObit
    C:\Users\Default\AppData\Roaming\IObit\IObit Malware Fighter
    C:\Users\Luvfishn\AppData\LocalLow\IObit
    C:\Users\Luvfishn\AppData\Roaming\IObit
    C:\Users\Luvfishn\AppData\Roaming\IObit\IObit Malware Fighter
    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit
    C:\ProgramData\Trusteer
    C:\Users\All Users\Trusteer
    C:\Users\Default\AppData\Local\Trusteer
    C:\Users\Luvfishn\AppData\Local\Trusteer
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 1. Part 2.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Reg
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\utorrent.com]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_whiteList"=-
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com]
    [-HKEY_CURRENT_USER\Software\SpeedMaxPc\SpeedMaxPc\ScanSettings\File Sharing History\uTorrent 1.x]
    [-HKEY_CURRENT_USER\Software\SpeedyPC Software\SpeedyPC Pro\ScanSettings\File Sharing History\uTorrent 1.x]
    [-HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe]
    [HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe\shell\open\command]
    @=""
    [HKEY_CURRENT_USER\Software\Classes\btdna\DefaultIcon]
    @=""
    [HKEY_CURRENT_USER\Software\Classes\btdna\shell\open\command]
    @=""
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\uTorrent\uTorrent.exe"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\AppPaths\client]
    "AppPath"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "TCP Query User{6E9C0B30-12D4-4AF0-8371-F3350B23E7B1}C:\users\luvfishn\desktop\utorrent.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "UDP Query User{9E12A92F-779B-4E65-BFD6-D57A9B6EF229}C:\users\luvfishn\desktop\utorrent.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "TCP Query User{6E9C0B30-12D4-4AF0-8371-F3350B23E7B1}C:\users\luvfishn\desktop\utorrent.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "UDP Query User{9E12A92F-779B-4E65-BFD6-D57A9B6EF229}C:\users\luvfishn\desktop\utorrent.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "TCP Query User{6E9C0B30-12D4-4AF0-8371-F3350B23E7B1}C:\users\luvfishn\desktop\utorrent.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "UDP Query User{9E12A92F-779B-4E65-BFD6-D57A9B6EF229}C:\users\luvfishn\desktop\utorrent.exe"=-
    [-HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\DOMStorage\utorrent.com]
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_whiteList"=-
    [-HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com]
    [-HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\SpeedMaxPc\SpeedMaxPc\ScanSettings\File Sharing History\uTorrent 1.x]
    [-HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\SpeedyPC Software\SpeedyPC Pro\ScanSettings\File Sharing History\uTorrent 1.x]
    [-HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\Applications\uTorrent.exe]
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\Applications\uTorrent.exe\shell\open\command]
    @=""
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\btdna\DefaultIcon]
    @=""
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\btdna\shell\open\command]
    @=""
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\uTorrent\uTorrent.exe"=-
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000_Classes\Applications\uTorrent.exe]
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000_Classes\Applications\uTorrent.exe\shell\open\command]
    @=""
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000_Classes\btdna\DefaultIcon]
    @=""
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000_Classes\btdna\shell\open\command]
    @=""
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\uTorrent\uTorrent.exe"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_whiteList"=-
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_whiteList"=-
    [-HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_whiteList"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_temp_referer"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_referrer"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
    @=""
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Community Alerts]
    "Path"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
    @=""
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\AppDataLow\Software\Conduit]
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_whiteList"=-
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_temp_referer"=-
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_referrer"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_whiteList"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
    "DoNotAskAgain"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsSetup_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsSetup_RASMANCS]
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_whiteList"=-
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\SearchScopes]
    "DoNotAskAgain"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_whiteList"=-
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_whiteList"=-
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\incredibar.com]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}]
    "URL"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1]
    "Publisher"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncredibarToolbar_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncredibarToolbar_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\incredibar_install_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\incredibar_install_RASMANCS]
    [-HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\incredibar.com]
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}]
    "URL"=-
    [-HKEY_CURRENT_USER\Software\AppDataLow\Software\IObit]
    [-HKEY_CURRENT_USER\Software\IObit]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_whiteList"=-
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\IObit\Advanced SystemCare 6\Suc10_Uninstal.exe"=-
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\IObit\Advanced SystemCare 6\unins000.exe"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\IObit Malware Fighter]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\//\//\IObit Cloud Anti-Malwre]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32]
    @=""
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\IObit Malware Fighter]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\IObit Malware Fighter]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E5D7A28B1734BBF4793EA1C766649A33]
    "ProductName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E5D7A28B1734BBF4793EA1C766649A33\SourceList]
    "PackageName"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\IObit Malware Fighter]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
    "AppPath"="C:\Program Files (x86)\IObit Toolbar\"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RDP-WinIP-Package-MiniLP~31bf3856ad364e35~amd64~en-US~7.1.7601.16398]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RDP-WinIP-Package-TopLevel~31bf3856ad364e35~amd64~~7.1.7601.16398]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RDP-WinIP-Package~31bf3856ad364e35~amd64~en-US~7.1.7601.16398]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RDP-WinIP-Package~31bf3856ad364e35~amd64~~7.1.7601.16398]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RemoteDesktopClient-WinIP-Package~31bf3856ad364e35~amd64~en-US~7.1.7601.16398]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RemoteDesktopClient-WinIP-Package~31bf3856ad364e35~amd64~~7.1.7601.16398]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RemoteDesktopService-WinIP-Package~31bf3856ad364e35~amd64~en-US~7.1.7601.16398]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RemoteDesktopService-WinIP-Package~31bf3856ad364e35~amd64~~7.1.7601.16398]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2675157~31bf3856ad364e35~amd64~~9.4.1.0]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2709981~31bf3856ad364e35~amd64~~6.1.2.0]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_26_for_KB2574819~31bf3856ad364e35~amd64~~6.1.1.7]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_27_for_KB2574819~31bf3856ad364e35~amd64~~6.1.1.7]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_29_for_KB2574819~31bf3856ad364e35~amd64~~6.1.1.7]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2679255~31bf3856ad364e35~amd64~~6.1.2.0]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_3_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_3_for_KB2679255~31bf3856ad364e35~amd64~~6.1.2.0]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_9_for_KB2679255~31bf3856ad364e35~amd64~~6.1.2.0]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2574819_SP1~31bf3856ad364e35~amd64~~6.1.1.7]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2574819~31bf3856ad364e35~amd64~~6.1.1.7]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2653956_SP1~31bf3856ad364e35~amd64~~6.1.1.5]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2675157_RTM~31bf3856ad364e35~amd64~~9.4.1.0]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2675157~31bf3856ad364e35~amd64~~9.4.1.0]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2679255_RTM~31bf3856ad364e35~amd64~~6.1.2.0]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2679255_SP1~31bf3856ad364e35~amd64~~6.1.2.0]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2679255~31bf3856ad364e35~amd64~~6.1.2.0]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2709981_SP1~31bf3856ad364e35~amd64~~6.1.2.0]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2709981~31bf3856ad364e35~amd64~~6.1.2.0]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\IObit Toolbar\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\IObit Toolbar\Res\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\IObit Toolbar\Res\Lang\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\IObit Toolbar\FF\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\IObit Toolbar\FF\chrome\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\IObit Toolbar\IE\6.6\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\IObit Toolbar\IE\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\227891B259797954E88A157FD9F260A0]
    "E5D7A28B1734BBF4793EA1C766649A33"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23B4B261A2ECC1943BE70631F436E48A]
    "E5D7A28B1734BBF4793EA1C766649A33"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\31DCED2B089CF994E8AE06ACC68A5EE9]
    "E5D7A28B1734BBF4793EA1C766649A33"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49EFEF44F9F9E174D88D2367B8D09298]
    "E5D7A28B1734BBF4793EA1C766649A33"="-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7F690F9F1CABCA34A98316B70CEF929B]
    "E5D7A28B1734BBF4793EA1C766649A33"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8AA3AE5B29805BA45936E77BE5D17854]
    "E5D7A28B1734BBF4793EA1C766649A33"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98726D23C6BC87F4FAC2D95AE4948E72]
    "E5D7A28B1734BBF4793EA1C766649A33"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A2A9776E1D82C384AAF9A1C74B6EFF03]
    "E5D7A28B1734BBF4793EA1C766649A33"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C8B34D3806072054880CD17980F94CCF]
    "E5D7A28B1734BBF4793EA1C766649A33"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E5D7A28B1734BBF4793EA1C766649A33\InstallProperties]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E5D7A28B1734BBF4793EA1C766649A33\InstallProperties]
    "DisplayName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Application Updater\Subscriptions\41]
    "regpath"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
    "serverURL"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
    "partnerName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
    "partnerNameSafe"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
    "ffext_path"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
    "installDir"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\Advanced SystemCare 6]
    "installpath"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\IObit Malware Fighter]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\RegistryDefragBoot]
    "LogPath"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iobitappsToolbar-stub-1_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iobitappsToolbar-stub-1_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IObitToolbar-stub-1_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IObitToolbar-stub-1_RASMANCS]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
    @=""
    [-HKEY_USERS\.DEFAULT\Software\IObit]
    [HKEY_USERS\.DEFAULT\Software\IObit\Advanced SystemCare 6]
    "OldPath"=-
    [-HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\AppDataLow\Software\IObit]
    [-HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\IObit]
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_whiteList"=-
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\IObit\Advanced SystemCare 6\Suc10_Uninstal.exe"=-
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\IObit\Advanced SystemCare 6\unins000.exe"=-
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\IObit\Advanced SystemCare 6\Suc10_Uninstal.exe"=-
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\IObit\Advanced SystemCare 6\unins000.exe"=-
    [-HKEY_USERS\S-1-5-18\Software\IObit]
    [HKEY_USERS\S-1-5-18\Software\IObit\Advanced SystemCare 6]
    "OldPath"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Trusteer\Rapport\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Trusteer\Rapport\bin\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Trusteer\Rapport\bin\x64\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\184F97B0114E2454F945388651600D21]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30B6297A103051A4EA88586B82CF8953]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3AF252B42455C054A8C5D582418D33E4]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4998D4CAFB29ED2429752DD6A2EBC7C2]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4998D4CAFB29ED2429752DD6A2EBC7C2]
    "10000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4DAA008A16873814EB34949637601218]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4DAA008A16873814EB34949637601218]
    "10000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6406074B7A68DFE4A9D05C641274D19C]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69EC7AEB378309D4484447304851332C]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D8ED67F246AE484AAC5070B6D19A1E1]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94F383FCE0103DB45AAF8A9C449ADBCA]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D2261D0CC4D1694DB1EC5877F83BA85]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D2261D0CC4D1694DB1EC5877F83BA85]
    "10000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A14715CD5BFDF43B0DE6BCAF4E5728]
    "10000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A14715CD5BFDF43B0DE6BCAF4E5728]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF61A5397EF5DEE48A8DD633E51DC755]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF61A5397EF5DEE48A8DD633E51DC755]
    "10000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E568096D548215947887D41B47F21743]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E568096D548215947887D41B47F21743]
    "10000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E69EE9F6EBC26FD4CAB2AD12D31485A9]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}]
    "DisplayName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility Assistant]
    "ExecutablestoExclude"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RapportMgmtService_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RapportMgmtService_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RapportService_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RapportService_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RapportSetup_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RapportSetup_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Trusteer\Rapport]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_34302]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_42020]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_43926]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_44365]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTEI64]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTEI64\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTEI64\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTKE64]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTPG64]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTPG64\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTPG64\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_34302]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_42020]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_43926]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_44365]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTEI64]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTEI64\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTEI64\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTKE64]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTPG64]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTPG64\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTPG64\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_34302]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_42020]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_43926]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_44365]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTEI64]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTEI64\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTEI64\0000]
    "DeviceDesc"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTKE64]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTPG64]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTPG64\0000]
    "Service"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTPG64\0000]
    "DeviceDesc"=-
    [-HKEY_USERS\.DEFAULT\Software\Trusteer\Rapport]
    [-HKEY_USERS\S-1-5-18\Software\Trusteer\Rapport]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Trusteer\Rapport\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Trusteer\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Trusteer\Rapport\bin\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Trusteer\Rapport\bin\x64\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\184F97B0114E2454F945388651600D21]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30B6297A103051A4EA88586B82CF8953]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3AF252B42455C054A8C5D582418D33E4]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4998D4CAFB29ED2429752DD6A2EBC7C2]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4998D4CAFB29ED2429752DD6A2EBC7C2]
    "10000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4DAA008A16873814EB34949637601218]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Micros-oft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4DAA008A16873814EB34949637601218]
    "10000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6406074B7A68DFE4A9D05C641274D19C]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69EC7AEB378309D4484447304851332C]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D8ED67F246AE484AAC5070B6D19A1E1]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94F383FCE0103DB45AAF8A9C449ADBCA]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D2261D0CC4D1694DB1EC5877F83BA85]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D2261D0CC4D1694DB1EC5877F83BA85]
    "10000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A14715CD5BFDF43B0DE6BCAF4E5728]
    "10000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A14715CD5BFDF43B0DE6BCAF4E5728]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF61A5397EF5DEE48A8DD633E51DC755]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF61A5397EF5DEE48A8DD633E51DC755]
    "10000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E568096D548215947887D41B47F21743]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E568096D548215947887D41B47F21743]
    "10000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E69EE9F6EBC26FD4CAB2AD12D31485A9]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}]
    "Publisher"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility Assistant]
    "ExecutablestoExclude"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Trusteer]
    [-HKEY_USERS\.DEFAULT\Software\Trusteer]
    [-HKEY_USERS\S-1-5-18\Software\Trusteer]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_whiteList"=-
    [HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage]
    "WSG_whiteList"=-
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Then please run Steps 2 and 3 from my previous post...

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript - Part 1 run
  3. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript - Part 2 run
  4. Contents of the SystemLook.txt log file
  5. Contents of a OTL.txt log file
  6. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3175
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby luvfishn » January 25th, 2013, 8:04 am

Good morming pgmigg! Just noticed your new post .... will be back to you soon Thanks.
Last edited by luvfishn on January 25th, 2013, 10:23 am, edited 1 time in total.
luvfishn
Regular Member
 
Posts: 28
Joined: January 21st, 2013, 10:03 am
Location: Canada/USA

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby luvfishn » January 25th, 2013, 8:32 am

Hi pgmigg ..... Here is a copy of the log for Step 1 Part 1 of OTL - Ru Fix Script. I will follow up with another post of results for part 2.

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
File\Folder C:\Users\Luvfishn\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\KSFD0CVG\bar.utorrent[1].xml not found.
File\Folder C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@utorrent[2].txt not found.
File\Folder C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Recent\utorrent.lnk not found.
File\Folder C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar not found.
File\Folder C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\chrome\utorrentcontrol.jar not found.
File\Folder C:\Users\Luvfishn\AppData\Roaming\uTorrent\utorrent.lng not found.
File\Folder C:\Users\Luvfishn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\1IDKEM6G\appsmetadata_toolbar_conduit-services_com[1].txt not found.
File\Folder C:\Users\Luvfishn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\WLDF2BMN\conduit[1].htm not found.
File\Folder C:\Users\Luvfishn\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1463703_1459357_US.xml not found.
File\Folder C:\Users\Luvfishn\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_997308_993027_CA.xml not found.
File\Folder C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.js not found.
File\Folder C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.xpt not found.
File\Folder C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.xml not found.
File\Folder C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\components\ConduitAutoCompleteSearch.js not found.
File\Folder C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\components\ConduitAutoCompleteSearch.xpt not found.
File\Folder C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\searchplugin\conduit.xml not found.
File\Folder C:\Users\Luvfishn\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\W9FMZX7Q\mystart.incredibar[1].xml not found.
File\Folder C:\Users\Luvfishn\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\W9FMZX7Q\search.incredibar[1].xml not found.
File\Folder C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\ffxtlbr@incredibar.com\content\incredibar.css not found.
File\Folder C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\ffxtlbr@incredibar.com\content\incredibar.xul not found.
File\Folder C:\Boot\BCD.iobit not found.
File\Folder C:\Program Files (x86)\IObit Toolbar\IE\6.6\iobitToolbarIE.dll not found.
File\Folder C:\Program Files (x86)\IObit Toolbar\Res\iobit_logo.gif not found.
File\Folder C:\Program Files (x86)\IObit Toolbar\Res\iobit_logo_hover.gif not found.
File\Folder C:\Users\Luvfishn\ntuser.dat.iobit not found.
File\Folder C:\Users\Luvfishn\AppData\Local\Microsoft\Windows\UsrClass.dat.iobit not found.
File\Folder C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\bob@iobit[2].txt not found.
File\Folder C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\bob@www.iobit[1].txt not found.
File\Folder C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\bob@www.iobit[2].txt not found.
File\Folder C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.iobit[1].txt not found.
File\Folder C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\{F0B1CEAC-7C0D-407c-B25E-623D7CBECCCB}\iobit.lock not found.
File\Folder C:\Users\Luvfishn\Desktop\Desktop Icons\Security & Maintenance Tools\IObit Malware Fighter.lnk not found.
File\Folder C:\Users\Luvfishn\Favorites\IObit Freeware (1).url not found.
File\Folder C:\Users\Luvfishn\Favorites\IObit Freeware.URL not found.
File\Folder C:\Users\Luvfishn\Favorites\From Internet Explorer\IObit Freeware.URL not found.
File\Folder C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.iobit not found.
File\Folder C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.iobit not found.
File\Folder C:\Windows\System32\config\DEFAULT.iobit not found.
File\Folder C:\Windows\System32\config\SAM.iobit not found.
File\Folder C:\Windows\System32\config\SECURITY.iobit not found.
File\Folder C:\Windows\System32\config\SOFTWARE.iobit not found.
File\Folder C:\Windows\System32\config\SYSTEM.iobit not found.
File\Folder C:\Users\Luvfishn\AppData\Roaming\uTorrent not found.
File\Folder C:\Program Files (x86)\Conduit not found.
File\Folder C:\Users\Luvfishn\AppData\Local\Conduit not found.
File\Folder C:\Users\Luvfishn\AppData\LocalLow\Conduit not found.
File\Folder C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\conduitCommon not found.
File\Folder C:\Users\Luvfishn\AppData\Local\Temp\mt_ffx\Incredibar.com not found.
File\Folder C:\Users\Luvfishn\AppData\Local\Temp\mt_ffx\Incredibar.com\incredibar not found.
File\Folder C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\ffxtlbr@incredibar.com not found.
File\Folder C:\IObit not found.
File\Folder C:\Program Files (x86)\IObit not found.
File\Folder C:\Program Files (x86)\IObit Toolbar not found.
File\Folder C:\Program Files (x86)\IObit\IObit Malware Fighter not found.
File\Folder C:\ProgramData\IObit not found.
File\Folder C:\Users\All Users\IObit not found.
File\Folder C:\Users\Default\AppData\Roaming\IObit not found.
File\Folder C:\Users\Default\AppData\Roaming\IObit\IObit Malware Fighter not found.
File\Folder C:\Users\Luvfishn\AppData\LocalLow\IObit not found.
File\Folder C:\Users\Luvfishn\AppData\Roaming\IObit not found.
File\Folder C:\Users\Luvfishn\AppData\Roaming\IObit\IObit Malware Fighter not found.
File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit not found.
File\Folder C:\ProgramData\Trusteer not found.
File\Folder C:\Users\All Users\Trusteer not found.
File\Folder C:\Users\Default\AppData\Local\Trusteer not found.
File\Folder C:\Users\Luvfishn\AppData\Local\Trusteer not found.

OTL by OldTimer - Version 3.2.69.0 log created on 01252013_081815
luvfishn
Regular Member
 
Posts: 28
Joined: January 21st, 2013, 10:03 am
Location: Canada/USA

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby luvfishn » January 25th, 2013, 8:56 am

Here is a copy of the log for Step 1 Part 2 of OTL - Run Fix Script.

I will post results for step 2 and 3 soon! in my next post :)




========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\utorrent.com\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage\\WSG_whiteList not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com\ not found.
Registry key HKEY_CURRENT_USER\Software\SpeedMaxPc\SpeedMaxPc\ScanSettings\File Sharing History\uTorrent 1.x\ not found.
Registry key HKEY_CURRENT_USER\Software\SpeedyPC Software\SpeedyPC Pro\ScanSettings\File Sharing History\uTorrent 1.x\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe\ deleted successfully.
HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe\shell\open\command\\@|"" /E : value set successfully!
HKEY_CURRENT_USER\Software\Classes\btdna\DefaultIcon\\@|"" /E : value set successfully!
HKEY_CURRENT_USER\Software\Classes\btdna\shell\open\command\\@|"" /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\uTorrent\uTorrent.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\AppPaths\client not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6E9C0B30-12D4-4AF0-8371-F3350B23E7B1}C:\users\luvfishn\desktop\utorrent.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9E12A92F-779B-4E65-BFD6-D57A9B6EF229}C:\users\luvfishn\desktop\utorrent.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6E9C0B30-12D4-4AF0-8371-F3350B23E7B1}C:\users\luvfishn\desktop\utorrent.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9E12A92F-779B-4E65-BFD6-D57A9B6EF229}C:\users\luvfishn\desktop\utorrent.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6E9C0B30-12D4-4AF0-8371-F3350B23E7B1}C:\users\luvfishn\desktop\utorrent.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9E12A92F-779B-4E65-BFD6-D57A9B6EF229}C:\users\luvfishn\desktop\utorrent.exe not found.
Registry key HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\DOMStorage\utorrent.com\ not found.
Registry value HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage\\WSG_whiteList not found.
Registry key HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com\ not found.
Registry key HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\SpeedMaxPc\SpeedMaxPc\ScanSettings\File Sharing History\uTorrent 1.x\ not found.
Registry key HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\SpeedyPC Software\SpeedyPC Pro\ScanSettings\File Sharing History\uTorrent 1.x\ not found.
Registry key HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\Applications\uTorrent.exe\ deleted successfully.
HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\Applications\uTorrent.exe\shell\open\command\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\btdna\DefaultIcon\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\btdna\shell\open\command\\@|"" /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\uTorrent\uTorrent.exe not found.
HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000_Classes\Applications\uTorrent.exe\shell\open\command\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000_Classes\btdna\DefaultIcon\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000_Classes\btdna\shell\open\command\\@|"" /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\uTorrent\uTorrent.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage\\WSG_whiteList not found.
Registry value HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage\\WSG_whiteList not found.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage\\WSG_whiteList not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage\\WSG_temp_referer not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage\\WSG_referrer not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32\\@|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Community Alerts not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32\\@|"" /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage\\WSG_whiteList not found.
Registry value HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage\\WSG_temp_referer not found.
Registry value HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage\\WSG_referrer not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage\\WSG_whiteList not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DoNotAskAgain not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsSetup_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsSetup_RASMANCS\ not found.
Registry value HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage\\WSG_whiteList not found.
Registry value HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DoNotAskAgain not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage\\WSG_whiteList not found.
Registry value HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage\\WSG_whiteList not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\incredibar.com\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\\URL not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncredibarToolbar_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncredibarToolbar_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\incredibar_install_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\incredibar_install_RASMANCS\ not found.
Registry key HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\incredibar.com\ not found.
Registry value HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\\URL not found.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\IObit\ not found.
Registry key HKEY_CURRENT_USER\Software\IObit\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage\\WSG_whiteList not found.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\IObit\Advanced SystemCare 6\Suc10_Uninstal.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\IObit\Advanced SystemCare 6\unins000.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\IObit Malware Fighter\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\//\//\IObit Cloud Anti-Malwre\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32\\@|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\IObit Malware Fighter\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\IObit Malware Fighter\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E5D7A28B1734BBF4793EA1C766649A33\\ProductName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E5D7A28B1734BBF4793EA1C766649A33\SourceList\\PackageName deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\IObit Malware Fighter\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\\"AppPath"|"C:\Program Files (x86)\IObit Toolbar\" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RDP-WinIP-Package-MiniLP~31bf3856ad364e35~amd64~en-US~7.1.7601.16398 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RDP-WinIP-Package-TopLevel~31bf3856ad364e35~amd64~~7.1.7601.16398 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RDP-WinIP-Package~31bf3856ad364e35~amd64~en-US~7.1.7601.16398 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RDP-WinIP-Package~31bf3856ad364e35~amd64~~7.1.7601.16398 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RemoteDesktopClient-WinIP-Package~31bf3856ad364e35~amd64~en-US~7.1.7601.16398 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RemoteDesktopClient-WinIP-Package~31bf3856ad364e35~amd64~~7.1.7601.16398 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RemoteDesktopService-WinIP-Package~31bf3856ad364e35~amd64~en-US~7.1.7601.16398 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RemoteDesktopService-WinIP-Package~31bf3856ad364e35~amd64~~7.1.7601.16398 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2675157~31bf3856ad364e35~amd64~~9.4.1.0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2709981~31bf3856ad364e35~amd64~~6.1.2.0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_26_for_KB2574819~31bf3856ad364e35~amd64~~6.1.1.7 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_27_for_KB2574819~31bf3856ad364e35~amd64~~6.1.1.7 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_29_for_KB2574819~31bf3856ad364e35~amd64~~6.1.1.7 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2679255~31bf3856ad364e35~amd64~~6.1.2.0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_3_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_3_for_KB2679255~31bf3856ad364e35~amd64~~6.1.2.0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_9_for_KB2679255~31bf3856ad364e35~amd64~~6.1.2.0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2574819_SP1~31bf3856ad364e35~amd64~~6.1.1.7 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2574819~31bf3856ad364e35~amd64~~6.1.1.7 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2653956_SP1~31bf3856ad364e35~amd64~~6.1.1.5 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2675157_RTM~31bf3856ad364e35~amd64~~9.4.1.0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2675157~31bf3856ad364e35~amd64~~9.4.1.0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2679255_RTM~31bf3856ad364e35~amd64~~6.1.2.0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2679255_SP1~31bf3856ad364e35~amd64~~6.1.2.0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2679255~31bf3856ad364e35~amd64~~6.1.2.0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2709981_SP1~31bf3856ad364e35~amd64~~6.1.2.0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2709981~31bf3856ad364e35~amd64~~6.1.2.0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\227891B259797954E88A157FD9F260A0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23B4B261A2ECC1943BE70631F436E48A not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\31DCED2B089CF994E8AE06ACC68A5EE9 not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49EFEF44F9F9E174D88D2367B8D09298\\"E5D7A28B1734BBF4793EA1C766649A33"|"- /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7F690F9F1CABCA34A98316B70CEF929B not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8AA3AE5B29805BA45936E77BE5D17854 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98726D23C6BC87F4FAC2D95AE4948E72 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A2A9776E1D82C384AAF9A1C74B6EFF03 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C8B34D3806072054880CD17980F94CCF not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E5D7A28B1734BBF4793EA1C766649A33\InstallProperties not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E5D7A28B1734BBF4793EA1C766649A33\InstallProperties not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Application Updater\Subscriptions\41\\regpath deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\Advanced SystemCare 6 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\IObit Malware Fighter\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\RegistryDefragBoot not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iobitappsToolbar-stub-1_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iobitappsToolbar-stub-1_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IObitToolbar-stub-1_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IObitToolbar-stub-1_RASMANCS\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR\\@|"" /E : value set successfully!
Registry key HKEY_USERS\.DEFAULT\Software\IObit\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\IObit\Advanced SystemCare 6 not found.
Registry key HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\AppDataLow\Software\IObit\ not found.
Registry key HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\IObit\ not found.
Registry value HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage\\WSG_whiteList not found.
Registry value HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\IObit\Advanced SystemCare 6\Suc10_Uninstal.exe not found.
Registry value HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\IObit\Advanced SystemCare 6\unins000.exe not found.
Registry value HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\IObit\Advanced SystemCare 6\Suc10_Uninstal.exe not found.
Registry value HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\IObit\Advanced SystemCare 6\unins000.exe not found.
Registry key HKEY_USERS\S-1-5-18\Software\IObit\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\IObit\Advanced SystemCare 6 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\184F97B0114E2454F945388651600D21 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30B6297A103051A4EA88586B82CF8953 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3AF252B42455C054A8C5D582418D33E4 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4998D4CAFB29ED2429752DD6A2EBC7C2 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4998D4CAFB29ED2429752DD6A2EBC7C2 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4DAA008A16873814EB34949637601218 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4DAA008A16873814EB34949637601218 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6406074B7A68DFE4A9D05C641274D19C not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69EC7AEB378309D4484447304851332C not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D8ED67F246AE484AAC5070B6D19A1E1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94F383FCE0103DB45AAF8A9C449ADBCA not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D2261D0CC4D1694DB1EC5877F83BA85 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D2261D0CC4D1694DB1EC5877F83BA85 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A14715CD5BFDF43B0DE6BCAF4E5728 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A14715CD5BFDF43B0DE6BCAF4E5728 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF61A5397EF5DEE48A8DD633E51DC755 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF61A5397EF5DEE48A8DD633E51DC755 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E568096D548215947887D41B47F21743 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E568096D548215947887D41B47F21743 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E69EE9F6EBC26FD4CAB2AD12D31485A9 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility Assistant not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RapportMgmtService_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RapportMgmtService_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RapportService_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RapportService_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RapportSetup_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RapportSetup_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Trusteer\Rapport\ deleted successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTEI64\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTEI64\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTEI64\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTKE64\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTPG64\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTPG64\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTPG64\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTEI64\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTEI64\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTEI64\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTKE64\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTPG64\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTPG64\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTPG64\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTEI64\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTEI64\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTEI64\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTKE64\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTPG64\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTPG64\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTPG64\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry key HKEY_USERS\.DEFAULT\Software\Trusteer\Rapport\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Trusteer\Rapport\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\184F97B0114E2454F945388651600D21 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30B6297A103051A4EA88586B82CF8953 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3AF252B42455C054A8C5D582418D33E4 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4998D4CAFB29ED2429752DD6A2EBC7C2 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4998D4CAFB29ED2429752DD6A2EBC7C2 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4DAA008A16873814EB34949637601218 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Micros-oft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4DAA008A16873814EB34949637601218 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6406074B7A68DFE4A9D05C641274D19C not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69EC7AEB378309D4484447304851332C not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D8ED67F246AE484AAC5070B6D19A1E1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94F383FCE0103DB45AAF8A9C449ADBCA not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D2261D0CC4D1694DB1EC5877F83BA85 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D2261D0CC4D1694DB1EC5877F83BA85 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A14715CD5BFDF43B0DE6BCAF4E5728 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A14715CD5BFDF43B0DE6BCAF4E5728 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF61A5397EF5DEE48A8DD633E51DC755 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF61A5397EF5DEE48A8DD633E51DC755 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E568096D548215947887D41B47F21743 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E568096D548215947887D41B47F21743 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E69EE9F6EBC26FD4CAB2AD12D31485A9 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility Assistant not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Trusteer\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Trusteer\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Trusteer\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage\\WSG_whiteList not found.
Registry value HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Web Assistant\script_storage\\WSG_whiteList not found.

OTL by OldTimer - Version 3.2.69.0 log created on 01252013_083759

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTEI64\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTEI64\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTEI64\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTPG64\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTPG64\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTPG64\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTEI64\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTEI64\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTEI64\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTKE64\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTPG64\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTPG64\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTPG64\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTEI64\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTEI64\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTEI64\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTPG64\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTPG64\0000\\Service scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTPG64\0000\\DeviceDesc scheduled to be deleted on reboot.
luvfishn
Regular Member
 
Posts: 28
Joined: January 21st, 2013, 10:03 am
Location: Canada/USA

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby luvfishn » January 25th, 2013, 9:11 am

Here are the results for step 2 "Systemlook_X64 by jpshortstuff"

I'll post the results for step 3 in my next post as well as answering
your additional questions.

Thanks!


SystemLook 30.07.11 by jpshortstuff
Log created at 09:03 on 25/01/2013 by Luvfishn
Administrator - Elevation successful

========== filefind ==========

Searching for "*uTorrent*"
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\KSFD0CVG\bar.utorrent[1].xml --a---- 84 bytes [15:24 19/03/2012] [15:24 19/03/2012] 591937C6F16A114013600FBD296AC82C
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@utorrent[2].txt --a---- 355 bytes [01:34 29/04/2011] [01:34 29/04/2011] 174EFCA433F4EDF1984790DC28FB09FF
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Recent\utorrent.lnk --a---- 11728 bytes [13:07 22/01/2013] [13:07 22/01/2013] CAAD4EEDEF78DC94F8B62C4A5CF54ADC
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar --a---- 717887 bytes [16:27 08/11/2012] [16:09 08/11/2012] 1FBE78C449ABCC6679F2688BEA67710C
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\chrome\utorrentcontrol.jar --a---- 718086 bytes [16:27 08/11/2012] [04:56 07/11/2012] 4B31FAB438A7F2DFA2D1B1CD46C39C7D
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Roaming\uTorrent\utorrent.lng --a---- 1156771 bytes [12:51 11/12/2012] [12:51 11/12/2012] 7E5AD4AEB310437A16D22FC353937766

Searching for "*Conduit*"
C:\Program Files (x86)\palmOne\ConduitConfig.dll --a---- 61440 bytes [20:03 13/04/2004] [20:03 13/04/2004] 05CB56DC5DF9C679E6F813E72B541D2B
C:\Program Files (x86)\palmOne\ocpConduitUI.dll --a---- 139264 bytes [20:02 13/04/2004] [20:02 13/04/2004] E18CF1B5F4F356D8881B75D4628B0E3B
C:\Program Files (x86)\palmOne\OutlookConduit.cnt --a---- 740 bytes [20:02 13/04/2004] [20:02 13/04/2004] F80D19994311306F9895618B47C5DEE0
C:\Program Files (x86)\palmOne\OutlookConduit.hlp --a---- 27948 bytes [20:02 13/04/2004] [20:02 13/04/2004] B60E6E184402797FF8FD2036BF85398F
C:\Users\Luvfishn\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\N25XG8XL\apps.conduit[1].xml --a---- 13 bytes [14:46 25/10/2012] [14:46 25/10/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Luvfishn\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\PRUT3BE7\youtube.conduitapps[1].xml --a---- 13 bytes [17:52 16/08/2012] [17:52 16/08/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Luvfishn\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\W9FMZX7Q\facebook.conduitapps[1].xml --a---- 13 bytes [15:24 19/03/2012] [15:24 19/03/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\1IDKEM6G\appsmetadata_toolbar_conduit-services_com[1].txt --a---- 1795 bytes [10:24 21/08/2012] [10:24 21/08/2012] B599618A2E339B580B73C4A7507A2761
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\WLDF2BMN\conduit[1].htm --a---- 3513 bytes [15:40 04/07/2012] [15:40 04/07/2012] 60799561A9729CE70BD1553F0F534D2C
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1463703_1459357_US.xml --a---- 192 bytes [15:24 19/03/2012] [21:36 21/01/2013] C8BFFBA687D0F78B9DCCC74D5CC469A4
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_997308_993027_CA.xml --a---- 184 bytes [14:46 25/10/2012] [14:52 25/10/2012] F6825A4890E46D206849B4F47EE98B38
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.js --a---- 9181 bytes [16:27 08/11/2012] [16:09 08/11/2012] 6E6B7E00632DF1BA5A48D74E1B41ABE3
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.xpt --a---- 166 bytes [16:27 08/11/2012] [16:09 08/11/2012] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.xml --a---- 925 bytes [16:27 08/11/2012] [16:09 08/11/2012] EC559A6ABEC972452F52CFB3A2AA9F7E
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\components\ConduitAutoCompleteSearch.js --a---- 9181 bytes [16:27 08/11/2012] [04:56 07/11/2012] 6E6B7E00632DF1BA5A48D74E1B41ABE3
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\components\ConduitAutoCompleteSearch.xpt --a---- 166 bytes [16:27 08/11/2012] [04:56 07/11/2012] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\searchplugin\conduit.xml --a---- 933 bytes [16:27 08/11/2012] [04:56 07/11/2012] BE154DBED6CFCD64804F6ABE16E453C9

Searching for "*Incredibar*"
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\W9FMZX7Q\mystart.incredibar[1].xml --a---- 13 bytes [09:48 04/07/2012] [09:48 04/07/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\W9FMZX7Q\search.incredibar[1].xml --a---- 281 bytes [12:13 13/08/2012] [16:27 16/01/2013] 8668610FB1AC58601EE90AE3939B1AB4
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\ffxtlbr@incredibar.com\content\incredibar.css --a---- 1674 bytes [22:16 21/01/2012] [22:16 21/01/2012] 6F21358198F51CAD4033860281A7A75D
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\ffxtlbr@incredibar.com\content\incredibar.xul --a---- 1530 bytes [16:46 23/01/2012] [16:46 23/01/2012] 88049F60C881841357267BB3EBB67425

Searching for "*IObit*"
C:\Windows\System32\config\DEFAULT.iobit --a---- 311296 bytes [19:59 18/01/2013] [19:59 18/01/2013] 6E34DAA208355DB56B29EE4A3EACF292
C:\Windows\System32\config\SAM.iobit --a---- 57344 bytes [19:59 18/01/2013] [19:59 18/01/2013] C641834F76E72CD7C3FF04AE3A14890B
C:\Windows\System32\config\SECURITY.iobit --a---- 28672 bytes [19:59 18/01/2013] [19:59 18/01/2013] 82C0EDB6A8E5708D98341C51C6AD83B4
C:\Windows\System32\config\SOFTWARE.iobit --a---- 82587648 bytes [19:59 18/01/2013] [19:59 18/01/2013] 1C97D2D7539641374D5A5C70C8314AFD
C:\Windows\System32\config\SYSTEM.iobit --a---- 24195072 bytes [19:59 18/01/2013] [19:59 18/01/2013] EE9E7680AFA76BC694F3F22BE7C1AE8D
C:\_OTL\MovedFiles\01242013_162759\C_Boot\BCD.iobit --a---- 28672 bytes [19:59 18/01/2013] [02:45 22/01/2013] BA475F15FE96E02DB050E6E486878519
C:\_OTL\MovedFiles\01242013_162759\C_Program Files (x86)\IObit Toolbar\IE\6.6\iobitToolbarIE.dll --a---- 1230216 bytes [20:42 28/11/2012] [20:42 28/11/2012] 612538856CD6EE99E62EA68AB1B3BF9A
C:\_OTL\MovedFiles\01242013_162759\C_Program Files (x86)\IObit Toolbar\Res\iobit_logo.gif --a---- 1668 bytes [21:13 17/11/2010] [21:13 17/11/2010] 7FBA98931D2A8E856DC70101A342CB55
C:\_OTL\MovedFiles\01242013_162759\C_Program Files (x86)\IObit Toolbar\Res\iobit_logo_hover.gif --a---- 1654 bytes [21:13 17/11/2010] [21:13 17/11/2010] 5A80794DFBB70CA8E1427BA2C51F7EC7
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\ntuser.dat.iobit --a---- 5980160 bytes [19:59 18/01/2013] [02:45 22/01/2013] 963DEEE7E5A9EEECC3F63EE73E47CE5C
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Local\Microsoft\Windows\UsrClass.dat.iobit --a---- 9216000 bytes [19:59 18/01/2013] [02:45 22/01/2013] E890FA648A1B2D5443C0DA34C51E6B31
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\bob@iobit[2].txt --a---- 120 bytes [12:14 15/01/2011] [12:14 15/01/2011] 6D7A0763FEEC3BE97477528EA3CAC16D
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\bob@www.iobit[1].txt --a---- 245 bytes [12:14 15/01/2011] [12:14 15/01/2011] 4DC89AED51F38C3AF098B082575A342C
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\bob@www.iobit[2].txt --a---- 333 bytes [20:33 21/09/2010] [20:33 21/09/2010] 15BEDFE954783AF5E1B25CAEF88AA732
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.iobit[1].txt --a---- 283 bytes [17:59 08/06/2010] [17:59 08/06/2010] 8C8E3212E7520F1E698972D66EE025A3
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\{F0B1CEAC-7C0D-407c-B25E-623D7CBECCCB}\iobit.lock --a---- 1 bytes [16:27 28/03/2012] [16:27 28/03/2012] 7215EE9C7D9DC229D2921A40E899EC5F
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\Desktop\Desktop Icons\Security & Maintenance Tools\IObit Malware Fighter.lnk --a---- 1184 bytes [10:10 17/10/2012] [10:10 17/10/2012] F08E726759A481F44723CA615AE20C40
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\Favorites\IObit Freeware (1).url --a---- 138 bytes [18:30 08/06/2010] [09:47 31/05/2012] DCB2FB90741AE316A9826D30AD19401C
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\Favorites\IObit Freeware.URL --a---- 166 bytes [14:00 29/04/2012] [09:47 31/05/2012] A974D127E1941E168510D7531A68B711
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\Favorites\From Internet Explorer\IObit Freeware.URL --a---- 166 bytes [14:00 29/04/2012] [09:47 31/05/2012] A974D127E1941E168510D7531A68B711
C:\_OTL\MovedFiles\01242013_162759\C_Windows\ServiceProfiles\LocalService\NTUSER.DAT.iobit --a---- 249856 bytes [19:59 18/01/2013] [02:45 22/01/2013] 3F8ED6A583B43CA893716AA752BEF2BA
C:\_OTL\MovedFiles\01242013_162759\C_Windows\ServiceProfiles\NetworkService\NTUSER.DAT.iobit --a---- 262144 bytes [19:59 18/01/2013] [02:45 22/01/2013] EDE9E3659E63E1D73B65A4D6E80104C2

Searching for "*Rapport*"
C:\Users\Luvfishn\Desktop\RapportSetup.exe --a---- 247640 bytes [21:59 23/01/2013] [21:59 23/01/2013] C95B500DB31CF64036BDEC486C8FC00B

========== folderfind ==========

Searching for "*uTorrent*"
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Roaming\uTorrent d------ [13:52 19/03/2012]

Searching for "*Conduit*"
C:\_OTL\MovedFiles\01242013_162759\C_Program Files (x86)\Conduit d------ [13:56 19/03/2012]
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Local\Conduit d------ [13:56 19/03/2012]
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\LocalLow\Conduit d------ [13:56 19/03/2012]
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\conduitCommon d------ [13:56 19/03/2012]

Searching for "*Incredibar*"
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Local\Temp\mt_ffx\Incredibar.com d------ [21:25 03/07/2012]
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Local\Temp\mt_ffx\Incredibar.com\incredibar d------ [21:25 03/07/2012]
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\ffxtlbr@incredibar.com d------ [21:25 03/07/2012]

Searching for "*IObit*"
C:\_OTL\MovedFiles\01242013_162759\C_IObit d------ [20:28 24/01/2013]
C:\_OTL\MovedFiles\01242013_162759\C_\IObit d------ [13:58 20/01/2013]
C:\_OTL\MovedFiles\01242013_162759\C_Program Files (x86)\IObit d------ [18:05 18/03/2012]
C:\_OTL\MovedFiles\01242013_162759\C_Program Files (x86)\IObit Toolbar d------ [23:35 04/12/2012]
C:\_OTL\MovedFiles\01242013_162759\C_Program Files (x86)\IObit\IObit Malware Fighter d------ [01:51 20/03/2012]
C:\_OTL\MovedFiles\01242013_162759\C_ProgramData\IObit d------ [18:06 18/03/2012]
C:\_OTL\MovedFiles\01242013_162759\C_Users\Default\AppData\Roaming\IObit d------ [10:12 23/04/2012]
C:\_OTL\MovedFiles\01242013_162759\C_Users\Default\AppData\Roaming\IObit\IObit Malware Fighter d------ [22:15 30/04/2012]
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\LocalLow\IObit d------ [16:34 28/03/2012]
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Roaming\IObit d------ [18:05 18/03/2012]
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Roaming\IObit\IObit Malware Fighter d------ [01:51 20/03/2012]
C:\_OTL\MovedFiles\01242013_162759\C_Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit d------ [19:54 18/03/2012]

Searching for "*Rapport*"
C:\_OTL\MovedFiles\01242013_162759\C_ProgramData\Trusteer\Rapport d------ [11:01 27/07/2012]
C:\_OTL\MovedFiles\01242013_162759\C_Users\Default\AppData\Local\Trusteer\Rapport d------ [09:51 09/08/2012]
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Local\Trusteer\Rapport d------ [11:03 27/07/2012]

Searching for "*Trusteer*"
C:\_OTL\MovedFiles\01242013_162759\C_ProgramData\Trusteer d------ [11:01 27/07/2012]
C:\_OTL\MovedFiles\01242013_162759\C_Users\Default\AppData\Local\Trusteer d------ [09:51 09/08/2012]
C:\_OTL\MovedFiles\01242013_162759\C_Users\Luvfishn\AppData\Local\Trusteer d------ [11:03 27/07/2012]

========== Regfind ==========

Searching for "uTorrent"
[HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe]
[HKEY_CURRENT_USER\Software\Classes\btdna\DefaultIcon]
@=""C:\Program Files (x86)\uTorrent\uTorrent.exe" ",0"
[HKEY_CURRENT_USER\Software\Classes\btdna\shell\open\command]
@=""C:\Program Files (x86)\uTorrent\uTorrent.exe" "/DNA""
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\Applications\uTorrent.exe]
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\btdna\DefaultIcon]
@=""C:\Program Files (x86)\uTorrent\uTorrent.exe" ",0"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Classes\btdna\shell\open\command]
@=""C:\Program Files (x86)\uTorrent\uTorrent.exe" "/DNA""
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000_Classes\Applications\uTorrent.exe]
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000_Classes\btdna\DefaultIcon]
@=""C:\Program Files (x86)\uTorrent\uTorrent.exe" ",0"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000_Classes\btdna\shell\open\command]
@=""C:\Program Files (x86)\uTorrent\uTorrent.exe" "/DNA""

Searching for "Blekko"
No data found.

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\Palm\Outlook Conduits]
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Application1]
"Conduit"="SgPqiCn.dll"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Application10]
"Conduit"="photos.dll"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Application2]
"Conduit"="SgCalendarCn.dll"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Application3]
"Conduit"="SgContactsCnC.dll"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Application4]
"Conduit"="SgTasksCn.dll"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Application5]
"Conduit"="SgMemosCnC.dll"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Application6]
"Conduit"="SgCalendarCn.dll"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Application7]
"Conduit"="SgContactsCn.dll"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Application8]
"Conduit"="SgTasksCn.dll"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Application9]
"Conduit"="SgMemosCn.dll"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Component0]
"Conduit"="expcn20.dll"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Component1]
"Conduit"="notepad.dll"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Component2]
"Conduit"="voicememo.dll"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Core]
"InstallerConduitState"="0"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\HotSync Manager]
"BackupConduit"="bakcn20.dll"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\HotSync Manager\InstallConduit1]
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\HotSync Manager\InstallConduit2]
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\HotSync Manager\InstallConduit3]
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\SgPrefs]
"IncompatibleUiMessage"="A conflict in the installed conduits has been detected. This is caused when two different conduits are using the same PIM data type (e.g., Address Book vs. Contacts). To fix this problem, use the HotSync Custom dialog to change one set of conduits to "Do Nothing"."
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Palm\Outlook Conduits]
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\Application1]
"Conduit"="SgPqiCn.dll"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\Application10]
"Conduit"="photos.dll"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\Application2]
"Conduit"="SgCalendarCn.dll"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\Application3]
"Conduit"="SgContactsCnC.dll"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\Application4]
"Conduit"="SgTasksCn.dll"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\Application5]
"Conduit"="SgMemosCnC.dll"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\Application6]
"Conduit"="SgCalendarCn.dll"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\Application7]
"Conduit"="SgContactsCn.dll"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\Application8]
"Conduit"="SgTasksCn.dll"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\Application9]
"Conduit"="SgMemosCn.dll"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\Component0]
"Conduit"="expcn20.dll"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\Component1]
"Conduit"="notepad.dll"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\Component2]
"Conduit"="voicememo.dll"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\Core]
"InstallerConduitState"="0"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\HotSync Manager]
"BackupConduit"="bakcn20.dll"
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\HotSync Manager\InstallConduit1]
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\HotSync Manager\InstallConduit2]
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\HotSync Manager\InstallConduit3]
[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\U.S. Robotics\Pilot Desktop\SgPrefs]
"IncompatibleUiMessage"="A conflict in the installed conduits has been detected. This is caused when two different conduits are using the same PIM data type (e.g., Address Book vs. Contacts). To fix this problem, use the HotSync Custom dialog to change one set of conduits to "Do Nothing"."

Searching for "Funmoods"
No data found.

Searching for "gboxapp"
No data found.

Searching for "Incredibar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1]
"Publisher"="IncrediBar"

Searching for "IObit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
"AppPath"="C:\Program Files (x86)\IObit Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RDP-WinIP-Package-MiniLP~31bf3856ad364e35~amd64~en-US~7.1.7601.16398]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2592687.cab_Temp\26F4AAED-379F-4111-9D6F-E519AA239E46\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RDP-WinIP-Package-TopLevel~31bf3856ad364e35~amd64~~7.1.7601.16398]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2592687.cab_Temp\26F4AAED-379F-4111-9D6F-E519AA239E46\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RDP-WinIP-Package~31bf3856ad364e35~amd64~en-US~7.1.7601.16398]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2592687.cab_Temp\26F4AAED-379F-4111-9D6F-E519AA239E46\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RDP-WinIP-Package~31bf3856ad364e35~amd64~~7.1.7601.16398]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2592687.cab_Temp\26F4AAED-379F-4111-9D6F-E519AA239E46\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RemoteDesktopClient-WinIP-Package~31bf3856ad364e35~amd64~en-US~7.1.7601.16398]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2592687.cab_Temp\26F4AAED-379F-4111-9D6F-E519AA239E46\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RemoteDesktopClient-WinIP-Package~31bf3856ad364e35~amd64~~7.1.7601.16398]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2592687.cab_Temp\26F4AAED-379F-4111-9D6F-E519AA239E46\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RemoteDesktopService-WinIP-Package~31bf3856ad364e35~amd64~en-US~7.1.7601.16398]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2592687.cab_Temp\26F4AAED-379F-4111-9D6F-E519AA239E46\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RemoteDesktopService-WinIP-Package~31bf3856ad364e35~amd64~~7.1.7601.16398]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2592687.cab_Temp\26F4AAED-379F-4111-9D6F-E519AA239E46\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2675157~31bf3856ad364e35~amd64~~9.4.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2675157.cab_Temp\6B49F6B0-93E1-454D-8B44-5B325E9CFAC2\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2709981~31bf3856ad364e35~amd64~~6.1.2.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2709981.cab_Temp\CBD65FB9-7258-459C-A844-F4ED5378343B\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_26_for_KB2574819~31bf3856ad364e35~amd64~~6.1.1.7]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2574819.cab_Temp\4DC2ED97-50AD-4999-BFD5-1E2E6CFB5089\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_27_for_KB2574819~31bf3856ad364e35~amd64~~6.1.1.7]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2574819.cab_Temp\4DC2ED97-50AD-4999-BFD5-1E2E6CFB5089\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_29_for_KB2574819~31bf3856ad364e35~amd64~~6.1.1.7]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2574819.cab_Temp\4DC2ED97-50AD-4999-BFD5-1E2E6CFB5089\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2653956.cab_Temp\96D2D4E3-1F02-4EF4-97F5-117D92C426D0\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2679255~31bf3856ad364e35~amd64~~6.1.2.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2679255.cab_Temp\072C0885-7440-4D56-982F-6CD2C238AB66\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_3_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2653956.cab_Temp\96D2D4E3-1F02-4EF4-97F5-117D92C426D0\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_3_for_KB2679255~31bf3856ad364e35~amd64~~6.1.2.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2679255.cab_Temp\072C0885-7440-4D56-982F-6CD2C238AB66\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_9_for_KB2679255~31bf3856ad364e35~amd64~~6.1.2.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2679255.cab_Temp\072C0885-7440-4D56-982F-6CD2C238AB66\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2574819_SP1~31bf3856ad364e35~amd64~~6.1.1.7]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2574819.cab_Temp\4DC2ED97-50AD-4999-BFD5-1E2E6CFB5089\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2574819~31bf3856ad364e35~amd64~~6.1.1.7]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 6\KB2574819.cab_Temp\4DC2ED97-50AD-4999-BFD5-1E2E6CFB5089\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2653956_SP1~31bf3856ad364e35~amd64~~6.1.1.5]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2653956.cab_Temp\96D2D4E3-1F02-4EF4-97F5-117D92C426D0\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2653956.cab_Temp\96D2D4E3-1F02-4EF4-97F5-117D92C426D0\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2675157_RTM~31bf3856ad364e35~amd64~~9.4.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2675157.cab_Temp\6B49F6B0-93E1-454D-8B44-5B325E9CFAC2\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2675157~31bf3856ad364e35~amd64~~9.4.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2675157.cab_Temp\6B49F6B0-93E1-454D-8B44-5B325E9CFAC2\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2679255_RTM~31bf3856ad364e35~amd64~~6.1.2.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2679255.cab_Temp\072C0885-7440-4D56-982F-6CD2C238AB66\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2679255_SP1~31bf3856ad364e35~amd64~~6.1.2.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2679255.cab_Temp\072C0885-7440-4D56-982F-6CD2C238AB66\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2679255~31bf3856ad364e35~amd64~~6.1.2.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2679255.cab_Temp\072C0885-7440-4D56-982F-6CD2C238AB66\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2709981_SP1~31bf3856ad364e35~amd64~~6.1.2.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2709981.cab_Temp\CBD65FB9-7258-459C-A844-F4ED5378343B\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2709981~31bf3856ad364e35~amd64~~6.1.2.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2709981.cab_Temp\CBD65FB9-7258-459C-A844-F4ED5378343B\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\IObit Toolbar\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\IObit Toolbar\Res\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\IObit Toolbar\Res\Lang\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\IObit Toolbar\FF\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\IObit Toolbar\FF\chrome\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\IObit Toolbar\IE\6.6\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\IObit Toolbar\IE\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\227891B259797954E88A157FD9F260A0]
"E5D7A28B1734BBF4793EA1C766649A33"="C:\Program Files (x86)\IObit Toolbar\WidgiHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23B4B261A2ECC1943BE70631F436E48A]
"E5D7A28B1734BBF4793EA1C766649A33"="C:\Program Files (x86)\IObit Toolbar\Res\Lang\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\31DCED2B089CF994E8AE06ACC68A5EE9]
"E5D7A28B1734BBF4793EA1C766649A33"="C:\Program Files (x86)\IObit Toolbar\Res\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49EFEF44F9F9E174D88D2367B8D09298]
"E5D7A28B1734BBF4793EA1C766649A33"="C:\Program Files (x86)\IObit Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7F690F9F1CABCA34A98316B70CEF929B]
"E5D7A28B1734BBF4793EA1C766649A33"="C:\Program Files (x86)\IObit Toolbar\IE\6.6\iobitToolbarIE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8AA3AE5B29805BA45936E77BE5D17854]
"E5D7A28B1734BBF4793EA1C766649A33"="C?\Program Files (x86)\IObit Toolbar\FF\install.rdf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98726D23C6BC87F4FAC2D95AE4948E72]
"E5D7A28B1734BBF4793EA1C766649A33"="C?\Program Files (x86)\IObit Toolbar\FF\chrome\chrome.jar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A2A9776E1D82C384AAF9A1C74B6EFF03]
"E5D7A28B1734BBF4793EA1C766649A33"="C?\Program Files (x86)\IObit Toolbar\FF\chrome.manifest"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C8B34D3806072054880CD17980F94CCF]
"E5D7A28B1734BBF4793EA1C766649A33"="C:\Program Files (x86)\IObit Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E5D7A28B1734BBF4793EA1C766649A33\InstallProperties]
"InstallLocation"="C:\Program Files (x86)\IObit Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E5D7A28B1734BBF4793EA1C766649A33\InstallProperties]
"DisplayName"="IObit Toolbar v6.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
"AppPath"="C:\Program Files (x86)\IObit Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter"

Searching for "Rapport"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Trusteer\Rapport\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Trusteer\Rapport\bin\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Trusteer\Rapport\bin\x64\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\184F97B0114E2454F945388651600D21]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19681\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30B6297A103051A4EA88586B82CF8953]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19917\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3AF252B42455C054A8C5D582418D33E4]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4998D4CAFB29ED2429752DD6A2EBC7C2]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\KoanLight_41311.rpkg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4998D4CAFB29ED2429752DD6A2EBC7C2]
"10000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4DAA008A16873814EB34949637601218]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\NikkoLight_39820.rpkg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4DAA008A16873814EB34949637601218]
"10000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6406074B7A68DFE4A9D05C641274D19C]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\18481\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69EC7AEB378309D4484447304851332C]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19417\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D8ED67F246AE484AAC5070B6D19A1E1]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\17053\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94F383FCE0103DB45AAF8A9C449ADBCA]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\18130\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D2261D0CC4D1694DB1EC5877F83BA85]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\TanzanLight_39750.rpkg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D2261D0CC4D1694DB1EC5877F83BA85]
"10000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A14715CD5BFDF43B0DE6BCAF4E5728]
"10000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A14715CD5BFDF43B0DE6BCAF4E5728]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF61A5397EF5DEE48A8DD633E51DC755]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS_39624.rpkg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF61A5397EF5DEE48A8DD633E51DC755]
"10000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E568096D548215947887D41B47F21743]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\RapportGP_38854.rpkg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E568096D548215947887D41B47F21743]
"10000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E69EE9F6EBC26FD4CAB2AD12D31485A9]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\19514\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}]
"DisplayName"="Rapport"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility Assistant]
"ExecutablestoExclude"="C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_34302]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000]
"Service"="RapportCerberus_34302"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000]
"DeviceDesc"="RapportCerberus_34302"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_42020]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000]
"Service"="RapportCerberus_42020"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000]
"DeviceDesc"="RapportCerberus_42020"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_43926]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000]
"Service"="RapportCerberus_43926"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000]
"DeviceDesc"="RapportCerberus_43926"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_44365]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000]
"Service"="RapportCerberus_44365"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000]
"DeviceDesc"="RapportCerberus_44365"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTEI64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTEI64\0000]
"Service"="RapportEI64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTEI64\0000]
"DeviceDesc"="RapportEI64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTPG64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTPG64\0000]
"Service"="RapportPG64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RAPPORTPG64\0000]
"DeviceDesc"="RapportPG64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_34302]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000]
"Service"="RapportCerberus_34302"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000]
"DeviceDesc"="RapportCerberus_34302"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_42020]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000]
"Service"="RapportCerberus_42020"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000]
"DeviceDesc"="RapportCerberus_42020"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_43926]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000]
"Service"="RapportCerberus_43926"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000]
"DeviceDesc"="RapportCerberus_43926"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_44365]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000]
"Service"="RapportCerberus_44365"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000]
"DeviceDesc"="RapportCerberus_44365"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTEI64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTEI64\0000]
"Service"="RapportEI64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTEI64\0000]
"DeviceDesc"="RapportEI64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTPG64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTPG64\0000]
"Service"="RapportPG64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RAPPORTPG64\0000]
"DeviceDesc"="RapportPG64"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_34302]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000]
"Service"="RapportCerberus_34302"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_34302\0000]
"DeviceDesc"="RapportCerberus_34302"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_42020]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000]
"Service"="RapportCerberus_42020"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_42020\0000]
"DeviceDesc"="RapportCerberus_42020"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_43926]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000]
"Service"="RapportCerberus_43926"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_43926\0000]
"DeviceDesc"="RapportCerberus_43926"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_44365]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000]
"Service"="RapportCerberus_44365"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTCERBERUS_44365\0000]
"DeviceDesc"="RapportCerberus_44365"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTEI64]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTEI64\0000]
"Service"="RapportEI64"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTEI64\0000]
"DeviceDesc"="RapportEI64"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTPG64]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTPG64\0000]
"Service"="RapportPG64"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RAPPORTPG64\0000]
"DeviceDesc"="RapportPG64"

Searching for "Trusteer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Trusteer\Rapport\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Trusteer\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Trusteer\Rapport\bin\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Trusteer\Rapport\bin\x64\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\184F97B0114E2454F945388651600D21]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19681\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30B6297A103051A4EA88586B82CF8953]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19917\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3AF252B42455C054A8C5D582418D33E4]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4998D4CAFB29ED2429752DD6A2EBC7C2]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\KoanLight_41311.rpkg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4998D4CAFB29ED2429752DD6A2EBC7C2]
"10000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4DAA008A16873814EB34949637601218]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\NikkoLight_39820.rpkg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4DAA008A16873814EB34949637601218]
"10000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6406074B7A68DFE4A9D05C641274D19C]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\18481\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69EC7AEB378309D4484447304851332C]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19417\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D8ED67F246AE484AAC5070B6D19A1E1]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\17053\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94F383FCE0103DB45AAF8A9C449ADBCA]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\18130\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D2261D0CC4D1694DB1EC5877F83BA85]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\TanzanLight_39750.rpkg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D2261D0CC4D1694DB1EC5877F83BA85]
"10000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A14715CD5BFDF43B0DE6BCAF4E5728]
"10000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A14715CD5BFDF43B0DE6BCAF4E5728]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF61A5397EF5DEE48A8DD633E51DC755]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS_39624.rpkg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF61A5397EF5DEE48A8DD633E51DC755]
"10000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E568096D548215947887D41B47F21743]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\RapportGP_38854.rpkg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E568096D548215947887D41B47F21743]
"10000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E69EE9F6EBC26FD4CAB2AD12D31485A9]
"00000000000000000000000000000000"="C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\19514\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}]
"Publisher"="Trusteer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility Assistant]
"ExecutablestoExclude"="C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe"

Searching for "whitesmoke"
No data found.

-= EOF =-
luvfishn
Regular Member
 
Posts: 28
Joined: January 21st, 2013, 10:03 am
Location: Canada/USA

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby luvfishn » January 25th, 2013, 9:37 am

I'm back with the results for step 3 "Fresh OTL Scan". My copy/paste skills are getting a real work out :)

I understood and had no problems executing the instructions provided by you.
The computer seems to be acting normally at this point in the process.

I'm now on standby waiting for further instructions by you. A huge amount of THANKS for your
assistance to date! :)


OTL logfile created on: 1/25/2013 9:17:45 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Luvfishn\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 5.62 Gb Available Physical Memory | 71.05% Memory free
19.77 Gb Paging File | 17.38 Gb Available in Paging File | 87.90% Paging File free
Paging file location(s): c:\pagefile.sys 12147 12147 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 579.64 Gb Total Space | 377.34 Gb Free Space | 65.10% Space Free | Partition Type: NTFS
Drive E: | 22.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive S: | 2794.49 Gb Total Space | 2194.24 Gb Free Space | 78.52% Space Free | Partition Type: NTFS

Computer Name: BOBS_LAPTOP | User Name: Luvfishn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/23 18:21:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Luvfishn\Desktop\OTL.exe
PRC - [2013/01/07 15:53:22 | 000,340,992 | ---- | M] () -- C:\ProgramData\CloudSoft\SaveByClick\SaveByClick.exe
PRC - [2012/12/23 10:39:38 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/12/21 09:26:34 | 000,979,816 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe
PRC - [2012/12/20 22:43:14 | 001,434,984 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
PRC - [2012/12/20 22:43:12 | 000,735,592 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
PRC - [2012/11/29 22:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/28 16:41:36 | 001,123,720 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012/11/23 06:54:12 | 001,537,304 | ---- | M] (SecureKey Technologies Inc.) -- C:\Users\Luvfishn\AppData\Local\SecureKey\1.1.3149.6452\SecureKey.exe
PRC - [2012/11/22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe
PRC - [2012/11/22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe
PRC - [2012/11/13 14:18:00 | 000,279,368 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
PRC - [2012/09/06 09:46:00 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
PRC - [2012/09/06 09:45:58 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
PRC - [2012/09/06 09:45:46 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
PRC - [2012/09/03 08:13:08 | 000,188,760 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012/06/14 10:04:26 | 001,177,536 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2012/06/14 10:04:24 | 001,151,424 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2012/06/14 09:58:24 | 005,235,128 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2012/06/14 09:57:20 | 000,248,248 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2012/01/06 15:30:00 | 001,446,760 | ---- | M] (Garmin) -- C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/12 01:45:18 | 002,433,024 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
PRC - [2011/07/19 11:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
PRC - [2011/02/01 17:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 17:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/12/25 20:05:54 | 001,716,144 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
PRC - [2010/08/16 14:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2010/06/04 20:32:58 | 000,252,792 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
PRC - [2004/04/13 16:03:10 | 000,299,008 | ---- | M] (Palm, Inc.) -- C:\Program Files (x86)\palmOne\HOTSYNC.EXE


========== Modules (No Company Name) ==========

MOD - [2013/01/09 14:22:20 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 14:21:51 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 14:21:47 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/01/09 12:02:29 | 000,393,216 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\84068bac0b3859c94652214e0b90dfc6\System.Xml.Linq.ni.dll
MOD - [2013/01/09 12:01:20 | 001,801,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cbb7db665b3ba25a931258eb702527f5\System.Xaml.ni.dll
MOD - [2013/01/09 11:45:33 | 018,002,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f28a346ae10e2eec581608f591cf7116\PresentationFramework.ni.dll
MOD - [2013/01/09 11:45:26 | 013,199,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\08fca556cf3fe582233fa080cdbec8f1\System.Windows.Forms.ni.dll
MOD - [2013/01/09 11:45:13 | 011,451,904 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8983c040161b34c64474f195bff5e2de\PresentationCore.ni.dll
MOD - [2013/01/09 11:45:07 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7d6b122bee0977d953ee2409d74c3c25\PresentationFramework.Aero.ni.dll
MOD - [2013/01/09 11:45:01 | 000,745,984 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\2953bd325cbadeb5da550379e3185950\System.Security.ni.dll
MOD - [2013/01/09 11:44:59 | 007,069,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\08bebcf66ad666dfdf2a4a934d79c0f9\System.Core.ni.dll
MOD - [2013/01/09 11:44:56 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d884c684ee3f738a60e3c50dd5d88caa\System.Xml.ni.dll
MOD - [2013/01/09 11:44:56 | 003,858,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\5dbabea688adfc665e3453561736699a\WindowsBase.ni.dll
MOD - [2013/01/09 11:44:51 | 001,667,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b83993cc955262507c8ead67567c8060\System.Drawing.ni.dll
MOD - [2013/01/09 11:44:48 | 009,094,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\df418085cedae9fa2efee87e20a419a4\System.ni.dll
MOD - [2013/01/09 11:44:41 | 014,413,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\60c214b6ad5691e368a16ec65d127c27\mscorlib.ni.dll
MOD - [2012/12/21 09:26:34 | 000,979,816 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe
MOD - [2012/12/20 22:43:24 | 000,785,256 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\sqlite3.dll
MOD - [2012/11/29 22:07:48 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012/11/29 22:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/08/12 01:45:26 | 000,198,144 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll
MOD - [2011/08/12 01:45:18 | 002,433,024 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
MOD - [2010/12/12 06:58:14 | 000,502,784 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_xrc_vc_rny.dll
MOD - [2010/12/12 06:58:00 | 000,131,584 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxbase28u_xml_vc_rny.dll
MOD - [2010/12/12 06:57:56 | 000,485,376 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_html_vc_rny.dll
MOD - [2010/12/12 06:57:44 | 000,707,584 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_adv_vc_rny.dll
MOD - [2010/12/12 06:57:36 | 002,633,216 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_core_vc_rny.dll
MOD - [2010/12/12 06:56:46 | 001,205,760 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxbase28u_vc_rny.dll
MOD - [2010/05/23 14:20:08 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\lfs.dll
MOD - [2010/05/23 14:20:04 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\lua51.dll
MOD - [2005/01/02 09:22:48 | 000,776,192 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/13 09:26:50 | 001,259,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (WebOptimizer)
SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/09/03 08:13:08 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2011/07/01 15:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/06/10 01:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/06/01 16:38:30 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/06/01 16:23:40 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/06/01 16:19:58 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/05/24 13:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/05/17 18:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/10/20 18:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/08/22 09:26:52 | 000,535,608 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV - [2013/01/19 11:42:22 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/19 09:05:34 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/20 22:43:12 | 000,735,592 | ---- | M] (Anvisoft) [Auto | Running] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe -- (asdsrv)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/28 16:34:18 | 000,793,600 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/11/22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012/11/22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2012/11/13 14:18:00 | 000,279,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe -- (ADBlockerSrv)
SRV - [2012/09/06 09:46:00 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm)
SRV - [2012/09/06 09:45:58 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm)
SRV - [2012/08/03 16:22:18 | 000,352,248 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2012/06/14 10:04:26 | 001,177,536 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2012/06/14 10:04:24 | 001,151,424 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2012/06/14 09:57:20 | 000,248,248 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2012/06/07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/07/19 11:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/11 21:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/01 17:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 17:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/18 09:36:56 | 000,032,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2012/12/06 12:11:40 | 011,518,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/11/29 10:30:40 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/11/29 10:30:39 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/11/29 10:30:39 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/11/07 03:16:18 | 000,017,232 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\asdws.sys -- (asdws)
DRV:64bit: - [2012/11/07 03:16:16 | 000,023,376 | ---- | M] (Anvisoft) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\asdrs.sys -- (asdrs)
DRV:64bit: - [2012/11/07 03:16:16 | 000,018,768 | ---- | M] (Anvisoft) [File_System | System | Running] -- C:\Windows\SysNative\drivers\asdrm.sys -- (asdrm)
DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/06/26 16:37:59 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2012/04/18 14:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2012/04/12 21:30:40 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/24 06:04:01 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/08/05 16:34:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/08/05 16:34:00 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/06/27 13:55:50 | 012,231,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/06/09 23:28:22 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2011/05/26 08:21:28 | 000,174,680 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 18:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 18:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/02/08 23:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 23:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/12 21:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 20:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/03/22 14:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/31 00:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/29 20:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/19 23:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/25 16:23:26 | 000,035,392 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2012/09/07 13:52:02 | 000,019,280 | ---- | M] () [File_System | System | Running] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys -- (asdnet)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{8F4C1368-E852-41DB-8F35-CF7ECA9E6AA6}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=bd ... 48c15be&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{904F4B4E-2A11-4D1C-B20D-E036D2A72F52}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.soft-quick.info/
IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKLM\..\SearchScopes\{904F4B4E-2A11-4D1C-B20D-E036D2A72F52}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.soft-quick.info/?l=1&q={searchTerms}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {904F4B4E-2A11-4D1C-B20D-E036D2A72F52}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {904F4B4E-2A11-4D1C-B20D-E036D2A72F52}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.dishpointer.com/http:/ [Binary data over 200 bytes]
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E B0 A5 2C 34 E8 CD 01 [binary data]
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://investdb.theglobeandmail.com/inv ... de=SECLIST
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes,DefaultScope = {4E778202-4B72-48B6-9807-3F47E180F166}
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{48639E64-816C-1E71-A11F-AF2D7041DC94}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z013&form=ZGAIDF
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{48D4B666-7434-421B-B72C-2944CCD531AF}: "URL" = http://cnet.search.com/search?chkpt=ast ... ch.cnet&q={searchTerms}&tag=srch
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{4E778202-4B72-48B6-9807-3F47E180F166}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =800236&p={searchTerms}
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{5B291E6C-9A74-4034-971B-A4B007A0B315}: "URL" = http://radiobar.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7TSHB_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=NYVtCTU9 ... CuOV4h0?q={searchTerms}
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{8F4C1368-E852-41DB-8F35-CF7ECA9E6AA6}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=bd ... 48c15be&q={searchTerms}
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{904F4B4E-2A11-4D1C-B20D-E036D2A72F52}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS475
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{93D74BA3-49E8-4412-8089-53F624378339}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{A2073805-171C-433F-8870-86ECA7DB6DDD}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =642886&p={searchTerms}
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.soft-quick.info/?l=1&q={searchTerms}
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{C6C63773-426A-494F-A399-77BE17BF9AE9}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{E8930232-4B31-4251-986C-98061BDC75B4}: "URL" = http://www.ant.com/web/{searchTerms}/
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{FC27A2BA-163E-495D-9A2D-FF54C3C6931F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://websearch.soft-quick.info/?l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=800236"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/|https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2|https://account.netzero.net/s/account"
FF - prefs.js..extensions.enabledAddons: DeviceDetection%40logitech.com:1.24.0.9
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: plugin%40selectionlinks.com:1.5
FF - prefs.js..extensions.enabledAddons: FFPDFArchitectConverter%40pdfarchitect.com:1.0
FF - prefs.js..extensions.enabledAddons: abb%40amazon.com:3.0.20121129
FF - prefs.js..extensions.enabledAddons: wtxpcom%40mybrowserbar.com:6.6
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7Bbf7380fa-e3b4-4db2-af3e-9d8783a45bfc%7D:3.16.0.3
FF - prefs.js..extensions.enabledAddons: %7Be9df9360-97f8-4690-afe6-996c80790da4%7D:3.16.0.3
FF - prefs.js..extensions.enabledAddons: %7B214ccfbe-f58a-4668-8403-eca590d20530%7D:1.1.3149.6948
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Luvfishn\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/09/13 08:45:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/20 13:31:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/09/13 08:45:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/12/16 13:30:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/23 10:40:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013/01/01 10:04:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/12/23 10:40:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 09:05:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/19 09:05:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/20 13:31:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 09:05:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/19 09:05:18 | 000,000,000 | ---D | M]

[2012/03/18 13:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Extensions
[2013/01/25 08:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions
[2012/11/30 12:56:08 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2013/01/25 08:48:32 | 000,000,000 | ---D | M] (SecureKey Extension) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{214ccfbe-f58a-4668-8403-eca590d20530}
[2012/11/09 06:42:16 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/11/09 06:42:20 | 000,000,000 | ---D | M] (uTorrentControl Community Toolbar) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}
[2013/01/01 10:24:09 | 000,000,000 | ---D | M] (SaveByclick) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\50e2ed76c32a0@50e2ed76c32d9.com
[2013/01/17 13:15:36 | 000,000,000 | ---D | M] (SaveByclick) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\50f8306022eb7@50f8306022ef1.com
[2013/01/21 22:42:00 | 000,000,000 | ---D | M] (continuetosave) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\50fe01324d42b@50fe01324d464.com
[2012/05/09 15:07:07 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\DeviceDetection@logitech.com
[2012/12/20 09:40:46 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\plugin@selectionlinks.com
[2013/01/02 10:06:09 | 000,491,479 | ---- | M] () (No name found) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\abb@amazon.com.xpi
[2013/01/24 15:41:16 | 006,683,480 | ---- | M] () (No name found) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{214ccfbe-f58a-4668-8403-eca590d20530}\securekey.unsigned.xpi
[2013/01/21 22:39:38 | 000,000,553 | ---- | M] () -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\searchplugins\WebSearch.xml
[2013/01/23 17:37:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/19 09:05:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/01/19 09:05:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/01/11 09:24:30 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2012/12/16 13:30:49 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013/01/01 10:04:35 | 000,000,000 | ---D | M] (PDF Architect Converter For Firefox) -- C:\PROGRAM FILES (X86)\PDF ARCHITECT\FFPDFARCHITECTEXT
[2013/01/19 09:05:35 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 11:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/06 11:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/12/23 10:40:06 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/08/30 06:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/20 06:12:28 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://websearch.soft-quick.info/
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.0_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\iejjikafebghfjoodkkipahmnijbglpi\1.1.3149.6452_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej\3.0_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidljmjkobeoidolpjpcgdoblhpmiond\1_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.3_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcddbapmmbmogepeclfoenegoopnidb\1\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam\1.0_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\
CHR - Extension: No name found = C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2 - BHO: (no name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found.
O2 - BHO: (no name) - {300BEC06-B743-4D19-86B9-11DC711D7FFB} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (SaveByclick) - {E70B2CE3-F509-3628-8315-4E317E51390E} - C:\ProgramData\SaveByclick\50f8306023048.dll ()
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\Toolbar\WebBrowser: (no name) - {E9DF9360-97F8-4690-AFE6-996C80790DA4} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TOSHIBA Face Recognition] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ADBlocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe ()
O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SMessaging] C:\Users\Luvfishn\AppData\Local\Strongvault Online Backup\SMessaging.exe File not found
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-941371534-4025170946-3007303680-1000..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
O4 - HKU\S-1-5-21-941371534-4025170946-3007303680-1000..\Run: [SecureKey] C:\Users\Luvfishn\AppData\Local\SecureKey\1.1.3149.6948\SecureKey.exe (SecureKey Technologies Inc.)
O4 - HKLM..\RunOnce: [OTL] C:\Users\Luvfishn\Desktop\OTL.exe (OldTimer Tools)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-941371534-4025170946-3007303680-1000..\RunOnce: [SecureKey delete folder] cmd.exe /c RD /S /Q "C:\Users\Luvfishn\AppData\Local\SecureKey\1.1.3149.6452" File not found
O4 - Startup: C:\Users\Luvfishn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files (x86)\palmOne\HOTSYNC.EXE (Palm, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0 ... rol_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F5AFABA-0126-46CF-A3DC-83D522BEA15C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A713D883-06B0-46A4-8361-69CE6657BE74}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\intu-tt2011 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-tt2012 - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2012 {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files (x86)\TurboTax 2012\ic2012pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~2\saveby~1\sprote~1.dll) - c:\Program Files (x86)\SaveByClick\sprotector.dll ()
O20 - AppInit_DLLs: (c:\progra~2\softqu~1\sprote~1.dll) - c:\Program Files (x86)\SoftQuick\sprotector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/02 14:14:20 | 000,000,082 | ---- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{3e3993f3-24d9-11e2-a8fc-dc0ea13b5126}\Shell - "" = AutoRun
O33 - MountPoints2\{3e3993f3-24d9-11e2-a8fc-dc0ea13b5126}\Shell\AutoRun\command - "" = G:\SkStartup.exe
O33 - MountPoints2\{478620fe-fa91-11e1-9aed-dc0ea13b5126}\Shell - "" = AutoRun
O33 - MountPoints2\{478620fe-fa91-11e1-9aed-dc0ea13b5126}\Shell\AutoRun\command - "" = E:\unlock.exe -- [2011/03/09 15:27:17 | 003,728,752 | ---- | M] (Western Digital)
O33 - MountPoints2\{756b32ef-2294-11e2-ac80-dc0ea13b5126}\Shell - "" = AutoRun
O33 - MountPoints2\{756b32ef-2294-11e2-ac80-dc0ea13b5126}\Shell\AutoRun\command - "" = E:\unlock.exe -- [2011/03/09 15:27:17 | 003,728,752 | ---- | M] (Western Digital)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/25 08:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
[2013/01/24 13:21:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/24 13:12:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Luvfishn\Desktop\OTL.exe
[2013/01/23 17:59:40 | 000,247,640 | ---- | C] (Trusteer Ltd.) -- C:\Users\Luvfishn\Desktop\RapportSetup.exe
[2013/01/21 22:39:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftQuick
[2013/01/21 22:39:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ContinueToSave
[2013/01/21 22:38:55 | 000,000,000 | ---D | C] -- C:\ProgramData\continuetosave
[2013/01/21 10:18:40 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/01/21 10:18:07 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\Desktop\MalwareRemoval
[2013/01/20 12:32:29 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Roaming\SUPERAntiSpyware.com
[2013/01/20 12:29:06 | 023,357,120 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Luvfishn\Desktop\SUPERAntiSpyware.exe
[2013/01/19 09:05:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/17 13:23:04 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/01/17 13:23:04 | 000,074,248 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/17 13:07:06 | 000,000,000 | ---D | C] -- C:\ProgramData\CLSoft LTD
[2013/01/17 13:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\CloudSoft
[2013/01/17 13:06:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaveByClick
[2013/01/17 13:06:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013/01/17 13:06:20 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSMAPI32.OCX
[2013/01/17 13:06:16 | 000,103,936 | ---- | C] (pdfforge GbR) -- C:\windows\SysNative\pdfcmon.dll
[2013/01/17 13:06:15 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSMPIDE.DLL
[2013/01/17 12:14:45 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Roaming\SpeedyPC Software
[2013/01/17 12:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2013/01/17 11:28:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TurboTax 2012
[2013/01/17 11:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/01/17 11:15:50 | 009,703,176 | ---- | C] (SurfRight B.V.) -- C:\Users\Luvfishn\Desktop\HitmanPro_x64.exe
[2013/01/17 10:26:44 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
[2013/01/17 10:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Virtualized Applications
[2013/01/16 18:02:59 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Roaming\Anvisoft
[2013/01/16 18:02:48 | 000,023,376 | ---- | C] (Anvisoft) -- C:\windows\SysNative\drivers\asdrs.sys
[2013/01/16 18:02:48 | 000,018,768 | ---- | C] (Anvisoft) -- C:\windows\SysNative\drivers\asdrm.sys
[2013/01/16 18:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\anvisoft
[2013/01/16 18:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2013/01/16 18:02:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2013/01/09 11:29:48 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013/01/09 11:29:48 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2013/01/09 11:29:03 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2013/01/09 11:28:56 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll
[2013/01/09 11:28:40 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs
[2013/01/09 11:28:40 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs
[2013/01/09 11:28:40 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs
[2013/01/09 11:28:40 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs
[2013/01/09 11:28:40 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs
[2013/01/09 11:28:40 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs
[2013/01/09 11:28:40 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs
[2013/01/09 11:28:40 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs
[2013/01/09 11:28:40 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs
[2013/01/09 11:28:40 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs
[2013/01/09 11:28:40 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs
[2013/01/09 11:28:40 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs
[2013/01/09 11:28:40 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs
[2013/01/09 11:28:40 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs
[2013/01/09 11:28:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs
[2013/01/09 11:28:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs
[2013/01/09 11:28:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs
[2013/01/09 11:28:40 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs
[2013/01/09 11:28:40 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs
[2013/01/09 11:28:39 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll
[2013/01/09 11:28:39 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll
[2013/01/09 11:28:39 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll
[2013/01/09 11:28:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs
[2013/01/09 11:28:38 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll
[2013/01/09 11:28:38 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs
[2013/01/09 11:28:38 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs
[2013/01/09 11:28:38 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs
[2013/01/09 11:28:38 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs
[2013/01/09 11:28:38 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs
[2013/01/09 11:28:38 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs
[2013/01/09 11:28:38 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs
[2013/01/09 11:28:38 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs
[2013/01/09 11:26:54 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2013/01/09 11:26:53 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2013/01/09 11:26:53 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2013/01/09 11:26:53 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2013/01/09 11:26:53 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013/01/09 11:26:53 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013/01/09 11:26:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2013/01/09 11:26:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2013/01/09 11:26:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013/01/09 11:26:52 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 11:26:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 11:26:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 11:26:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013/01/09 11:26:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 11:26:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 11:26:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 11:26:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 11:26:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 11:26:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 11:26:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 11:26:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 11:26:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 11:26:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013/01/09 11:26:51 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013/01/09 11:26:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 11:26:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 11:26:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 11:26:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 11:26:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 11:26:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 11:26:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 11:26:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013/01/09 11:25:52 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe
[2013/01/07 11:16:01 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Roaming\Malwarebytes
[2013/01/07 11:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/07 11:15:39 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/01/07 11:15:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/02 09:39:44 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Roaming\PDF Architect
[2013/01/01 11:21:50 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Local\IsolatedStorage
[2013/01/01 10:27:38 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Roaming\Strongvault
[2013/01/01 10:27:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2013/01/01 10:27:10 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Local\Stronghold_LLC
[2013/01/01 10:27:01 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\AI_RecycleBin
[2013/01/01 10:21:53 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSCOMCT2.OCX
[2013/01/01 10:21:51 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Roaming\OpenCandy
[2013/01/01 10:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveByclick
[2013/01/01 10:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveByclick
[2013/01/01 10:05:02 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Roaming\APP_NAME_NON_STRING
[2013/01/01 10:04:51 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\Documents\PDF Architect Files
[2013/01/01 10:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
[2013/01/01 10:04:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Architect
[2013/01/01 09:55:02 | 000,000,000 | ---D | C] -- C:\Users\Luvfishn\AppData\Local\Programs
[2012/12/31 20:05:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2012/06/26 16:37:59 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Luvfishn\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/01/25 08:59:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/01/25 08:49:50 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/25 08:49:50 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/25 08:41:16 | 000,000,437 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.ics
[2013/01/25 08:40:12 | 000,000,392 | -H-- | M] () -- C:\windows\tasks\{70C8A1B6-1D07-4DE3-9566-1A43422BADFE}.job
[2013/01/25 08:39:42 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/01/25 08:39:26 | 2074,099,711 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/23 18:21:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Luvfishn\Desktop\OTL.exe
[2013/01/23 17:59:41 | 000,247,640 | ---- | M] (Trusteer Ltd.) -- C:\Users\Luvfishn\Desktop\RapportSetup.exe
[2013/01/20 12:32:06 | 023,357,120 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Luvfishn\Desktop\SUPERAntiSpyware.exe
[2013/01/19 11:42:22 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/01/19 11:42:22 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/18 09:36:56 | 000,032,152 | ---- | M] () -- C:\windows\SysNative\drivers\hitmanpro37.sys
[2013/01/18 09:35:15 | 000,017,966 | ---- | M] () -- C:\windows\SysNative\.crusader
[2013/01/17 22:54:59 | 000,000,017 | ---- | M] () -- C:\windows\SysWow64\shortcut_ex.dat
[2013/01/17 13:06:24 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013/01/17 13:05:05 | 000,779,788 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/01/17 13:05:05 | 000,665,232 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/01/17 13:05:05 | 000,125,678 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/01/17 11:48:01 | 000,321,024 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/01/17 11:18:33 | 009,703,176 | ---- | M] (SurfRight B.V.) -- C:\Users\Luvfishn\Desktop\HitmanPro_x64.exe
[2013/01/16 18:02:52 | 000,001,195 | ---- | M] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk
[2013/01/16 18:02:37 | 000,001,511 | ---- | M] () -- C:\Users\Public\Desktop\Anvi AD Blocker.lnk
[2013/01/16 12:42:12 | 029,016,792 | ---- | M] () -- C:\Users\Luvfishn\Desktop\asdsetup.exe
[2013/01/11 11:39:42 | 000,103,936 | ---- | M] (pdfforge GbR) -- C:\windows\SysNative\pdfcmon.dll
[2013/01/09 14:52:36 | 001,070,152 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MSCOMCTL.OCX
[2013/01/09 11:46:36 | 000,765,700 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/01/07 11:15:44 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/04 11:49:59 | 000,107,283 | ---- | M] () -- C:\windows\SysNative\tmp.xml
[2013/01/04 10:45:58 | 000,007,144 | ---- | M] () -- C:\Users\Luvfishn\Desktop\Sun Trust Nov Statement.pdf
[2013/01/04 10:44:24 | 000,009,131 | ---- | M] () -- C:\Users\Luvfishn\Desktop\Sun Trust Dec Statement.pdf
[2013/01/01 10:05:05 | 000,001,004 | ---- | M] () -- C:\Users\Luvfishn\Desktop\PDF Architect.lnk
[2013/01/01 09:50:11 | 000,096,409 | ---- | M] () -- C:\Users\Luvfishn\Desktop\Staples Photo Paper rebate 1Jan13.pdf
[2013/01/01 09:48:44 | 000,093,762 | ---- | M] () -- C:\Users\Luvfishn\Desktop\__www.stapleseasyrebates.com_staples_Confirmation.do.pdf

========== Files Created - No Company Name ==========

[2013/01/17 22:54:59 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat
[2013/01/17 13:23:05 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/01/17 13:07:01 | 000,000,392 | -H-- | C] () -- C:\windows\tasks\{70C8A1B6-1D07-4DE3-9566-1A43422BADFE}.job
[2013/01/17 13:06:24 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013/01/17 11:48:34 | 000,032,152 | ---- | C] () -- C:\windows\SysNative\drivers\hitmanpro37.sys
[2013/01/17 11:46:23 | 000,017,966 | ---- | C] () -- C:\windows\SysNative\.crusader
[2013/01/16 18:02:52 | 000,001,195 | ---- | C] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk
[2013/01/16 18:02:48 | 000,017,232 | ---- | C] () -- C:\windows\SysNative\drivers\asdws.sys
[2013/01/16 18:02:37 | 000,001,511 | ---- | C] () -- C:\Users\Public\Desktop\Anvi AD Blocker.lnk
[2013/01/16 12:37:34 | 029,016,792 | ---- | C] () -- C:\Users\Luvfishn\Desktop\asdsetup.exe
[2013/01/07 11:15:44 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/04 10:45:57 | 000,007,144 | ---- | C] () -- C:\Users\Luvfishn\Desktop\Sun Trust Nov Statement.pdf
[2013/01/04 10:44:24 | 000,009,131 | ---- | C] () -- C:\Users\Luvfishn\Desktop\Sun Trust Dec Statement.pdf
[2013/01/01 10:05:05 | 000,001,004 | ---- | C] () -- C:\Users\Luvfishn\Desktop\PDF Architect.lnk
[2013/01/01 09:50:11 | 000,096,409 | ---- | C] () -- C:\Users\Luvfishn\Desktop\Staples Photo Paper rebate 1Jan13.pdf
[2013/01/01 09:48:42 | 000,093,762 | ---- | C] () -- C:\Users\Luvfishn\Desktop\__www.stapleseasyrebates.com_staples_Confirmation.do.pdf
[2012/11/16 16:28:23 | 000,102,248 | ---- | C] () -- C:\Users\Luvfishn\GoToAssistDownloadHelper.exe
[2012/08/31 12:48:41 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2012/06/26 16:40:40 | 000,001,041 | ---- | C] () -- C:\Users\Luvfishn\AppData\Roaming\vso_ts_preview.xml
[2012/06/26 16:37:59 | 000,099,384 | ---- | C] () -- C:\Users\Luvfishn\AppData\Roaming\inst.exe
[2012/06/26 16:37:59 | 000,007,859 | ---- | C] () -- C:\Users\Luvfishn\AppData\Roaming\pcouffin.cat
[2012/06/26 16:37:59 | 000,001,167 | ---- | C] () -- C:\Users\Luvfishn\AppData\Roaming\pcouffin.inf
[2012/05/20 13:28:17 | 000,220,615 | ---- | C] () -- C:\windows\hpoins35.dat
[2012/05/20 13:28:17 | 000,000,778 | ---- | C] () -- C:\windows\hpomdl35.dat
[2012/05/18 07:42:03 | 000,000,017 | ---- | C] () -- C:\Users\Luvfishn\AppData\Local\resmon.resmoncfg
[2012/05/03 15:26:20 | 000,005,632 | ---- | C] () -- C:\Users\Luvfishn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/26 08:53:06 | 000,000,149 | ---- | C] () -- C:\windows\QUICKEN.INI
[2012/03/18 12:37:47 | 000,765,700 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/06/27 13:53:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/06/27 13:53:58 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/06/27 13:53:58 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/06/27 13:48:58 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011/06/27 13:28:08 | 013,899,776 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011/02/03 23:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 09:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 09:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 09:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:090FB735
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:1992908D

< End of report >
luvfishn
Regular Member
 
Posts: 28
Joined: January 21st, 2013, 10:03 am
Location: Canada/USA

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby luvfishn » January 25th, 2013, 10:28 am

Just noticed an extra file log was produced by OTL.
The text for it follows ...

OTL Extras logfile created on: 1/25/2013 9:17:45 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Luvfishn\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 5.62 Gb Available Physical Memory | 71.05% Memory free
19.77 Gb Paging File | 17.38 Gb Available in Paging File | 87.90% Paging File free
Paging file location(s): c:\pagefile.sys 12147 12147 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 579.64 Gb Total Space | 377.34 Gb Free Space | 65.10% Space Free | Partition Type: NTFS
Drive E: | 22.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive S: | 2794.49 Gb Total Space | 2194.24 Gb Free Space | 78.52% Space Free | Partition Type: NTFS

Computer Name: BOBS_LAPTOP | User Name: Luvfishn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002B0049-D928-4091-9322-79570BB78E4C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{062D5069-CF6B-4903-9576-CCEB824A91A6}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{063B6785-5A33-41E1-BF5D-276616CBE3E9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0980943E-1E11-408E-8849-11CB9F893C19}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0A7BFD4D-58AA-40DB-91AD-761BE9308915}" = lport=138 | protocol=17 | dir=in | app=system |
"{14DD193B-E5E6-4AF8-B670-3909834A1F65}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C5BC630-2E36-4506-9EAA-E62F69873691}" = lport=50001 | protocol=17 | dir=in | name=iha_messagecenter |
"{24A8C5C3-E507-47FF-B970-0642F830205E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{25351FC6-E61A-4D59-B2F0-0ECE60BCEF7A}" = lport=137 | protocol=17 | dir=in | app=system |
"{274EB5A9-3BDD-40C4-971F-4586C8DCC3D9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{28ED2480-B807-47CB-83C9-42D891EF4F8C}" = rport=445 | protocol=6 | dir=out | app=system |
"{2A30B4A9-E16C-4ACE-A3F1-DBE5F8CED1D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2AEF6444-50EF-44FA-92B1-9E15282F0B6A}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2F264077-3BAB-42C2-8808-92568871B7CA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2FDC904D-4FC2-4CC2-B225-B85101C5D2B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{385F4254-F84E-4E38-B374-209A464FA28B}" = lport=139 | protocol=6 | dir=in | app=system |
"{3B820C80-62DD-43B7-83F6-9A72226EBAC6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{452A6A94-6BE9-4A79-8EB2-61B0BDB79D20}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4ED2F8AC-263F-4A72-BEE5-43EB5583DA3C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5450716C-A89B-49DA-A7EB-39BCE09ABC90}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5908E83F-A67E-4D95-B275-37A845D908C0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{65C85A20-CF58-4DB9-B948-F1EC9EFFE930}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F76C405-315A-443F-A149-7494713CC304}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{732B9E7E-AC50-498C-9EDF-0514087DBA31}" = rport=138 | protocol=17 | dir=out | app=system |
"{74CD130B-F99E-40CF-A2F5-D67B0E1E7314}" = lport=7000 | protocol=17 | dir=in | name=windows easy transfer udp port |
"{7F4A6643-8D65-494D-8163-67AE2926EF43}" = rport=137 | protocol=17 | dir=out | app=system |
"{8877C794-2B8F-4062-8AD5-4EAF89EE5EE8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8D4B1698-5522-4731-884B-62E35660B4F0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{91776914-7706-4988-9E4F-520B228D88B2}" = lport=50001 | protocol=17 | dir=in | name=iha_messagecenter |
"{9787E718-936F-4188-BC5A-0EC18A911E20}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A3C40DBC-4ABC-46D4-A13B-28A9030D1C8D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A608F4BC-9FBB-4647-9E6A-2CED9C99DA90}" = rport=139 | protocol=6 | dir=out | app=system |
"{B0FABD18-5E21-49E8-B399-56F1120973DE}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B121D3DF-E1D9-411A-8E89-5DF0FB228844}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B601BC64-9822-4D72-B2C2-0D078A9FD176}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B8C39C84-E386-483C-BE2B-497DAB751D46}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BEA0D911-8C9A-407F-BAD0-6746CEA0587A}" = lport=445 | protocol=6 | dir=in | app=system |
"{CE72B0B2-95C3-4988-A454-7083899C5F4B}" = lport=7000 | protocol=6 | dir=in | name=windows easy transfer tcp port |
"{D0915438-777E-484C-9120-C932795E8ACE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D19C23D8-220C-4D61-BB4A-DF4EFC14BEAA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DB4BBA55-DFBD-4482-9B00-4B482F81D9FA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EB6119DE-5CBA-48E3-BF5D-52BE3934F895}" = rport=2869 | protocol=6 | dir=out | app=system |
"{F7628304-DC68-4649-9A14-5315F5E95D04}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F84D1531-0F5D-4BB6-9A1F-5658B0279797}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{F9CEC696-7DD9-45AB-A03F-EE6EE20514A8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FD07D9B4-CC76-4C1A-8F89-E9C6762465D8}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{FF4009F4-9540-4AAD-9608-BA87521B98CC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{076E2680-3082-4A3C-8777-9715AFD5211F}" = protocol=17 | dir=in | app=c:\users\luvfishn\appdata\local\temp\7zsb4be.tmp\symnrt.exe |
"{079924EB-641A-47D9-9C4B-59A5AF47F788}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{0A97033B-6C2C-4A0F-9530-528353089BBA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{14F238E0-5D87-457F-9A4F-08BF95E2FCFC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{179BEE0F-9040-421E-A3F9-6E410FCAFD8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{19425CC1-5A8F-4109-BFDD-FD297EB81496}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe |
"{1CCCF3D2-C389-4CB8-A18D-890BF51DA58C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{22E41E40-82A5-48BB-A86F-48D33C46952E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{265E1BCA-8C1D-4CBE-AE24-8BDA5C24B692}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{28D15142-0865-4487-87B9-AE1CF6065983}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{29A5A828-1A17-4DB8-9310-8E8A14E06242}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{2A1D4656-3B17-4355-A7CC-718A0C10D159}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2F769ADD-455C-42DF-BAB2-808028DB25B7}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{360D7532-D9E7-40C3-B7E1-AEF8E807E66A}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{3C5DB9B3-8746-41BA-B9D9-1A7884F8F1C0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{3C87C12A-58FC-4681-BBFD-A45260BAAB41}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{3F0CE717-5F74-4157-8885-84A2A5A3590E}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{3FAC0900-5C32-4E0B-84D3-1584DFEB4F50}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{403409CA-8539-4313-8436-A64D7AACB1C2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{40693332-1CCC-4981-962F-AC9F55C85A22}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{43FA3CF6-3CD6-4D11-ABD6-318114E644D9}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{44CB2F30-135D-40CC-8556-E10B5C7EC6B6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{47937346-5A8A-4E47-AD27-ACAF4EE5147D}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{52D5517E-46AA-4E78-8682-81D022AF970B}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{53259CA0-0B9D-41B4-9F55-03CCC8FDD6E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{53C30A38-375B-4EAC-A4FC-7255FEE57685}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{571CC6DC-F98E-42BD-9E2E-51562CB499B0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{60E52F89-DEDC-447F-AB23-B6EC99A157C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{61BEFF84-2F59-4997-9CFC-9CC13C5DC34D}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{680FCCE5-695C-4A86-A151-4240238DEB55}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{70917B04-5122-46CE-9398-A8BC752F72E8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{71F9730D-27FC-4332-90CC-34DDC7DA107F}" = protocol=6 | dir=out | app=system |
"{7CE12B62-6DAD-466C-B0C5-24A87E076959}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{88C5A3E7-4BAD-4728-BDBF-AA0EA731E850}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8EE473FB-B0B9-459F-AEB6-1733A7CB5BEB}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe |
"{9504C784-6F7B-482D-BEB3-D6705DE593D1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{9A177E1D-C131-482D-B1D1-8FB79357C010}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{9ED72962-9B41-4F57-A6D2-5FE1FD672260}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{A9857C0D-9FBD-42EA-A25D-09D4A94464AB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{AAE59403-2D69-40DF-ABB6-4211433C8255}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{AC17A5BF-653D-4631-B409-EE438CE8A58E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{ACADFF57-A062-4803-9C74-8A1A88391191}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{AD08950C-F53B-4BAA-909A-71BEF7BC6BC6}" = protocol=6 | dir=in | app=c:\users\luvfishn\appdata\local\temp\7zsb4be.tmp\symnrt.exe |
"{B237A923-DFE7-493B-AC20-3E0EA834EA6E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B290D3B9-6DAE-4C18-A2D2-FC6F65D6D4EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B2F51FCB-80C9-4A69-B84A-402FA81EA810}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{B877E973-7294-4168-BA11-1B58551E9BE4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C8580AE8-161A-47C8-A222-6EAFC2D911F8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{C872428A-EEC0-4859-981B-44A990B4821D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{D316DC4F-AEDB-4F88-836F-6243E1BE562D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D411B4F3-A78F-4C1C-A455-C5E714D47214}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{D62399BE-7D6B-4B8C-849F-36DD92B7FD46}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{D7431A5E-8DB2-46A0-9AB7-7D95A170C48C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{D7B61FFB-C80D-4464-9514-AABC44D29AB9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{DA529D3F-A87C-4FC2-B6B8-AE5D27840B8E}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{DE57120F-CDB7-4620-B213-AB57E1BE826D}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{DF12F3A9-92EA-47FB-BA7F-0ADDFB08EA0C}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{E3993706-FF06-4CC3-9705-BB068E238672}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E5FB9C7E-C550-49AF-BC69-4CBD6A1624AE}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{E64ADEDF-1008-494B-87C7-3316A8FF4D95}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EA3ADFBA-90DD-4194-83F0-410C3D9736B0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{EAF673D7-624B-4FC8-B08E-E876F0509C6D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{ED796C4E-7889-48B5-93EB-49B81B88C32C}" = dir=in | app=c:\users\luvfishn\appdata\local\temp\7zs556f\setup\hpznui40.exe |
"{F0D0D8AA-D856-4130-9382-BD7E42ED55E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F258C17B-C1AD-445A-AFFB-3228A2CEBD66}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{F4D96F5F-0D48-4F68-972E-2A0C680672BB}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{FDE529BD-7B1B-4CE6-998E-04E9BE2694A7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{0A943857-FAB4-448A-9E5A-087D20E7ECF1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{1C39489A-611E-4436-ACF5-F8BA1E99AFA7}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{BE5275DB-CEE9-40CD-9E63-7992F7CDEF89}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{CA69E02A-6188-417D-9C6A-07EB913FBFCE}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{4A5B7364-32D7-4543-87A9-BD765B736772}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{5506C222-41EA-43BF-BE11-B8FFC5924A3E}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{71AC7422-B0C5-4E31-BB09-7852E955DD59}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{C2F8D3FD-74EE-4E75-8AC6-A5F627130FBE}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{22A51951-1F45-4C8A-B888-306527F9C45F}" = WD SmartWare
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.485
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
"{42F0FD29-7EB3-4CAA-AF10-BC2619B96D80}" = MrvlUsgTracking64
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{71C4F928-136A-4222-A191-310E081FB96B}" = HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 5
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}" = TOSHIBA eco Utility
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FA0DC1C2-34A4-4478-A693-7C8621EEE334}" = SaveByClick
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Logitech Unifying" = Logitech Unifying Software 2.00
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"SaveByClick" =
"Shop for HP Supplies" = Shop for HP Supplies
"sp6" = Logitech SetPoint 6.32
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.11 (64-bit)
"WNLT" = Web Optimizer

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00FE2935-FB56-4410-AB5F-D6E70C1771D2}" = Garmin WebUpdater
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}" = Vz In Home Agent
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}" = Garmin Lifetime Updater
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12CAA28E-56CA-4C3D-B3F2-7311540DD410}" = TurboTax 2011
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{22613FA5-4D3B-4EE5-8E4A-39EBE649324E}" = Garmin BaseCamp
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26B5A6D1-1F75-3B59-5825-E4D4CAE3445D}" =
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB2.0 VIDBOX NW03
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3BE24392-35A7-4A84-AA82-EF53EFCA2AF8}" = Machete 3.8
"{3D12E3F0-3E73-4267-B452-2BBF140343E6}" = Verizon Download Manager
"{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}" = Garmin USB Drivers
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E9C9EE1-1964-4519-BF80-652E7F415ECF}" = WD Drive Utilities
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{44FF002B-5AB3-4447-8F98-614387B63EE6}" = honestech VHS to DVD 5.0 Deluxe
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{59E44523-0F0F-4454-9F37-E951BBA55B84}" = C309a
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5E33D30D-D896-4D92-B033-5F45819B2937}" = Strongvault Online Backup
"{617773AE-ADBA-4479-BB04-65FE7758B35C}" = TOSHIBA Wireless Display Monitor
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA VIDEO PLAYER
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7257132D-7F65-41E6-A90F-43BF6099461A}" = Intel(R) WiDi
"{726DDC29-79B3-41B4-BDBF-97DF25BF1EA8}" = TurboTax 2012
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth
"{834265C4-CDF4-44D3-BD24-31531617EFB8}" = IHA_MessageCenter
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B542C2E-D2AC-4460-B9F2-BA5A907A544F}" = honestech VHS to DVD 5.0 Deluxe
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-00D1-0409-0000-0000000FF1CE}" = Microsoft Access database engine 2010 (English)
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A6C3D5F0-3C6C-46BF-A8D0-06EE92E02E9E}_is1" = AD Blocker
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC015C45-1667-40A4-A126-966EE5629062}" = Quicken 2010
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C31337DE-0CDC-45A9-9A32-F099AC78D557}" = Toshiba Book Place
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{C82185E8-C27B-4EF4-2011-4444BC2C2B6D}" = Microsoft Streets & Trips 2011
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0AE9222-C133-4135-BE5B-BE6ED6D6D78B}" = DeLorme Street Atlas USA 2011
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE2E1909-12C2-4249-8003-7978BEA3A14F}" = Garmin City Navigator North America NT 2013.10 Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1AC923B-2A52-4C5D-8011-5FC83CD58CF4}" = hppusgP1000
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FA0E7183-6B11-4899-B25F-2C490543967E}" = PS_AIO_05_C309_Software_Min
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Anvi Smart Defender" = Anvi Smart Defender 1.8
"BFGC" = Big Fish Games: Game Manager
"BFG-Hidden Expedition - Titanic" = Hidden Expedition &reg;: Titanic
"BFG-Magic Ball 2 New Worlds" = Magic Ball 2 New Worlds
"Cisco Connect" = Cisco Connect
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DivX Setup" = DivX Setup
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"ImgBurn" = ImgBurn
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"KeePass Password Safe_is1" = KeePass Password Safe 1.21
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Matroska Pack" = Matroska Pack
"Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"Rainlendar2" = Rainlendar2 (remove only)
"RealPlayer 16.0" = RealPlayer
"SP_661c9f97" =
"SP_a8235b05" = Search Assistant SoftQuick 1.66
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WTA-2f485546-2f39-4fd4-bd43-84fbd11f6664" = RollerCoaster Tycoon 3: Platinum
"WTA-31115219-cfb3-4b1b-a545-50604171683d" = Bejeweled 3
"WTA-46c72ae7-1ebe-4bd2-9d11-18c33159e5c5" = Tales of Lagoona
"WTA-92fb430d-f2ef-4fd0-80c6-7076da88e682" = Zuma's Revenge
"WTA-94779ac0-4973-410b-9579-c91c390837d0" = Plants vs. Zombies - Game of the Year
"WTA-af48de5f-568c-4f97-83a2-1f6dcaf59c27" = FATE - The Traitor Soul
"WTA-bfa5f194-6483-4b42-b089-4bf5aa2913f0" = Penguins!
"WTA-c49b7352-4bbc-4f16-a77f-713ed645bf8a" = Polar Bowler
"WTA-fe977a71-0bc6-48ef-8157-31fd98284823" = Letters from Nowhere 2
"YouTube Free Downloader" = YouTube Free Downloader

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HuluDesktop" = Hulu Desktop
"SecureKey" = SecureKey

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/6/2012 4:44:03 PM | Computer Name = Bobs_Laptop | Source = SecureKey | ID = 131328
Description =

Error - 11/6/2012 4:44:03 PM | Computer Name = Bobs_Laptop | Source = SecureKey | ID = 131328
Description =

Error - 11/6/2012 4:44:33 PM | Computer Name = Bobs_Laptop | Source = SecureKey | ID = 131328
Description =

Error - 11/6/2012 4:44:33 PM | Computer Name = Bobs_Laptop | Source = SecureKey | ID = 131328
Description =

Error - 11/6/2012 4:44:33 PM | Computer Name = Bobs_Laptop | Source = SecureKey | ID = 131328
Description =

Error - 11/6/2012 4:45:04 PM | Computer Name = Bobs_Laptop | Source = SecureKey | ID = 131328
Description =

Error - 11/6/2012 4:47:34 PM | Computer Name = Bobs_Laptop | Source = SecureKey | ID = 131328
Description =

Error - 11/6/2012 4:49:04 PM | Computer Name = Bobs_Laptop | Source = SecureKey | ID = 131328
Description =

Error - 11/8/2012 12:15:44 PM | Computer Name = Bobs_Laptop | Source = WinMgmt | ID = 10
Description =

Error - 11/8/2012 12:17:52 PM | Computer Name = Bobs_Laptop | Source = Toshiba App Place | ID = 0
Description =

[ Media Center Events ]
Error - 7/22/2012 6:15:09 AM | Computer Name = Bobs_Laptop | Source = MCUpdate | ID = 0
Description = 7:15:08 AM - Failed to retrieve SportsSchedule (Error: The operation
has timed out)

Error - 8/23/2012 6:39:38 AM | Computer Name = Bobs_Laptop | Source = MCUpdate | ID = 0
Description = 7:39:27 AM - Error connecting to the internet. 7:39:27 AM - Unable
to contact server..

Error - 9/16/2012 1:51:38 PM | Computer Name = Bobs_Laptop | Source = MCUpdate | ID = 0
Description = 2:51:38 PM - Error connecting to the internet. 2:51:38 PM - Unable
to contact server..

Error - 9/16/2012 1:51:56 PM | Computer Name = Bobs_Laptop | Source = MCUpdate | ID = 0
Description = 2:51:44 PM - Error connecting to the internet. 2:51:44 PM - Unable
to contact server..

Error - 9/16/2012 2:52:04 PM | Computer Name = Bobs_Laptop | Source = MCUpdate | ID = 0
Description = 3:52:04 PM - Error connecting to the internet. 3:52:04 PM - Unable
to contact server..

Error - 9/16/2012 2:52:14 PM | Computer Name = Bobs_Laptop | Source = MCUpdate | ID = 0
Description = 3:52:09 PM - Error connecting to the internet. 3:52:09 PM - Unable
to contact server..

Error - 9/16/2012 3:52:18 PM | Computer Name = Bobs_Laptop | Source = MCUpdate | ID = 0
Description = 4:52:18 PM - Error connecting to the internet. 4:52:18 PM - Unable
to contact server..

Error - 9/16/2012 3:52:24 PM | Computer Name = Bobs_Laptop | Source = MCUpdate | ID = 0
Description = 4:52:23 PM - Error connecting to the internet. 4:52:23 PM - Unable
to contact server..

Error - 9/16/2012 4:52:28 PM | Computer Name = Bobs_Laptop | Source = MCUpdate | ID = 0
Description = 5:52:28 PM - Error connecting to the internet. 5:52:28 PM - Unable
to contact server..

Error - 9/16/2012 4:52:33 PM | Computer Name = Bobs_Laptop | Source = MCUpdate | ID = 0
Description = 5:52:33 PM - Error connecting to the internet. 5:52:33 PM - Unable
to contact server..

[ System Events ]
Error - 1/24/2013 1:26:46 PM | Computer Name = Bobs_Laptop | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Multimedia Class Scheduler
service, but this action failed with the following error: %%1056

Error - 1/24/2013 4:27:59 PM | Computer Name = Bobs_Laptop | Source = Service Control Manager | ID = 7034
Description = The AD Blocker Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/24/2013 4:27:59 PM | Computer Name = Bobs_Laptop | Source = Service Control Manager | ID = 7031
Description = The Common Client Job Manager Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 1/24/2013 7:08:45 PM | Computer Name = Bobs_Laptop | Source = Service Control Manager | ID = 7034
Description = The Application Updater service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/24/2013 7:08:45 PM | Computer Name = Bobs_Laptop | Source = Service Control Manager | ID = 7031
Description = The Common Client Job Manager Service service terminated unexpectedly.
It has done this 2 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 1/24/2013 9:02:05 PM | Computer Name = Bobs_Laptop | Source = ipnathlp | ID = 31004
Description =

Error - 1/25/2013 8:39:21 AM | Computer Name = Bobs_Laptop | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 1/25/2013 8:39:21 AM | Computer Name = Bobs_Laptop | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 1/25/2013 8:39:50 AM | Computer Name = Bobs_Laptop | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 1/25/2013 8:45:15 AM | Computer Name = Bobs_Laptop | Source = Service Control Manager | ID = 7034
Description = The Application Updater service terminated unexpectedly. It has done
this 1 time(s).
luvfishn
Regular Member
 
Posts: 28
Joined: January 21st, 2013, 10:03 am
Location: Canada/USA

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby pgmigg » January 25th, 2013, 12:52 pm

Hello luvfishn,

Great job! :D
I understood and had no problems executing the instructions provided by you.
The computer seems to be acting normally at this point in the process.
Absence of symptoms does not mean that everything is clear.
I'm now on standby waiting for further instructions by you. A huge amount of THANKS for your
assistance to date!
You are welcome, luvfishn!
But we are not finished yet...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{8F4C1368-E852-41DB-8F35-CF7ECA9E6AA6}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=bd ... 48c15be&q= {searchTerms}
    IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found
    IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{4E778202-4B72-48B6-9807-3F47E180F166}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =800236&p= {searchTerms}
    IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{5B291E6C-9A74-4034-971B-A4B007A0B315}: "URL" = http://radiobar.toolbarhome.com/search.aspx?q= {searchTerms}&srch=dsp
    IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=NYVtCTU9 ... CuOV4h0?q= {searchTerms}
    IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{8F4C1368-E852-41DB-8F35-CF7ECA9E6AA6}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=bd ... 48c15be&q= {searchTerms}
    IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{48D4B666-7434-421B-B72C-2944CCD531AF}: "URL" = http://cnet.search.com/search?chkpt=ast ... ch.cnet&q= {searchTerms}&tag=srch
    IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{93D74BA3-49E8-4412-8089-53F624378339}: "URL" = http://search.yahoo.com/search?p= {searchTerms}&ei=utf-8&fr=ie8
    IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{A2073805-171C-433F-8870-86ECA7DB6DDD}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =642886&p= {searchTerms}
    IE - HKU\S-1-5-21-941371534-4025170946-3007303680-1000\..\SearchScopes\{E8930232-4B31-4251-986C-98061BDC75B4}: "URL" = http://www.ant.com/web/ {searchTerms}/
    FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar Customized Web Search"
    FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
    [2012/11/09 06:42:16 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    [2012/11/09 06:42:20 | 000,000,000 | ---D | M] (uTorrentControl Community Toolbar) -- C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}
    O2 - BHO: (no name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found.
    O2 - BHO: (no name) - {300BEC06-B743-4D19-86B9-11DC711D7FFB} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [] File not found
    
    :Files
    C:\Users\Luvfishn\Desktop\RapportSetup.exe
    C:\Program Files (x86)\uTorrent
    C:\Program Files (x86)\Trusteer
    @C:\ProgramData\TEMP:090FB735
    @C:\ProgramData\TEMP:1992908D
    ipconfig /flushdns /c
    
    :Commands
    [createrestorepoint]
    [emptytemp]
    [emptyflash]
    [emptyjava]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

  1. Firstly please Disable any Antivirus you have active, as shown in This topic.
  2. Note: Don't forget to re-enable it after the scan.
  3. Next please click on the following link to open a new window to ESET online scannner
  4. Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  5. Select the option YES, I accept the Terms of Use then click on: Image
  6. When prompted allow the Add-On/Active X to install.
  7. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  8. Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  9. Now click on: Image
  10. The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  11. When completed the Online Scan will begin automatically.
  12. Do not touch either the mouse or keyboard during the scan otherwise it may stall.
  13. When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  14. Now click on: Image
  15. Use notepad to open the log file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  16. Copy and paste that log as a reply to this topic.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the C:\Program Files\ESET\EsetOnlineScanner\log.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3175
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby luvfishn » January 25th, 2013, 1:22 pm

I'm back pgmigg ....
Here is the log result of the Step 1. OTL - Run Fix Script log......
I'll report back shortly on Step 2.
ESET online scannner

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8F4C1368-E852-41DB-8F35-CF7ECA9E6AA6}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F4C1368-E852-41DB-8F35-CF7ECA9E6AA6}\ not found.
Registry value HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\ not found.
Registry key HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4E778202-4B72-48B6-9807-3F47E180F166}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E778202-4B72-48B6-9807-3F47E180F166}\ not found.
Registry key HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5B291E6C-9A74-4034-971B-A4B007A0B315}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B291E6C-9A74-4034-971B-A4B007A0B315}\ not found.
Registry key HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8F4C1368-E852-41DB-8F35-CF7ECA9E6AA6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F4C1368-E852-41DB-8F35-CF7ECA9E6AA6}\ not found.
Registry key HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\SearchScopes\{48D4B666-7434-421B-B72C-2944CCD531AF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48D4B666-7434-421B-B72C-2944CCD531AF}\ not found.
Registry key HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\SearchScopes\{93D74BA3-49E8-4412-8089-53F624378339}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93D74BA3-49E8-4412-8089-53F624378339}\ not found.
Registry key HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A2073805-171C-433F-8870-86ECA7DB6DDD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2073805-171C-433F-8870-86ECA7DB6DDD}\ not found.
Registry key HKEY_USERS\S-1-5-21-941371534-4025170946-3007303680-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E8930232-4B31-4251-986C-98061BDC75B4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8930232-4B31-4251-986C-98061BDC75B4}\ not found.
Prefs.js: "uTorrentBar Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: S", "WebSearch" removed from browser.search.selectedEngine,S
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\Plugins folder moved successfully.
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules folder moved successfully.
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\searchplugin folder moved successfully.
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\Plugins folder moved successfully.
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\modules folder moved successfully.
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\META-INF folder moved successfully.
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\defaults folder moved successfully.
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\components folder moved successfully.
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\chrome folder moved successfully.
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{300BEC06-B743-4D19-86B9-11DC711D7FFB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{300BEC06-B743-4D19-86B9-11DC711D7FFB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== FILES ==========
C:\Users\Luvfishn\Desktop\RapportSetup.exe moved successfully.
File\Folder C:\Program Files (x86)\uTorrent not found.
File\Folder C:\Program Files (x86)\Trusteer not found.
ADS C:\ProgramData\TEMP:090FB735 deleted successfully.
ADS C:\ProgramData\TEMP:1992908D deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Luvfishn\Desktop\cmd.bat deleted successfully.
C:\Users\Luvfishn\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Luvfishn
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 6281708 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4935626 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41151 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 592802 bytes

Total Files Cleaned = 11.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Luvfishn
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: Luvfishn
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01252013_130440

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
luvfishn
Regular Member
 
Posts: 28
Joined: January 21st, 2013, 10:03 am
Location: Canada/USA

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby luvfishn » January 25th, 2013, 5:29 pm

Well ... son of a gun! I just made a post pgmigg for the info requested for Step 2. ESET online scannner results and I got flipped back to the sign on screen. I guess the 3 hour scan by ESET timed me out in the forum. Any rate thanks for all your support this week as I believe you may be off for a well earned weekend break by now. Hope I didn't work you too hard! :) Here is the ESET log you requested. Also your instructions were fine and my laptop seems to be operating normally. Looking forward to your next set of instructions for this
fascinating journey!

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Scan Results for ESET ...

C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.16 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.17 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.18 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.19 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\ContinueToSave\sprotector.dll a variant of Win32/SProtector.A application
C:\Program Files (x86)\SaveByClick\sprotector.dll a variant of Win32/SProtector.A application
C:\Program Files (x86)\SimpleSpeedy\sprotector.dll a variant of Win32/SProtector.A application
C:\Program Files (x86)\SoftQuick\sprotector.dll a variant of Win32/SProtector.A application
C:\ProgramData\SaveByclick\kidljmjkobeoidolpjpcgdoblhpmiond.crx Win32/Adware.MultiPlug.H application
C:\Users\All Users\SaveByclick\kidljmjkobeoidolpjpcgdoblhpmiond.crx Win32/Adware.MultiPlug.H application
C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidljmjkobeoidolpjpcgdoblhpmiond\1_0\50e2ed76c320d6.11601310.js Win32/Adware.MultiPlug.H application
C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcddbapmmbmogepeclfoenegoopnidb\1\50fe01324d3870.43150337.js Win32/Adware.MultiPlug.H application
C:\Users\Luvfishn\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmgbgcifepbljkbeaeghohnnaohadin\1\5102cb519637e1.24015606.js Win32/Adware.MultiPlug.H application
C:\Users\Luvfishn\AppData\Local\Temp\is-1O13M.tmp\PDFCreator-1_6_2_setup.exe Win32/OpenCandy application
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\50e2ed76c32a0@50e2ed76c32d9.com\content\bg.js Win32/Adware.MultiPlug.H application
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\50f8306022eb7@50f8306022ef1.com\content\bg.js Win32/Adware.MultiPlug.H application
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\50fe01324d42b@50fe01324d464.com\content\bg.js Win32/Adware.MultiPlug.H application
C:\Users\Luvfishn\AppData\Roaming\Mozilla\Firefox\Profiles\uldhlbwj.default\extensions\5102cb519642a@5102cb5196463.com\content\bg.js Win32/Adware.MultiPlug.H application
C:\Users\Luvfishn\AppData\Roaming\OpenCandy\881CBC38E86341CE9575CFFAB73624C7\StrongVault.exe Win32/OutBrowse.C application
C:\Users\Luvfishn\Desktop\Desktop Icons\Audio Video Programs\mplayer_tuguu_1275.exe a variant of Win32/InstallIQ application
C:\Users\Luvfishn\Desktop\PeerBlock\cbsidlm-tr1_9-PeerBlock-ORG2-75328692.exe multiple threats
C:\Users\Luvfishn\Desktop\setup.exe Win32/InstalleRex.E.Gen application
C:\Users\Luvfishn\Desktop\Temporary File Cleaner.exe Win32/InstalleRex.E.Gen application
C:\Users\Luvfishn\Downloads\cbsidlm-tr1_7-TOSHIBA_HDD_Protection__Shock_Sensor_Driver-ORG2-191372.exe Win32/DownloadAdmin.D application
C:\Users\Luvfishn\Downloads\PDFCreator-1_6_1_setup.exe Win32/OpenCandy application
C:\Users\Luvfishn\Downloads\SetupImgBurn_2.5.5.0.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Windows\Installer\75699bd.msi a variant of Win32/Toolbar.Widgi application
C:\_OTL\MovedFiles\01242013_162759\C_Program Files (x86)\IObit Toolbar\IE\6.6\iobitToolbarIE.dll a variant of Win32/Toolbar.Widgi application
S:\BOBS_LAPTOP\Backup Set 2012-09-13 090833\Backup Files 2012-09-13 090833\Backup files 10.zip a variant of Win32/InstallIQ application
S:\BOBS_LAPTOP\Backup Set 2012-09-13 090833\Backup Files 2012-09-13 090833\Backup files 18.zip multiple threats
Operating memory multiple threats
luvfishn
Regular Member
 
Posts: 28
Joined: January 21st, 2013, 10:03 am
Location: Canada/USA

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby pgmigg » January 26th, 2013, 2:02 pm

Hello luvfishn,

Step 1.
Upload File/Files for testing
  1. Please go to jotti.org or Virustotal
  2. Copy/Paste the following files to upload them one by one for scanning:
    C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
    C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
    C:\Program Files (x86)\ContinueToSave\sprotector.dll
    C:\ProgramData\SaveByclick\kidljmjkobeoidolpjpcgdoblhpmiond.crx
    C:\Users\Luvfishn\AppData\Local\Temp\is-1O13M.tmp\PDFCreator-1_6_2_setup.exe
    C:\Users\Luvfishn\AppData\Roaming\OpenCandy\881CBC38E86341CE9575CFFAB73624C7\StrongVault.exe
    C:\Users\Luvfishn\Desktop\Desktop Icons\Audio Video Programs\mplayer_tuguu_1275.exe
    C:\Users\Luvfishn\Desktop\PeerBlock\cbsidlm-tr1_9-PeerBlock-ORG2-75328692.exe
    C:\Users\Luvfishn\Desktop\setup.exe
    C:\Users\Luvfishn\Desktop\Temporary File Cleaner.exe
    C:\Users\Luvfishn\Downloads\cbsidlm-tr1_7-TOSHIBA_HDD_Protection__Shock_Sensor_Driver-ORG2-191372.exe
    C:\Users\Luvfishn\Downloads\PDFCreator-1_6_1_setup.exe
    C:\Users\Luvfishn\Downloads\SetupImgBurn_2.5.5.0.exe
    C:\Windows\Installer\75699bd.msi
  3. Press Submit - this will submit the file for testing.
    Note: If you will see a message "File already analysed", please click on "Reanalyse" button.
  4. Please wait for all the scanners to finish.
  5. Then copy and paste every permalink (web address) in your next response.
    Example of web address:
    Image

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. The resulting web links after online file scan by Virus Total.
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3175
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby luvfishn » January 26th, 2013, 11:31 pm

Hi pgmigg

two problems executing your instructions ..... I could not locate the files for the directories for the 4th and 12th item.
Computer is behaving ok.

Requested urls foe the Jotti's malware scan are as follows..

1)http://virusscan.jotti.org/en/scanresult/958b348bd8ff2e5501a3a4fbad45904f74dc9e43


2)http://virusscan.jotti.org/en/scanresult/5454a72ca29b5abebf173ebc6a5cd32f5a37932f

3)http://virusscan.jotti.org/en/scanresult/36e57ef409126438ec511606fd361dee9a214e0d

4) No Directory found for "C:\ProgramData\SaveByclick\kidljmjkobeoidolpjpcgdoblhpmiond.crx"


5)http://virusscan.jotti.org/en/scanresult/48ac1d353e24ebfea85f9bd29d9d9c4ca5ea589d

6)http://virusscan.jotti.org/en/scanresult/a9615ab868b609ccbe5353eae3284831f85d8196

7)http://virusscan.jotti.org/en/scanresult/5a84ead9daf9a18d9afcfa323221d09f0370a5f4

8 ) http://virusscan.jotti.org/en/scanresul ... 5107e920cf

9)http://virusscan.jotti.org/en/scanresult/42dce51751b8adaa3e1a16d239118e712a200803

10)http://virusscan.jotti.org/en/scanresult/e84caa7cc90a57a39d6d7f93f3d15353dd0dcd85

11)http://virusscan.jotti.org/en/scanresult/047f81f1ba32e5c865189adbbad817c0f417568f

12) No directory found for "C:\Windows\Installer\75699bd.msi"

regards

Just a foot note : Windows Security Essentials is finding item 4 savebyclick files on booting and I am
placing them under quarantine. However, I am unable to navigate to those files by searching even before placing them under quatantine.
luvfishn
Regular Member
 
Posts: 28
Joined: January 21st, 2013, 10:03 am
Location: Canada/USA

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby pgmigg » January 27th, 2013, 1:48 pm

Hello luvfishn,
I could not locate the files for the directories for the 4th and 12th item.
Please don't worry - it meant that those files were in hidden directory. Let continue...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Files
    C:\ProgramData\SaveByclick\kidljmjkobeoidolpjpcgdoblhpmiond.crx
    C:\Users\Luvfishn\AppData\Local\Temp\is-1O13M.tmp\PDFCreator-1_6_2_setup.exe
    C:\Users\Luvfishn\AppData\Roaming\OpenCandy\881CBC38E86341CE9575CFFAB73624C7\StrongVault.exe
    C:\Users\Luvfishn\Desktop\Desktop Icons\Audio Video Programs\mplayer_tuguu_1275.exe
    C:\Users\Luvfishn\Desktop\PeerBlock\cbsidlm-tr1_9-PeerBlock-ORG2-75328692.exe
    C:\Users\Luvfishn\Desktop\setup.exe
    C:\Users\Luvfishn\Desktop\Temporary File Cleaner.exe
    C:\Users\Luvfishn\Downloads\cbsidlm-tr1_7-TOSHIBA_HDD_Protection__Shock_Sensor_Driver-ORG2-191372.exe
    C:\Users\Luvfishn\Downloads\PDFCreator-1_6_1_setup.exe
    C:\Users\Luvfishn\Downloads\SetupImgBurn_2.5.5.0.exe
    C:\Windows\Installer\75699bd.msi
    
    :Commands
    [CREATERESTOREPOINT]
    [EMPTYTEMP]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
Malwarebytes' Anti-Malware (MBAM) Full Scan
Your logs indicates that you already have MBAM on your computer.
  1. Please start MBAM .
    You must be connected to the Internet to obtain any updates.
  2. Press the Update tab. Then press the Check for Updates...button. <<---Important!
    Once any updates are installed or you get the message that you are up-to-date
  3. Press the Scanner tab...
  4. Select FULL SCAN this time... then press the Scan button. This scan will take a while, so please be patient.
    When the scan finishes...
  5. Check all items except any items (if present) in the C:\System Volume Information folder... then click on Remove Selected.
  6. Let MBAM remove what it can... if there are files to be deleted on reboot... please reboot the machine so MBAM can finish the removal.
    If you rebooted, then you'll need to start MBAM again.
  7. Press the LOG... tab. Locate the most current log file.
    Please copy and paste the most recent log (from this new run) in your next reply.

Step 3.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file OTL.txt <-- Will be opened, maximized
  6. Please post the content of OTL.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the most recent MBAM Log file.
  4. Contents of the most recent OTL.txt file after fresh OTL scan
  5. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3175
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby luvfishn » January 27th, 2013, 3:15 pm

Hi Pgmigg,

Here are the results of the OTL scan.
Balance of requests to follow:

All processes killed
========== FILES ==========
C:\ProgramData\SaveByclick\kidljmjkobeoidolpjpcgdoblhpmiond.crx moved successfully.
C:\Users\Luvfishn\AppData\Local\Temp\is-1O13M.tmp\PDFCreator-1_6_2_setup.exe moved successfully.
C:\Users\Luvfishn\AppData\Roaming\OpenCandy\881CBC38E86341CE9575CFFAB73624C7\StrongVault.exe moved successfully.
C:\Users\Luvfishn\Desktop\Desktop Icons\Audio Video Programs\mplayer_tuguu_1275.exe moved successfully.
C:\Users\Luvfishn\Desktop\PeerBlock\cbsidlm-tr1_9-PeerBlock-ORG2-75328692.exe moved successfully.
File\Folder C:\Users\Luvfishn\Desktop\setup.exe not found.
C:\Users\Luvfishn\Desktop\Temporary File Cleaner.exe moved successfully.
C:\Users\Luvfishn\Downloads\cbsidlm-tr1_7-TOSHIBA_HDD_Protection__Shock_Sensor_Driver-ORG2-191372.exe moved successfully.
C:\Users\Luvfishn\Downloads\PDFCreator-1_6_1_setup.exe moved successfully.
C:\Users\Luvfishn\Downloads\SetupImgBurn_2.5.5.0.exe moved successfully.
C:\Windows\Installer\75699bd.msi moved successfully.
File\Folder :Commands not found.
File\Folder [CREATERESTOREPOINT] not found.
File\Folder [EMPTYTEMP] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 01272013_150203

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
luvfishn
Regular Member
 
Posts: 28
Joined: January 21st, 2013, 10:03 am
Location: Canada/USA

Re: NYMI.IB.ADNXS.COM popup problem-Removal?

Unread postby luvfishn » January 27th, 2013, 6:46 pm

Hello Again pgmigg ....

MBAM scanned and indicated no infections.

Here is the log created.

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.27.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Luvfishn :: BOBS_LAPTOP [administrator]

1/27/2013 5:01:07 PM
mbam-log-2013-01-27 (17-01-07).txt

Scan type: Full scan (C:\|D:\|E:\|Q:\|S:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 500083
Time elapsed: 1 hour(s), 10 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Another footnote for your info:

MS Security Essentials still detecting a problem .....

"Potential Threat details"
Detected Items : "Adware:Win32/Fast Save App"
Details: file:C:\_OTL\MovedFiles\01272013_150203_\C_ProgramData\SaveByclick\kidjmjkobeoidolpjpcgdoblhpmiond.crx->manifest.jon"
which I quarantined.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Next Step To Follow on my next post!
luvfishn
Regular Member
 
Posts: 28
Joined: January 21st, 2013, 10:03 am
Location: Canada/USA
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware