Jump to content

snapdo and sweetpacks malware help needed


Recommended Posts

I am having removal problems with snap.do and sweetpacks malware leftovers.

 

System: Toshiba Laptop Satellite Series Win7 x64 Sp1; Google Chrome (previously used IE 10)

 

I already had MBAM installed and here was the steps I took as I recall:

 

1. I disabled snap.do in IE 10's Manage Add-ons

 

2. Because I did not know snap.do was malware at the time I ran IObit UnInstaller (Advanced Mode) and cleaned all associated files and thought that I was done.

 

3. After switching to Google Chrome I decided to check the "Search" icon that looked like a magnifying glass on my desktop.  Found out that is IE10

 a. snap.do is the "Home Page" that pulls up.  I check Manage add-ons it is still there but disabled.

 

4. I ran a search on My Computer for any files.  Found an .exe file associated with snap.do.  Tried deleting it two times

 

5. Ran IObit Unlocker to unlock the .exe file and ran IObit Uninstaller again.  Checked My Computer again.  It is now gone

 

6. There was a manilla folder with a snap.do name in it.  IObit Unlocker said it wasn't locked, hit the unlock button anyway.  Then deleted the file.

 

7. I was doing other research and found that snap.do is in my Taskbar and Start Menu Properties as an option.post-138290-0-28057500-1383752190_thumb.

 

8. Ran MBAM and it exploded like I had never seen before...lol.... it found 500+ infections by snap.do.  I removed all of them.  I saved the MBAM log.

 

9. Rechecked.  snap.do is still pulling up as the home page in IE10 and is still an option in the Taskbar and Start Menu Properties as an option.

 

10. I got to thinking about the sweetpacks malware and ran a My Computer check for the name.  There are still items of concern.  I have tried today to add photos to my photobucket so that I can post here, however the site is not pulling up. No surprise there. (Photobucket stinks for that reason.)  Attempting to attach files using this blogs' Attach Files.post-138290-0-57982400-1383752211_thumb.

 

11. Ran dds as requested from the HELP! I am infected what to do now? instructions and saved both dds and attach

 

Further assistance is greatly appreciated.

 

-fryerlawrence

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also

 

 

 

Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Link to post
Share on other sites

Here is the following adwcleaner log:

 

# AdwCleaner v3.011 - Report created 06/11/2013 at 10:59:57
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : owner - GORDON-L
# Running from : C:\Users\owner\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Deleted : C:\Program Files (x86)\myfree codec
Folder Deleted : C:\Users\owner\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\owner\AppData\LocalLow\Smartbar
 
***** [ Shortcuts ] *****
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\smartbarbackup
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16720
 
*************************
 
AdwCleaner[R0].txt - [3114 octets] - [15/09/2013 15:46:32]
AdwCleaner[R1].txt - [4915 octets] - [06/11/2013 10:54:34]
AdwCleaner[s0].txt - [3229 octets] - [15/09/2013 15:48:11]
AdwCleaner[s1].txt - [4568 octets] - [06/11/2013 10:59:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [4628 octets] ##########
 
-----------------------------------------------------------------------------------------------------------------------------------
 
Thank you for helping me.  I am very careful, vigilant, and I am as smart as possible when downloading new things to check and make sure that I uncheck boxes to install other programs or any other program that I do not recognize.  However, I could not avoid these current programs; or whatever we find now as you help me.
 
Awaiting for your permission to run the next step: JRT removal tool
 
Thank you,
-fryer
Link to post
Share on other sites

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by owner on Thu 11/07/2013 at 10:11:06.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricsing
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\webcakeupdater
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealio_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealio_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealio_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealio_RASMANCS
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\owner\appdata\locallow\SkwConfig.bin"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\owner\appdata\local\hosts"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{25025E6B-BAF4-427A-90BD-5083E92DAFD4}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{68D6BDC7-032D-4D23-AC26-7B1D341D3E7A}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 11/07/2013 at 10:15:44.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Waiting for further Instructions.
 
Thank you,
 
-fryer
Link to post
Share on other sites

I apologize... I had forgot to close Microsoft Security Essentials (Anti Virus Program) while JRT was running.  I did close M.S.E. while JRT was running.  However, I ran JRT again just in case with M.S.E. closed.  It looks like it was not effected.  However, here is the log report anyway:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by owner on Thu 11/07/2013 at 12:22:45.11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
~~~ Services
 
~~~ Registry Values
 
~~~ Registry Keys
 
~~~ Files
 
~~~ Folders
 
~~~ Event Viewer Logs were cleared
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 11/07/2013 at 12:27:01.02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Waiting for further instructions.
 
Thank you,
-fryer
Link to post
Share on other sites

Everything fine. Let´s do a final checkup before cleaning up:

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

I apologize, I have a wireless keyboard and I moved it during the scan and somehow the scan stopped and I could not get it to start again.  Here is the log from that first scan:

 

C:\Program Files (x86)\Ainishare\Free Center\ainishare-setup-for-audioconverter.exe Win32/Somoto.E application
C:\Program Files (x86)\Ainishare\Free Center\ainishare-setup-for-audiorecorder.exe Win32/Somoto.E application
C:\Program Files (x86)\Ainishare\Free Center\ainishare-setup-for-dvdripper.exe Win32/Somoto.E application
C:\Program Files (x86)\Ainishare\Free Center\ainishare-setup-for-screenrecorder.exe Win32/Somoto.E application
C:\Program Files (x86)\Ainishare\Free Center\ainishare-setup-for-slideshowvideomaker.exe Win32/Somoto.E application
C:\Program Files (x86)\Ainishare\Free Center\ainishare-setup-for-videoconverter.exe Win32/Somoto.E application
C:\Program Files (x86)\Ainishare\Free Center\ainishare-setup-for-videodvdmaker.exe Win32/Somoto.E application
C:\Program Files (x86)\Ainishare\Free Center\ainishare-setup-for-videoeditor.exe Win32/Somoto.E application
C:\Users\owner\Downloads\DPSetup.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\owner\Downloads\unlocker-setup.exe a variant of Win32/Toolbar.Widgi application
C:\Users\owner\Downloads\Download\unlocker-setup.exe a variant of Win32/Toolbar.Widgi application
 
Here are the results from the second and full (painfully slow 6 hour ...[laughing]) scan:
 
C:\Program Files (x86)\Ainishare\Free Center\ainishare-setup-for-audioconverter.exe Win32/Somoto.E application cleaned by deleting - quarantined
C:\Program Files (x86)\Ainishare\Free Center\ainishare-setup-for-audiorecorder.exe Win32/Somoto.E application cleaned by deleting - quarantined
C:\Program Files (x86)\Ainishare\Free Center\ainishare-setup-for-dvdripper.exe Win32/Somoto.E application cleaned by deleting - quarantined
C:\Program Files (x86)\Ainishare\Free Center\ainishare-setup-for-screenrecorder.exe Win32/Somoto.E application cleaned by deleting - quarantined
C:\Program Files (x86)\Ainishare\Free Center\ainishare-setup-for-slideshowvideomaker.exe Win32/Somoto.E application cleaned by deleting - quarantined
C:\Program Files (x86)\Ainishare\Free Center\ainishare-setup-for-videoconverter.exe Win32/Somoto.E application cleaned by deleting - quarantined
C:\Program Files (x86)\Ainishare\Free Center\ainishare-setup-for-videodvdmaker.exe Win32/Somoto.E application cleaned by deleting - quarantined
C:\Program Files (x86)\Ainishare\Free Center\ainishare-setup-for-videoeditor.exe Win32/Somoto.E application cleaned by deleting - quarantined
C:\Users\owner\Downloads\DPSetup.exe a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
C:\Users\owner\Downloads\unlocker-setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\owner\Downloads\Download\unlocker-setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
F:\GORDON-L\Backup Set 2012-04-03 142442\Backup Files 2012-04-08 190000\Backup files 4.zip a variant of Win32/Toolbar.Widgi application deleted - quarantined
F:\GORDON-L\Backup Set 2012-07-08 190000\Backup Files 2012-07-08 190000\Backup files 7.zip a variant of Win32/Toolbar.Widgi application deleted - quarantined
F:\GORDON-L\Backup Set 2012-09-23 190000\Backup Files 2012-09-23 190000\Backup files 9.zip a variant of Win32/Toolbar.Widgi application deleted - quarantined
F:\GORDON-L\Backup Set 2012-11-05 073023\Backup Files 2012-11-05 073023\Backup files 12.zip a variant of Win32/Toolbar.Widgi application deleted - quarantined
F:\GORDON-L\Backup Set 2012-12-17 082455\Backup Files 2012-12-17 082455\Backup files 14.zip a variant of Win32/Toolbar.Widgi application deleted - quarantined
F:\GORDON-L\Backup Set 2012-12-17 082455\Backup Files 2013-01-06 212557\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
F:\GORDON-L\Backup Set 2013-02-24 220046\Backup Files 2013-02-24 220046\Backup files 16.zip a variant of Win32/Toolbar.Widgi application deleted - quarantined
F:\GORDON-L\Backup Set 2013-02-24 220046\Backup Files 2013-02-24 220046\Backup files 40.zip a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
F:\GORDON-L\Backup Set 2013-05-26 190001\Backup Files 2013-05-26 190001\Backup files 23.zip a variant of Win32/Toolbar.Widgi application deleted - quarantined
F:\GORDON-L\Backup Set 2013-05-26 190001\Backup Files 2013-05-26 190001\Backup files 47.zip a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
F:\GORDON-L\Backup Set 2013-08-25 190002\Backup Files 2013-08-25 190002\Backup files 33.zip a variant of Win32/Toolbar.Widgi application deleted - quarantined
F:\GORDON-L\Backup Set 2013-08-25 190002\Backup Files 2013-08-25 190002\Backup files 50.zip a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
F:\Owner_Backup\2011-09-18_02-15-16\Memeo\2011-09-18_02-15-16\C_\Users\Owner\Downloads\DPSetup.exe a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
F:\Owner_Backup\2011-09-18_02-15-16\Memeo\2011-09-18_02-15-16\C_\Users\Owner\Downloads\DPSetup.exe.uyqrn6a.partial a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
F:\Owner_Backup\2011-09-18_02-15-16\Memeo\2011-09-18_02-15-16\C_\Users\Owner\Downloads\IObit_Unlocker_1.0_downloader.exe a variant of Win32/FreeNew.B application cleaned by deleting - quarantined
F:\Owner_Backup\2011-09-18_02-15-16\Memeo\2011-09-18_02-15-16\C_\Users\Owner\Downloads\unlocker-setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
F:\Owner_Backup\2011-09-18_02-15-16\Memeo\2011-09-18_02-15-16\C_\Users\Owner\Downloads\Download\unlocker-setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
-----------------------------------------------------------------------------------------------------------------------------------

 

I know that you are not joking when you said it and nobody else is joking when it is said, "Just because your computer does not show any symptoms does not mean that it is clean."  Wow.  I thought that the professional cleaning that I had done by Geek Squad some time ago got rid of viruses that I had problems with in the past.  Proof that nobody has a 100% virus kill ratio...[laughing]  but we do our best don't we?

 

I have questions:

 

1. I thought that IObit Unlocker was a safe company/program to use.  It unlocks programs that you cannot delete because of whatever reason even if you use Administrator privileges. Is this a safe program? 

 

2. If question number one is not safe, what about IOBit Uninstaller?  It is a program that cleans left over files from uninstalling programs that is supposed to be better than the Windows 7 default uninstaller.

 

Waiting for further instructions Marius.

 

Thank you,

-fryer

Link to post
Share on other sites

Here you have some information about IObit and its products:

 

 

IObit software products are installed on your system!

The company behind this product was found to be stealing our database. Personally I would not trust installing any software from a company that resorts to stealing someone's technology to sell their product.

Please see the following links and make up your own mind if you want to keep this on your system. If needed I can help you remove it.

 

 

You´ve removed several things with ESET. Please rescan and post up the look so I can see if something else needs a harder treatment.

Link to post
Share on other sites

Thank you for your help.


 


What I have noticed Marius is that the first two programs you had me use to scan my computer system did not include my external hard drive, drive F: so far ESET online scanner is the only scanner that gave me a choice that I recall to include the external hard drive. Can you please advise on this?  If so please give me a step by step son how to include additional drives on the computer.


 


In the meantime here is the result from the last post:


 


post-138290-0-13433900-1384211325_thumb.


 


I decided to scan with the first two programs that you told me about in order as you requested last time.  Here is the results from AdwCleaner:


 


# AdwCleaner v3.012 - Report created 11/11/2013 at 15:51:39

# Updated 11/11/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : owner - GORDON-L

# Running from : C:\Users\owner\Desktop\Bleeping Computer site for Rkill Download\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

***** [ Files / Folders ] *****

 

***** [ Shortcuts ] *****

 

Shortcut Disinfected : C:\Users\owner\Desktop\Search.lnk

Shortcut Disinfected : C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\Software\Uniblue

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16720

 

*************************

 

AdwCleaner[R0].txt - [3114 octets] - [15/09/2013 15:46:32]

AdwCleaner[R1].txt - [4915 octets] - [06/11/2013 10:54:34]

AdwCleaner[R2].txt - [1553 octets] - [11/11/2013 15:50:02]

AdwCleaner[s0].txt - [3229 octets] - [15/09/2013 15:48:11]

AdwCleaner[s1].txt - [4756 octets] - [06/11/2013 10:59:57]

AdwCleaner[s2].txt - [1204 octets] - [11/11/2013 15:51:39]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1264 octets] ##########

 


Here is the results from JRT Cleaner:


 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Windows 7 Home Premium x64

Ran by owner on Mon 11/11/2013 at 15:56:29.69

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 11/11/2013 at 16:01:11.53

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

________________________________________________________________________

 


Looks as though there are a couple of programs including Snap.do that have a tight fisted hold still.


 


In the meantime...in our fight against malware it probably would be a good idea to start including instructions if people have external hard drives they use as a backup (in case the computer crashes) that is connected to their system.


 


A person cannot trust the Windows “Uninstall" program that comes with the computer (found in the Control Panel) to get rid of the leftover registry items that most program and uninstallers have.  It leaves behind too many things.


 


The reason I use (or have used) IObit uninstaller is because Revo Uninstaller does not see all of the programs sometimes that I want to uninstall.   The same goes for I0bit uninstaller.  Sometimes it does not see the program or programs that I want to uninstall.  The same can be said for the windows uninstaller program in the control panel.


 


Is there a program that no matter what program you want to uninstall, a program that not only will see all the programs listed on your computer but also get rid of leftover registry items etc. that you can install?


 


In the meantime I have decided that I do want to uninstall all IObit products.  Will Revo Uninstaller take care of all the registry items or will you need to instruct me on what to do to get rid of IOBit Unlocker and IOBit Uninstaller?


 


Waiting for further instructions.


 


Thank you,


-fryrer


Link to post
Share on other sites

Hi there,

 

Revo Uninstaller is one of the best uninstalaltion tools out there. If it cannot see a program then it either isn´t there or something other, for example your WMI, is corrupted or the program was not installed correctly.

Nevertheless Revo finds all relevant leftovers of the most programs and there is no need to hunt down other traces within the registry - they won´t slow your system down or may be some security issues.

 

There is no need to have these othe tools the external hard drives scanned - the crap they are looking for is always installed to the same places or injected into the browsers running on your system. The tools can locate your browsers directories by looking in to the registry.

 

Revo uinstaller will take care of the IObit remainings, so you can proceed safely.

 

 

SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

I spent the better part of my afternoon trying to even find IObit Uninstaller to uninstall it.  I searched everywhere on the internet with only a small pieces of information.  What I am finding out is that:

 

1. When you do a search on the internet on "How to uninstall IObit Uninstaller v2.1.0.71", all you find are articles or links on "How to install the program", or "How 'Great the program is'".  It really makes me mad.

 

2. IObit is not installed like a "normal" program, and it is installed in several places on the computer and that all you have to do is find all places where it is installed and just delete them?

 

3. Revo Uninstaller cannot find it:

 

post-138290-0-42563300-1384336893_thumb.

 

From your suggestion I uninstalled and then re-installed Revo Uninstaller just in case the program was not installed correctly.  I believe I installed it correctly both times.  However, I am getting the same result:

 

post-138290-0-42563300-1384336893_thumb.

 

I have an email trouble ticket from Revo and all they want me to do is install Revo Uninstaller Pro version.  I have no money right now and it makes me mad that they just want me to spend money without offering an explanation as to why their "free" program does not work like I want it to.  The Revo Uninstaller "Hunter Mode" and "Drag and Drop Mode" should work just fine.  That made me mad.  I wrote them back:

 

"I am not satisfied with your response.
 
How can I justify spending more money on your product when you cannot tell me a simple explanation of when i send a request ticket on why the Hunter Mode/Drag and Drop mode of your product does not work; you just want me to blindly trust you to spend more money on the "Pro" version.
 
This is not acceptable.  I would please like a better explanation.
 
Can you please advise?
 

Thank you "

 

4. Windows 7 Control Panel Uninstaller cannot find it.

 

5. I have done a "Computer Search" for all inferences of IObit but have been afraid to "just delete the offending program".

 

6. I am stuck and need further assistance.

 

In the meantime I downloaded both Security check links and the result was the same whether the real time virus protections were turned on or off:

 

UNSUPPORTED OPERATING SYSTEM! ABORTED!

 

Waiting for further instructions Marius.  Thank you so very much for all of your help.

 

Thank you,

-fryer

 
Link to post
Share on other sites

when I said "the program was not installed correctly" I meant the program you want to be removed - not Revo Uninstaller itself.

Please run T-Tools BitRemover to take out the traces of IObit: http://www.t-tools.nl/CCount/click.php?id=35

 

when finished, please create and post an OTL log:

 

 

Scan with OTL

  1. Download OTL by OldTimer and save it to your desktop.
  2. Double click on the OTL.exe icon on your desktop. If you are using Vista, please right-click and select run as administrator
  3. Click the "Scan All Users" checkbox.


    Note: If you are using a Windows 64bit machine, please make sure the checkbox next to Include 64Bit Scans is checked. It will be checked by default.

  4. Push the runscanbutton.png button.
  5. It will now begin to scan, please be paitent while it scans.
  6. Two reports will open once it's done.
  7. Please copy and paste them in your next reply:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


Link to post
Share on other sites

Marius,

 

Because I could not find an "uninstaller" for IObit, on a "hunch" I went ahead and did an entire "computer" search in Windows Explorer for all IObit Items.  I deleted all pertinent files then ran the Bit Remover Tool and here is the result:

 

post-138290-0-73139200-1384412327_thumb.

 

For those who are following (Marius please advise on what they said please) what happens here is Revo's tech support reply after the second time:

 

We are sorry for the misunderstanding! 

If you are downloading only Iobit Uninstaller from their website, it is coming like portable version. Actually their uninstaller does not write any registry information and that is why Revo Uninstaller or Windows 7 Add/Remove programs cannot show it as an entry.

The error that you have mentioned is due to the fact that the program is acting like portable, and Revo Uninstaller cannot locate anything to uninstall and them search for leftovers. I think that you can delete the exe of Iobit uninstaller and with this you have deleted their program.

My Colleague, has mentioned Forced Uninstall, that is available in our Revo Uninstaller Pro version. You do not have to paid for it, you can use it in our 30-day free trial. If your trial is over, you can write us back again and we will provide you extension serial number. 
You can download Revo Uninstaller Pro from here:
http://www.revouninstallerpro.com/download-professional-version.php

And read more about Forced Uninstall here:
http://www.revouninstaller.com/online_manual/3_uninstaller.html#3.4

However, we have tested Forced Uninstall, and we entered as name "iobit", but Revo Uninstaller Pro found only a couple of file leftovers, connected with the name packages of Iobit Uninstaller. If you want to remove them manually, you can locate them here:
C:\Users\Mario Pavlov\AppData\Roaming

And you will find iobit folder inside.
C:\Users\Mario Pavlov\AppData\Roaming\IObit
You can delete this folder if you don't use any other iobit programs.

In case if you have other iobit programs, and you want to continue using them, you need to delete only this folder:
C:\Users\Mario Pavlov\AppData\Roaming\IObit\IObit Uninstaller

If you have any questions or problems related to Revo Uninstaller do not hesitate to contact us again!
Thank you! 

___________________________________________________________________________

 

Next i ran the OTL scan:

 

OTL logfile created on: 11/13/2013 11:32:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\owner\Desktop\Bleeping Computer site for Rkill Download
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.91 Gb Total Physical Memory | 5.95 Gb Available Physical Memory | 75.24% Memory free
15.82 Gb Paging File | 13.93 Gb Available in Paging File | 88.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682.11 Gb Total Space | 524.05 Gb Free Space | 76.83% Space Free | Partition Type: NTFS
Drive F: | 1397.26 Gb Total Space | 504.19 Gb Free Space | 36.08% Space Free | Partition Type: NTFS
 
Computer Name: GORDON-L | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/11/13 23:11:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\Bleeping Computer site for Rkill Download\OTL.exe
PRC - [2013/10/27 21:32:18 | 000,845,168 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013/10/27 21:32:14 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013/10/22 11:12:12 | 000,845,192 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies3\FirmwareUpdate\Kies3PDLR.exe
PRC - [2013/10/10 01:26:33 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013/08/23 07:59:26 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/13 23:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011/10/13 23:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011/10/13 23:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2011/06/01 09:42:28 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/06/01 09:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/06/01 09:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2011/02/01 14:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 14:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/01/23 18:47:44 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
PRC - [2011/01/23 18:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
PRC - [2010/08/26 17:48:00 | 000,285,152 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2010/02/25 11:43:16 | 000,144,672 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Print Artist Platinum\ReminderApp.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/10/11 08:11:10 | 014,340,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll
MOD - [2013/10/11 08:10:59 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/11 08:10:52 | 012,238,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll
MOD - [2013/10/11 08:10:42 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/11 08:10:38 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/12 08:20:40 | 011,914,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll
MOD - [2013/09/12 08:20:27 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/08/14 07:06:28 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c664f44617c6a89edcc171fa8596c89d\System.ServiceProcess.ni.dll
MOD - [2013/08/14 07:06:15 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5970036570c1e44e8ae0f6f94c1039aa\System.EnterpriseServices.ni.dll
MOD - [2013/08/14 07:06:14 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll
MOD - [2013/08/14 07:06:14 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4ada2213cefea889a5ed6e2fb6839b93\System.Transactions.ni.dll
MOD - [2013/08/14 07:05:52 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/14 07:05:38 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c949e6e8d206e0d33d11ff711eda2745\System.Xml.ni.dll
MOD - [2013/08/14 07:05:34 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/10 22:07:56 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/07/10 22:07:19 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8c20095bd7d46cdfa7933eb258a07daa\Accessibility.ni.dll
MOD - [2013/07/10 22:07:00 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2011/06/01 09:46:02 | 000,030,984 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
MOD - [2011/06/01 09:42:24 | 000,108,296 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
MOD - [2011/06/01 09:16:54 | 000,971,776 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
MOD - [2011/06/01 09:16:54 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
MOD - [2011/01/23 18:47:44 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
MOD - [2011/01/23 18:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
MOD - [2010/11/20 20:24:08 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/04/05 04:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epoemdll.dll
MOD - [2010/04/05 04:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epstring.dll
MOD - [2010/04/05 04:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epwizres.dll
MOD - [2010/04/05 04:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epwizard.dll
MOD - [2010/04/05 04:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\customui.dll
MOD - [2010/04/05 04:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epfunct.dll
MOD - [2010/04/05 04:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\eputil.dll
MOD - [2010/04/05 04:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\imagutil.dll
MOD - [2010/04/01 11:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdrs.dll
MOD - [2010/04/01 11:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecscw.dll
MOD - [2010/02/25 11:43:20 | 000,152,864 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Print Artist Platinum\en-US\ReminderApp.resources.dll
MOD - [2010/02/25 11:43:16 | 000,144,672 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Print Artist Platinum\ReminderApp.exe
MOD - [2010/02/25 11:43:16 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Print Artist Platinum\AddressBookCore.dll
MOD - [2009/06/10 14:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/05/27 06:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdatr.dll
MOD - [2009/04/07 13:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\iptk.dll
MOD - [2009/03/09 23:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccaps.dll
MOD - [2009/03/02 08:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecptp.dll
MOD - [2009/02/20 01:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\LXECsmr.dll
MOD - [2009/02/20 01:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXECsm.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/08/12 14:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 14:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/06/25 15:06:30 | 003,325,232 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/06/25 15:06:08 | 000,272,688 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/06/25 15:05:54 | 000,628,016 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/06/25 15:05:28 | 000,149,296 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/03/15 06:09:20 | 000,659,976 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/09/27 12:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2011/07/01 12:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/06/14 11:31:06 | 000,498,688 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2011/06/14 11:26:20 | 000,986,112 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2011/06/09 22:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/05/24 10:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/05/17 15:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011/04/20 16:16:04 | 000,558,592 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2010/10/20 15:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/04/14 14:08:30 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeccoms.exe -- (lxec_device)
SRV:64bit: - [2010/04/14 14:08:23 | 000,045,736 | ---- | M] () [Auto | Running] -- C:\windows\SysNative\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV - [2013/10/09 03:29:31 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/25 20:11:28 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/21 11:17:56 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011/11/21 16:32:40 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/10/13 23:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/13 23:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/06/01 09:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/05/04 14:04:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2011/02/01 14:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 14:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/08/26 17:48:00 | 000,285,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2010/04/14 14:08:23 | 000,045,736 | ---- | M] () [Auto | Running] -- C:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV - [2010/04/14 14:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeccoms.exe -- (lxec_device)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/08/20 21:31:40 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/08/20 21:31:40 | 000,103,576 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/03 00:58:20 | 000,188,232 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdm.sys -- (sscemdm)
DRV:64bit: - [2013/04/03 00:58:20 | 000,169,288 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscebus.sys -- (sscebus)
DRV:64bit: - [2013/04/03 00:58:20 | 000,021,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdfl.sys -- (sscemdfl)
DRV:64bit: - [2013/02/05 21:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/03 07:33:44 | 011,499,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/03/15 05:02:46 | 000,198,144 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012/03/15 05:02:46 | 000,198,144 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/26 07:16:03 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2011/12/06 03:23:10 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/09/01 23:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/01 23:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/09/01 23:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/09/01 23:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/06/09 20:28:22 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2011/05/26 07:21:28 | 000,174,680 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/05/19 14:25:10 | 000,182,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:64bit: - [2011/05/19 14:25:04 | 000,083,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2011/05/19 14:25:00 | 000,084,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2011/04/05 02:10:16 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/23 18:10:28 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 15:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 15:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/02/08 20:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 20:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/01 01:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/03/22 11:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2010/02/03 11:21:56 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/11/06 08:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2009/07/30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 17:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/13 18:14:58 | 000,057,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009/01/13 18:14:50 | 000,015,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009/01/13 18:14:30 | 000,034,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/01/13 18:14:22 | 000,022,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2007/01/19 18:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2013/04/18 03:09:20 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2011/06/02 10:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A31CF2CD-2D71-4351-A6B6-BD62EC2E94B2}
IE:64bit: - HKLM\..\SearchScopes\{A31CF2CD-2D71-4351-A6B6-BD62EC2E94B2}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-989340334-3437248486-661031180-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-989340334-3437248486-661031180-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-989340334-3437248486-661031180-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-989340334-3437248486-661031180-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-989340334-3437248486-661031180-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-989340334-3437248486-661031180-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-989340334-3437248486-661031180-1000\..\SearchScopes,DefaultScope = {A31CF2CD-2D71-4351-A6B6-BD62EC2E94B2}
IE - HKU\S-1-5-21-989340334-3437248486-661031180-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-989340334-3437248486-661031180-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/08/23 08:00:24 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-989340334-3437248486-661031180-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AddressBookReminderApp] C:\Program Files (x86)\Nova Development\Print Artist Platinum\ReminderApp.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-989340334-3437248486-661031180-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies3\FirmwareUpdate\Kies3PDLR.exe (Samsung)
O4 - HKU\S-1-5-21-989340334-3437248486-661031180-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-989340334-3437248486-661031180-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:64bit:
O8:64bit:
 
 
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-989340334-3437248486-661031180-1000\..Trusted Domains: linkedin.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-989340334-3437248486-661031180-1000\..Trusted Domains: pandora.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-989340334-3437248486-661031180-1000\..Trusted Domains: secunia.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-989340334-3437248486-661031180-1000\..Trusted Domains: state.wy.us ([statejobs] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0359CE86-7DE1-462E-82D3-CE741DF1EE94}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73A954E5-2AFD-414C-B670-9F45BEFFDCA7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEF9C482-A217-4EE7-9E7E-0EB93962D76E}: DhcpNameServer = 168.94.0.14 168.94.0.15
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/14 21:53:50 | 000,000,027 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/13 19:45:34 | 000,204,568 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\windows\SysNative\drivers\ssudmdm.sys
[2013/11/13 19:45:34 | 000,103,576 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\windows\SysNative\drivers\ssudbus.sys
[2013/11/13 19:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2013/11/13 00:10:22 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/11/13 00:10:21 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/11/13 00:10:20 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/11/13 00:10:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/11/13 00:10:20 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/11/13 00:10:20 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/13 00:10:20 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/11/13 00:10:20 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/11/13 00:10:20 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/11/13 00:10:20 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/11/13 00:10:20 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/11/13 00:10:18 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/11/13 00:10:18 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/11/13 00:10:18 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/11/13 00:10:17 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/11/12 21:08:18 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/11/12 21:08:14 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2013/11/12 21:08:13 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2013/11/12 21:08:13 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\credui.dll
[2013/11/12 21:08:13 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SmartcardCredentialProvider.dll
[2013/11/12 21:08:13 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/12 21:08:07 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2013/11/12 21:08:07 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2013/11/12 21:08:07 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2013/11/12 21:08:07 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2013/11/12 21:08:07 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2013/11/12 21:08:05 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
[2013/11/12 21:08:01 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\nshwfp.dll
[2013/11/12 21:08:01 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FWPUCLNT.DLL
[2013/11/12 21:08:01 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\FWPUCLNT.DLL
[2013/11/12 21:08:00 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll
[2013/11/12 12:03:42 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/11/08 07:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/11/07 16:04:05 | 000,000,000 | R--D | C] -- C:\Users\owner\Desktop\MBA Blog Virus Logs
[2013/11/07 10:11:03 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/11/06 07:18:49 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\owner\Desktop\dds.scr
[2013/11/05 15:26:47 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Transportation
[2013/11/04 12:44:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/11/04 12:44:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/11/04 06:45:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/10/31 08:46:26 | 015,641,088 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[2013/10/31 08:45:07 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
[2013/10/31 08:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
[2013/10/31 08:45:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LastPass
[2013/10/29 15:35:16 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Dept. of Family Services
[2013/10/25 20:18:01 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\NFSTR
[2013/10/25 20:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2013/10/25 20:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2013/10/25 19:46:08 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2013/10/25 19:46:05 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_7.dll
[2013/10/25 19:46:05 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_7.dll
[2013/10/25 19:46:03 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dcsx_43.dll
[2013/10/25 19:46:03 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dcsx_43.dll
[2013/10/25 19:46:02 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_43.dll
[2013/10/25 19:46:02 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_43.dll
[2013/10/25 19:46:01 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_43.dll
[2013/10/25 19:46:00 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_6.dll
[2013/10/25 19:46:00 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_6.dll
[2013/10/25 19:46:00 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_4.dll
[2013/10/25 19:46:00 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_4.dll
[2013/10/25 19:45:59 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_6.dll
[2013/10/25 19:45:59 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_6.dll
[2013/10/25 19:45:59 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_7.dll
[2013/10/25 19:45:59 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_7.dll
[2013/10/25 19:45:58 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_5.dll
[2013/10/25 19:45:56 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_42.dll
[2013/10/25 19:45:56 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_42.dll
[2013/10/25 19:45:56 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_5.dll
[2013/10/25 19:45:56 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_5.dll
[2013/10/25 19:45:55 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dcsx_42.dll
[2013/10/25 19:45:55 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dcsx_42.dll
[2013/10/25 19:45:53 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_42.dll
[2013/10/25 19:45:53 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx11_42.dll
[2013/10/25 19:45:53 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx11_42.dll
[2013/10/25 19:45:51 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_41.dll
[2013/10/25 19:45:51 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_41.dll
[2013/10/25 19:45:49 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_41.dll
[2013/10/25 19:45:49 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_4.dll
[2013/10/25 19:45:49 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_3.dll
[2013/10/25 19:45:48 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_4.dll
[2013/10/25 19:45:48 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_4.dll
[2013/10/25 19:45:48 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_6.dll
[2013/10/25 19:45:48 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_6.dll
[2013/10/25 19:45:46 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_40.dll
[2013/10/25 19:45:46 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_40.dll
[2013/10/25 19:45:46 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_40.dll
[2013/10/25 19:45:46 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_40.dll
[2013/10/25 19:45:45 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_40.dll
[2013/10/25 19:45:45 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_40.dll
[2013/10/25 19:45:45 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_3.dll
[2013/10/25 19:45:45 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_3.dll
[2013/10/25 19:45:45 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_2.dll
[2013/10/25 19:45:45 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_2.dll
[2013/10/25 19:45:44 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_3.dll
[2013/10/25 19:45:44 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_3.dll
[2013/10/25 19:45:44 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_5.dll
[2013/10/25 19:45:44 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_5.dll
[2013/10/25 19:45:43 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_2.dll
[2013/10/25 19:45:43 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_2.dll
[2013/10/25 19:45:43 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_1.dll
[2013/10/25 19:45:43 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_1.dll
[2013/10/25 19:45:41 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_2.dll
[2013/10/25 19:45:41 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_2.dll
[2013/10/25 19:45:40 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_39.dll
[2013/10/25 19:45:40 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_39.dll
[2013/10/25 19:45:40 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_39.dll
[2013/10/25 19:45:40 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_39.dll
[2013/10/25 19:45:39 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_39.dll
[2013/10/25 19:45:38 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_1.dll
[2013/10/25 19:45:38 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_1.dll
[2013/10/25 19:45:38 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_0.dll
[2013/10/25 19:45:38 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_0.dll
[2013/10/25 19:45:37 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_38.dll
[2013/10/25 19:45:37 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_38.dll
[2013/10/25 19:45:37 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_38.dll
[2013/10/25 19:45:37 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_38.dll
[2013/10/25 19:45:37 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_1.dll
[2013/10/25 19:45:37 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_1.dll
[2013/10/25 19:45:37 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_4.dll
[2013/10/25 19:45:37 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_4.dll
[2013/10/25 19:45:36 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_38.dll
[2013/10/25 19:45:36 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_38.dll
[2013/10/25 19:45:36 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_0.dll
[2013/10/25 19:45:36 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_0.dll
[2013/10/25 19:45:35 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_37.dll
[2013/10/25 19:45:35 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_37.dll
[2013/10/25 19:45:35 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_37.dll
[2013/10/25 19:45:35 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_37.dll
[2013/10/25 19:45:35 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_0.dll
[2013/10/25 19:45:35 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_0.dll
[2013/10/25 19:45:35 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_3.dll
[2013/10/25 19:45:35 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_3.dll
[2013/10/25 19:45:34 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_37.dll
[2013/10/25 19:45:34 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_37.dll
[2013/10/25 17:22:11 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Origin
[2013/10/25 17:22:10 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Origin
[2013/10/25 17:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013/10/25 17:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013/10/25 17:20:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2013/10/21 08:58:13 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013/10/21 08:58:08 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013/10/21 08:58:08 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013/10/21 08:58:08 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/21 08:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/13 23:31:52 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/13 23:29:10 | 000,020,876 | ---- | M] () -- C:\Users\owner\Desktop\Bit Remover Scan Picture_11.13.13.jpg
[2013/11/13 23:29:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/11/13 20:38:39 | 000,025,120 | ---- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/13 20:38:39 | 000,025,120 | ---- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/13 20:35:27 | 000,779,358 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/11/13 20:35:27 | 000,660,556 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/11/13 20:35:27 | 000,121,452 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/11/13 20:31:38 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/13 20:31:10 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/11/13 20:31:00 | 2074,947,583 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/13 09:22:52 | 000,240,468 | ---- | M] () -- C:\Users\owner\Desktop\Security Prompt Screenshot_11.13.13.png
[2013/11/12 13:29:31 | 000,032,114 | ---- | M] () -- C:\Users\owner\Desktop\Revo_No installation pkg. found!_IObit_11.12.2013.jpg
[2013/11/12 12:03:42 | 000,001,235 | ---- | M] () -- C:\Users\owner\Desktop\Revo Uninstaller.lnk
[2013/11/11 15:51:40 | 000,001,041 | ---- | M] () -- C:\Users\owner\Desktop\Search.lnk
[2013/11/11 15:42:22 | 000,063,591 | ---- | M] () -- C:\Users\owner\Desktop\ESET_Scan Log_3_Screenshot_ 11.11.2013.jpg
[2013/11/08 20:15:39 | 010,563,513 | ---- | M] () -- C:\Users\owner\Desktop\HOONIT! Screenshots.zip
[2013/11/08 19:33:04 | 000,070,242 | ---- | M] () -- C:\Users\owner\Desktop\ESET_Scan Log_2_Screenshot_ 11.08.2013.jpg
[2013/11/07 15:50:53 | 000,000,217 | ---- | M] () -- C:\Users\Public\Desktop\Norton IdentifySafe.url
[2013/11/06 07:46:32 | 000,040,103 | ---- | M] () -- C:\Users\owner\Desktop\snap.do screenshot 11.06.13.jpg
[2013/11/06 07:43:22 | 000,217,672 | ---- | M] () -- C:\Users\owner\Desktop\Sweetpacks Search Screenshot 11.06.13.jpg
[2013/11/06 07:18:53 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\owner\Desktop\dds.scr
[2013/11/04 19:16:23 | 000,002,311 | ---- | M] () -- C:\Users\owner\Desktop\Google Chrome.lnk
[2013/11/04 12:44:53 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2013/11/04 12:33:27 | 000,440,828 | ---- | M] () -- C:\Users\owner\Documents\11-04-2013 12;33;27PM.PDF
[2013/11/04 08:15:48 | 000,001,216 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ainishare Free Center.lnk
[2013/11/04 07:43:22 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies 3.lnk
[2013/11/04 07:43:21 | 000,001,964 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies 3.lnk
[2013/11/03 15:22:05 | 000,142,130 | ---- | M] () -- C:\Users\owner\Desktop\Malwarebytes_SweetPacks PUP Program_11.03.2013_1530p.jpg
[2013/11/03 10:57:27 | 000,002,168 | ---- | M] () -- C:\{E5B9F760-C083-43C9-8C4A-FF35F442C12C}
[2013/10/31 08:46:27 | 000,002,081 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
[2013/10/31 08:46:26 | 015,641,088 | ---- | M] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[2013/10/31 08:46:26 | 000,001,192 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
[2013/10/31 08:45:10 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\My LastPass Vault.lnk
[2013/10/29 04:51:55 | 000,002,168 | ---- | M] () -- C:\{061BB093-D56B-4B81-9B8A-606DC29AA460}
[2013/10/26 01:55:23 | 000,002,424 | ---- | M] () -- C:\{F7EAC64E-F2AE-4748-9A22-6A54712638D0}
[2013/10/26 01:55:22 | 000,029,792 | ---- | M] () -- C:\{51731F0A-9933-4FD4-868B-F84B25F1392C}
[2013/10/25 17:20:17 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013/10/24 23:10:07 | 000,002,168 | ---- | M] () -- C:\{A0239D77-1528-4C58-8536-D3FCA00A35FD}
[2013/10/18 14:14:42 | 000,002,576 | ---- | M] () -- C:\{059C79DE-53DF-48FE-8D29-F53F5500AB8A}
[2013/10/17 07:39:04 | 000,212,300 | ---- | M] () -- C:\Users\owner\Desktop\Will Smith_Wyoming Help Wanted.com_10.17.2013.jpg
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/11/13 23:29:10 | 000,020,876 | ---- | C] () -- C:\Users\owner\Desktop\Bit Remover Scan Picture_11.13.13.jpg
[2013/11/13 09:31:02 | 000,240,468 | ---- | C] () -- C:\Users\owner\Desktop\Security Prompt Screenshot_11.13.13.png
[2013/11/12 13:29:31 | 000,032,114 | ---- | C] () -- C:\Users\owner\Desktop\Revo_No installation pkg. found!_IObit_11.12.2013.jpg
[2013/11/12 12:03:42 | 000,001,235 | ---- | C] () -- C:\Users\owner\Desktop\Revo Uninstaller.lnk
[2013/11/11 15:42:22 | 000,063,591 | ---- | C] () -- C:\Users\owner\Desktop\ESET_Scan Log_3_Screenshot_ 11.11.2013.jpg
[2013/11/08 20:15:39 | 010,563,513 | ---- | C] () -- C:\Users\owner\Desktop\HOONIT! Screenshots.zip
[2013/11/08 19:33:04 | 000,070,242 | ---- | C] () -- C:\Users\owner\Desktop\ESET_Scan Log_2_Screenshot_ 11.08.2013.jpg
[2013/11/06 07:46:32 | 000,040,103 | ---- | C] () -- C:\Users\owner\Desktop\snap.do screenshot 11.06.13.jpg
[2013/11/06 07:43:21 | 000,217,672 | ---- | C] () -- C:\Users\owner\Desktop\Sweetpacks Search Screenshot 11.06.13.jpg
[2013/11/04 13:43:10 | 000,002,311 | ---- | C] () -- C:\Users\owner\Desktop\Google Chrome.lnk
[2013/11/04 12:44:53 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2013/11/04 12:44:43 | 000,002,088 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/11/04 12:33:27 | 000,440,828 | ---- | C] () -- C:\Users\owner\Documents\11-04-2013 12;33;27PM.PDF
[2013/11/04 09:19:52 | 000,000,217 | ---- | C] () -- C:\Users\Public\Desktop\Norton IdentifySafe.url
[2013/11/04 08:16:55 | 000,001,071 | ---- | C] () -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2013/11/04 08:16:54 | 000,001,041 | ---- | C] () -- C:\Users\owner\Desktop\Search.lnk
[2013/11/04 08:15:48 | 000,001,216 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ainishare Free Center.lnk
[2013/11/04 07:43:22 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies 3.lnk
[2013/11/04 07:43:21 | 000,001,964 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies 3.lnk
[2013/11/03 15:22:05 | 000,142,130 | ---- | C] () -- C:\Users\owner\Desktop\Malwarebytes_SweetPacks PUP Program_11.03.2013_1530p.jpg
[2013/11/03 10:57:25 | 000,002,168 | ---- | C] () -- C:\{E5B9F760-C083-43C9-8C4A-FF35F442C12C}
[2013/10/31 08:46:27 | 000,002,081 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
[2013/10/31 08:46:26 | 000,001,192 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
[2013/10/31 08:45:10 | 000,001,192 | ---- | C] () -- C:\Users\Public\Desktop\My LastPass Vault.lnk
[2013/10/29 04:51:54 | 000,002,168 | ---- | C] () -- C:\{061BB093-D56B-4B81-9B8A-606DC29AA460}
[2013/10/26 01:55:22 | 000,029,792 | ---- | C] () -- C:\{51731F0A-9933-4FD4-868B-F84B25F1392C}
[2013/10/26 01:55:22 | 000,002,424 | ---- | C] () -- C:\{F7EAC64E-F2AE-4748-9A22-6A54712638D0}
[2013/10/25 17:20:17 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013/10/24 23:10:07 | 000,002,168 | ---- | C] () -- C:\{A0239D77-1528-4C58-8536-D3FCA00A35FD}
[2013/10/18 14:14:42 | 000,002,576 | ---- | C] () -- C:\{059C79DE-53DF-48FE-8D29-F53F5500AB8A}
[2013/10/17 07:39:04 | 000,212,300 | ---- | C] () -- C:\Users\owner\Desktop\Will Smith_Wyoming Help Wanted.com_10.17.2013.jpg
[2013/09/29 09:53:30 | 000,216,064 | ---- | C] ( ) -- C:\windows\SysWow64\Lagarith.dll
[2013/08/24 02:08:29 | 000,005,632 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/07 23:55:49 | 000,004,234 | ---- | C] () -- C:\Users\owner\AppData\Local\recently-used.xbel
[2013/08/04 23:15:08 | 000,066,104 | ---- | C] () -- C:\windows\SysWow64\bdmpegv.dll
[2013/08/04 23:15:06 | 000,023,080 | ---- | C] () -- C:\windows\SysWow64\bdmjpeg.dll
[2013/07/28 13:42:50 | 000,074,703 | ---- | C] () -- C:\windows\SysWow64\mfc45.dll
[2013/05/14 18:51:06 | 000,110,592 | ---- | C] () -- C:\windows\SysWow64\FsUsbExDevice.Dll
[2013/05/14 18:51:06 | 000,037,344 | ---- | C] () -- C:\windows\SysWow64\FsUsbExDisk.Sys
[2013/03/31 11:55:34 | 001,048,576 | ---- | C] ( ) -- C:\windows\SysWow64\lxecserv.dll
[2013/03/31 11:55:34 | 000,847,872 | ---- | C] ( ) -- C:\windows\SysWow64\lxecusb1.dll
[2013/03/31 11:55:34 | 000,643,072 | ---- | C] ( ) -- C:\windows\SysWow64\lxecpmui.dll
[2013/03/31 11:55:34 | 000,364,544 | ---- | C] ( ) -- C:\windows\SysWow64\lxecinpa.dll
[2013/03/31 11:55:34 | 000,344,064 | ---- | C] () -- C:\windows\SysWow64\lxeccomx.dll
[2013/03/31 11:55:34 | 000,344,064 | ---- | C] ( ) -- C:\windows\SysWow64\lxeciesc.dll
[2013/03/31 11:55:34 | 000,323,584 | ---- | C] () -- C:\windows\SysWow64\lxecins.dll
[2013/03/31 11:55:34 | 000,262,144 | ---- | C] () -- C:\windows\SysWow64\lxecinsb.dll
[2013/03/31 11:55:34 | 000,253,952 | ---- | C] () -- C:\windows\SysWow64\lxeccu.dll
[2013/03/31 11:55:34 | 000,106,496 | ---- | C] () -- C:\windows\SysWow64\lxecinsr.dll
[2013/03/31 11:55:34 | 000,090,112 | ---- | C] () -- C:\windows\SysWow64\lxeccub.dll
[2013/03/31 11:55:34 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\lxecjswr.dll
[2013/03/31 11:55:34 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\lxeccur.dll
[2013/03/31 11:55:33 | 000,802,816 | ---- | C] ( ) -- C:\windows\SysWow64\lxeccomc.dll
[2013/03/31 11:55:33 | 000,688,128 | ---- | C] ( ) -- C:\windows\SysWow64\lxechbn3.dll
[2013/03/31 11:55:33 | 000,598,696 | ---- | C] ( ) -- C:\windows\SysWow64\lxeccoms.exe
[2013/03/31 11:55:33 | 000,577,536 | ---- | C] ( ) -- C:\windows\SysWow64\lxeclmpm.dll
[2013/03/31 11:55:33 | 000,373,416 | ---- | C] ( ) -- C:\windows\SysWow64\lxeccfg.exe
[2013/03/31 11:55:33 | 000,372,736 | ---- | C] ( ) -- C:\windows\SysWow64\lxeccomm.dll
[2013/03/31 11:55:33 | 000,324,264 | ---- | C] ( ) -- C:\windows\SysWow64\lxecih.exe
[2012/11/09 23:56:14 | 000,053,299 | ---- | C] () -- C:\windows\SysWow64\pthreadVC.dll
[2012/05/27 15:02:45 | 000,000,126 | ---- | C] () -- C:\windows\QUICKEN.INI
[2012/05/23 18:49:34 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2012/05/21 10:57:52 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/04/15 22:02:38 | 000,773,574 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/04/14 20:10:37 | 000,000,012 | ---- | C] () -- C:\windows\dirsaver.ini
[2012/04/03 15:27:45 | 000,299,008 | ---- | C] () -- C:\windows\SysWow64\LXECsm.dll
[2012/04/03 15:27:45 | 000,023,552 | ---- | C] () -- C:\windows\SysWow64\LXECsmr.dll
[2011/11/29 15:38:12 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2011/11/29 15:38:12 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2011/11/29 15:38:12 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2011/11/29 15:38:12 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 06:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 06:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 06:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >
 
Part 2 next...
Link to post
Share on other sites

Part 2...

 

Extras Log:

 

OTL Extras logfile created on: 11/13/2013 11:32:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\owner\Desktop\Bleeping Computer site for Rkill Download
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.91 Gb Total Physical Memory | 5.95 Gb Available Physical Memory | 75.24% Memory free
15.82 Gb Paging File | 13.93 Gb Available in Paging File | 88.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682.11 Gb Total Space | 524.05 Gb Free Space | 76.83% Space Free | Partition Type: NTFS
Drive F: | 1397.26 Gb Total Space | 504.19 Gb Free Space | 36.08% Space Free | Partition Type: NTFS
 
Computer Name: GORDON-L | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-989340334-3437248486-661031180-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" && icacls "%1" /grant administrators:F (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" && icacls "%1" /grant administrators:F (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{54A92A1B-F398-425D-8901-E463A19B4A51}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{5CADE741-C36B-4579-B368-A19D29F1D0AC}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{F5C63828-BFEC-4ABA-AE67-2840AE967203}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053A1282-74E0-4666-9B7B-2E100BCBEB96}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe | 
"{0B779573-6E1D-4EBD-8F89-6B262BC9A559}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\microsoft flight\flight.exe | 
"{0BE7EBA3-D593-485D-90E7-BBD16B4CF364}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | 
"{1090A0E9-791A-49E1-9405-BB4552D15799}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{1617551E-041D-441E-B316-06835EB74EFB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon's lair\dragonslair.exe | 
"{188D149F-29CA-4F7E-99F1-E4EBE3649544}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{1C9B17B1-C60D-4886-B635-52373A0529AA}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{2142A245-89DA-4385-B368-C5FC7D15B984}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft corporation\tinker\tinker.exe | 
"{2FA06C25-9576-4E15-B2BB-F22FB5534911}" = dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe | 
"{3452238D-F40F-4C51-B74D-9333A9CFF515}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{4370A830-C7F9-423B-8DBD-F2A01559C8D0}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe | 
"{4E63F515-D9AB-4FF4-ADB8-59E565148CED}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | 
"{50EC56BB-9D5F-49A2-AC69-BBD9F869D767}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{5C4526C4-39EF-494B-B88A-1AA7192B6D1C}" = dir=in | app=c:\users\owner\appdata\local\microsoft\skydrive\skydrive.exe | 
"{5C852E52-D086-4FD0-A228-7A3D37490CB6}" = dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe | 
"{5DED0184-61DD-4303-9BA1-391EC715E921}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{606FBEC6-3A80-45F8-9F80-B99A4B223CEA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{64C182A5-294A-434C-B460-0C69C56C750F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft corporation\tinker\tinker.exe | 
"{6673A871-028C-47FF-8474-2FD1DD6008ED}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{6C0D6EAC-9902-4C8E-8AE4-339D3E8732C9}" = dir=in | app=c:\windows\system32\lxeccoms.exe | 
"{7025A327-763E-485A-8665-2BF12B71B6AD}" = dir=in | app=c:\windows\system32\lxeccoms.exe | 
"{70AF1E2C-7A7F-4EED-9DBA-2041B346A8F1}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | 
"{84BFBCD7-2AC5-4A64-AF32-23C03658BA4B}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{91196C44-A81A-42C7-AF42-EFC93DEBC6C0}" = dir=in | app=c:\windows\system32\lxeccoms.exe | 
"{93F3F740-1604-4501-9438-3433F53ECC16}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{9C1E1484-6615-4B73-A0EE-787659AEA04A}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{9E593FC4-7E3D-4C53-B5FC-E0DE69AC9AF7}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{A5E7D053-B91F-4F57-B823-0AE5A6509F6B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\microsoft flight\flight.exe | 
"{AA524438-3001-4779-A298-75E36B65D873}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | 
"{BDDFB9C7-3EA3-4242-9BE6-AC659E5D68D4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{C0CC205F-8C64-491E-8F65-F7C0D39E895A}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{C0FFF16D-F1BC-4670-96F3-FCC4D092CC40}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{CDE3302D-4774-43F6-9C3B-9602C313D6E4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon's lair\dragonslair.exe | 
"{CF073AFE-7B26-4BCE-B818-BF8FF28418D0}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{DB0E2F93-E120-46D5-8771-7F1C474AB536}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{F26E2F7B-0994-49C6-B3F8-EFA128D1ED24}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microsoft flight\flight.exe | 
"{F8B58629-0F6E-4D76-AEF7-BD46406AF82D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microsoft flight\flight.exe | 
"TCP Query User{8B9020A9-00EC-42B8-9492-57D1AD24FCA0}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{A55EF555-8987-47B7-9B17-6CA57261F249}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}" = Intel® PROSet/Wireless WiFi Software
"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{2FD0FA0A-7A21-4C4A-B268-1142B54E035E}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5C1DA3D9-F590-4317-A4FB-274F658E504B}" = Intel® PROSet/Wireless WiMAX Software
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8753DF4D-64B0-474E-9A97-0AB5585D9A53}" = Logitech Gaming Software 5.04
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D26D58C-3464-4C03-BB61-5695F984EFEF}" = Microsoft Security Client
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}" = Intel® PROSet/Wireless for Bluetooth® + High Speed
"{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}" = TOSHIBA eco Utility
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
"Logitech Unifying" = Logitech Unifying Software 2.10
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"SP6" = Logitech SetPoint 6.32
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{159E3ACF-7D79-49A1-A085-9F53B0738C65}" = The Print Shop 2.0 Professional
"{177CD779-4EEC-43C5-8DEA-4E0EC103624B}" = Driver Manager
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 45
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5
"{370CA4B0-A1D8-4863-A3C5-6879AEE1663A}" = Angry Birds
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B95ED9D-BF9E-496a-8394-AEA8E6A4E11B}_is1" = Ainishare Free Video Editor 2.5.0
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D5308D2-6B0A-4BB0-809F-AE1000048101}" = Microsoft Flight
"{4D5308D2-6B0A-4BB0-809F-AE1000058101}" = Microsoft Flight
"{4D5308D2-DC8E-4658-A37C-351000038100}" = Microsoft Flight
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55D56ACA-79C3-4692-9F78-2DA5E663770C}" = Print Artist Platinum 23
"{584109EB-4A5E-4467-B3C4-5C1000008300}" = Tinker
"{584109EB-CEA0-4954-804B-211000018301}" = Tinker
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{617773AE-ADBA-4479-BB04-65FE7758B35C}" = TOSHIBA Wireless Display Monitor
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6389F199-1D6C-4974-9557-693F9DD48736}" = Windows Live Writer Resources
"{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}" = System Requirements Lab for Intel
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA VIDEO PLAYER
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7C6F0282-3DCD-4A80-95AC-BB298E821C44}" = Windows Live Writer
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{88547073-C566-4895-9005-EBE98EA3F7C7}" = Samsung Kies3
"{89870E0D-9602-41F8-9E83-14F6849346A4}" = Windows Live Mail
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}" = Media Player Utilities 5.22
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92BCB2AF-E53E-40B2-81B3-9DCF57D80CDA}" = Flight Toolkit
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6D5C94-386A-4DE7-B99F-523D3F167B9A}" = Windows Live Messenger
"{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF91344-2808-4D6B-9242-FBE5AF79D60A}" = Windows Live Family Safety
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{CC86C6C4-7E7D-8447-BA9D-2FD7823E5752}_is1" = Ainishare Free Center
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{d3c21b5c-e66c-4693-895c-bc56e6ecb7c1}" = Flight Toolkit
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"7-Zip" = 7-Zip 9.22beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Audacity_is1" = Audacity 2.0.2
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"DreamAqua" = Dream Aquarium
"ESET Online Scanner" = ESET Online Scanner v3
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"GFWL_{4D5308D2-DC8E-4658-A37C-351000038100}" = Microsoft Flight
"GFWL_{584109EB-4A5E-4467-B3C4-5C1000008300}" = Tinker
"Google Chrome" = Google Chrome
"Hoyle Card Games Classic" = Hoyle Card Games Classic
"Hoyle Puzzle and Board Games Classic" = Hoyle Puzzle and Board Games Classic
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}" = Samsung Kies3
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"LastPass" = LastPass (uninstall only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MVApplication1" = Memorex exPressit Label Design Studio
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Origin" = Origin
"RealPlayer 16.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.95
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"Steam App 203850" = Microsoft Flight
"Steam App 227380" = Dragon's Lair
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-989340334-3437248486-661031180-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/12/2013 8:31:05 AM | Computer Name = Gordon-L | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
 .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 11/13/2013 1:17:24 AM | Computer Name = Gordon-L | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
 Events cannot be delivered through this filter until the problem is corrected.
 
Error - 11/13/2013 5:49:42 AM | Computer Name = Gordon-L | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
 Events cannot be delivered through this filter until the problem is corrected.
 
Error - 11/13/2013 9:10:17 AM | Computer Name = Gordon-L | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
 .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 11/13/2013 8:21:46 PM | Computer Name = Gordon-L | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
 Events cannot be delivered through this filter until the problem is corrected.
 
Error - 11/13/2013 9:40:22 PM | Computer Name = Gordon-L | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" 
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 11/13/2013 9:40:22 PM | Computer Name = Gordon-L | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" 
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 11/13/2013 10:01:22 PM | Computer Name = Gordon-L | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
 Events cannot be delivered through this filter until the problem is corrected.
 
Error - 11/13/2013 11:31:25 PM | Computer Name = Gordon-L | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
 Events cannot be delivered through this filter until the problem is corrected.
 
Error - 11/14/2013 2:14:31 AM | Computer Name = Gordon-L | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\owner\Desktop\Bleeping
 Computer site for Rkill Download\esetsmartinstaller_enu.exe".Error in manifest 
or policy file "" on line .  A component version required by the application conflicts
 with another component version already active.  Conflicting components are:.  Component
 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ System Events ]
Error - 11/13/2013 11:31:12 PM | Computer Name = Gordon-L | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:10:24 PM on ?11/?13/?2013 was unexpected.
 
 
< End of report >
_____________________________________________________________________________________________
 
Waiting for further instructions.
 
Thank you,
-fryer
Link to post
Share on other sites

Then your computer is clean now! :)

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.

 

 

 

How to protect yourself

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:

    [*] Backups
    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice. [*] Brains
    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.

Link to post
Share on other sites

Marius,

 

Thank you so very much for all of your help.  I sincerely appreciate everything.

 

I believe, even though I have not confirmed it yet, that during this whole process you inadvertantly fixed a ghost E: drive problem that I had researched in the past.  I had no E: drive installed, however, from what I had read this could be due to accidentally disengaging a thumb drive before the computer had a chance to finish what it needed to do, therefore the E: drive was corrupted a little bit.

 

I also wanted to post a screenshot of the end results (Even though I knew a lot sooner but none-the-less excited that snap.do was cleared.) of the Start Menu > Properites options:

 

post-138290-0-56118700-1384528401_thumb.

 

As you can see snap.do is gone from the choices given.  Way to go Marius!

 

If you do not mind Marius, just in case there are others following this thread:

 

One more important thing that I have personally learned about those pop up malware box prompts: If you come across a "Windows prompt" while you are surfing the web and you smartly do not check "Ok" and try to click on the Red "X" in the top right hand corner of that window; but cannot get rid of the prompt.  IMMEDIATELY TURN OFF THE POWER TO YOUR COMPUTER.

 

However please take note... DO NOT DO THIS UNLESS IT IS AN EMERGENCY!  Turning off the power to your computer when it has not properly shut down can cause serious damage to your computer.

 

I personally have it set up in my Control Panel settings so that when I hit the power button to my computer that it will immediately shut down should I come across something like this.  

 

After you have restarted your computer, start scanning your computer immediately for threats.  If you need help do not be afraid to ask.  It is always better that than a poke in the eye with a sharp stick...lol.

 

Many thank you's again Marius for you, and your staff if you have a staff of employees...lol.  Your fight to help us all combat hackers and their evil doings is appreciated more than you know.

 

Sincerely,

- fryerlawrence

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.