Jump to content

Infected with Malware/Adware


Recommended Posts

A few days ago, I installed the adblocker plug in, and I started noticing my computer was acting strangely. Somehow I ended up with another plug in called "suirf and keep", (and no that's not a typo on my part). My browser started redirecting me to other websites whenever I clicked on a link. I uninstalled the plug in, and I used both my Norton 360 and Malwarebytes software to make sure my computer was clean. It removed a number of files, and then it was working perfectly at least for the rest of the day. The next morning, I started getting pop up notifications every few minutes from Malwarebytes that it was blocking intrusions from the IP 193.105.134.63. I checked my windows tasks manager and every time one of these notifications popped up, iexplore.exe would pop up under processes, even though I didn't open it and it does not appear on my desktop.

I ran both MB and Norton again and neither of them picked up on anything. I'd appreciate any help you can give as I'm hardly what one might call tech savvy

 

Here are the two logs:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16736  BrowserJavaVersion: 10.21.2
Run by Hannah at 20:52:30 on 2013-11-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8111.3935 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
C:\windows\SysWOW64\PnkBstrA.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Rhapsody\rhaphlpr.exe
C:\Users\Hannah\AppData\Local\Amazon\Kindle\application\Kindle.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\windows\system32\taskmgr.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.


uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
uRun: [GameFly Digital Client] "C:\Users\Hannah\AppData\Local\Apps\2.0\ZPKAQ042.XLN\P60NW6CZ.EHH\game..tion_2b523ae39a779562_0001.0000_89369608b76bebe3\GameFly.Digital.Client.Driver.exe" -minimized
uRun: [MWFsoft] regsvr32.exe C:\Users\Hannah\AppData\Local\MWFsoft\pj10intl.dll
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll



TCP: NameServer = 192.168.1.1
TCP: Interfaces\{CB08E298-4D3A-4BA7-9670-382233F9D8CD} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{CB08E298-4D3A-4BA7-9670-382233F9D8CD}\3497E6478696162E08993702960586F6E656 : DHCPNameServer = 172.26.38.1 172.26.38.2
TCP: Interfaces\{CB08E298-4D3A-4BA7-9670-382233F9D8CD}\3497E647869616D4F6F62756 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{CB08E298-4D3A-4BA7-9670-382233F9D8CD}\C4165727162E08993702960586F6E656 : DHCPNameServer = 198.224.190.135 198.224.191.135
TCP: Interfaces\{CB08E298-4D3A-4BA7-9670-382233F9D8CD}\E4F465147457563747 : DHCPNameServer = 164.106.2.1 164.106.178.74 164.106.130.75
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [sRS Premium Sound 3D] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe"  /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_PS3D.zip" /h
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\gsyc3o3s.default-1384747638701\

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-11-16 02:01; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\IPSFF
FF - ExtSQL: 2013-11-17 22:29; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\coFFPlgn
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-2-27 16152]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-9-24 28992]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2011-3-23 36992]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2012-9-24 482384]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-11-22 109352]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-9-24 128280]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-9-24 161560]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-17 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-17 701512]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe [2013-6-10 144368]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2012-11-23 132504]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [2012-9-24 126392]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-24 363800]
R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [2013-11-18 1524824]
R3 ccSet_N360;Norton 360 Settings Manager;C:\windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys [2013-6-10 169048]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-21 137648]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2012-9-24 9216]
R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20131122.001\IDSviA64.sys [2013-11-22 521816]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-12-6 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-2-27 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-2-27 788760]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2012-1-16 103536]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-11-17 25928]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-9-24 38096]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\windows\System32\drivers\RtsP2Stor.sys [2012-9-24 259176]
R3 SmbDrv;SmbDrv;C:\windows\System32\drivers\Smb_driver.sys [2012-2-24 22800]
R3 SymDS;Symantec Data Store;C:\windows\System32\drivers\N360x64\1404000.028\symds64.sys [2013-6-10 493656]
R3 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\N360x64\1404000.028\symefa64.sys [2013-6-10 1139800]
R3 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\N360x64\1404000.028\ironx64.sys [2013-6-10 224416]
R3 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\N360x64\1404000.028\symnets.sys [2013-6-10 433752]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-25 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-8-13 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-8-13 124088]
S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2012-10-3 401920]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Origin Games\Dragon Age\bin_ship\daupdatersvc.service.exe [2011-2-24 25832]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-11-8 227936]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-2-2 19456]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-9-24 57216]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-2-2 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-2-2 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-10-5 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
SUnknown EraserUtilDrv11312;EraserUtilDrv11312; [x]
.
=============== Created Last 30 ================
.
2013-11-22 06:21:37    --------    d-----w-    C:\Users\Hannah\AppData\Roaming\LavasoftStatistics
2013-11-22 06:20:28    --------    d-----w-    C:\ProgramData\Search Protection
2013-11-22 06:20:26    --------    d-----w-    C:\Users\Hannah\AppData\Local\adawarebp
2013-11-22 06:20:13    --------    d-----w-    C:\ProgramData\Ad-Aware Browsing Protection
2013-11-22 06:19:54    --------    d-----w-    C:\Program Files (x86)\Toolbar Cleaner
2013-11-22 06:19:51    --------    d-----w-    C:\Users\Hannah\AppData\Roaming\SecureSearch
2013-11-22 06:19:14    --------    d-----w-    C:\Program Files (x86)\Lavasoft
2013-11-22 06:17:45    --------    d-----w-    C:\Program Files\Common Files\Lavasoft
2013-11-22 06:12:15    12872    ----a-w-    C:\windows\System32\bootdelete.exe
2013-11-22 05:55:59    --------    d-----w-    C:\Program Files\HitmanPro
2013-11-22 05:55:34    --------    d-----w-    C:\ProgramData\HitmanPro
2013-11-21 03:40:17    --------    d-----w-    C:\Users\Hannah\AppData\Roaming\NevoSoft Games
2013-11-21 01:05:20    --------    d-----w-    C:\Program Files (x86)\Farm Craft 2
2013-11-20 01:17:49    --------    d-----w-    C:\windows\Migration
2013-11-18 03:22:12    --------    d-----w-    C:\Users\Hannah\AppData\Roaming\Malwarebytes
2013-11-18 03:22:04    25928    ----a-w-    C:\windows\System32\drivers\mbam.sys
2013-11-18 03:22:04    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-11-18 03:22:04    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-17 19:54:57    --------    d-----w-    C:\Users\Hannah\AppData\Local\MWFsoft
2013-11-15 03:19:55    --------    d-----w-    C:\Users\Hannah\AppData\Local\Tales of Lagoona 2
2013-11-14 20:28:38    --------    d-----w-    C:\Users\Hannah\AppData\Local\Packages
2013-11-14 20:28:38    --------    d-----w-    C:\ProgramData\suirf aned  keep
2013-11-14 20:28:35    --------    d-----w-    C:\Program Files (x86)\suirf aned  keep
2013-11-14 20:28:33    --------    d-----w-    C:\ProgramData\163a425f8bf257d2
2013-11-14 20:28:20    --------    d-----w-    C:\ProgramData\InstallMate
2013-11-14 20:26:16    --------    d-----w-    C:\Users\Hannah\Project64 2.1
2013-11-06 18:13:30    --------    d-----w-    C:\Program Files (x86)\My Singing Monsters
2013-11-03 03:52:02    --------    d-----w-    C:\Users\Hannah\AppData\Local\GameFly
2013-11-03 01:38:27    --------    d-----w-    C:\Users\Hannah\AppData\Roaming\Peter L Jones
2013-11-03 01:38:16    --------    d-----w-    C:\Program Files\s3pe
2013-10-30 19:52:47    --------    d-----w-    C:\Users\Hannah\AppData\Local\Apps
2013-10-30 19:52:46    --------    d-----w-    C:\Users\Hannah\AppData\Local\Deployment
2013-10-30 15:58:05    --------    d-----w-    C:\Users\Hannah\AppData\Roaming\JaiboGames
2013-10-30 04:41:43    --------    d-----w-    C:\Users\Hannah\AppData\Roaming\Awem
2013-10-30 04:40:58    --------    d-----w-    C:\Program Files (x86)\Heroes of Hellas 3 - Athens
2013-10-30 04:38:33    --------    d-----w-    C:\Program Files (x86)\Cradle of Rome 2
.
==================== Find3M  ====================
.
2013-11-20 01:23:53    189248    ----a-w-    C:\windows\SysWow64\PnkBstrB.exe
2013-11-20 01:23:41    75136    ----a-w-    C:\windows\SysWow64\PnkBstrA.exe
2013-10-15 15:53:20    42511398    ----a-w-    C:\Users\Hannah\my life story.exe
2013-10-12 08:45:20    2241536    ----a-w-    C:\windows\System32\wininet.dll
2013-10-12 08:43:37    3959808    ----a-w-    C:\windows\System32\jscript9.dll
2013-10-12 08:43:32    67072    ----a-w-    C:\windows\System32\iesetup.dll
2013-10-12 08:43:32    136704    ----a-w-    C:\windows\System32\iesysprep.dll
2013-10-12 07:03:50    1767936    ----a-w-    C:\windows\SysWow64\wininet.dll
2013-10-12 07:02:33    2877952    ----a-w-    C:\windows\SysWow64\jscript9.dll
2013-10-12 07:02:29    61440    ----a-w-    C:\windows\SysWow64\iesetup.dll
2013-10-12 07:02:29    109056    ----a-w-    C:\windows\SysWow64\iesysprep.dll
2013-10-12 06:35:26    2706432    ----a-w-    C:\windows\System32\mshtml.tlb
2013-10-12 06:08:58    2706432    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2013-10-12 05:44:38    89600    ----a-w-    C:\windows\System32\RegisterIEPKEYs.exe
2013-10-12 05:15:39    71680    ----a-w-    C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-10-12 02:30:42    830464    ----a-w-    C:\windows\System32\nshwfp.dll
2013-10-12 02:29:21    859648    ----a-w-    C:\windows\System32\IKEEXT.DLL
2013-10-12 02:29:08    324096    ----a-w-    C:\windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08    656896    ----a-w-    C:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25    216576    ----a-w-    C:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25:35    1474048    ----a-w-    C:\windows\System32\crypt32.dll
2013-10-05 19:57:25    1168384    ----a-w-    C:\windows\SysWow64\crypt32.dll
2013-10-04 02:28:31    190464    ----a-w-    C:\windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17    197120    ----a-w-    C:\windows\System32\credui.dll
2013-10-04 02:24:49    1930752    ----a-w-    C:\windows\System32\authui.dll
2013-10-04 01:58:50    152576    ----a-w-    C:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25    168960    ----a-w-    C:\windows\SysWow64\credui.dll
2013-10-04 01:56:00    1796096    ----a-w-    C:\windows\SysWow64\authui.dll
2013-10-03 02:23:48    404480    ----a-w-    C:\windows\System32\gdi32.dll
2013-10-03 02:00:44    311808    ----a-w-    C:\windows\SysWow64\gdi32.dll
2013-09-28 01:09:10    497152    ----a-w-    C:\windows\System32\drivers\afd.sys
2013-09-25 02:26:40    95680    ----a-w-    C:\windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40    154560    ----a-w-    C:\windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33    28672    ----a-w-    C:\windows\System32\sspisrv.dll
2013-09-25 02:23:33    135680    ----a-w-    C:\windows\System32\sspicli.dll
2013-09-25 02:23:01    28160    ----a-w-    C:\windows\System32\secur32.dll
2013-09-25 02:22:59    340992    ----a-w-    C:\windows\System32\schannel.dll
2013-09-25 02:21:50    307200    ----a-w-    C:\windows\System32\ncrypt.dll
2013-09-25 02:21:07    1447936    ----a-w-    C:\windows\System32\lsasrv.dll
2013-09-25 01:58:17    96768    ----a-w-    C:\windows\SysWow64\sspicli.dll
2013-09-25 01:57:26    22016    ----a-w-    C:\windows\SysWow64\secur32.dll
2013-09-25 01:57:24    247808    ----a-w-    C:\windows\SysWow64\schannel.dll
2013-09-25 01:56:42    220160    ----a-w-    C:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24    30720    ----a-w-    C:\windows\System32\lsass.exe
2013-09-08 02:30:37    1903552    ----a-w-    C:\windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14    327168    ----a-w-    C:\windows\System32\mswsock.dll
2013-09-08 02:03:58    231424    ----a-w-    C:\windows\SysWow64\mswsock.dll
2013-09-04 12:12:11    343040    ----a-w-    C:\windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51    325120    ----a-w-    C:\windows\System32\drivers\usbport.sys
2013-09-04 12:11:49    99840    ----a-w-    C:\windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43    52736    ----a-w-    C:\windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43    30720    ----a-w-    C:\windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42    25600    ----a-w-    C:\windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40    7808    ----a-w-    C:\windows\System32\drivers\usbd.sys
2013-09-01 23:59:02    9728    ---ha-w-    C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-29 02:17:48    5549504    ----a-w-    C:\windows\System32\ntoskrnl.exe
2013-08-29 02:16:35    1732032    ----a-w-    C:\windows\System32\ntdll.dll
2013-08-29 02:16:28    243712    ----a-w-    C:\windows\System32\wow64.dll
2013-08-29 02:16:14    859648    ----a-w-    C:\windows\System32\tdh.dll
2013-08-29 02:13:28    878080    ----a-w-    C:\windows\System32\advapi32.dll
2013-08-29 01:51:45    3969472    ----a-w-    C:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45    3914176    ----a-w-    C:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31    5120    ----a-w-    C:\windows\SysWow64\wow32.dll
2013-08-29 01:50:30    1292192    ----a-w-    C:\windows\SysWow64\ntdll.dll
2013-08-29 01:50:16    619520    ----a-w-    C:\windows\SysWow64\tdh.dll
2013-08-29 01:48:17    640512    ----a-w-    C:\windows\SysWow64\advapi32.dll
2013-08-29 01:48:15    44032    ----a-w-    C:\windows\apppatch\acwow64.dll
2013-08-29 00:49:53    25600    ----a-w-    C:\windows\SysWow64\setup16.exe
2013-08-29 00:49:52    7680    ----a-w-    C:\windows\SysWow64\instnm.exe
2013-08-29 00:49:52    14336    ----a-w-    C:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49    2048    ----a-w-    C:\windows\SysWow64\user.exe
2013-08-28 01:21:06    3155968    ----a-w-    C:\windows\System32\win32k.sys
2013-08-28 01:12:33    461312    ----a-w-    C:\windows\System32\scavengeui.dll
.
============= FINISH: 20:52:50.79 ===============
 

 

attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/3/2012 7:42:00 PM
System Uptime: 11/22/2013 1:16:53 PM (7 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: Intel® Core i7-3610QM CPU @ 2.30GHz | U3E1 | 2301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 916 GiB total, 433.685 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP127: 11/18/2013 3:05:44 AM - Configured Tom Clancy's Splinter Cell® Blacklist™
RP128: 11/18/2013 3:18:53 AM - Configured Tom Clancy's Splinter Cell® Blacklist™
RP129: 11/18/2013 3:30:42 AM - Configured Tom Clancy's Splinter Cell® Blacklist™
RP130: 11/19/2013 8:12:26 PM - Installed DirectX
.
==== Installed Programs ======================
.
2 Tasty
2 Tasty Too
Ad-Aware Security Add-on
Adobe AIR
Adobe Digital Editions 2.0
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX 64-bit
Adobe Reader X (10.1.4) MUI
All My Gods
Always Remember Me version 1.3.1
Amazon Games & Software Downloader
Amazon Kindle
Amazon Links
Amazon MP3 Downloader 1.0.17
Antique Shop
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Aquascapes Collector's Edition
Assassin's Creed
Assassin's Creed Brotherhood
Assassin's Creed II
Assassin's Creed Revelations 1.03
Assassin's Creed® III v1.06
Assassin’s Creed IV Black Flag
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
Bejeweled 3
Big Fish: Game Manager
BioWare Premium Module: Neverwinter Nights Kingmaker
Black & White® 2
Bonjour
Buried in Time
Chocolatier: Decadence by Design
Civilization 4 Complete Bundle
Cradle of Rome 2
Cute Knight Kingdom version 1.1
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Democracy 2
Dishonored
Double Play Jojos Fashion Show 1 and 2
Dragon Age II
Dragon Age: Origins
EA Installer
EA Shared Game Component: Activation
Fable - The Lost Chapters
Fable III
Fairy Godmother Tycoon
Family Farm
Family Feud: Battle of the Sexes
Farm Craft 2
Farmington Tales
Fatal Hearts Strategy Guide version 1.1
Fatal Hearts version 1.2
FATE
FATE - The Traitor Soul
FileViewPro
Fraps (remove only)
Game Cam 2.6.1.0
GameFly
GameFly Download Manager
GameStop App
Gardenscapes 2
Gardenscapes 2 Collector's Edition
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Grand Ages Rome 1.11
Heroes of Hellas 3: Athens
Heroes of Might and Magic V
HitmanPro 3.7
Intel® Manageability Engine Firmware Recovery Agent
Intel® Management Engine Components
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iTunes
Jade Empire Special Edition
Java 7 Update 21
Java Auto Updater
Java 6 Update 25
Jojo's Fashion Show: World Tour
Junk Mail filter update
Kingdoms of Amalur: Reckoning
Letters from Nowhere 2
Life Quest®
Life Quest® 2: Metropoville
Magic Life
Magical Diary 1.0.32
Magical Diary Demo 1.05
Malwarebytes Anti-Malware version 1.75.0.1300
Mass Effect
Mass Effect™ 2
Mass Effect™ 3
Mesh Runtime
Microsoft .NET Framework 4.5.1 RC
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
My Life Story
My Singing Monsters
Neverwinter Nights 2
Neverwinter Nights 2: Mask of the Betrayer
Neverwinter Nights 2: Storm of Zehir
Neverwinter Nights Diamond
Neverwinter Nights Hordes of the Underdark
Neverwinter Nights: Shadows of Undrentide
Norton 360
Norton PC Checkup
NVIDIA Control Panel 295.55
NVIDIA Graphics Driver 295.55
NVIDIA Install Application
NVIDIA Optimus 1.7.12
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Update Components
Origin
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Polar Bowler
Project64 1.6
PunkBuster Services
Real Lives 2010
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Recettear: An Item Shop's Tale
Restaurant Empire
Rhapsody
s3pe - Sims3 Package Editor
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Settlement: Colossus
Sid Meier's Civilization IV Complete
Sid Meier's Civilization V
Sid Meier's Civilization V SDK
Space Trader
SRS Premium Sound Control Panel
Star Wars Knights of the Old Republic
Star Wars: Knights of the Old Republic II
Star Wars: The Old Republic
Steam
Synaptics Pointing Device Driver
Tales of Lagoona 2: Peril at Poseidon Park
The Elder Scrolls V: Skyrim
The Flower Shop - Winter In Fairbrook version 1.2.2
The Guild II
The Promised Land
The Royal Trap 1.01
The Royal Trap Demo 1.0
The Sims Medieval
The Sims Medieval Pirates and Nobles
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Generations
The Sims™ 3 Into the Future
The Sims™ 3 Island Paradise
The Sims™ 3 Late Night
The Sims™ 3 Seasons
The Sims™ 3 Supernatural
The Sims™ 3 University Life
The Sims™ 3 World Adventures
The Sims™ Castaway Stories
The Witcher Enhanced Edition
Tom Clancy's Splinter Cell® Blacklist™
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
Toshiba Security Dashboard
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA User's Guide
TOSHIBA Value Added Package
TOSHIBA VIDEO PLAYER
TOSHIBA Web Camera Application
TOSHIBARegistration
Trade Mania
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Update Installer for WildTangent Games App
Uplay
Virtual Families 2
Virtual Families 2: Our Dream House
Virtual Villagers 4 - The Tree of Life
Virtual Villagers: New Believers
Virtual Villagers: The Lost Children
Wedding Dash ® 4-Ever
WildTangent Games
WildTangent Games App
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (64-bit)
World of Warcraft
Zoo Tycoon: Complete Collection
.
==== Event Viewer Messages From Past Week ========
.
11/22/2013 6:01:07 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
11/22/2013 11:35:07 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
11/22/2013 11:34:14 AM, Error: Service Control Manager [7000]  - The MCSTRM service failed to start due to the following error:  The system cannot find the file specified.
11/22/2013 1:45:53 AM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for Start with the following error:  Access is denied.
11/22/2013 1:20:55 AM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for Type with the following error:  Access is denied.
11/18/2013 12:15:05 AM, Error: Microsoft-Windows-Kernel-General [6]  - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): '\??\C:\windows\System32\config\COMPONENTS'.
11/17/2013 6:52:32 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
11/17/2013 6:52:32 PM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 

Link to post
Share on other sites

Hello atticus2169 and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall this application: Ad-Aware Security Add-on

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
  • Step 4
    • Launch Malwarebytes' Anti-Malware
    • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
    • Go to Scanner tab and select Perform Quick Scan, then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

    In your next reply, post the following log files:

    • Junkware Removal Tool log
    • AdwCleaner log
    • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

As requested here are my logs:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Hannah on Sat 11/23/2013 at 19:04:44.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3054184758-2117664321-2381187025-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish"
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\Users\Hannah\AppData\Roaming\big fish games"
Successfully deleted: [Folder] "C:\Users\Hannah\AppData\Roaming\pccustubinstaller"
Successfully deleted: [Folder] "C:\Users\Hannah\AppData\Roaming\strongvault"
Successfully deleted: [Folder] "C:\Users\Hannah\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\Hannah\appdata\local\big fish"
Successfully deleted: [Folder] "C:\Users\Hannah\appdata\local\stronghold_llc"
Successfully deleted: [Folder] "C:\bigfishcache"
Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted the following from C:\Users\Hannah\AppData\Roaming\mozilla\firefox\profiles\gsyc3o3s.default-1384747638701\prefs.js


Emptied folder: C:\Users\Hannah\AppData\Roaming\mozilla\firefox\profiles\gsyc3o3s.default-1384747638701\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/23/2013 at 19:11:44.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v3.012 - Report created 23/11/2013 at 19:29:23
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Hannah - HANNAH-PC
# Running from : C:\Users\Hannah\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Mysearchdial
Folder Deleted : C:\Users\Hannah\AppData\Local\PackageAware
Folder Deleted : C:\Users\Hannah\AppData\Roaming\Mysearchdial
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\adawaretb.xml
File Deleted : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\gsyc3o3s.default-1384747638701\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\gsyc3o3s.default-1384747638701\user.js
File Deleted : C:\windows\Tasks\MySearchDial.job
File Deleted : C:\windows\System32\Tasks\MySearchDial

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82E74373-58AB-47EB-B0F0-A1D82BB8EB5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\mysearchdial
Key Deleted : HKCU\Software\mysearchdial.com
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\gsyc3o3s.default-1384747638701\prefs.js ]


Line Deleted : user_pref("extensions.mysearchdial.aflt", "dsites");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutByE0E0CzyzytCzy0F0EyC0A0FyEtByDtN0D0Tzu0SyCzytAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
Line Deleted : user_pref("extensions.mysearchdial.cr", "852889225");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);

Line Deleted : user_pref("extensions.mysearchdial.id", "24EC9919FE6AF425");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16032");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");

Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");

Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.019:17:32");

-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8643 octets] - [23/11/2013 19:26:23]
AdwCleaner[s0].txt - [7752 octets] - [23/11/2013 19:29:23]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7812 octets] ##########

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.23.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Hannah :: HANNAH-PC [administrator]

Protection: Enabled

11/23/2013 7:35:40 PM
mbam-log-2013-11-23 (19-35-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229591
Time elapsed: 6 minute(s), 20 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\BuzzSearch\updateBuzzSearch.exe (PUP.Optional.BuzzSearch.A) -> 2836 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 13
HKLM\SYSTEM\CurrentControlSet\Services\Update BuzzSearch (PUP.Optional.BuzzSearch.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{5cf5a690-c8f4-488e-9d20-f21aef602d41} (PUP.Optional.BuzzSearch.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{396ecd31-edf7-489f-bda1-83dba4c36e81} (PUP.Optional.BuzzSearch.A) -> Quarantined and deleted successfully.
HKCR\Interface\{D0EC4142-5808-41D2-A4DC-6081CF1A9693} (PUP.Optional.BuzzSearch.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CF5A690-C8F4-488E-9D20-F21AEF602D41} (PUP.Optional.BuzzSearch.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5CF5A690-C8F4-488E-9D20-F21AEF602D41} (PUP.Optional.BuzzSearch.A) -> Quarantined and deleted successfully.
HKCR\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\Typelib\{FBC322D5-407E-4854-8C0B-555B951FD8E3} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\BuzzSearch (PUP.Optional.BuzzSearch.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\BuzzSearch (PUP.Optional.BuzzSearch.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files (x86)\BuzzSearch (PUP.Optional.BuzzSearch.A) -> Delete on reboot.

Files Detected: 11
C:\Program Files (x86)\BuzzSearch\updateBuzzSearch.exe (PUP.Optional.BuzzSearch.A) -> Delete on reboot.
C:\Program Files (x86)\BuzzSearch\BuzzSearchBHO.dll (PUP.Optional.BuzzSearch.A) -> Quarantined and deleted successfully.
C:\Users\Hannah\AppData\Local\Temp\is1590112554\114237709_stp\BuzzSearchSetup.exe (PUP.Optional.BuzzSearch.A) -> Quarantined and deleted successfully.
C:\Users\Hannah\Downloads\ZipExtractorSetup.exe (PUP.Optional.JumpyApps) -> Quarantined and deleted successfully.
C:\Users\Hannah\Local Settings\Temporary Internet Files\Content.IE5\FY6A63R6\Setup[1].exe (PUP.Optional.BuzzSearch.A) -> Quarantined and deleted successfully.
C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BuzzSearch\BuzzSearch.ico (PUP.Optional.BuzzSearch.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BuzzSearch\BuzzSearchUninstall.exe (PUP.Optional.BuzzSearch.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BuzzSearch\jhjjdgbhohaallcimgcmakfiobacimkm.crx (PUP.Optional.BuzzSearch.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BuzzSearch\sqlite3.exe (PUP.Optional.BuzzSearch.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BuzzSearch\updateBuzzSearch.InstallState (PUP.Optional.BuzzSearch.A) -> Quarantined and deleted successfully.

(end)



 

Link to post
Share on other sites

The intrusions have stopped, and thank you very much for that, but now I'm getting pop ups that say a .dll file in my appdata folder called Open Candy OC Installer Helper can't be launched. Here's the exact file path if you need it:

C:\Users\Hannah\AppData\Roaming\OpenCandy\7dfbb71d148450fa5322f7de55db4e5\OCBrowserHelper_1.0.4.106.dll

Link to post
Share on other sites

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Link to post
Share on other sites

Had to split this into two posts:

 

OTL logfile created on: 11/25/2013 10:16:25 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hannah\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.92 Gb Total Physical Memory | 5.37 Gb Available Physical Memory | 67.82% Memory free
15.84 Gb Paging File | 13.03 Gb Available in Paging File | 82.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 915.62 Gb Total Space | 432.63 Gb Free Space | 47.25% Space Free | Partition Type: NTFS
Drive D: | 3.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: HANNAH-PC | User Name: Hannah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/11/25 10:14:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hannah\Downloads\OTL.exe
PRC - [2013/11/19 20:23:41 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/08/24 07:15:41 | 000,132,504 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
PRC - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/27 05:01:56 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/01/28 18:54:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/01/20 18:29:28 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/01/20 18:29:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/01/20 13:45:40 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/01/20 13:45:30 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2011/12/23 12:24:00 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
PRC - [2011/11/30 19:17:01 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
PRC - [2011/11/25 15:41:36 | 000,645,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
PRC - [2011/09/23 14:36:50 | 000,729,088 | ---- | M] (Rhapsody International Inc.) -- C:\Program Files (x86)\Rhapsody\rhaphlpr.exe
PRC - [2009/07/13 20:14:30 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\regsvr32.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\wincfi39.dll
MOD - [2011/12/23 12:24:00 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
MOD - [2011/11/25 15:42:50 | 000,499,976 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
MOD - [2011/11/25 15:29:32 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\featureController.dll
MOD - [2011/11/25 15:28:26 | 000,484,352 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DeviceProfile.dll
MOD - [2011/11/25 15:26:14 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\eventsSender.dll
MOD - [2011/08/17 18:48:24 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\log4cplus.dll
MOD - [2011/08/17 18:48:22 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\libgsoap.dll
MOD - [2011/08/17 18:41:36 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\sqlite3.dll
MOD - [2011/08/15 22:17:30 | 009,224,704 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtGui4.dll
MOD - [2011/08/15 22:15:44 | 000,382,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtXml4.dll
MOD - [2011/08/15 22:12:04 | 002,603,520 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dll
MOD - [2011/08/15 22:12:04 | 001,006,592 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dll
MOD - [2011/08/15 21:23:00 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\zlib1.dll
MOD - [2011/07/19 18:05:40 | 014,978,048 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtWebKit4.dll
MOD - [2011/07/19 18:04:56 | 000,317,952 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\phonon4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/11/22 00:56:02 | 000,109,352 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/02 17:33:46 | 000,580,608 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2012/01/10 23:01:52 | 000,627,936 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2011/12/14 17:11:38 | 000,833,976 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/11/25 20:52:36 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/11/24 15:20:38 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/04/20 17:16:04 | 000,558,592 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2010/10/20 16:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/11/19 20:23:41 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/11/15 12:44:48 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/08 19:08:52 | 000,227,936 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/10/30 14:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/08/24 07:15:41 | 000,132,504 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2013/08/13 09:44:22 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/05/10 14:20:46 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/01/28 18:54:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/01/20 18:29:28 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/01/20 18:29:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/01/20 13:45:40 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/01/20 13:45:30 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2011/11/30 19:17:01 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/11 19:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/24 00:42:54 | 000,025,832 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Origin Games\Dragon Age\\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/10/23 11:31:44 | 000,401,920 | ---- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/06/17 21:57:20 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/05/23 00:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/21 00:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/16 00:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/04/24 19:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/15 21:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/04 20:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/03/04 20:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/05/10 14:11:04 | 014,759,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/27 05:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/02/27 05:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/02/27 05:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/02/24 19:11:54 | 000,412,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/02/24 19:11:52 | 000,022,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv)
DRV:64bit: - [2012/01/28 18:54:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/01/16 17:49:14 | 000,103,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/12/13 17:00:32 | 000,259,176 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2011/12/06 06:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/29 21:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/10/21 04:45:14 | 002,791,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/23 19:10:28 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2011/03/18 17:03:18 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 21:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 10:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/29 18:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/11/21 00:26:01 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/11/21 00:26:01 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/10/28 21:08:58 | 000,521,816 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20131122.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/10/22 18:11:13 | 001,524,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20131114.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/08/28 21:58:31 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20131124.007\ex64.sys -- (NAVEX15)
DRV - [2013/08/28 21:58:31 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20131124.007\eng64.sys -- (NAVENG)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzutByE0E0CzyzytCzy0F0EyC0A0FyEtByDtN0D0Tzu0SyCzytAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=852889225&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3054184758-2117664321-2381187025-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3054184758-2117664321-2381187025-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3054184758-2117664321-2381187025-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-21-3054184758-2117664321-2381187025-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
IE - HKU\S-1-5-21-3054184758-2117664321-2381187025-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3054184758-2117664321-2381187025-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3054184758-2117664321-2381187025-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3054184758-2117664321-2381187025-1001\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKU\S-1-5-21-3054184758-2117664321-2381187025-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzutByE0E0CzyzytCzy0F0EyC0A0FyEtByDtN0D0Tzu0SyCzytAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=852889225&ir=
IE - HKU\S-1-5-21-3054184758-2117664321-2381187025-1001\..\SearchScopes\{FC6E60BD-42DC-4373-940E-0047582ADBF4}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS504
IE - HKU\S-1-5-21-3054184758-2117664321-2381187025-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3054184758-2117664321-2381187025-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\coFFPlgn\ [2013/11/23 19:46:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\IPSFF [2013/10/09 13:44:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/10/03 20:57:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannah\AppData\Roaming\Mozilla\Extensions
[2013/11/23 19:22:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\gsyc3o3s.default-1384747638701\extensions
[2013/11/15 12:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/15 12:44:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3054184758-2117664321-2381187025-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [sRS Premium Sound 3D] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [uSB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3054184758-2117664321-2381187025-1000..\Run: []  File not found
O4 - HKU\S-1-5-21-3054184758-2117664321-2381187025-1000..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3054184758-2117664321-2381187025-1001..\Run: [GameFly Digital Client] "C:\Users\Hannah\AppData\Local\Apps\2.0\ZPKAQ042.XLN\P60NW6CZ.EHH\game..tion_2b523ae39a779562_0001.0000_89369608b76bebe3\GameFly.Digital.Client.Driver.exe" -minimized File not found
O4 - HKU\S-1-5-21-3054184758-2117664321-2381187025-1001..\Run: [MWFsoft] C:\windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3054184758-2117664321-2381187025-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3054184758-2117664321-2381187025-1000..\RunOnce: [sysOff] C:\Windows\SysWOW64\SYSPREP\ClosespV.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3054184758-2117664321-2381187025-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3054184758-2117664321-2381187025-1001\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-3054184758-2117664321-2381187025-1001\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB08E298-4D3A-4BA7-9670-382233F9D8CD}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/06 14:50:01 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2005/04/15 15:22:23 | 000,000,038 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{e5d1d7d9-4745-11e3-9a84-00266c2c9d48}\Shell - "" = AutoRun
O33 - MountPoints2\{e5d1d7d9-4745-11e3-9a84-00266c2c9d48}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O33 - MountPoints2\{ffdeb100-0632-11e2-95aa-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ffdeb100-0632-11e2-95aa-806e6f6e6963}\Shell\AutoRun\command - "" = D:\arun.exe -- [2005/09/06 13:36:22 | 001,445,888 | R--- | M] (Lionhead Studios Ltd.)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/23 19:20:11 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/23 19:17:33 | 000,000,000 | ---D | C] -- C:\Users\Hannah\AppData\Roaming\0D0S1L2Z1P1B
[2013/11/23 19:04:40 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/11/22 20:52:30 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/11/22 01:21:37 | 000,000,000 | ---D | C] -- C:\Users\Hannah\AppData\Roaming\LavasoftStatistics
[2013/11/22 01:19:51 | 000,000,000 | ---D | C] -- C:\Users\Hannah\AppData\Roaming\SecureSearch
[2013/11/22 01:19:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2013/11/22 01:17:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lavasoft
[2013/11/22 01:17:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/11/22 01:12:15 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\windows\SysNative\bootdelete.exe
[2013/11/22 00:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/11/22 00:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/11/20 22:40:17 | 000,000,000 | ---D | C] -- C:\Users\Hannah\AppData\Roaming\NevoSoft Games
[2013/11/20 20:05:20 | 000,000,000 | ---D | C] -- C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farm Craft 2
[2013/11/20 20:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farm Craft 2
[2013/11/20 20:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Farm Craft 2
[2013/11/19 20:24:41 | 000,000,000 | ---D | C] -- C:\Users\Hannah\Documents\Assassin's Creed IV Black Flag
[2013/11/19 20:17:49 | 000,000,000 | ---D | C] -- C:\windows\Migration
[2013/11/19 20:17:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/11/18 02:59:33 | 000,000,000 | ---D | C] -- C:\Users\Hannah\Documents\Ubisoft
[2013/11/17 22:22:12 | 000,000,000 | ---D | C] -- C:\Users\Hannah\AppData\Roaming\Malwarebytes
[2013/11/17 22:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/17 22:22:04 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/11/17 22:22:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/11/17 22:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/11/17 15:30:03 | 000,000,000 | ---D | C] -- C:\Users\Hannah\AppData\Roaming\U3
[2013/11/17 14:54:57 | 000,000,000 | ---D | C] -- C:\Users\Hannah\AppData\Local\MWFsoft
[2013/11/15 12:44:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/14 22:19:55 | 000,000,000 | ---D | C] -- C:\Users\Hannah\AppData\Local\Tales of Lagoona 2
[2013/11/14 15:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\suirf aned  keep
[2013/11/14 15:28:38 | 000,000,000 | ---D | C] -- C:\Users\Hannah\AppData\Local\Packages
[2013/11/14 15:28:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\suirf aned  keep
[2013/11/14 15:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\163a425f8bf257d2
[2013/11/14 15:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/11/14 15:26:16 | 000,000,000 | ---D | C] -- C:\Users\Hannah\Project64 2.1
[2013/11/06 19:45:55 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2013/11/06 13:13:30 | 000,000,000 | ---D | C] -- C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Singing Monsters
[2013/11/06 13:13:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Singing Monsters
[2013/11/06 13:13:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Singing Monsters
[2013/11/02 22:52:02 | 000,000,000 | ---D | C] -- C:\Users\Hannah\AppData\Local\GameFly
[2013/11/02 20:38:27 | 000,000,000 | ---D | C] -- C:\Users\Hannah\AppData\Roaming\Peter L Jones
[2013/11/02 20:38:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\s3pe
[2013/11/02 20:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\s3pe
[2013/10/30 14:52:47 | 000,000,000 | ---D | C] -- C:\Users\Hannah\AppData\Local\Apps
[2013/10/30 14:52:46 | 000,000,000 | ---D | C] -- C:\Users\Hannah\AppData\Local\Deployment
[2013/10/30 10:58:05 | 000,000,000 | ---D | C] -- C:\Users\Hannah\AppData\Roaming\JaiboGames
[2013/10/29 23:41:43 | 000,000,000 | ---D | C] -- C:\Users\Hannah\AppData\Roaming\Awem
[2013/10/29 23:40:58 | 000,000,000 | ---D | C] -- C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heroes of Hellas 3 - Athens
[2013/10/29 23:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of Hellas 3 - Athens
[2013/10/29 23:40:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Heroes of Hellas 3 - Athens
[2013/10/29 23:38:33 | 000,000,000 | ---D | C] -- C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cradle of Rome 2
[2013/10/29 23:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cradle of Rome 2
[2013/10/29 23:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cradle of Rome 2
[2013/10/02 14:14:07 | 001,974,352 | ---- | C] (None) -- C:\Users\Hannah\VisualBoyAdvance.exe
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/25 10:11:37 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/25 10:10:53 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/11/24 21:48:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/24 19:49:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013/11/24 19:39:19 | 000,071,701 | ---- | M] () -- C:\Users\Hannah\Documents\Li Mei Kai of Shanghai, China 1.lif
[2013/11/24 18:40:37 | 000,067,132 | ---- | M] () -- C:\Users\Hannah\Documents\Li Mei Kai of Shanghai, China.lif
[2013/11/24 09:48:04 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/24 09:48:04 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/23 19:59:49 | 000,870,128 | ---- | M] () -- C:\Users\Hannah\AppData\Roaming\mcs.rma
[2013/11/23 19:59:49 | 000,000,004 | ---- | M] () -- C:\Users\Hannah\AppData\Roaming\B9F312
[2013/11/23 19:46:24 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013/11/23 19:45:59 | 2084,016,127 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/23 19:20:00 | 001,085,542 | ---- | M] () -- C:\Users\Hannah\Desktop\AdwCleaner.exe
[2013/11/22 01:29:28 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\windows\SysNative\bootdelete.exe
[2013/11/22 00:56:02 | 000,001,908 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/11/19 20:23:53 | 000,189,248 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.exe
[2013/11/19 20:23:41 | 000,075,136 | ---- | M] () -- C:\windows\SysWow64\PnkBstrA.exe
[2013/11/19 20:21:15 | 000,796,512 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/11/19 20:21:15 | 000,662,634 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/11/19 20:21:15 | 000,122,470 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/11/19 20:20:14 | 000,775,084 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/11/19 17:24:27 | 000,000,222 | ---- | M] () -- C:\Users\Hannah\Desktop\Assassins Creed IV Black Flag.url
[2013/11/17 22:22:05 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/14 23:50:03 | 000,005,067 | ---- | M] () -- C:\Users\Hannah\desmume.ini
[2013/11/06 19:45:48 | 1170,490,735 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/11/03 13:00:16 | 000,002,172 | ---- | M] () -- C:\Users\Hannah\vba.ini
[2013/11/02 22:47:55 | 000,342,640 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/11/24 19:39:19 | 000,071,701 | ---- | C] () -- C:\Users\Hannah\Documents\Li Mei Kai of Shanghai, China 1.lif
[2013/11/24 18:40:37 | 000,067,132 | ---- | C] () -- C:\Users\Hannah\Documents\Li Mei Kai of Shanghai, China.lif
[2013/11/23 19:19:57 | 001,085,542 | ---- | C] () -- C:\Users\Hannah\Desktop\AdwCleaner.exe
[2013/11/22 00:56:01 | 000,001,908 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/11/19 17:24:27 | 000,000,222 | ---- | C] () -- C:\Users\Hannah\Desktop\Assassins Creed IV Black Flag.url
[2013/11/17 22:22:05 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/06 19:45:48 | 1170,490,735 | ---- | C] () -- C:\windows\MEMORY.DMP
[2013/10/15 10:53:20 | 042,511,398 | ---- | C] () -- C:\Users\Hannah\my life story.exe
[2013/10/02 14:22:11 | 000,002,172 | ---- | C] () -- C:\Users\Hannah\vba.ini
[2013/10/02 12:41:32 | 000,979,456 | ---- | C] () -- C:\Users\Hannah\DeSmuME.exe
[2013/08/18 09:46:23 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2013/01/11 22:45:58 | 000,005,632 | ---- | C] () -- C:\Users\Hannah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/08 10:37:47 | 000,189,248 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2012/12/08 10:37:44 | 000,075,136 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2012/12/01 22:16:26 | 000,870,128 | ---- | C] () -- C:\Users\Hannah\AppData\Roaming\mcs.rma
[2012/12/01 22:16:26 | 000,000,004 | ---- | C] () -- C:\Users\Hannah\AppData\Roaming\B9F312
[2012/10/12 06:30:35 | 000,005,067 | ---- | C] () -- C:\Users\Hannah\desmume.ini
[2012/10/11 21:49:45 | 004,233,216 | ---- | C] () -- C:\Users\Hannah\DeSmuME_x64.exe
[2012/10/11 21:49:45 | 000,130,852 | ---- | C] () -- C:\Users\Hannah\desmume.ddb
[2012/10/11 21:49:45 | 000,081,771 | ---- | C] () -- C:\Users\Hannah\README.WIN
[2012/10/11 21:49:45 | 000,033,266 | ---- | C] () -- C:\Users\Hannah\ChangeLog
[2012/10/11 21:49:45 | 000,017,992 | ---- | C] () -- C:\Users\Hannah\COPYING
[2012/10/11 21:49:45 | 000,006,011 | ---- | C] () -- C:\Users\Hannah\README.LIN
[2012/10/11 21:49:45 | 000,003,862 | ---- | C] () -- C:\Users\Hannah\README
[2012/10/11 21:49:45 | 000,000,643 | ---- | C] () -- C:\Users\Hannah\AUTHORS
[2012/09/24 06:11:33 | 000,775,084 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/06/19 16:02:17 | 003,123,272 | R--- | C] () -- C:\windows\SysWow64\pbsvc.exe
[2012/05/10 14:14:32 | 000,755,572 | ---- | C] () -- C:\windows\SysWow64\igkrng700.bin
[2012/05/10 14:14:32 | 000,559,972 | ---- | C] () -- C:\windows\SysWow64\igfcg700m.bin
[2012/05/10 14:07:18 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/05/10 13:25:28 | 013,026,304 | ---- | C] () -- C:\windows\SysWow64\ig7icd32.dll
[2012/01/10 22:39:16 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/11/23 19:17:33 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\0D0S1L2Z1P1B
[2012/11/03 22:15:03 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\Amazon
[2013/10/29 23:41:43 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\Awem
[2013/02/21 14:38:45 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\Boolat Games
[2013/06/24 15:08:45 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\CatmoonGames
[2013/06/10 12:10:40 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\dekovir
[2013/10/30 14:53:31 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\GameFly
[2012/10/03 20:04:50 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\Gamelab
[2013/05/27 17:36:19 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\Grand Ages Rome
[2013/09/11 23:23:38 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\IsolatedStorage
[2013/10/30 10:58:05 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\JaiboGames
[2012/12/26 21:03:15 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\Jewel Match 3
[2012/10/31 14:25:58 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\Lionhead Studios
[2013/10/17 21:32:57 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\Maximize Games
[2013/10/18 00:59:26 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\Meridian93
[2013/11/20 22:40:17 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\NevoSoft Games
[2013/06/12 15:19:08 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\Nitreal Games
[2013/08/28 12:35:24 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\Origin
[2013/11/02 20:38:27 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\Peter L Jones
[2013/08/11 10:43:59 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\PlayFirst
[2013/03/08 14:12:40 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\Playrix Entertainment
[2012/12/13 11:52:33 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\PunkBuster
[2013/10/18 09:24:17 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\RenPy
[2013/03/01 21:25:41 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\Rumbic Studio
[2013/11/22 01:19:51 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\SecureSearch
[2013/02/04 15:02:18 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\Settlement. Colossus
[2012/10/14 19:44:02 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\Stardock
[2012/10/03 18:48:20 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\Toshiba
[2012/12/20 15:04:19 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\Ubisoft
[2013/03/04 10:03:25 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\UClick
[2013/10/16 06:02:18 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\ViquaSoft
[2013/04/13 19:51:18 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\WildTangent
[2012/10/03 18:42:51 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 254 bytes -> C:\ProgramData\TEMP:A039EDF9
@Alternate Data Stream - 252 bytes -> C:\ProgramData\TEMP:258D2F8B
@Alternate Data Stream - 245 bytes -> C:\ProgramData\TEMP:9D6EAEC3
@Alternate Data Stream - 244 bytes -> C:\ProgramData\TEMP:FD786DCA
@Alternate Data Stream - 241 bytes -> C:\ProgramData\TEMP:3A0561F3
@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:8E9C9E8F
@Alternate Data Stream - 237 bytes -> C:\ProgramData\TEMP:61A065F2
@Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:B0193F8E
@Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:30E0D641
@Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:149327FE
@Alternate Data Stream - 233 bytes -> C:\ProgramData\TEMP:E1D06077
@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:19C541B5
@Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:E5F8E280
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:BAC2F271
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:D0AB0B4A
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:78739EC9
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:3C9B05C4
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:3766E957
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:831C6B2D
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:7CEDF9F3
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:15752405
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:6E6A4F42
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:E2C8DF7A
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:1ADC4BD5
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:D254266B
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:751D6870
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:413E2927
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:BB718C46
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2CB9631F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:160ADF0B
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:BCDC6E07
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:56C66609
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:993185CB
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:8967C154
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:F44D3C53
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:436BE28C
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:56F368C9
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:678C1866
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4A1628E5
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:4AD2C54D
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:8247A199

< End of report >
 

Link to post
Share on other sites

And here's the extras.txt

 

OTL Extras logfile created on: 11/25/2013 10:16:25 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hannah\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.92 Gb Total Physical Memory | 5.37 Gb Available Physical Memory | 67.82% Memory free
15.84 Gb Paging File | 13.03 Gb Available in Paging File | 82.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 915.62 Gb Total Space | 432.63 Gb Free Space | 47.25% Space Free | Partition Type: NTFS
Drive D: | 3.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: HANNAH-PC | User Name: Hannah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3054184758-2117664321-2381187025-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{074E4668-982A-429A-91D3-B4DBE542226B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{17B790E5-5293-4932-9599-C7800BB7E749}" = lport=137 | protocol=17 | dir=in | app=system |
"{25559C93-574C-4F1A-B47B-F6FB032D5AAC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{265CB24C-4276-44BD-811F-B48C53A09FD0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3738A380-A2F7-4FBB-B5EE-CF9D608FBC84}" = lport=138 | protocol=17 | dir=in | app=system |
"{48CCEB24-ED24-4045-9D4F-2C287E8DD3D9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{48F31757-3101-48EE-8EAA-E76058EA88C8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{68FC5C78-CF31-4DF4-94C9-4CEA99ECF093}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6E02AF10-1C38-4110-81AD-C3ADF4958C5B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6EC64A24-66B2-4413-B6BE-F93F95276649}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{804D7997-0815-42B7-BE79-AB8D8D73FD7E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{870C20C4-D875-4A41-8E1A-10A7B3885C6B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{888B5041-BB47-4C24-ADBB-7BC6CF26BC95}" = rport=138 | protocol=17 | dir=out | app=system |
"{89F4555F-85B4-41BB-BE47-412C9234F121}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{97DB87B8-9B9C-4ECA-BD6A-0633AB82CA0A}" = rport=139 | protocol=6 | dir=out | app=system |
"{9828E4ED-D5DD-4431-8133-8DC8D82F4C3E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B8897360-25C0-4CEC-8507-8A94EFEA1AD6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{BEA5BEB2-4F4F-4C67-9561-5AF2BF2D12E6}" = rport=445 | protocol=6 | dir=out | app=system |
"{C680FD9D-A385-4A48-95D2-88FF7D7DE27D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C6C5236D-CC3E-4E4F-A4EF-94F256B99020}" = rport=137 | protocol=17 | dir=out | app=system |
"{D6590D9C-BEFB-4218-ABB4-DF1AA36CC06E}" = lport=139 | protocol=6 | dir=in | app=system |
"{F0262A89-976F-4A23-83BC-0710D75A5AD6}" = lport=445 | protocol=6 | dir=in | app=system |
"{FBD20416-05E3-4D76-8D91-FCD6E2F79F69}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC486EF2-5271-4753-8A38-AAE0436B10F1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{029405B0-2628-465C-8D32-188FA26BA60B}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe |
"{02BE0567-3CF8-49B5-8DEF-29B90DC64C7C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{03323969-8674-46B4-8458-E1601B609629}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 2\binaries\masseffect2.exe |
"{0525D801-7C2D-493F-B59F-E0A8F9E9E764}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\dragon age\bin_ship\daorigins.exe |
"{05418960-E3FC-4812-89B1-54C8B2A8CDC0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords_pitboss.exe |
"{06D4F063-6EE9-4BBC-ADEF-31E6D9781580}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe |
"{07C59222-38B6-4773-9725-F6CD478FFDF9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe |
"{0887E9D7-70DC-4E86-8A3D-30BD78486AB2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords_pitboss.exe |
"{0B071C3F-7B22-437A-869E-667D5206AA18}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect\masseffectlauncher.exe |
"{0C7D9F74-FF95-42B8-9380-24694265645C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable the lost chapters\fable.exe |
"{0EBAEE75-3629-4D13-BD11-2B2AA443FB97}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{15052FB6-B523-4B46-8A10-AB20C97FFE80}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv beyond the sword\beyond the sword\civ4beyondsword.exe |
"{19D8E4FE-D941-4200-B0B8-A4199CEA83FF}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{1BF78F0D-45ED-46AA-B402-A6D2444126D3}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{1D819909-0861-4C28-9800-A0C0E46DBD75}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1E93D39B-AD44-42DF-84E6-5F9E6C76539F}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\dragon age\bin_ship\daorigins.exe |
"{20562BEA-0BB9-4909-8189-596038CFF869}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\dragon age\bin_ship\daupdatersvc.service.exe |
"{210D6C63-7E07-4BA7-AF9F-E1EB1EE0DFA4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe |
"{235EA11C-88AD-4845-A206-D89DB6B49A20}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{24B08092-16DA-453B-B760-0D89939427FB}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\dragon age ii\dragonage2launcher.exe |
"{2751C4EA-6468-4EEE-81D1-6EAA5383D0AE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{2B4F4E3E-35FA-42BA-9FF1-907D3D7B573E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe |
"{2D676D86-8938-4874-A0B4-C61F14EC78BC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{358D5347-5432-4CE8-9F5E-0CC71A653670}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell® blacklist™\blacklist_launcher.exe |
"{3A1BBE37-59E5-4D48-BD6C-84B057ECF603}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{3AAA839C-5921-4696-9C63-3914176E4C49}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3D3B5E04-3043-42F3-AA6F-D29B85C9CEBF}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{3E501829-E925-4796-BB2C-90EB04F723F9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3ED394DA-2064-47C3-A0CF-59A85503EBF5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{40035D67-D2B6-4E52-9941-7D2462F66E43}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\dragon age ii\bin_ship\dragonage2.exe |
"{423A1A8B-173C-4A35-AE3F-FA4617849F02}" = protocol=6 | dir=out | app=system |
"{45295C68-86D7-407A-B546-B6E6A1A8065B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{45D3FC25-954D-4533-8F63-82456207C8FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{485A9F15-6656-42DE-8E32-8BCE5106947B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{494E1A77-696F-432B-BB46-51C97DB4B479}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4A8987D8-0447-470C-81FD-5D55294F259C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{4C17D613-484A-4C66-8302-D2226710C378}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4DAF578C-08E3-4007-9BA9-5DDE82CC0931}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\dragon age ii\dragonage2launcher.exe |
"{4EC95408-24D6-4F04-A12D-4A57AC0836AB}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 2\masseffect2launcher.exe |
"{4F97A3FB-3906-4F2F-A448-4FC4BEC08CC4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe |
"{50BDA921-B3B0-4554-AD5B-D09392288F79}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{51DFBB39-353A-4930-8555-A2742A61C5C7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{53C136F8-1D69-4D8B-B6AA-6D4EB9C50B28}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed iv black flag\ac4bfmp.exe |
"{54367938-9C6C-4ADE-9DB2-2DBA9161E447}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed iv black flag\ac4bfsp.exe |
"{5677F2E1-782E-440F-85FB-22B46FD33959}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{56BA3D0C-50CB-4712-B48D-F76EF3908FAF}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect\binaries\masseffect.exe |
"{5711EB11-0A02-4DA8-83DA-516E9396653F}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect\masseffectlauncher.exe |
"{59D435CA-B089-4C2D-A045-295DF9581AC3}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{5BC9A900-7625-4D4F-A4E8-CF12A50A149A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed iv black flag\ac4bfmp.exe |
"{5C3EAE41-39D1-4B70-95DE-F84250543E04}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
"{617E9B19-6EF5-45F1-A1A2-126C5CFD4E98}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{65086B6A-1CC7-4DA4-BED7-C65B0F565A87}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{66593BAC-59B9-43AC-8BC1-7BA3C283A2BC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell® blacklist™\src\system\gu.exe |
"{66CF3C5F-9541-4ADB-A26A-BC0F3661380B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
"{67C7D752-0831-4439-BA24-895E09DFE61F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{6ACB00E8-788D-4F27-A30F-3BF52F27B10B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{6B50359E-8D8A-466E-8BD0-77C9758AEFCA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6D3C5305-8D66-43B4-9D48-3EACACC1BFA8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6E527FFC-9D3C-4BC3-82D8-BDFB28203621}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable the lost chapters\fable.exe |
"{7070BB52-87DA-4406-8C83-27427C2907A7}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{72FA1AB3-932D-4075-8452-F8F0B1B76F96}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7367C1BF-4D2D-4E23-BADF-D84EE99E7008}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell® blacklist™\src\system\gu.exe |
"{7380D10D-33AC-4808-AC0D-766C15F60150}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{73ECF6AB-D6DF-4541-96EA-9432E9130EFA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{75EBCA9B-E3DA-40DE-986E-E340F51AFDF1}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\dragon age\daoriginslauncher.exe |
"{7D056BE3-1463-4954-8E49-ABA0D691069A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D726879-C424-4D19-BA37-8FFB88F4AB84}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7FA4542B-9208-467C-837E-C87AEA9E003A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{7FAB3962-BB13-4D91-839D-8DA9C5E61201}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{82BBACB0-15D9-4632-896C-38B9DCB43335}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{8339A717-6F1D-489E-B22B-0217CFFC53DB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\fable iii\fable3.exe |
"{84640715-D2EF-4629-A391-0512698C326D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{8623964B-E8B5-4EEA-8881-E20D8A793258}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell® blacklist™\src\system\blacklist_dx11_game.exe |
"{8918AC5B-6D2A-41C0-8EAB-9AC3CA1EECE6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv beyond the sword\beyond the sword\civ4beyondsword.exe |
"{8C52D287-7533-4C56-BC9C-A00DE418289B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell® blacklist™\src\system\blacklist_dx11_game.exe |
"{8DE077BD-35CA-471C-9163-EE0F3FA7AD12}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords.exe |
"{92CAD46F-1B4D-48B4-AC59-92F56BC10EFA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{956CA55D-39EE-4C14-A66E-9642FDB57F61}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\dragon age\bin_ship\daupdatersvc.service.exe |
"{95BD0E02-A7A3-4950-9D27-05A7EFAAA60D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{95C4A0E8-17EA-4070-9E49-FEC5666CB701}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{97182F55-A7E0-4F9F-B61B-E12C944E89DF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{97D1AECB-F7AC-4900-9AB8-248B4F860B59}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{98F47B94-B70C-43AA-845E-56B986EE613D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9A5AD9B4-AAF3-4DC1-87AB-4326FD563150}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\dragon age\bin_ship\daupdatersvc.service.exe |
"{9CA51DF3-F8EE-4C04-B6C9-85EAFAFE5AE1}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{9D92A875-D620-492D-8FFE-2F643D5608C3}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{9F50338A-86B2-4A4B-8291-C8E0DEB0FEA0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{9FCF4C09-2AC8-4BE3-A8A3-046A105B4E85}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{A113D9D9-DEB8-4720-984D-45C055EABD8F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{A18869E0-C8EC-4B53-9AF1-81D3A5D1C915}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A1B117B4-AFD6-47AC-A088-066400F51A86}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{A41BF7F3-57D1-4FA2-B20D-A82BD612E3A3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe |
"{A5F5D997-84E4-451E-AF2F-2B1DE14922E8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords.exe |
"{A82FF452-DA6A-44C9-B28E-0E9E354891D1}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 2\binaries\masseffect2.exe |
"{A8AB4F74-7988-4A61-BE43-B4E33F1E6BDE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{AB772D33-E484-436A-AB58-97DB89E2D26E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{ABA68505-6C71-47B6-84A0-2D75710C9C7A}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe |
"{AEFB155C-FA2D-4012-A82C-A637E3D91A0D}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\dragon age\bin_ship\daupdatersvc.service.exe |
"{AF8B62F8-3198-4824-86FC-F609093A6F1E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{B014D803-D001-4E48-9A10-65C1AB4D1119}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe |
"{B0DE6CA5-AF82-4A5F-B355-EA24382DA42F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{B4432132-A5BF-4005-A89E-4D46DF70DAFB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B47E7B7D-245E-4814-9DAD-00E79E5B577E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{B8BE3F51-9551-4614-86C4-E566580FCA73}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{BD590C2D-72A4-4ED7-B25E-F751A4DFD0B7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C22C6301-5C97-4BC6-9309-C295CCC5FC20}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{C25B1D77-BCE9-40F1-8AC4-0DBCE010F818}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{C27DCB5F-6C66-47F2-A89A-B8B9A2EABF28}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{C3E00E3F-EAAD-4D52-9DD4-EE10434F9061}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{C822B17C-4ED1-4FF8-AB9F-3253BE2C4B7E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{C94FED59-B003-49FC-B948-3CCDAB88454E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{CA76601C-9AEB-45C3-9AEC-43170C088584}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{CAEFF181-894F-4219-92FC-6064F54472B6}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 2\masseffect2launcher.exe |
"{CCFB54CC-7086-4F25-98F2-F81655655810}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CF928FA0-F059-4255-9934-74A822E40F07}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{D043F5BD-A8D0-4367-8779-51E240887D40}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell® blacklist™\blacklist_launcher.exe |
"{D369CC73-94F6-4AA0-851A-5C924326F517}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed iv black flag\ac4bfsp.exe |
"{D3F1F279-6188-4226-B60E-0D2936CF1DCB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{DB8DFD6F-9AE8-4AAF-930D-CBAF194D60C1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DBE5B069-9F4D-42CD-A85D-FBC132649F17}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{DE75921F-37F8-4D18-A9F5-60567F42FC21}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{DFB200E1-4664-4690-8126-EE5C83256840}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{E11AE3F5-8E82-47F5-A5D3-6DB51FEFE1F7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{E174A0BF-0129-458C-9984-5E897251548B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\civilization iv colonization\colonization.exe |
"{E1B625C9-283B-4E65-8564-393D5FDC54CF}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\dragon age\daoriginslauncher.exe |
"{E3E7BF56-46D6-43D6-A48F-FCD1D61B6029}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E73BB5D9-88F0-46FE-90C1-DB0E58CD9AA8}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell® blacklist™\src\system\blacklist_game.exe |
"{EAA728EF-66BA-4219-AE32-A1C213E5F234}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell® blacklist™\src\system\blacklist_game.exe |
"{EC513171-F221-445E-BD4D-5D35B96F089C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ED953B2D-A91A-40D3-BE2B-4598DCC2F107}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{EDC16E73-7076-4D3B-8C4A-9C6FF6D82E8A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\knights of the old republic ii\swkotor2.exe |
"{F0964C7D-F8BD-4E62-A909-D0DF9E7FEF0C}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect\binaries\masseffect.exe |
"{F3D82FE5-0B69-4941-A006-D16BCB2F1D36}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{F5458485-3361-41FB-A6D1-61F4E1836630}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\civilization iv colonization\colonization.exe |
"{F607B9F6-CE25-4978-BE39-85C364C024D1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\fable iii\fable3.exe |
"{F6CAA43E-FEB2-494D-8CBB-F19C6B312747}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe |
"{F9158B7C-C90E-4C46-9574-232055197A1E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F92F70C4-4AB4-4279-8699-409FFB39B0E5}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\dragon age ii\bin_ship\dragonage2.exe |
"{FC3925E5-1ED7-4095-A395-CDC26AA12FE5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\knights of the old republic ii\swkotor2.exe |
"{FE8AE66E-5027-4B95-8EB8-80B06BC1386D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{27C3DB42-A9C1-4B44-A164-93849D160D12}" = TOSHIBA VIDEO PLAYER
"{2C486987-D447-4E36-8D61-86E48E24199C}" = TOSHIBA eco Utility
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{538B98C3-773F-4F20-9C66-802D104DCBE2}" = Intel® Trusted Connect Service Client
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75A43A49-A6A1-4FCB-A41E-02D76E166691}" = SRS Premium Sound Control Panel
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1 RC
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 295.55
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 295.55
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E70808B9-78FE-3081-9658-A3C9DBC9A798}" = Microsoft .NET Framework 4.5.1 RC
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"BuzzSearch" = BuzzSearch 2013.11.07.232809
"FileViewPro_is1" = FileViewPro
"HitmanPro37" = HitmanPro 3.7
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0AF17224-CF88-40B8-BB1A-D179369847B4}" = TOSHIBA Supervisor Password
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CC21836-A5D6-4641-B4AE-6FA01D021E41}" = The Sims Medieval Pirates and Nobles
"{13F71E3E-A508-9B41-14D5-A7E8612CE471}" = Civilization 4 Complete Bundle
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B0FBB9A-995D-47CD-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java 6 Update 25
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3384E1D9-3F18-4A98-8655-180FEF0DFC02}" = TOSHIBA User's Guide
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.03
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3DE92282-CB49-434F-81BF-94E5B380E889}" = The Sims™ 3 Seasons
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"{4D53090A-CE35-42BD-B377-831000028301}" = Fable III
"{4D565319-8B91-41CB-961C-0DDC86101AC5}" = Dragon Age II
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{64EEA791-0271-4B53-00AC-2BF05F5FBEF6}" = The Sims™ Castaway Stories
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Kingdoms of Amalur: Reckoning
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4E70-B3FA-7B42A5D4E0EB}" = Mass Effect™ 2
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}" = TOSHIBA Hardware Setup
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed® III v1.06
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}" = The Sims™ 3 Into the Future
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}" = Tom Clancy's Splinter Cell® Blacklist™
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel® Manageability Engine Firmware Recovery Agent
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Supernatural
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C31337DE-0CDC-45A9-9A32-F099AC78D557}" = Toshiba Book Place
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DB21639E-FE55-432C-BCA2-0C5249E3F79E}" = The Sims™ 3 Island Paradise
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = GameStop App
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}" = The Sims™ 3 University Life
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Always Remember Me_is1" = Always Remember Me version 1.3.1
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"BFG-2 Tasty" = 2 Tasty
"BFG-2 Tasty Too" = 2 Tasty Too
"BFG-All My Gods" = All My Gods
"BFG-Antique Shop" = Antique Shop
"BFG-Buried in Time" = Buried in Time
"BFGC" = Big Fish: Game Manager
"BFG-Chocolatier - Decadence by Design" = Chocolatier: Decadence by Design
"BFG-Cradle of Rome 2" = Cradle of Rome 2
"BFG-Fairy Godmother Tycoon" = Fairy Godmother Tycoon
"BFG-Family Feud - Battle of the Sexes" = Family Feud: Battle of the Sexes
"BFG-Farm Craft 2" = Farm Craft 2
"BFG-Gardenscapes 2" = Gardenscapes 2
"BFG-Heroes of Hellas 3 - Athens" = Heroes of Hellas 3: Athens
"BFG-Jojo's Fashion Show - World Tour" = Jojo's Fashion Show: World Tour
"BFG-Life Quest" = Life Quest®
"BFG-Life Quest 2 - Metropoville" = Life Quest® 2: Metropoville
"BFG-Magic Life" = Magic Life
"BFG-My Life Story" = My Life Story
"BFG-My Singing Monsters" = My Singing Monsters
"BFG-Restaurant Empire" = Restaurant Empire
"BFG-Settlement - Colossus" = Settlement: Colossus
"BFG-The Promised Land" = The Promised Land
"BFG-Trade Mania" = Trade Mania
"BFG-Virtual Families 2 - Our Dream House" = Virtual Families 2: Our Dream House
"BFG-Virtual Villagers - New Believers" = Virtual Villagers: New Believers
"BFG-Virtual Villagers The Lost Children" = Virtual Villagers: The Lost Children
"Civilization V" = Sid Meier's Civilization V
"Civitas3" = Grand Ages Rome 1.11
"com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
"Cute Knight Kingdom_is1" = Cute Knight Kingdom version 1.1
"Democracy 2" = Democracy 2
"Double Play Jojos Fashion Show 1 and 2_is1" = Double Play Jojos Fashion Show 1 and 2
"EA Installer.140553725" = EA Installer
"EA Installer.478080393" = EA Installer
"Fatal Hearts Strategy Guide_is1" = Fatal Hearts Strategy Guide version 1.1
"Fatal Hearts_is1" = Fatal Hearts version 1.2
"Fraps" = Fraps (remove only)
"Game Cam" = Game Cam 2.6.1.0
"GameFly" = GameFly
"GameStop App" = GameStop App
"GFWL_{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"Google Chrome" = Google Chrome
"Heroes of Might and Magic V" = Heroes of Might and Magic V
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Jade Empire Special Edition" = Jade Empire Special Edition
"Magical Diary - Horse Hall - Demo_is1" = Magical Diary Demo 1.05
"Magical Diary - Horse Hall_is1" = Magical Diary 1.0.32
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"Neverwinter Nights 2" = Neverwinter Nights 2
"Neverwinter Nights 2: Mask of the Betrayer" = Neverwinter Nights 2: Mask of the Betrayer
"Neverwinter Nights 2: Storm of Zehir" = Neverwinter Nights 2: Storm of Zehir
"Neverwinter Nights Diamond" = Neverwinter Nights Diamond
"Neverwinter Nights Hordes of the Underdark" = Neverwinter Nights Hordes of the Underdark
"Neverwinter Nights Kingmaker" = BioWare Premium Module: Neverwinter Nights Kingmaker
"Neverwinter Nights: Shadows of Undrentide" = Neverwinter Nights: Shadows of Undrentide
"Norton PC Checkup_is1" = Norton PC Checkup
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Real Lives 2010" = Real Lives 2010
"Recettear: An Item Shop's Tale" = Recettear: An Item Shop's Tale
"Rhapsody" = Rhapsody
"s3pe" = s3pe - Sims3 Package Editor
"Sid Meier's Civilization IV Complete" = Sid Meier's Civilization IV Complete
"Space Trader_is1" = Space Trader
"Star Wars Knights of the Old Republic" = Star Wars Knights of the Old Republic
"Steam App 16830" = Sid Meier's Civilization V SDK
"Steam App 204030" = Fable - The Lost Chapters
"Steam App 205100" = Dishonored
"Steam App 208580" = Star Wars: Knights of the Old Republic II
"Steam App 242050" = Assassin’s Creed IV Black Flag
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8930" = Sid Meier's Civilization V
"The Flower Shop - Winter In Fairbrook_is1" = The Flower Shop - Winter In Fairbrook version 1.2.2
"The Guild II" = The Guild II
"The Royal Trap Demo_is1" = The Royal Trap Demo 1.0
"The Royal Trap_is1" = The Royal Trap 1.01
"ToshibaSD" = Toshiba Security Dashboard
"Uplay" = Uplay
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"WT079186" = FATE - The Traitor Soul
"WTA-03a5716b-251e-46f4-9e72-c235d4b8537b" = Gardenscapes 2 Collector's Edition
"WTA-1aa2335d-8d5e-485a-90f1-9685ddc04bc7" = Penguins!
"WTA-24cc48f7-a568-4cf1-849b-8d9a3a4a2b3c" = Plants vs. Zombies - Game of the Year
"WTA-2ee2ffd6-a902-493f-95fa-36156d2cc636" = Bejeweled 3
"WTA-2f6d2ed5-879b-46b6-b0ee-d9824e277c2f" = Aquascapes Collector's Edition
"WTA-49d193bd-5c51-44bb-b81a-c7571b11aa52" = Virtual Families 2
"WTA-5cf20070-fef7-41f3-acca-9b02e8cafbd0" = Family Farm
"WTA-6eb6b2e3-a1f1-48e6-bcea-b01e5aed90bc" = Letters from Nowhere 2
"WTA-967a6a48-4283-4b2d-aa9a-a163bcd23e9e" = Polar Bowler
"WTA-accf461f-0202-469c-9082-9ee9c1761fa5" = Farmington Tales
"WTA-c5cd4a36-ba39-4735-8be9-631b1818a81d" = Virtual Villagers 4 - The Tree of Life
"WTA-e2cf29fa-ad15-41d8-affa-7adbd0785c18" = Tales of Lagoona 2: Peril at Poseidon Park
"WTA-e578e3ef-3bfa-4c3c-8471-0e9a6a99b155" = FATE
"WTA-f2bbe653-2c59-4441-ac7c-706317e853f2" = Wedding Dash ® 4-Ever
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3054184758-2117664321-2381187025-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"7998bdbe8c95db7f" = GameFly Download Manager
"Amazon Kindle" = Amazon Kindle
"Zip Extractor Packages" = Zip Extractor Packages
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/23/2013 8:17:35 PM | Computer Name = Hannah-PC | Source = SideBySide | ID = 16842814
Description = Activation context generation failed for "C:\Users\Hannah\AppData\Local\Temp\825.8744670379381_Update.exe".Error
 in manifest or policy file "C:\Users\Hannah\AppData\Local\Temp\825.8744670379381_Update.exe"
 on line 3.  The required attribute name is missing from element assemblyIdentity.
 
Error - 11/23/2013 8:32:35 PM | Computer Name = Hannah-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 11/23/2013 8:47:55 PM | Computer Name = Hannah-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 11/24/2013 1:07:58 PM | Computer Name = Hannah-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 11/24/2013 1:07:58 PM | Computer Name = Hannah-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 999
 
Error - 11/24/2013 1:07:58 PM | Computer Name = Hannah-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 999
 
[ System Events ]
Error - 11/23/2013 8:30:57 PM | Computer Name = Hannah-PC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error:   %%2
 
Error - 11/23/2013 8:46:16 PM | Computer Name = Hannah-PC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error:   %%2
 
 
< End of report >
 

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearc...ults.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzutByE0E0CzyzytCzy0F0EyC0A0FyEtByDtN0D0Tzu0SyCzytAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=852889225&ir=

    IE - HKU\S-1-5-21-3054184758-2117664321-2381187025-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearc...ults.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzutByE0E0CzyzytCzy0F0EyC0A0FyEtByDtN0D0Tzu0SyCzytAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=852889225&ir=

    [2013/11/14 15:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\163a425f8bf257d2

    [2013/11/14 15:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate

    [2013/11/23 19:59:49 | 000,870,128 | ---- | M] () -- C:\Users\Hannah\AppData\Roaming\mcs.rma

    [2013/11/23 19:59:49 | 000,000,004 | ---- | M] () -- C:\Users\Hannah\AppData\Roaming\B9F312

    :files

    ipconfig /flushdns /c

    :Commands

    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.
Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
Link to post
Share on other sites

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3054184758-2117664321-2381187025-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
C:\ProgramData\163a425f8bf257d2 folder moved successfully.
C:\ProgramData\InstallMate\EA216EB5\cfg folder moved successfully.
C:\ProgramData\InstallMate\EA216EB5 folder moved successfully.
C:\ProgramData\InstallMate folder moved successfully.
C:\Users\Hannah\AppData\Roaming\mcs.rma moved successfully.
C:\Users\Hannah\AppData\Roaming\B9F312 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Hannah\Downloads\cmd.bat deleted successfully.
C:\Users\Hannah\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 58264 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Hannah
->Temp folder emptied: 34257780 bytes
->Temporary Internet Files folder emptied: 43806197 bytes
->Java cache emptied: 18306 bytes
->FireFox cache emptied: 406761746 bytes
->Flash cache emptied: 427769 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3099827 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43291271 bytes
RecycleBin emptied: 1811478 bytes
 
Total Files Cleaned = 509.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11252013_222453

Files\Folders moved on Reboot...
C:\Users\Hannah\AppData\Local\Temp\{63EE84D0-4080-4F86-B4DA-F13CFF2F005E}\fpb.tmp moved successfully.
C:\Users\Hannah\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Hannah\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.