Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Take the Coupon and More!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Take the Coupon and More!

Unread postby kokuorei » August 10th, 2015, 8:37 pm

Hello all!

So, somewhere along the line, I picked up something. Otherwise, I'm sure I wouldn't be here, would I? It keeps bringing up adds, and when I click a link, first it decides I need to go somewhere else in a new tab. My computer doesn't seem to be running slow, but doing things like typing is. Even typing this is super slow. It's also making it so pages go unresponsive for a short amount of time and I have to sit her and wait for it to decide to respond again.

The current add is "Take the Coupon".

Here are my Farbar results. I'm on Windows 8.1

Thank you in advanced!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-08-2015
Ran by Claud (administrator) on CLAUD (10-08-2015 20:22:51)
Running from C:\Users\Claud\Downloads
Loaded Profiles: Claud (Available Profiles: Claud & Administrator)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
() C:\Program Files (x86)\Responsive Feel\Responsive Feel.exe
() C:\Program Files (x86)\Scant Nerve\Scant Nerve.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\HDD Accelerator\THAccelSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-26] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [Arc] => C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe [416080 2015-07-31] (Perfect World Entertainment)
HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\WINDOWS\SysWOW64\C2MP\CodecUACManager.exe [60416 2015-03-05] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [USB Optical Mouse] => C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe [245248 2010-03-30] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-3048285104-2006604149-165245714-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-30] (Skype Technologies S.A.)
HKU\S-1-5-21-3048285104-2006604149-165245714-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3048285104-2006604149-165245714-1001\...\Run: [Codec Pack Update Checker] => "C:\WINDOWS\system32\C2MP\UpdateChecker.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2015-03-15]
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\C2MP\TrayMenu.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-03-03]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Claud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ AD.lnk [2015-04-20]
ShortcutTarget: AD.lnk -> C:\ProgramData\{03038c47-7473-8af3-0303-38c47747311d}\ AD.exe ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3048285104-2006604149-165245714-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easylifeapp.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easylifeapp.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKU\S-1-5-21-3048285104-2006604149-165245714-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easylifeapp.com/
HKU\S-1-5-21-3048285104-2006604149-165245714-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKU\S-1-5-21-3048285104-2006604149-165245714-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
SearchScopes: HKU\S-1-5-21-3048285104-2006604149-165245714-1001 -> DefaultScope {92544912-734A-4084-AB73-1C568654AB23} URL =
SearchScopes: HKU\S-1-5-21-3048285104-2006604149-165245714-1001 -> {92544912-734A-4084-AB73-1C568654AB23} URL =
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{27A498BD-2781-454C-92A6-FEF977857437}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Claud\AppData\Roaming\Mozilla\Firefox\Profiles\fei3oldc.default
FF DefaultSearchEngine.US: Google
FF Homepage: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-07] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-06] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\npArcPluginFF.dll [2015-07-31] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-14] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3048285104-2006604149-165245714-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Claud\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-05-11] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Claud\AppData\Roaming\Mozilla\Firefox\Profiles\fei3oldc.default\user.js [2015-02-28]
FF Extension: Block The Ads - C:\Users\Claud\AppData\Roaming\Mozilla\Firefox\Profiles\fei3oldc.default\Extensions\adyfcwljxkuoeh_zh@clmjbhrcxlutsld.com [2015-08-09]
FF Extension: TTakeTeheCOupoN - C:\Users\Claud\AppData\Roaming\Mozilla\Firefox\Profiles\fei3oldc.default\Extensions\ysK@b.org [2015-08-09]
FF HKU\S-1-5-21-3048285104-2006604149-165245714-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-28]
CHR Extension: (Google Docs) - C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-28]
CHR Extension: (Google Drive) - C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-28]
CHR Extension: (YouTube) - C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-28]
CHR Extension: (Google Search) - C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-28]
CHR Extension: (Google Sheets) - C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-02]
CHR Extension: (FreshStart Cross Browser Session Manager) - C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmidkjogcjnnlfimjcedenagjfacpobb [2015-08-09]
CHR Extension: (Gmail) - C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-28]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2015-07-31] (Perfect World Entertainment Inc)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-07-20] (BitRaider, LLC)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe [123320 2012-07-23] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe [126392 2012-07-23] (Symantec Corporation)
R2 Responsive Feel; C:\Program Files (x86)\Responsive Feel\Responsive Feel.exe [8016288 2015-07-07] () [File not signed] <==== ATTENTION
R2 Scant Nerve; C:\Program Files (x86)\Scant Nerve\Scant Nerve.exe [8016353 2015-07-22] () [File not signed] <==== ATTENTION
R2 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214488 2012-08-10] (TOSHIBA CORPORATION)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-14] (Microsoft Corporation)
S2 ec9c17f1; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\SoftwarePlus\SoftwarePlus.dll",serv
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-07-22] (BitRaider)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
S3 ghsandroid; C:\Windows\System32\Drivers\ghsandroid.sys [38424 2011-03-30] (Google Inc)
R3 NMgamingmsFltr; C:\Windows\system32\drivers\NMgamingms.sys [11648 2014-02-27] (LXD Development, Inc.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [131520 2012-08-10] (TOSHIBA CORPORATION)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-10 20:22 - 2015-08-10 20:25 - 00016839 _____ C:\Users\Claud\Downloads\FRST.txt
2015-08-10 20:22 - 2015-08-10 20:23 - 00000000 ____D C:\FRST
2015-08-10 20:21 - 2015-08-10 20:22 - 02171392 _____ (Farbar) C:\Users\Claud\Downloads\FRST64.exe
2015-08-10 20:11 - 2015-08-10 20:11 - 00688992 _____ (Swearware) C:\Users\Claud\Downloads\dds (1).scr
2015-08-10 20:11 - 2015-08-10 20:11 - 00000126 _____ C:\Users\Claud\Desktop\download.htm
2015-08-10 20:10 - 2015-08-10 20:10 - 00688992 _____ (Swearware) C:\Users\Claud\Desktop\dds.scr
2015-08-10 20:09 - 2015-08-10 20:10 - 00688992 _____ (Swearware) C:\Users\Claud\Downloads\dds.scr
2015-08-09 21:40 - 2015-08-09 21:40 - 00000000 ____D C:\ProgramData\5191c3c100007e4d
2015-08-09 21:12 - 2015-08-09 21:12 - 00000000 ____D C:\Program Files (x86)\FreshStart Cross Browser Session Manager
2015-08-09 21:10 - 2015-08-09 21:10 - 00000000 ____D C:\Program Files (x86)\TakeaTHeeCOupon
2015-08-09 21:09 - 2015-08-09 21:09 - 00000000 ____D C:\Program Files (x86)\TTakeTeheCOupoN
2015-08-09 00:44 - 2015-08-09 00:44 - 01032744 _____ C:\WINDOWS\Minidump\080915-38671-01.dmp
2015-08-08 02:40 - 2015-08-08 02:40 - 00000000 ____D C:\ProgramData\milcefnibogdljgpdajomdcellpceida
2015-08-08 02:16 - 2015-08-08 02:17 - 00000000 ____D C:\ProgramData\aieggejegnkgkmodegmpfgbfahjcpkic
2015-08-04 11:12 - 2015-08-04 11:13 - 00279984 _____ C:\WINDOWS\Minidump\080415-34406-01.dmp
2015-08-01 22:32 - 2015-08-01 22:32 - 00280040 _____ C:\WINDOWS\Minidump\080115-46875-01.dmp
2015-08-01 17:14 - 2015-08-01 17:16 - 00000000 ___HD C:\$Windows.~BT
2015-07-30 18:53 - 2015-07-30 18:56 - 32694320 _____ (Fitbit Inc.) C:\Users\Claud\Downloads\FitbitConnect_Win_20150619_2.0.0.6598.exe
2015-07-28 07:30 - 2015-07-25 09:34 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-26 12:09 - 2015-07-26 12:09 - 00000000 ____D C:\ProgramData\gcamlkdlbcdfmpdjgdngbfialmfnkbkd
2015-07-24 07:41 - 2015-07-24 07:41 - 00279984 _____ C:\WINDOWS\Minidump\072415-38015-01.dmp
2015-07-22 09:02 - 2015-07-22 09:02 - 00000000 ____D C:\Program Files (x86)\Scant Nerve
2015-07-22 08:35 - 2015-07-22 08:35 - 00000000 ____D C:\Users\Claud\AppData\Local\SWTOR
2015-07-21 00:59 - 2015-07-14 10:14 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-21 00:59 - 2015-07-14 10:14 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-21 00:59 - 2015-07-14 10:14 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-21 00:59 - 2015-07-14 10:13 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-20 07:29 - 2015-07-20 07:29 - 00000000 ____D C:\ProgramData\BitRaider
2015-07-20 07:28 - 2015-07-20 07:28 - 00000000 ____D C:\Users\Claud\AppData\Local\SWTORPerf
2015-07-20 07:21 - 2015-07-20 07:21 - 00000861 _____ C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
2015-07-20 07:21 - 2015-07-20 07:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2015-07-20 07:20 - 2015-07-20 07:20 - 00000000 ____D C:\Users\hedev
2015-07-20 07:11 - 2015-07-20 07:11 - 00931408 _____ (Google Inc.) C:\Users\Claud\Downloads\ChromeSetup (1).exe
2015-07-19 01:04 - 2015-07-19 01:04 - 00279984 _____ C:\WINDOWS\Minidump\071915-45468-01.dmp
2015-07-16 22:21 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-16 22:21 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-16 22:21 - 2015-05-07 11:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-07-16 22:21 - 2015-05-07 11:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-07-16 22:21 - 2015-05-03 11:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-16 22:21 - 2015-05-03 10:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-16 22:21 - 2015-05-03 10:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-07-16 22:21 - 2015-05-03 10:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-07-16 22:18 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-16 22:18 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-16 22:18 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-16 22:18 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-16 22:18 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-16 22:18 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-16 22:16 - 2015-06-15 18:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-16 22:16 - 2015-06-15 18:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-16 22:16 - 2015-06-15 18:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-16 22:16 - 2015-06-15 18:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-16 22:16 - 2015-06-15 18:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-16 22:16 - 2015-06-15 17:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-16 22:16 - 2015-06-15 17:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-16 22:16 - 2015-06-15 17:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-16 22:16 - 2015-06-15 17:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-16 22:16 - 2015-06-15 17:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-16 22:16 - 2015-06-15 17:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-16 22:16 - 2015-06-15 17:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-16 22:16 - 2015-06-15 17:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-16 22:16 - 2015-06-15 17:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-16 22:16 - 2015-06-15 17:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-16 22:16 - 2015-06-15 17:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-16 22:16 - 2015-06-15 17:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-16 22:16 - 2015-06-15 17:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-16 22:16 - 2015-06-15 17:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-16 22:16 - 2015-06-15 16:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-16 22:16 - 2015-06-15 16:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-16 22:16 - 2015-06-15 16:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-16 22:16 - 2015-06-15 16:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-16 22:16 - 2015-06-15 16:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-16 22:16 - 2015-06-15 16:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-16 22:16 - 2015-06-15 16:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-16 22:16 - 2015-06-15 16:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-16 22:16 - 2015-06-15 16:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-16 22:16 - 2015-06-15 16:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-16 22:16 - 2015-06-15 16:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-16 22:16 - 2015-06-15 16:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-16 22:16 - 2015-06-15 16:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-16 22:16 - 2015-06-15 16:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-16 22:09 - 2015-07-09 15:51 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-16 22:09 - 2015-07-09 14:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-16 22:09 - 2015-07-09 12:03 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-16 22:09 - 2015-07-09 11:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-16 22:09 - 2015-07-09 11:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-16 22:09 - 2015-07-09 11:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-16 22:09 - 2015-07-09 11:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-16 22:09 - 2015-07-09 11:48 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-16 22:09 - 2015-07-09 11:46 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-16 22:09 - 2015-07-09 11:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-16 22:09 - 2015-07-09 11:37 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-16 22:09 - 2015-07-09 11:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-16 22:09 - 2015-07-09 11:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-16 22:09 - 2015-06-26 23:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-16 22:09 - 2015-06-26 23:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-16 22:09 - 2015-06-26 22:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-16 22:08 - 2015-04-29 19:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-07-16 22:07 - 2015-06-28 01:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-16 22:07 - 2015-06-28 01:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-16 22:07 - 2015-06-28 01:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-16 22:07 - 2015-06-28 01:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-16 22:07 - 2015-06-27 12:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-16 22:07 - 2015-06-26 23:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-16 22:07 - 2015-06-26 23:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-16 22:07 - 2015-06-26 23:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-16 22:07 - 2015-06-26 22:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-16 22:07 - 2015-06-26 22:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-16 22:07 - 2015-06-26 22:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-16 22:07 - 2015-06-26 21:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-16 22:07 - 2015-06-26 21:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-16 22:07 - 2015-06-24 22:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-16 22:07 - 2015-06-15 18:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-16 22:07 - 2015-06-15 18:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-16 22:07 - 2015-06-15 17:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-16 22:07 - 2015-06-15 17:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-16 22:07 - 2015-06-15 16:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-16 22:07 - 2015-06-15 15:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-16 22:07 - 2015-05-30 17:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-16 22:07 - 2015-05-30 15:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-16 22:07 - 2015-05-30 15:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-16 22:07 - 2015-05-02 20:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-07-16 22:06 - 2015-05-07 13:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-07-16 22:06 - 2015-05-07 13:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-16 22:06 - 2015-05-07 12:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-07-16 22:06 - 2015-05-07 12:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-16 22:06 - 2015-04-24 22:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-07-16 22:06 - 2014-11-04 15:25 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-07-16 22:06 - 2014-11-04 15:25 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-07-16 22:06 - 2014-11-04 02:55 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-07-16 22:06 - 2014-11-04 02:54 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-07-16 22:06 - 2014-11-04 02:54 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-07-16 22:06 - 2014-11-04 02:54 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-07-16 22:03 - 2015-06-29 18:43 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-16 22:03 - 2015-06-29 11:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-16 22:03 - 2015-06-29 11:07 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-16 22:03 - 2015-06-29 11:07 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-16 22:03 - 2015-06-29 11:07 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-16 22:03 - 2015-06-26 19:21 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-16 22:03 - 2015-06-26 19:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-16 21:58 - 2015-07-01 18:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-16 21:58 - 2015-07-01 17:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-16 21:46 - 2015-05-11 12:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-16 21:41 - 2015-06-16 01:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-16 21:41 - 2015-06-16 01:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-16 21:41 - 2015-06-10 23:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-16 21:41 - 2015-06-10 12:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-16 21:41 - 2015-04-28 09:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-16 21:41 - 2015-04-28 09:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-16 21:40 - 2015-04-23 11:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-16 21:40 - 2015-04-23 11:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-16 21:39 - 2015-05-07 12:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-16 21:38 - 2015-05-12 09:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-16 21:38 - 2015-05-03 11:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-16 21:38 - 2015-05-03 10:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-16 21:38 - 2015-05-01 19:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-14 19:56 - 2015-07-19 13:50 - 00001202 _____ C:\Users\Claud\Downloads\debug.log
2015-07-14 19:36 - 2015-08-10 19:30 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-14 19:36 - 2015-07-14 19:36 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-12 11:00 - 2015-07-12 11:01 - 00279984 _____ C:\WINDOWS\Minidump\071215-32218-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-10 20:17 - 2015-03-14 12:59 - 01673172 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-10 20:17 - 2015-02-28 16:08 - 00000000 ____D C:\Users\Claud\AppData\Roaming\Skype
2015-08-10 20:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-10 18:10 - 2015-03-14 16:54 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-10 17:50 - 2015-03-14 13:46 - 00000000 ___RD C:\Users\Claud\OneDrive
2015-08-10 07:28 - 2015-03-14 13:12 - 00000000 ____D C:\Users\Claud
2015-08-09 21:43 - 2013-08-22 10:46 - 00346948 _____ C:\WINDOWS\setupact.log
2015-08-09 21:39 - 2015-06-23 07:25 - 00000000 _____ C:\Users\Claud\AppData\Local\Temp.dat
2015-08-09 21:12 - 2015-04-29 19:45 - 00000079 _____ C:\Program Files (x86)\prefs.js
2015-08-09 21:12 - 2015-04-20 16:55 - 00000000 ____D C:\ProgramData\1648151549250446305
2015-08-09 20:18 - 2014-11-21 04:44 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-09 11:02 - 2015-02-28 17:58 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3048285104-2006604149-165245714-1001
2015-08-09 00:44 - 2015-03-14 12:57 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-09 00:44 - 2015-03-14 12:56 - 976584875 _____ C:\WINDOWS\MEMORY.DMP
2015-08-09 00:44 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-08 22:47 - 2015-05-23 21:51 - 00000024 _____ C:\Users\Claud\AppData\Roaming\appdataFr25.bin
2015-08-07 20:02 - 2015-02-28 15:20 - 00000000 ____D C:\Users\Claud\AppData\Local\CrashDumps
2015-08-07 19:02 - 2014-01-29 09:34 - 00000000 ____D C:\Users\Claud\Downloads\New folder
2015-08-07 18:40 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-06 18:29 - 2013-08-22 09:25 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2015-08-06 17:48 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-05 19:21 - 2015-02-20 11:30 - 00000000 ____D C:\Users\Claud\AppData\Local\Packages
2015-08-05 14:32 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-08-02 10:05 - 2012-11-15 01:29 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-08-01 18:48 - 2015-02-28 15:11 - 00000000 ____D C:\Users\Claud\AppData\Local\Google
2015-07-30 07:39 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-29 08:27 - 2013-11-20 10:22 - 00837632 ___SH C:\Users\Claud\Desktop\Thumbs.db
2015-07-25 21:18 - 2015-02-11 12:18 - 00000000 ____D C:\Users\Claud\Desktop\RP
2015-07-25 17:40 - 2015-05-13 21:29 - 00003914 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D5DE5A82-040D-47C4-9DE5-DC979221DCAE}
2015-07-25 05:39 - 2015-04-04 00:15 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-23 07:20 - 2013-08-22 10:44 - 00362544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-23 07:19 - 2014-11-21 04:34 - 00878714 _____ C:\WINDOWS\PFRO.log
2015-07-20 07:21 - 2013-10-10 16:05 - 00000000 ____D C:\Games
2015-07-20 07:21 - 2013-08-31 18:13 - 00015084 _____ C:\Users\Claud\Documents\Install STAR WARS The Old Republic.log
2015-07-18 18:45 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-18 16:32 - 2015-02-28 16:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-18 16:32 - 2015-02-28 16:07 - 00000000 ____D C:\ProgramData\Skype
2015-07-18 07:37 - 2015-03-16 12:20 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-18 07:37 - 2014-11-21 11:56 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-18 07:37 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-18 07:37 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-16 23:57 - 2015-03-03 15:28 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-16 23:49 - 2015-04-04 00:15 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-14 19:33 - 2015-03-03 16:26 - 00000000 ____D C:\Users\Claud\AppData\Local\Adobe
2015-07-13 17:10 - 2014-11-21 12:03 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-13 17:10 - 2014-11-21 12:03 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-12 09:51 - 2015-02-28 21:27 - 00000000 ____D C:\Users\Claud\AppData\Roaming\Yahoo!
2015-07-12 09:51 - 2015-02-28 16:36 - 00000000 ____D C:\Program Files (x86)\Yahoo!

==================== Files in the root of some directories =======

2015-04-29 19:45 - 2015-08-09 21:12 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-05-23 21:51 - 2015-08-08 22:47 - 0000024 _____ () C:\Users\Claud\AppData\Roaming\appdataFr25.bin
2015-04-25 14:45 - 2015-05-19 19:42 - 0000020 _____ () C:\Users\Claud\AppData\Roaming\appdataFr3.bin
2015-04-30 18:12 - 2015-04-30 18:13 - 0000802 _____ () C:\Users\Claud\AppData\Local\Temp-log.txt
2015-06-23 07:25 - 2015-08-09 21:39 - 0000000 _____ () C:\Users\Claud\AppData\Local\Temp.dat

Some files in TEMP:
====================
C:\Users\Claud\AppData\Local\Temp\3200.exe
C:\Users\Claud\AppData\Local\Temp\5907901995387593853b.exe
C:\Users\Claud\AppData\Local\Temp\AA37.exe
C:\Users\Claud\AppData\Local\Temp\amd-catalyst-omega-14.12-without-dotnet45-win8.1-64bit.exe
C:\Users\Claud\AppData\Local\Temp\APNSetup.exe
C:\Users\Claud\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\Claud\AppData\Local\Temp\C3E9.exe
C:\Users\Claud\AppData\Local\Temp\ntwdblib.dll
C:\Users\Claud\AppData\Local\Temp\raptrpatch.exe
C:\Users\Claud\AppData\Local\Temp\raptr_stub.exe
C:\Users\Claud\AppData\Local\Temp\setacl.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-09 00:55

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-08-2015
Ran by Claud (2015-08-10 20:28:05)
Running from C:\Users\Claud\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3048285104-2006604149-165245714-500 - Administrator - Disabled) => C:\Users\Administrator
Claud (S-1-5-21-3048285104-2006604149-165245714-1001 - Administrator - Enabled) => C:\Users\Claud
Guest (S-1-5-21-3048285104-2006604149-165245714-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3048285104-2006604149-165245714-1006 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{A3808FE1-6B99-1B1F-F18A-FE658F175C0E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Gardenscapes: Mansion Makeover (x32 Version: 3.0.2.32 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.165 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Media Player Codec Pack 4.3.6 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.3.6 - Media Player Codec Pack)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.11 - Symantec Corporation) Hidden
Norton PC Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.18.15 - Symantec Corporation)
Norton Security Dashboard (HKLM-x32\...\NortonSD) (Version: 1.1.1.9 - Symantec Corporation)
OfficeSolutions (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ec9c17f1}) (Version: - OfficeSolutions) <==== ATTENTION
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.15.60 - Electronic Arts, Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6743 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 8.0.0.24 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.08.6402 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6414 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 1.1.0001 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0014 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Unity Web Player (HKU\S-1-5-21-3048285104-2006604149-165245714-1001\...\UnityWebPlayer) (Version: 5.0.2f1 - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
USB Optical Mouse (HKLM-x32\...\{EEAE45EB-C1E3-4CCD-930D-D7B40F810063}) (Version: 1.00.0000 - )
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
VASSAL (3.2.15) (HKLM\...\VASSAL (3.2.15)) (Version: 3.2.15 - vassalengine.org)
Virtual Villagers 5 - New Believers (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

30-07-2015 07:35:18 Windows Update
02-08-2015 10:03:45 Removed Fitbit Connect
09-08-2015 11:02:37 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {173D0C53-6F5A-42E7-9156-8CE2A146CB81} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {3F2FBD27-36A4-43E5-AA94-2730D465F786} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {6A11C7D1-03F7-4353-9ACD-DDCBA2F2A0B3} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {950AA0A4-C87D-4804-BEC7-6C3E41A7983C} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {9B5AE1DB-7C55-4F31-B47B-96C6AAFEC395} - System32\Tasks\{268EC9A0-9065-41A0-9F5B-42C4140A4B7E} => Chrome.exe http://ui.skype.com/ui/0/7.1.0.105/en/a ... age=tsBing
Task: {B327BDAE-4687-4EF2-818B-AFC617F8E4BA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E3737216-265A-4F72-863C-F6E271E0E62B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {E5C92124-20B2-4FF6-BA10-394B1094C315} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task.job => C:\ProgramData\{03038c47-7473-8af3-0303-38c47747311d}\ AD.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ShadowOptimizer.job => c:\programdata\{f34f0cd2-d6b6-5bd8-f34f-f0cd2d6b334b}\5907901995387593853b.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (Whitelisted) ==============

2014-11-20 21:23 - 2014-11-20 21:23 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-07-07 21:23 - 2015-07-07 21:22 - 08016288 _____ () C:\Program Files (x86)\Responsive Feel\Responsive Feel.exe
2015-07-22 09:02 - 2015-07-22 09:01 - 08016353 _____ () C:\Program Files (x86)\Scant Nerve\Scant Nerve.exe
2012-07-18 21:38 - 2012-07-18 21:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-13 22:13 - 2012-08-13 22:13 - 00018344 _____ () C:\Program Files\Toshiba\Teco\TecoMUI.dll
2015-07-22 09:10 - 2015-07-22 09:10 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\4bd80968bf666252841ca7792faaff11\Windows.UI.ni.dll
2013-08-22 03:19 - 2013-08-22 02:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd
2015-07-22 09:10 - 2015-07-22 09:10 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2015-07-02 15:14 - 2015-07-02 15:14 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-28 21:27 - 2012-05-25 05:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Claud\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Claud\OneDrive.old:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3048285104-2006604149-165245714-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Claud\Pictures\facebook\10343512_677988675589160_8293844344793847523_n.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "CodecPackTrayMenu.lnk"
HKLM\...\StartupApproved\Run32: => "Arc"
HKLM\...\StartupApproved\Run32: => "Codec Settings UAC Manager"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "USB Optical Mouse"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKU\S-1-5-21-3048285104-2006604149-165245714-1001\...\StartupApproved\StartupFolder: => " AD.lnk"
HKU\S-1-5-21-3048285104-2006604149-165245714-1001\...\StartupApproved\Run: => "Codec Pack Update Checker"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{87D9E16C-48BE-4E33-80DF-CB6D98352376}C:\program files (x86)\perfect world entertainment\star trek online_en\star trek online\live\gameclient.exe] => (Allow) C:\program files (x86)\perfect world entertainment\star trek online_en\star trek online\live\gameclient.exe
FirewallRules: [TCP Query User{4EE14804-1D51-486C-B76E-E529CEFE1E6B}C:\program files (x86)\perfect world entertainment\star trek online_en\star trek online\live\gameclient.exe] => (Allow) C:\program files (x86)\perfect world entertainment\star trek online_en\star trek online\live\gameclient.exe
FirewallRules: [{247992BA-0D3D-4F66-8022-BCBDB2344E12}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{9D9E32BB-11EE-47F5-BE29-E95A424FDF29}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{9D1E4D7C-5647-476F-AB66-ED95ACD4B147}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B67A139A-0CAC-4790-AE45-9EE1F150AA1F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{33B79F94-3DC3-44BE-8C6B-9D92B9753265}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A138BF14-60A4-411D-B3EF-0686682919AC}] => (Allow) LPort=1900
FirewallRules: [{D7B5C841-1264-4E92-9244-3359506ACC47}] => (Allow) LPort=2869
FirewallRules: [{1AB94965-8F43-48F8-9679-146469AE3F09}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E7E82843-2F85-4737-9C0F-3F118311F3D5}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{0242743E-B76B-45D1-9DC6-C5E124EA37C7}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{833902F0-BF8F-47F4-917B-9B63A8828494}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{5355C3B8-C7F1-45DE-B0F9-5BAD90065443}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{95C657E8-453C-4263-BE48-F34A36F47DDE}C:\program files (x86)\perfect world entertainment\star trek online_en\star trek online\live\gameclient.exe] => (Allow) C:\program files (x86)\perfect world entertainment\star trek online_en\star trek online\live\gameclient.exe
FirewallRules: [UDP Query User{05B53FBC-3885-4B75-A97F-5C3E19411B1D}C:\program files (x86)\perfect world entertainment\star trek online_en\star trek online\live\gameclient.exe] => (Allow) C:\program files (x86)\perfect world entertainment\star trek online_en\star trek online\live\gameclient.exe
FirewallRules: [{7D6AE275-9682-42C0-9816-C085813B3595}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6DE21F2C-8A99-4571-91D1-1541D9F1F517}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E175C2F4-8ABF-45DE-8162-286209D31252}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CFB9B1B6-75B9-4B11-93BB-43080C67090A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{79C1886E-8819-4521-8BA8-0A5173968A12}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{76B54967-13F5-4D2E-AD4F-15B2AF5F86CA}C:\program files (x86)\perfect world entertainment\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\perfect world entertainment\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{6017E710-85FF-42AA-92F8-AFFB1EA48D9E}C:\program files (x86)\perfect world entertainment\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\perfect world entertainment\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [{9CD3F26E-F589-490E-A967-07755C310485}] => (Allow) C:\Games\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{7BE97F91-CBEA-467A-A79D-9713E1AA3791}] => (Allow) C:\Games\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{7D38194D-C9C8-4DBD-A8B5-1E8E93C01631}] => (Allow) C:\Games\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{647B4734-368D-4252-A106-9704D5A939C4}] => (Allow) C:\Games\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{928937EB-1DE6-4240-AAB7-28ACA7929772}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/09/2015 12:26:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_aepdu.dll, version: 6.3.9600.17415, time stamp: 0x54504eb8
Faulting module name: wica.dll, version: 6.3.9600.17204, time stamp: 0x54cf2f56
Exception code: 0xc0000005
Fault offset: 0x00000000000279f7
Faulting process id: 0x2330
Faulting application start time: 0xrundll32.exe_aepdu.dll0
Faulting application path: rundll32.exe_aepdu.dll1
Faulting module path: rundll32.exe_aepdu.dll2
Report Id: rundll32.exe_aepdu.dll3
Faulting package full name: rundll32.exe_aepdu.dll4
Faulting package-relative application ID: rundll32.exe_aepdu.dll5

Error: (08/08/2015 09:52:58 AM) (Source: ESENT) (EventID: 474) (User: )
Description: wuaueng.dll (992) SUS20ClientDataStore: The database page read from the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" at offset 47382528 (0x0000000002d30000) (database page wuaueng.dll0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch. The stored checksum was [9e099e090b7ceb65:fe9b016452aebaf9:f9b3064c8439540c:7dbc7dbc5573c839] and the computed checksum was [9e099e09213cc125:fe9b016452aebaf9:f9b3064c8439540c:57fc57fc5573c839]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (08/08/2015 07:36:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_aepdu.dll, version: 6.3.9600.17415, time stamp: 0x54504eb8
Faulting module name: wica.dll, version: 6.3.9600.17204, time stamp: 0x54cf2f56
Exception code: 0xc0000005
Fault offset: 0x00000000000279f7
Faulting process id: 0x1fc4
Faulting application start time: 0xrundll32.exe_aepdu.dll0
Faulting application path: rundll32.exe_aepdu.dll1
Faulting module path: rundll32.exe_aepdu.dll2
Report Id: rundll32.exe_aepdu.dll3
Faulting package full name: rundll32.exe_aepdu.dll4
Faulting package-relative application ID: rundll32.exe_aepdu.dll5

Error: (08/08/2015 12:39:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_aepdu.dll, version: 6.3.9600.17415, time stamp: 0x54504eb8
Faulting module name: wica.dll, version: 6.3.9600.17204, time stamp: 0x54cf2f56
Exception code: 0xc0000005
Fault offset: 0x00000000000279f7
Faulting process id: 0xf9c
Faulting application start time: 0xrundll32.exe_aepdu.dll0
Faulting application path: rundll32.exe_aepdu.dll1
Faulting module path: rundll32.exe_aepdu.dll2
Report Id: rundll32.exe_aepdu.dll3
Faulting package full name: rundll32.exe_aepdu.dll4
Faulting package-relative application ID: rundll32.exe_aepdu.dll5

Error: (08/07/2015 10:37:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1bac

Start Time: 01d0d1821373ab09

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 606c2a83-3d76-11e5-bedd-008cfa617121

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (08/07/2015 09:34:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b58

Start Time: 01d0d179b1b0ad3e

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: a53a12bc-3d6d-11e5-bedd-008cfa617121

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (08/07/2015 08:02:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmplayer.exe, version: 12.0.9600.17415, time stamp: 0x545046f0
Faulting module name: mfsrcsnk.dll, version: 12.0.9600.17415, time stamp: 0x54503910
Exception code: 0xc0000005
Fault offset: 0x0002f4d1
Faulting process id: 0x1b24
Faulting application start time: 0xwmplayer.exe0
Faulting application path: wmplayer.exe1
Faulting module path: wmplayer.exe2
Report Id: wmplayer.exe3
Faulting package full name: wmplayer.exe4
Faulting package-relative application ID: wmplayer.exe5

Error: (08/07/2015 08:01:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmplayer.exe, version: 12.0.9600.17415, time stamp: 0x545046f0
Faulting module name: mfsrcsnk.dll, version: 12.0.9600.17415, time stamp: 0x54503910
Exception code: 0xc0000005
Fault offset: 0x0002f4d1
Faulting process id: 0x144c
Faulting application start time: 0xwmplayer.exe0
Faulting application path: wmplayer.exe1
Faulting module path: wmplayer.exe2
Report Id: wmplayer.exe3
Faulting package full name: wmplayer.exe4
Faulting package-relative application ID: wmplayer.exe5

Error: (08/07/2015 08:00:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmplayer.exe, version: 12.0.9600.17415, time stamp: 0x545046f0
Faulting module name: mfsrcsnk.dll, version: 12.0.9600.17415, time stamp: 0x54503910
Exception code: 0xc0000005
Fault offset: 0x0002f4d1
Faulting process id: 0x18a4
Faulting application start time: 0xwmplayer.exe0
Faulting application path: wmplayer.exe1
Faulting module path: wmplayer.exe2
Report Id: wmplayer.exe3
Faulting package full name: wmplayer.exe4
Faulting package-relative application ID: wmplayer.exe5

Error: (08/07/2015 07:03:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmplayer.exe, version: 12.0.9600.17415, time stamp: 0x545046f0
Faulting module name: mfsrcsnk.dll, version: 12.0.9600.17415, time stamp: 0x54503910
Exception code: 0xc0000005
Fault offset: 0x0002f4d1
Faulting process id: 0xb08
Faulting application start time: 0xwmplayer.exe0
Faulting application path: wmplayer.exe1
Faulting module path: wmplayer.exe2
Report Id: wmplayer.exe3
Faulting package full name: wmplayer.exe4
Faulting package-relative application ID: wmplayer.exe5


System errors:
=============
Error: (08/09/2015 08:52:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/09/2015 06:11:18 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.2.5.
The computer with the IP address 192.168.2.3 did not allow the name to be claimed by
this computer.

Error: (08/09/2015 05:43:00 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network. The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.

Error: (08/09/2015 05:43:00 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network. The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.

Error: (08/09/2015 12:26:31 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network. The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.

Error: (08/09/2015 12:25:49 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer LINDASCOMPUTER
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{27A498BD-2781-454C-92A6-FEF977857437}.
The master browser is stopping or an election is being forced.

Error: (08/09/2015 12:25:43 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network. The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.

Error: (08/09/2015 12:25:42 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network. The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.

Error: (08/09/2015 12:25:40 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network. The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.

Error: (08/09/2015 12:48:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2


Microsoft Office:
=========================
Error: (08/09/2015 12:26:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_aepdu.dll6.3.9600.1741554504eb8wica.dll6.3.9600.1720454cf2f56c000000500000000000279f7233001d0d25b9f9c9bb6C:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\CompatTel\wica.dlldd6ee76e-3e4e-11e5-bedd-008cfa617121

Error: (08/08/2015 09:52:58 AM) (Source: ESENT) (EventID: 474) (User: )
Description: wuaueng.dll992SUS20ClientDataStore: C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb47382528 (0x0000000002d30000)32768 (0x00008000)-1018 (0xfffffc06)[9e099e090b7ceb65:fe9b016452aebaf9:f9b3064c8439540c:7dbc7dbc5573c839][9e099e09213cc125:fe9b016452aebaf9:f9b3064c8439540c:57fc57fc5573c839]1445 (0x5A5)

Error: (08/08/2015 07:36:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_aepdu.dll6.3.9600.1741554504eb8wica.dll6.3.9600.1720454cf2f56c000000500000000000279f71fc401d0d1ce7507e0aaC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\CompatTel\wica.dllb53ed92d-3dc1-11e5-bedd-008cfa617121

Error: (08/08/2015 12:39:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_aepdu.dll6.3.9600.1741554504eb8wica.dll6.3.9600.1720454cf2f56c000000500000000000279f7f9c01d0d1943e85537aC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\CompatTel\wica.dll7c577b3f-3d87-11e5-bedd-008cfa617121

Error: (08/07/2015 10:37:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.209111bac01d0d1821373ab094294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe606c2a83-3d76-11e5-bedd-008cfa617121microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (08/07/2015 09:34:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.209111b5801d0d179b1b0ad3e4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exea53a12bc-3d6d-11e5-bedd-008cfa617121microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (08/07/2015 08:02:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmplayer.exe12.0.9600.17415545046f0mfsrcsnk.dll12.0.9600.1741554503910c00000050002f4d11b2401d0d16d77fbfeefC:\Program Files (x86)\Windows Media Player\wmplayer.exeC:\WINDOWS\System32\mfsrcsnk.dllb6a03f35-3d60-11e5-bedd-008cfa617121

Error: (08/07/2015 08:01:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmplayer.exe12.0.9600.17415545046f0mfsrcsnk.dll12.0.9600.1741554503910c00000050002f4d1144c01d0d16d702e0dd9C:\Program Files (x86)\Windows Media Player\wmplayer.exeC:\WINDOWS\System32\mfsrcsnk.dllafedcb97-3d60-11e5-bedd-008cfa617121

Error: (08/07/2015 08:00:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmplayer.exe12.0.9600.17415545046f0mfsrcsnk.dll12.0.9600.1741554503910c00000050002f4d118a401d0d16d3e7da3caC:\Program Files (x86)\Windows Media Player\wmplayer.exeC:\WINDOWS\System32\mfsrcsnk.dll7dc074b6-3d60-11e5-bedd-008cfa617121

Error: (08/07/2015 07:03:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmplayer.exe12.0.9600.17415545046f0mfsrcsnk.dll12.0.9600.1741554503910c00000050002f4d1b0801d0d1654967d549C:\Program Files (x86)\Windows Media Player\wmplayer.exeC:\WINDOWS\System32\mfsrcsnk.dll882a79a0-3d58-11e5-bedd-008cfa617121


==================== Memory info ===========================

Processor: AMD E1-1200 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 30%
Total physical RAM: 7774.01 MB
Available physical RAM: 5433.7 MB
Total Virtual: 15710.26 MB
Available Virtual: 13362.86 MB

==================== Drives ================================

Drive c: (TI10657600C) (Fixed) (Total:584.56 GB) (Free:370.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of log ============================
kokuorei
Active Member
 
Posts: 11
Joined: August 10th, 2015, 8:04 pm
Advertisement
Register to Remove

Re: Take the Coupon and More!

Unread postby Firefly » August 12th, 2015, 10:20 pm

Looking over your log. It may take me a day or so. Please confirm you still need assistance.
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm

Re: Take the Coupon and More!

Unread postby Firefly » August 14th, 2015, 8:22 am

Hi kokuorei. You have quite a mess on your hands. Please confirm for me if you still need help or if this topic should be closed. I did not hear back from you from my earlier post.
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm

Re: Take the Coupon and More!

Unread postby kokuorei » August 14th, 2015, 6:54 pm

Yes, I do. Sorry, was out with a friend in the hospital. All good now.
kokuorei
Active Member
 
Posts: 11
Joined: August 10th, 2015, 8:04 pm

Re: Take the Coupon and More!

Unread postby Firefly » August 15th, 2015, 8:26 am

OK No problem. While I finish reviewing the logs, lets take some protective steps.

I ask you to follow a few ground rules while we are taking care of your computer:

I'm an Undergraduate trainee at MalwareRemovalUniversity (MRU), and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we begin...please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
  4. Only- post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  5. Print each set of instructions...if possible...your Internet connection will not be available during some fix processes.
  6. Only- reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean". If you are in progress at another forum, please simply let me know so I can dedicate my time to others who need help.
  7. Failure to respond for 3 days, will result in your topic being closed.

Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Warning!
The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.


Malware removal:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

There will be several items to handle in each post (usually) so I will try to break them into easier to digest sections which will be demarked with Green Bold Lettering


File Backup

For your safety and protection, I would advise backing up all your important documents, personal data files and photos as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions:
exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

All of the Windows systems we support have backup capabilities. These existing programs will allow you to back up your files to an external hard drive, USB drive or CD drive.

Do not back up your files to the hard drive of the computer we will be fixing. If the computer becomes unusable, your files will still be gone forever. Every photo, every document… gone. Seriously. Do this now.

Here is the link to using the backup program in Windows 8: Windows 8

One way or another, it is critical that you backup your data before proceeding.


Restore Point

First, before we do anything, we want to make sure we have made a backup of your computer's key information so that we can be sure to not make anything worse.

To create a restore point: (Win 8 )
1. Press the WinKey+X to display the system menu and click System.
2. On the left side menu, click System Protection.
3. In the Protection Settings section, click the C: (system) drive.
4. Click the Create button.
5. Type a name for the System Restore file (The Date and Time will be added automatically). Please call it “before malware fix”

Once these are done, we can move forward with repairing the issues you are having. I'll look for a confirmation back from you.
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm

Re: Take the Coupon and More!

Unread postby kokuorei » August 15th, 2015, 4:16 pm

Ready.
kokuorei
Active Member
 
Posts: 11
Joined: August 10th, 2015, 8:04 pm

Re: Take the Coupon and More!

Unread postby Firefly » August 17th, 2015, 9:53 am

Hi kokuorei. My name is Firefly and I will help you with your computer. Before we really jump into things, I ask you to follow a few ground rules while we are taking care of your computer:

Before we begin...please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
  4. Only- post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  5. Print each set of instructions...if possible...your Internet connection will not be available during some fix processes.
  6. Only- reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean". If you are in progress at another forum, please simply let me know so I can dedicate my time to others who need help.
  7. Failure to respond for 3 days, will result in your topic being closed.

Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Malware removal:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Finally, there will be several items to handle in each post (usually) so I will try to break them into easier to digest sections which will be demarked with Green Bold Lettering

I reviewed your logs, and you do indeed have several malware programs installed. Absent something unforeseen, we should be able to remove these fairly easily. Please do the following:


AdwCleaner

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished, uncheck any entries you don't want to remove (there should not be any), then click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well (it could be another number besides [S1] such as [S0]).


Malwarebytes' Anti-Malware Image

Please save any items you were working on... close any open programs.
Please download Malwarebytes Anti-Malware and save it to your desktop. Alternate downloads available here or here.
    If needed...User Guide in HTML or PDF formats. Be advised, many options are disabled in the free version.
    Make sure you are connected to the Internet, you'll need to check for updates.
  1. Double-click on mbam-setup.exe to install the application.
  2. When the installation begins, follow the prompts, accept the License Agreement... Please use the default settings for installation.
    When installation has finished, you'll be presented with the MBAM interface.

    • When the free version is first run, you see a message "Your free trial has expired! ... just ignore it... click the "End free Trial" link to remove the message.
    • You'll see an alert that "Your databases are out of date" Click the "Fix it now button.
    • Press the Scan Settings icon on the top bar of the MBAM interface, make sure Threat Scan is checked.
  3. Press the Scan Now >> button.
    When the scan is finished:
    If clean, a message will be displayed "The scan completed successfully! No malicious items were detected!
    If infections were found you will be notified there were malicious items detected. Malicious items are automatically quarantined.
  4. Press the View detailed log >> link to display the results log.
  5. Press the Copy to Clipboard button.
  6. Copy and paste the scan results in your next reply and exit MBAM.
Using the default History Settings ... Log files can be found in these locations:
Windows XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\ Malwarebytes Anti-Malware\Logs
Windows Vista, Win 7, Win 8 or 8.1: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs


Revised FRST Scan

Please delete your copy of FRST64, and re-download FRST64 ... by Farbar, from the link below and save it to your Desktop (it gets updated very often, so a new copy is always important).

For 64 bit Systems

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • In addition to what is already checked, please place a check mark in the lower right hand box labeled “Addition.txt”
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • Please post the content of the Addition.txt in your next reply.

Next Steps

1. Please confirm file backup and restore point
2. Post AdwCleaner log
3. Post MBAM log
4. Updated FRST.txt log
5. Updated Addition.txt log
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm

Re: Take the Coupon and More!

Unread postby kokuorei » August 17th, 2015, 8:07 pm

All set on Recovery

# AdwCleaner v5.001 - Logfile created 17/08/2015 at 19:09:58
# Updated 17/08/2015 by Xplode
# Database : 2015-08-16.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Claud - CLAUD
# Running from : C:\Users\Claud\Desktop\adwcleaner_5.001.exe
# Option : Cleaning

***** [ Services ] *****

[-] Service Deleted : ec9c17f1
[-] Service Deleted : fdfcd97f

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\PragmaInstance
[-] Folder Deleted : C:\Program Files (x86)\UpgradeLeader
[-] Folder Deleted : C:\Program Files (x86)\AllCheapiPricE
[-] Folder Deleted : C:\Program Files (x86)\DiseCounutExtensiu
[-] Folder Deleted : C:\Program Files (x86)\DisscountExteunsii
[-] Folder Deleted : C:\Program Files (x86)\Fun2Savvee
[!] Folder Not Deleted : C:\Program Files (x86)\PragmaInstance
[-] Folder Deleted : C:\Program Files (x86)\SaoLePlus
[-] Folder Deleted : C:\Program Files (x86)\TakeaTHeeCOupon
[-] Folder Deleted : C:\Program Files (x86)\TTakeTeheCOupoN
[-] Folder Deleted : C:\ProgramData\apn
[-] Folder Deleted : C:\ProgramData\1648151549250446305
[-] Folder Deleted : C:\ProgramData\5191c3c100007e4d
[-] Folder Deleted : C:\ProgramData\{03038c47-7473-8af3-0303-38c47747311d}
[-] Folder Deleted : C:\ProgramData\{f34f0cd2-d6b6-5bd8-f34f-f0cd2d6b334b}
[-] Folder Deleted : C:\ProgramData\aieggejegnkgkmodegmpfgbfahjcpkic
[-] Folder Deleted : C:\ProgramData\gcamlkdlbcdfmpdjgdngbfialmfnkbkd
[-] Folder Deleted : C:\ProgramData\milcefnibogdljgpdajomdcellpceida
[-] Folder Deleted : C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmidkjogcjnnlfimjcedenagjfacpobb
[-] Folder Deleted : C:\Users\Claud\AppData\Local\Temp\apn
[-] Folder Deleted : C:\Users\Claud\AppData\Roaming\Mozilla\Firefox\Profiles\fei3oldc.default\Extensions\ysK@b.org
[-] Folder Deleted : C:\Users\Claud\Documents\Mobogenie
[-] Folder Deleted : C:\Users\Claud\Favorites\StumbleUpon
[!] Folder Not Deleted : C:\Users\Claud\Favorites\StumbleUpon

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\mozilla firefox\dbghelp.dll
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
[-] File Deleted : C:\Users\Claud\daemonprocess.txt
[-] File Deleted : C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pgjcgpbffennccofdpganblbjiglnbip_0.localstorage
[-] File Deleted : C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pgjcgpbffennccofdpganblbjiglnbip_0.localstorage-journal
[-] File Deleted : C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nmidkjogcjnnlfimjcedenagjfacpobb_0.localstorage
[-] File Deleted : C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nmidkjogcjnnlfimjcedenagjfacpobb_0.localstorage-journal
[-] File Deleted : C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nmidkjogcjnnlfimjcedenagjfacpobb
[-] File Deleted : C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
[-] File Deleted : C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
[-] File Deleted : C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
[-] File Deleted : C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
[-] File Deleted : C:\Users\Claud\AppData\Roaming\Mozilla\Firefox\Profiles\fei3oldc.default\user.js

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : Bidaily Synchronize Task

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\P118919C3_6BF8_41D8_878E_43A105487258_.P118919C3_6BF8_41D8_878E_43A105487258_
[-] Key Deleted : HKLM\SOFTWARE\Classes\P118919C3_6BF8_41D8_878E_43A105487258_.P118919C3_6BF8_41D8_878E_43A105487258_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\P4C95B9BE_8490_4F20_919D_CEEBA273A57E_.P4C95B9BE_8490_4F20_919D_CEEBA273A57E_
[-] Key Deleted : HKLM\SOFTWARE\Classes\P4C95B9BE_8490_4F20_919D_CEEBA273A57E_.P4C95B9BE_8490_4F20_919D_CEEBA273A57E_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\P51239844_3F72_493B_8126_FFD7F3413285_.P51239844_3F72_493B_8126_FFD7F3413285_
[-] Key Deleted : HKLM\SOFTWARE\Classes\P51239844_3F72_493B_8126_FFD7F3413285_.P51239844_3F72_493B_8126_FFD7F3413285_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\P788227CB_F769_4C5B_A8AC_DCC5F71BD69A_.P788227CB_F769_4C5B_A8AC_DCC5F71BD69A_
[-] Key Deleted : HKLM\SOFTWARE\Classes\P788227CB_F769_4C5B_A8AC_DCC5F71BD69A_.P788227CB_F769_4C5B_A8AC_DCC5F71BD69A_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCBD23028_5F43_4AC3_A716_5933CD51CC86_.PCBD23028_5F43_4AC3_A716_5933CD51CC86_
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCBD23028_5F43_4AC3_A716_5933CD51CC86_.PCBD23028_5F43_4AC3_A716_5933CD51CC86_.9
[-] Key Deleted : HKLM\SOFTWARE\2c14988f-4e19-5172-ed29-3ad222f4b60e
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ec9c17f1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fdfcd97f}
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{118919C3-6BF8-41D8-878E-43A105487258}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C95B9BE-8490-4F20-919D-CEEBA273A57E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51239844-3F72-493B-8126-FFD7F3413285}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{788227CB-F769-4C5B-A8AC-DCC5F71BD69A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CBD23028-5F43-4AC3-A716-5933CD51CC86}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1F831F60-05FB-474D-93A3-42DA68E7EB8F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E52324B-66BF-44AE-A8C5-2DB48E90E729}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{60785AD5-B5CA-4D2D-ABB6-537D4186EE67}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7A6DCEC2-55AB-418F-A903-93D0DF482809}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96BB8E60-6EF9-47E0-9ED8-4AD477ECF427}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A6918429-4197-42E6-A4AC-742073A9BCBB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B83055E5-D13F-4DB9-A034-3B89A4CFE680}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DC4101EC-F2D3-4648-A1F6-B4EECC52443A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{118919C3-6BF8-41D8-878E-43A105487258}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4C95B9BE-8490-4F20-919D-CEEBA273A57E}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{51239844-3F72-493B-8126-FFD7F3413285}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{788227CB-F769-4C5B-A8AC-DCC5F71BD69A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CBD23028-5F43-4AC3-A716-5933CD51CC86}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{118919C3-6BF8-41D8-878E-43A105487258}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{4C95B9BE-8490-4F20-919D-CEEBA273A57E}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51239844-3F72-493B-8126-FFD7F3413285}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{788227CB-F769-4C5B-A8AC-DCC5F71BD69A}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{CBD23028-5F43-4AC3-A716-5933CD51CC86}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{118919C3-6BF8-41D8-878E-43A105487258}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4C95B9BE-8490-4F20-919D-CEEBA273A57E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{51239844-3F72-493B-8126-FFD7F3413285}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{788227CB-F769-4C5B-A8AC-DCC5F71BD69A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CBD23028-5F43-4AC3-A716-5933CD51CC86}
[-] Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7223EDAC-E091-B3C1-BD91-B66CE557800F}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B138259A-351E-33FA-2726-8D71704F1DA9}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53B21E29-3967-C332-57EB-C02631658584}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-3048285104-2006604149-165245714-1001\Software\Microsoft\Internet Explorer\Main [Start Page]

***** [ Web browsers ] *****

[-] [C:\Users\Claud\AppData\Roaming\Mozilla\Firefox\Profiles\fei3oldc.default\prefs.js] [Preference] Deleted : user_pref("extensions.Cg2sy11a8NMnX3o9.scode", "(function(){try{if(window.location.href.indexOf(\"pdUHqTU4rHUGrdgHqTU4rda9rY\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.co[...]
[-] [C:\Users\Claud\AppData\Roaming\Mozilla\Firefox\Profiles\fei3oldc.default\prefs.js] [Preference] Deleted : user_pref("extensions.GwZMSeWmxVxgKZT1.scode", "(function(){try{if(window.self.location.href.indexOf(\"pdUHqTU4rHUGrdgHqTU4rda9rY\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\"[...]
[-] [C:\Users\Claud\AppData\Roaming\Mozilla\Firefox\Profiles\fei3oldc.default\prefs.js] [Preference] Deleted : user_pref("extensions.HMCa6a0oHCJn5ssZ.scode", "(function(){try{if(window.location.href.indexOf(\"pdUHqTU4rHUGrdgHqTU4rda9rY\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\"[...]
[-] [C:\Users\Claud\AppData\Roaming\Mozilla\Firefox\Profiles\fei3oldc.default\prefs.js] [Preference] Deleted : user_pref("extensions.NF46w5I5uqrXMeYh.scode", "(function(){try{if(window.location.href.indexOf(\"pdUHqTU4rHUGrdgHqTU4rda9rY\")>-1){return;}}catch(e){}try{var d=[[\"www.viracure.com\",\"onesystemcare.[...]
[-] [C:\Users\Claud\AppData\Roaming\Mozilla\Firefox\Profiles\fei3oldc.default\prefs.js] [Preference] Deleted : user_pref("extensions.eK2twdJ7rHmQ4nGQ.scode", "(function(){try{if(window.location.href.indexOf(\"pdUHqTU4rHUGrdgHqTU4rda9rY\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.co[...]
[-] [C:\Users\Claud\AppData\Roaming\Mozilla\Firefox\Profiles\fei3oldc.default\prefs.js] [Preference] Deleted : user_pref("extensions.ogM63SMouqslEB6N.scode", "(function(){try{if(window.self.location.href.indexOf(\"pdUHqTU4rHUGrdgHqTU4rda9rY\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\"[...]
[-] [C:\Users\Claud\AppData\Roaming\Mozilla\Firefox\Profiles\fei3oldc.default\prefs.js] [Preference] Deleted : user_pref("extensions.sylDp3mxsef615fx.scode", "(function(){try{if(window.location.href.indexOf(\"pdUHqTU4rHUGrdgHqTU4rda9rY\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\",\"fl[...]
[-] [C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted :
[-] [C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://searchy.easylifeapp.com/

*************************

:: Proxy settings cleared
:: Winsock settings cleared
:: Chrome policies deleted

*************************

C:\AdwCleaner[C1].txt - [13551 bytes] - [17/08/2015 19:09:58]
C:\AdwCleaner[S1].txt - [21476 bytes] - [17/08/2015 19:07:18]

########## EOF - C:\AdwCleaner[C1].txt - [13677 bytes] ##########


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/17/2015
Scan Time: 7:23:04 PM
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.03.09.05
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Claud

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 424872
Time Elapsed: 24 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.Multiplug, HKU\S-1-5-21-3048285104-2006604149-165245714-1001_Classes\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, Quarantined, [1d5c83c05e2cb97d4e83100a44bf966a],
PUP.Optional.Multiplug, HKU\S-1-5-21-3048285104-2006604149-165245714-1001_Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Quarantined, [0f6a45fe28624aec8d4473a738cbff01],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4820778D-AB0D-6D18-C316-52A6A0E1D507}, Quarantined, [babf6dd6a3e7f3431e97497b0df6946c],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.SupremeAdblocker.A, C:\ProgramData\Supreme AdBlocker, Quarantined, [05746dd6c7c3ed4998ffbdd5aa5952ae],

Files: 22
PUP.Optional.Multiplug.A, C:\Program Files (x86)\Craigslist\Craigslist.exe, Quarantined, [98e1f152d4b666d0760233fa09f96b95],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\FreshStart Cross Browser Session Manager\FreshStart Cross Browser Session Manager.exe, Quarantined, [0475bc870189f3435a1eeb428181e61a],
PUP.Optional.Multiplug.A, C:\Windows\Temp\tmplxs0ut\RZOecLr8uf9Jqtl.exe, Quarantined, [c2b76ed597f3201686f2be6fbc4617e9],
PUP.Optional.Multiplug.A, C:\Windows\Temp\tmpn4efvu\li75jjFBaRprIDH.exe, Quarantined, [3940b093d3b71422b1c75ecfa85a6f91],
PUP.Optional.Multiplug.A, C:\Windows\Temp\tmptwol8d\x9hOJ2yE3YtQsyL.exe, Quarantined, [0970e75caddd5dd95325a588e9199868],
PUP.Optional.Multiplug.A, C:\Windows\Temp\tmpx_enny\NizKJxvh9mSdmKT.exe, Quarantined, [d1a8251e444616206414ed400cf6d030],
PUP.Optional.Multiplug.A, C:\Windows\Temp\tmp6n_xzk\ujyLL8T4h2lbuOL.exe, Quarantined, [3a3f1a29078375c111671a1319e960a0],
PUP.Optional.Multiplug.A, C:\Windows\Temp\tmpeyczsb\DWFNbNUx0Qty13w.exe, Quarantined, [1b5e1a29addd2b0ba5d3a38a788a7c84],
PUP.Optional.Multiplug.A, C:\Windows\Temp\tmp0hr9jp\8O0T8tm0lFRPBGZ.exe, Quarantined, [e693d370ff8b48eeadcbe449a959857b],
PUP.Optional.Multiplug.A, C:\Windows\Temp\tmp5bkkag\UDHsPnDBa1YBVTj.exe, Quarantined, [5029ab98b3d7fa3cc5b3210c3ec4fe02],
PUP.Optional.Installrex, C:\Users\Claud\Downloads\Downloader_for_Wing Commander III - Heart of the Tiger [Disc2of4].exe, Quarantined, [95e4e261335753e3f842acea35cca35d],
PUP.Optional.OpenCandy, C:\Users\Claud\Downloads\DTLite4471-0333-aoc-jd.exe, Quarantined, [d8a14ef5107ab77f99903ecaf511cd33],
PUP.Optional.Bandoo, C:\Users\Claud\Downloads\iLividSetup-r484-n-bc.exe, Quarantined, [d7a23d0678129e981090b77d8978ab55],
PUP.Optional.Bandoo, C:\Users\Claud\Downloads\iLividSetup-r585-n-bc.exe, Quarantined, [fe7bd271fc8e5ed8059b54e043be4db3],
PUP.Optional.Downware, C:\Users\Claud\Downloads\Setup_ODM.exe, Quarantined, [720791b219712412dfbedef26c9530d0],
PUP.Optional.WorldSetup, C:\Users\Claud\Downloads\CR_Downloader_for_digimon-digital-card-battle.exe, Quarantined, [1b5e291a43470a2cc8bc2969c04515eb],
PUP.Optional.WorldSetup, C:\Users\Claud\Downloads\CR_Downloader_for_epsxe.exe, Quarantined, [d1a8cb78bccefa3cff855e34d5304eb2],
PUP.Optional.WorldSetup, C:\Users\Claud\Downloads\CR_Downloader_for_final-fantasy-tactics.exe, Quarantined, [3a3f3b085535b185c8bc9cf6a065f30d],
PUP.Optional.WorldSetup, C:\Users\Claud\Downloads\CR_Downloader_for_wing-commander-iii---heart-of-the-tiger-(disc-1).exe, Quarantined, [5f1a1330bad0979f9ce8880a39ccef11],
PUP.Optional.InstallCore, C:\Users\Claud\Downloads\flashplayer.exe, Quarantined, [91e8a99a3b4fc373e57d2d4ede23817f],
PUP.Optional.InstallCore, C:\Users\Claud\Downloads\FileOpenerSetup.exe, Quarantined, [621771d2e4a6b18527a40ba1897cca36],
PUP.Optional.SupremeAdblocker.A, C:\ProgramData\Supreme AdBlocker\Supreme AdBlocker.exe, Quarantined, [05746dd6c7c3ed4998ffbdd5aa5952ae],

Physical Sectors: 0
(No malicious items detected)


(end)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-08-2015
Ran by Claud (administrator) on CLAUD (17-08-2015 20:00:54)
Running from C:\Users\Claud\Desktop
Loaded Profiles: Claud (Available Profiles: Claud & Administrator)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
() C:\Program Files (x86)\Responsive Feel\Responsive Feel.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Scant Nerve\Scant Nerve.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\HDD Accelerator\THAccelSvc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-26] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [Arc] => C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe [416080 2015-07-31] (Perfect World Entertainment)
HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\WINDOWS\SysWOW64\C2MP\CodecUACManager.exe [60416 2015-03-05] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [USB Optical Mouse] => C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe [245248 2010-03-30] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-3048285104-2006604149-165245714-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-30] (Skype Technologies S.A.)
HKU\S-1-5-21-3048285104-2006604149-165245714-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3048285104-2006604149-165245714-1001\...\Run: [Codec Pack Update Checker] => "C:\WINDOWS\system32\C2MP\UpdateChecker.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2015-03-15]
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\C2MP\TrayMenu.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-03-03]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Claud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ AD.lnk [2015-04-20]
ShortcutTarget: AD.lnk -> C:\ProgramData\{03038c47-7473-8af3-0303-38c47747311d}\ AD.exe (No File)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
CHR HKU\S-1-5-21-3048285104-2006604149-165245714-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-3048285104-2006604149-165245714-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-3048285104-2006604149-165245714-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
SearchScopes: HKU\S-1-5-21-3048285104-2006604149-165245714-1001 -> DefaultScope {92544912-734A-4084-AB73-1C568654AB23} URL =
SearchScopes: HKU\S-1-5-21-3048285104-2006604149-165245714-1001 -> {92544912-734A-4084-AB73-1C568654AB23} URL =
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{27A498BD-2781-454C-92A6-FEF977857437}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Claud\AppData\Roaming\Mozilla\Firefox\Profiles\fei3oldc.default
FF DefaultSearchEngine.US: Google
FF Homepage: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-07] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-06] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\npArcPluginFF.dll [2015-07-31] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-14] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3048285104-2006604149-165245714-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Claud\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-05-11] (Unity Technologies ApS)
FF Extension: Block The Ads - C:\Users\Claud\AppData\Roaming\Mozilla\Firefox\Profiles\fei3oldc.default\Extensions\adyfcwljxkuoeh_zh@clmjbhrcxlutsld.com [2015-08-09]
FF HKU\S-1-5-21-3048285104-2006604149-165245714-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-28]
CHR Extension: (Google Docs) - C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-28]
CHR Extension: (Google Drive) - C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-28]
CHR Extension: (YouTube) - C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-28]
CHR Extension: (Google Search) - C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-28]
CHR Extension: (Google Sheets) - C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-02]
CHR Extension: (Gmail) - C:\Users\Claud\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-28]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2015-07-31] (Perfect World Entertainment Inc)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe [123320 2012-07-23] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe [126392 2012-07-23] (Symantec Corporation)
R2 Responsive Feel; C:\Program Files (x86)\Responsive Feel\Responsive Feel.exe [8016288 2015-07-07] () [File not signed] <==== ATTENTION
R2 Scant Nerve; C:\Program Files (x86)\Scant Nerve\Scant Nerve.exe [8016353 2015-07-22] () [File not signed] <==== ATTENTION
R2 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214488 2012-08-10] (TOSHIBA CORPORATION)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
S3 ghsandroid; C:\Windows\System32\Drivers\ghsandroid.sys [38424 2011-03-30] (Google Inc)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NMgamingmsFltr; C:\Windows\system32\drivers\NMgamingms.sys [11648 2014-02-27] (LXD Development, Inc.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [131520 2012-08-10] (TOSHIBA CORPORATION)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-17 20:00 - 2015-08-17 20:01 - 00015958 _____ C:\Users\Claud\Desktop\FRST.txt
2015-08-17 20:00 - 2015-08-17 20:00 - 00000000 ____D C:\Users\Claud\Desktop\FRST-OlderVersion
2015-08-17 19:21 - 2015-08-17 19:52 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-17 19:21 - 2015-08-17 19:21 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-17 19:21 - 2015-08-17 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-17 19:21 - 2015-08-17 19:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-17 19:21 - 2015-08-17 19:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-17 19:21 - 2015-04-14 09:47 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-08-17 19:21 - 2015-04-14 09:46 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-17 19:21 - 2015-04-14 09:46 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-17 19:14 - 2015-08-17 19:20 - 21547816 _____ (Malwarebytes Corporation ) C:\Users\Claud\Downloads\mbam-setup.exe
2015-08-17 19:13 - 2015-08-17 19:13 - 00013770 _____ C:\Users\Claud\Desktop\AdwCleaner[C1].txt
2015-08-17 19:09 - 2015-08-17 19:10 - 00013770 _____ C:\AdwCleaner[C1].txt
2015-08-17 19:07 - 2015-08-17 19:09 - 00021476 _____ C:\AdwCleaner[S1].txt
2015-08-17 19:07 - 2015-08-17 19:09 - 00000000 ____D C:\AdwCleaner
2015-08-17 19:04 - 2015-08-17 19:04 - 01573888 _____ C:\Users\Claud\Desktop\adwcleaner_5.001.exe
2015-08-17 07:16 - 2015-08-17 07:16 - 00280040 _____ C:\WINDOWS\Minidump\081715-51906-01.dmp
2015-08-16 09:30 - 2015-08-16 09:30 - 09284296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-08-14 20:02 - 2015-07-05 06:08 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-08-14 00:59 - 2015-08-14 01:00 - 00279984 _____ C:\WINDOWS\Minidump\081415-36343-01.dmp
2015-08-13 19:38 - 2015-08-13 19:38 - 00000000 ____D C:\ProgramData\kglgcfnbkhgdnpdhkelddjehdhicddpk
2015-08-13 19:37 - 2015-08-13 19:37 - 00000000 ____D C:\ProgramData\lghldfnhhcodhcdihlokeohgjpbcjelk
2015-08-12 19:31 - 2015-08-12 19:32 - 00008443 _____ C:\Users\Claud\Documents\Uninstall STAR WARS The Old Republic.log
2015-08-11 22:51 - 2015-07-30 10:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 22:51 - 2015-07-30 09:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 21:57 - 2015-07-16 17:14 - 25192448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-11 21:57 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-11 21:57 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-11 21:57 - 2015-07-16 16:20 - 19870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-11 21:57 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-11 21:57 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-11 21:57 - 2015-07-16 15:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-11 21:57 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-11 21:57 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-11 21:57 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-11 21:57 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-11 21:57 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-11 21:56 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-08-11 21:56 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-11 21:56 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-11 21:56 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-08-11 21:56 - 2015-07-16 15:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-11 21:56 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-11 21:56 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-11 21:56 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-11 21:56 - 2015-07-16 15:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-08-11 21:56 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-11 21:56 - 2015-07-16 15:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-08-11 21:56 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-08-11 21:56 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-08-11 21:56 - 2015-07-16 15:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-11 21:56 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-11 21:56 - 2015-07-16 14:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-11 21:56 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-08-11 21:56 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-11 21:56 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-11 21:54 - 2015-07-18 21:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-11 21:54 - 2015-07-18 14:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-11 21:54 - 2015-07-18 14:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-11 21:54 - 2015-07-18 14:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-11 21:54 - 2015-07-18 14:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-11 21:54 - 2015-07-18 14:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-11 21:54 - 2015-07-18 14:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-11 21:54 - 2015-07-18 14:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-11 21:54 - 2015-07-18 14:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-11 21:54 - 2015-07-18 14:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-11 21:54 - 2015-07-18 14:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-11 21:54 - 2015-07-18 14:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-11 21:53 - 2015-07-29 10:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-11 21:53 - 2015-07-29 10:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-11 21:53 - 2015-07-29 10:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-11 21:53 - 2015-07-24 14:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-08-11 21:53 - 2015-07-24 14:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-11 21:53 - 2015-07-24 14:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-11 21:53 - 2015-07-24 13:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-11 21:53 - 2015-07-24 13:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-11 21:53 - 2015-06-09 14:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-11 21:50 - 2015-07-15 20:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-11 21:50 - 2015-07-15 20:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-11 21:50 - 2015-07-15 20:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-11 21:50 - 2015-07-15 20:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-11 21:50 - 2015-07-10 13:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-11 21:49 - 2015-06-12 13:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-11 21:49 - 2015-06-12 12:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-11 21:48 - 2015-07-28 19:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-08-11 21:48 - 2015-07-28 10:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-08-11 21:48 - 2015-07-28 10:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-08-11 21:48 - 2015-07-28 10:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-08-11 21:48 - 2015-07-28 10:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-08-11 21:48 - 2015-07-28 10:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-08-11 21:48 - 2015-07-28 10:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-11 21:48 - 2015-07-07 05:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-11 21:48 - 2015-07-07 05:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-11 21:48 - 2015-07-07 05:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-11 21:48 - 2015-07-01 18:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-11 21:48 - 2015-07-01 18:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-11 21:48 - 2015-07-01 17:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-11 21:48 - 2015-07-01 17:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-11 21:42 - 2015-07-14 17:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-11 21:42 - 2015-07-14 17:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-08-11 21:42 - 2015-07-14 17:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-08-11 21:42 - 2015-07-13 15:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-11 21:42 - 2015-07-13 15:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-11 21:42 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-11 21:42 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-11 21:42 - 2015-07-09 12:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-11 21:41 - 2015-07-13 23:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-08-11 21:41 - 2015-07-13 23:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-08-11 21:41 - 2015-07-10 14:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-11 21:41 - 2015-07-10 13:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-08-11 21:41 - 2015-07-10 13:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-11 21:41 - 2015-07-10 13:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-11 21:41 - 2015-07-10 12:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-08-11 21:41 - 2015-07-10 12:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-11 21:41 - 2015-06-11 16:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-08-11 21:41 - 2015-06-11 16:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-08-11 21:41 - 2015-05-11 20:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-08-10 20:28 - 2015-08-10 20:29 - 00036078 _____ C:\Users\Claud\Downloads\Addition.txt
2015-08-10 20:22 - 2015-08-17 20:01 - 00000000 ____D C:\FRST
2015-08-10 20:21 - 2015-08-17 20:00 - 02173440 _____ (Farbar) C:\Users\Claud\Desktop\FRST64.exe
2015-08-10 20:11 - 2015-08-10 20:11 - 00688992 _____ (Swearware) C:\Users\Claud\Downloads\dds (1).scr
2015-08-10 20:11 - 2015-08-10 20:11 - 00000126 _____ C:\Users\Claud\Desktop\download.htm
2015-08-10 20:09 - 2015-08-10 20:10 - 00688992 _____ (Swearware) C:\Users\Claud\Downloads\dds.scr
2015-08-09 21:12 - 2015-08-17 19:49 - 00000000 ____D C:\Program Files (x86)\FreshStart Cross Browser Session Manager
2015-08-09 00:44 - 2015-08-09 00:44 - 01032744 _____ C:\WINDOWS\Minidump\080915-38671-01.dmp
2015-08-04 11:12 - 2015-08-04 11:13 - 00279984 _____ C:\WINDOWS\Minidump\080415-34406-01.dmp
2015-08-01 22:32 - 2015-08-01 22:32 - 00280040 _____ C:\WINDOWS\Minidump\080115-46875-01.dmp
2015-07-30 18:53 - 2015-07-30 18:56 - 32694320 _____ (Fitbit Inc.) C:\Users\Claud\Downloads\FitbitConnect_Win_20150619_2.0.0.6598.exe
2015-07-24 07:41 - 2015-07-24 07:41 - 00279984 _____ C:\WINDOWS\Minidump\072415-38015-01.dmp
2015-07-22 09:02 - 2015-07-22 09:02 - 00000000 ____D C:\Program Files (x86)\Scant Nerve
2015-07-20 07:28 - 2015-07-20 07:28 - 00000000 ____D C:\Users\Claud\AppData\Local\SWTORPerf
2015-07-20 07:20 - 2015-07-20 07:20 - 00000000 ____D C:\Users\hedev
2015-07-20 07:11 - 2015-07-20 07:11 - 00931408 _____ (Google Inc.) C:\Users\Claud\Downloads\ChromeSetup (1).exe
2015-07-19 01:04 - 2015-07-19 01:04 - 00279984 _____ C:\WINDOWS\Minidump\071915-45468-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-17 20:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-17 19:58 - 2015-02-28 17:58 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3048285104-2006604149-165245714-1001
2015-08-17 19:56 - 2014-11-21 04:44 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-17 19:54 - 2015-02-28 16:08 - 00000000 ____D C:\Users\Claud\AppData\Roaming\Skype
2015-08-17 19:53 - 2015-03-14 13:46 - 00000000 ___RD C:\Users\Claud\OneDrive
2015-08-17 19:53 - 2015-03-14 12:59 - 01198645 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-17 19:51 - 2014-11-21 04:34 - 00886100 _____ C:\WINDOWS\PFRO.log
2015-08-17 19:51 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppCompat
2015-08-17 19:51 - 2013-08-22 10:46 - 00348293 _____ C:\WINDOWS\setupact.log
2015-08-17 19:51 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-17 19:49 - 2015-06-06 18:54 - 00000000 ____D C:\Program Files (x86)\Craigslist
2015-08-17 19:30 - 2015-07-14 19:36 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-17 19:10 - 2015-06-02 19:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-17 19:10 - 2015-03-14 13:12 - 00000000 ____D C:\Users\Claud
2015-08-17 19:10 - 2013-08-22 09:25 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2015-08-17 07:16 - 2015-03-14 12:57 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-17 07:15 - 2015-03-14 12:56 - 932197677 _____ C:\WINDOWS\MEMORY.DMP
2015-08-16 16:54 - 2015-03-14 16:54 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-16 16:27 - 2015-07-10 09:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-16 09:30 - 2015-07-14 19:36 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-16 09:10 - 2015-05-23 21:51 - 00000024 _____ C:\Users\Claud\AppData\Roaming\appdataFr25.bin
2015-08-14 07:33 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-08-13 19:12 - 2013-11-20 10:22 - 00837632 ___SH C:\Users\Claud\Desktop\Thumbs.db
2015-08-13 19:11 - 2013-08-22 10:44 - 00362544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-13 07:35 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-13 07:35 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-13 07:35 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-13 07:35 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-13 07:34 - 2015-03-16 12:20 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-13 07:34 - 2014-11-21 11:56 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-08-12 20:52 - 2015-03-03 15:28 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-12 20:36 - 2015-03-03 15:27 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-12 19:33 - 2015-02-28 21:27 - 00000000 ____D C:\ProgramData\Yahoo!
2015-08-12 19:33 - 2015-02-28 16:36 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-08-12 19:31 - 2013-10-10 16:05 - 00000000 ____D C:\Games
2015-08-12 19:22 - 2014-01-29 09:34 - 00000000 ____D C:\Users\Claud\Downloads\New folder
2015-08-11 22:52 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-11 22:52 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-11 22:48 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-11 22:48 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-11 05:00 - 2015-04-29 19:45 - 00000079 _____ C:\Program Files (x86)\prefs.js
2015-08-08 09:55 - 2014-11-21 12:03 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-08 09:55 - 2014-11-21 12:03 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-07 20:02 - 2015-02-28 15:20 - 00000000 ____D C:\Users\Claud\AppData\Local\CrashDumps
2015-08-06 17:48 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-05 19:21 - 2015-02-20 11:30 - 00000000 ____D C:\Users\Claud\AppData\Local\Packages
2015-08-05 14:32 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-08-02 10:05 - 2012-11-15 01:29 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-08-01 18:48 - 2015-02-28 15:11 - 00000000 ____D C:\Users\Claud\AppData\Local\Google
2015-07-25 21:18 - 2015-02-11 12:18 - 00000000 ____D C:\Users\Claud\Desktop\RP
2015-07-25 17:40 - 2015-05-13 21:29 - 00003914 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D5DE5A82-040D-47C4-9DE5-DC979221DCAE}
2015-07-25 05:39 - 2015-04-04 00:15 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-20 07:21 - 2013-08-31 18:13 - 00015084 _____ C:\Users\Claud\Documents\Install STAR WARS The Old Republic.log
2015-07-19 13:50 - 2015-07-14 19:56 - 00001202 _____ C:\Users\Claud\Downloads\debug.log
2015-07-18 16:32 - 2015-02-28 16:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-18 16:32 - 2015-02-28 16:07 - 00000000 ____D C:\ProgramData\Skype
2015-07-18 07:37 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-18 07:37 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\WinStore

==================== Files in the root of some directories =======

2015-04-29 19:45 - 2015-08-11 05:00 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-05-23 21:51 - 2015-08-16 09:10 - 0000024 _____ () C:\Users\Claud\AppData\Roaming\appdataFr25.bin
2015-04-25 14:45 - 2015-05-19 19:42 - 0000020 _____ () C:\Users\Claud\AppData\Roaming\appdataFr3.bin
2015-04-30 18:12 - 2015-04-30 18:13 - 0000802 _____ () C:\Users\Claud\AppData\Local\Temp-log.txt

Some files in TEMP:
====================
C:\Users\Claud\AppData\Local\Temp\3200.exe
C:\Users\Claud\AppData\Local\Temp\5907901995387593853b.exe
C:\Users\Claud\AppData\Local\Temp\AA37.exe
C:\Users\Claud\AppData\Local\Temp\amd-catalyst-omega-14.12-without-dotnet45-win8.1-64bit.exe
C:\Users\Claud\AppData\Local\Temp\APNSetup.exe
C:\Users\Claud\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\Claud\AppData\Local\Temp\BRSVC_326897562_hlp.exe
C:\Users\Claud\AppData\Local\Temp\C3E9.exe
C:\Users\Claud\AppData\Local\Temp\ntwdblib.dll
C:\Users\Claud\AppData\Local\Temp\raptrpatch.exe
C:\Users\Claud\AppData\Local\Temp\raptr_stub.exe
C:\Users\Claud\AppData\Local\Temp\setacl.exe
C:\Users\Claud\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-17 07:36

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-08-2015
Ran by Claud (2015-08-17 20:02:53)
Running from C:\Users\Claud\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3048285104-2006604149-165245714-500 - Administrator - Disabled) => C:\Users\Administrator
Claud (S-1-5-21-3048285104-2006604149-165245714-1001 - Administrator - Enabled) => C:\Users\Claud
Guest (S-1-5-21-3048285104-2006604149-165245714-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3048285104-2006604149-165245714-1006 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{A3808FE1-6B99-1B1F-F18A-FE658F175C0E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Gardenscapes: Mansion Makeover (x32 Version: 3.0.2.32 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.165 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Media Player Codec Pack 4.3.6 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.3.6 - Media Player Codec Pack)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.11 - Symantec Corporation) Hidden
Norton PC Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.18.15 - Symantec Corporation)
Norton Security Dashboard (HKLM-x32\...\NortonSD) (Version: 1.1.1.9 - Symantec Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.15.60 - Electronic Arts, Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6743 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 8.0.0.24 - Bioware/EA)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.08.6402 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6414 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 1.1.0001 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0014 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Unity Web Player (HKU\S-1-5-21-3048285104-2006604149-165245714-1001\...\UnityWebPlayer) (Version: 5.0.2f1 - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
USB Optical Mouse (HKLM-x32\...\{EEAE45EB-C1E3-4CCD-930D-D7B40F810063}) (Version: 1.00.0000 - )
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
VASSAL (3.2.15) (HKLM\...\VASSAL (3.2.15)) (Version: 3.2.15 - vassalengine.org)
Virtual Villagers 5 - New Believers (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

02-08-2015 10:03:45 Removed Fitbit Connect
09-08-2015 11:02:37 Scheduled Checkpoint
12-08-2015 20:35:17 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {173D0C53-6F5A-42E7-9156-8CE2A146CB81} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {66CF1948-960B-441B-A3A9-BBE06F1C2FD4} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {6A11C7D1-03F7-4353-9ACD-DDCBA2F2A0B3} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {950AA0A4-C87D-4804-BEC7-6C3E41A7983C} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {9B5AE1DB-7C55-4F31-B47B-96C6AAFEC395} - System32\Tasks\{268EC9A0-9065-41A0-9F5B-42C4140A4B7E} => Chrome.exe http://ui.skype.com/ui/0/7.1.0.105/en/a ... age=tsBing
Task: {B327BDAE-4687-4EF2-818B-AFC617F8E4BA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E3737216-265A-4F72-863C-F6E271E0E62B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-16] (Adobe Systems Incorporated)
Task: {E5C92124-20B2-4FF6-BA10-394B1094C315} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated)
Task: {EB48A2F9-44A4-41DA-8DDB-A06D1CB2B718} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-12] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task.job => C:\ProgramData\{03038c47-7473-8af3-0303-38c47747311d}\ AD.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ShadowOptimizer.job => c:\programdata\{f34f0cd2-d6b6-5bd8-f34f-f0cd2d6b334b}\5907901995387593853b.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (Whitelisted) ==============

2014-11-20 21:23 - 2014-11-20 21:23 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-07-07 21:23 - 2015-07-07 21:22 - 08016288 _____ () C:\Program Files (x86)\Responsive Feel\Responsive Feel.exe
2015-07-22 09:02 - 2015-07-22 09:01 - 08016353 _____ () C:\Program Files (x86)\Scant Nerve\Scant Nerve.exe
2012-07-18 21:38 - 2012-07-18 21:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-13 22:13 - 2012-08-13 22:13 - 00018344 _____ () C:\Program Files\Toshiba\Teco\TecoMUI.dll
2015-07-22 09:10 - 2015-07-22 09:10 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\4bd80968bf666252841ca7792faaff11\Windows.UI.ni.dll
2013-08-22 03:19 - 2013-08-22 02:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd
2015-07-22 09:10 - 2015-07-22 09:10 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-28 21:27 - 2012-05-25 05:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Claud\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Claud\OneDrive.old:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3048285104-2006604149-165245714-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Claud\Pictures\facebook\10369212_826155914072088_1343644284898250007_n.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "CodecPackTrayMenu.lnk"
HKLM\...\StartupApproved\Run32: => "Arc"
HKLM\...\StartupApproved\Run32: => "Codec Settings UAC Manager"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "USB Optical Mouse"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKU\S-1-5-21-3048285104-2006604149-165245714-1001\...\StartupApproved\StartupFolder: => " AD.lnk"
HKU\S-1-5-21-3048285104-2006604149-165245714-1001\...\StartupApproved\Run: => "Codec Pack Update Checker"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{87D9E16C-48BE-4E33-80DF-CB6D98352376}C:\program files (x86)\perfect world entertainment\star trek online_en\star trek online\live\gameclient.exe] => (Allow) C:\program files (x86)\perfect world entertainment\star trek online_en\star trek online\live\gameclient.exe
FirewallRules: [TCP Query User{4EE14804-1D51-486C-B76E-E529CEFE1E6B}C:\program files (x86)\perfect world entertainment\star trek online_en\star trek online\live\gameclient.exe] => (Allow) C:\program files (x86)\perfect world entertainment\star trek online_en\star trek online\live\gameclient.exe
FirewallRules: [{247992BA-0D3D-4F66-8022-BCBDB2344E12}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{9D9E32BB-11EE-47F5-BE29-E95A424FDF29}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{9D1E4D7C-5647-476F-AB66-ED95ACD4B147}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B67A139A-0CAC-4790-AE45-9EE1F150AA1F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{33B79F94-3DC3-44BE-8C6B-9D92B9753265}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A138BF14-60A4-411D-B3EF-0686682919AC}] => (Allow) LPort=1900
FirewallRules: [{D7B5C841-1264-4E92-9244-3359506ACC47}] => (Allow) LPort=2869
FirewallRules: [{1AB94965-8F43-48F8-9679-146469AE3F09}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E7E82843-2F85-4737-9C0F-3F118311F3D5}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{0242743E-B76B-45D1-9DC6-C5E124EA37C7}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{833902F0-BF8F-47F4-917B-9B63A8828494}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{5355C3B8-C7F1-45DE-B0F9-5BAD90065443}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{95C657E8-453C-4263-BE48-F34A36F47DDE}C:\program files (x86)\perfect world entertainment\star trek online_en\star trek online\live\gameclient.exe] => (Allow) C:\program files (x86)\perfect world entertainment\star trek online_en\star trek online\live\gameclient.exe
FirewallRules: [UDP Query User{05B53FBC-3885-4B75-A97F-5C3E19411B1D}C:\program files (x86)\perfect world entertainment\star trek online_en\star trek online\live\gameclient.exe] => (Allow) C:\program files (x86)\perfect world entertainment\star trek online_en\star trek online\live\gameclient.exe
FirewallRules: [{7D6AE275-9682-42C0-9816-C085813B3595}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6DE21F2C-8A99-4571-91D1-1541D9F1F517}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E175C2F4-8ABF-45DE-8162-286209D31252}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CFB9B1B6-75B9-4B11-93BB-43080C67090A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{79C1886E-8819-4521-8BA8-0A5173968A12}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{76B54967-13F5-4D2E-AD4F-15B2AF5F86CA}C:\program files (x86)\perfect world entertainment\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\perfect world entertainment\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{6017E710-85FF-42AA-92F8-AFFB1EA48D9E}C:\program files (x86)\perfect world entertainment\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\perfect world entertainment\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [{928937EB-1DE6-4240-AAB7-28ACA7929772}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/17/2015 06:51:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19113844

Error: (08/17/2015 06:51:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19113844

Error: (08/17/2015 06:51:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/17/2015 03:14:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: sysmain.dll, version: 6.3.9600.17931, time stamp: 0x55a006b9
Exception code: 0xc000003f
Fault offset: 0x00000000000bf8a2
Faulting process id: 0x3f0
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3
Faulting package full name: svchost.exe_SysMain4
Faulting package-relative application ID: svchost.exe_SysMain5

Error: (08/17/2015 03:07:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sdiagnhost.exe, version: 6.3.9600.17415, time stamp: 0x545051e1
Faulting module name: clr.dll, version: 4.0.30319.34014, time stamp: 0x52e0b86c
Exception code: 0xc0000005
Fault offset: 0x000000000002e3b0
Faulting process id: 0x1d70
Faulting application start time: 0xsdiagnhost.exe0
Faulting application path: sdiagnhost.exe1
Faulting module path: sdiagnhost.exe2
Report Id: sdiagnhost.exe3
Faulting package full name: sdiagnhost.exe4
Faulting package-relative application ID: sdiagnhost.exe5

Error: (08/17/2015 03:07:17 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: sdiagnhost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the .NET Runtime at IP 00007FFCEEC7E3B0 (00007FFCEEC50000) with exit code 80131506.

Error: (08/16/2015 07:02:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CLAUD)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/16/2015 07:02:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CLAUD)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/16/2015 03:58:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: sysmain.dll, version: 6.3.9600.17931, time stamp: 0x55a006b9
Exception code: 0xc0000005
Fault offset: 0x0000000000012ab2
Faulting process id: 0x250
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3
Faulting package full name: svchost.exe_SysMain4
Faulting package-relative application ID: svchost.exe_SysMain5

Error: (08/16/2015 03:17:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: sysmain.dll, version: 6.3.9600.17931, time stamp: 0x55a006b9
Exception code: 0xc000003f
Fault offset: 0x00000000000bf8a2
Faulting process id: 0x1754
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3
Faulting package full name: svchost.exe_SysMain4
Faulting package-relative application ID: svchost.exe_SysMain5


System errors:
=============
Error: (08/17/2015 07:54:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (08/17/2015 07:14:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (08/17/2015 07:10:27 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (08/17/2015 07:09:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TMachInfo service terminated unexpectedly. It has done this 1 time(s).

Error: (08/17/2015 07:09:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/17/2015 07:09:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TOSHIBA HDD Accelerator Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/17/2015 07:09:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Norton PC Checkup Application Launcher service terminated unexpectedly. It has done this 1 time(s).

Error: (08/17/2015 07:09:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/17/2015 07:09:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/17/2015 07:09:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TOSHIBA eco Utility Service service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office:
=========================
Error: (08/17/2015 06:51:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19113844

Error: (08/17/2015 06:51:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19113844

Error: (08/17/2015 06:51:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/17/2015 03:14:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.3.9600.1741554504177sysmain.dll6.3.9600.1793155a006b9c000003f00000000000bf8a23f001d0d85e13193910C:\WINDOWS\system32\svchost.exec:\windows\system32\sysmain.dllaa027121-44af-11e5-bee0-008cfa617121

Error: (08/17/2015 03:07:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: sdiagnhost.exe6.3.9600.17415545051e1clr.dll4.0.30319.3401452e0b86cc0000005000000000002e3b01d7001d0d8bb59ce7036C:\WINDOWS\System32\sdiagnhost.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll98032834-44ae-11e5-bee0-008cfa617121

Error: (08/17/2015 03:07:17 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: sdiagnhost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the .NET Runtime at IP 00007FFCEEC7E3B0 (00007FFCEEC50000) with exit code 80131506.

Error: (08/16/2015 07:02:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CLAUD)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174

Error: (08/16/2015 07:02:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CLAUD)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174

Error: (08/16/2015 03:58:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.3.9600.1741554504177sysmain.dll6.3.9600.1793155a006b9c00000050000000000012ab225001d0d858fb3b8fa2C:\WINDOWS\system32\svchost.exec:\windows\system32\sysmain.dll23c9c417-4451-11e5-bee0-008cfa617121

Error: (08/16/2015 03:17:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.3.9600.1741554504177sysmain.dll6.3.9600.1793155a006b9c000003f00000000000bf8a2175401d0d6f7a6765346C:\WINDOWS\system32\svchost.exec:\windows\system32\sysmain.dll7332bba6-444b-11e5-bee0-008cfa617121


==================== Memory info ===========================

Processor: AMD E1-1200 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 23%
Total physical RAM: 7774.01 MB
Available physical RAM: 5981.01 MB
Total Virtual: 15710.26 MB
Available Virtual: 13865.59 MB

==================== Drives ================================

Drive c: (TI10657600C) (Fixed) (Total:584.56 GB) (Free:394.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of log ============================
kokuorei
Active Member
 
Posts: 11
Joined: August 10th, 2015, 8:04 pm

Re: Take the Coupon and More!

Unread postby Firefly » August 18th, 2015, 10:30 am

Great Job kokuorei. Lets move on:


Uninstall programs

A few of your programs are out of date, and both Skype and Chrome show signs that they have been corrupted. Since they are easily reinstalled, we are going to remove these for now and we can reinstall once we are done.

  • From the top or bottom right corner... a widget panel appears, select Settings.
  • Select, click Control Panel to open.
  • Depending on your current view setting ...
    • Double click on Programs and Features.
      or
    • Under Programs, click on Uninstall a program.
  • Locate the following program(s):
    Adobe Reader X
    Adobe Shockwave Player 12.1
    Google Chrome
    Java 8 Update 45
    McAfee Security Scan Plus
    Skype™ 7.6
  • Select the program and click on Uninstall to uninstall it.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
  • Repeat steps 4 - 5 for each program in the list. When finished... Close the Control Panel window.

You will need to use Internet Explorer for a little while until we can clean out the infection and reinstall Chrome.


FRST fix

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    CreateRestorePoint:
    () C:\Program Files (x86)\Responsive Feel\Responsive Feel.exe
    () C:\Program Files (x86)\Scant Nerve\Scant Nerve.exe
    Startup: C:\Users\Claud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ AD.lnk [2015-04-20]
    ShortcutTarget: AD.lnk -> C:\ProgramData\{03038c47-7473-8af3-0303-38c47747311d}\ AD.exe (No File)
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    CHR HKU\S-1-5-21-3048285104-2006604149-165245714-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-3048285104-2006604149-165245714-1001 -> DefaultScope {92544912-734A-4084-AB73-1C568654AB23} URL = 
    SearchScopes: HKU\S-1-5-21-3048285104-2006604149-165245714-1001 -> {92544912-734A-4084-AB73-1C568654AB23} URL = 
    FF Extension: Block The Ads - C:\Users\Claud\AppData\Roaming\Mozilla\Firefox\Profiles\fei3oldc.default\Extensions\adyfcwljxkuoeh_zh@clmjbhrcxlutsld.com [2015-08-09]
    2015-08-09 21:12 - 2015-08-17 19:49 - 00000000 ____D C:\Program Files (x86)\FreshStart Cross Browser Session Manager
    2015-08-17 19:49 - 2015-06-06 18:54 - 00000000 ____D C:\Program Files (x86)\Craigslist
    2015-08-16 09:10 - 2015-05-23 21:51 - 00000024 _____ C:\Users\Claud\AppData\Roaming\appdataFr25.bin
    2015-08-11 05:00 - 2015-04-29 19:45 - 00000079 _____ C:\Program Files (x86)\prefs.js
    2015-07-18 16:32 - 2015-02-28 16:07 - 00000000 ____D C:\ProgramData\Skype
    Task: {9B5AE1DB-7C55-4F31-B47B-96C6AAFEC395} - System32\Tasks\{268EC9A0-9065-41A0-9F5B-42C4140A4B7E} => Chrome.exe http://ui.skype.com/ui/0/7.1.0.105/en/a ... age=tsBing 
    Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task.job => C:\ProgramData\{03038c47-7473-8af3-0303-38c47747311d}\ AD.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\ShadowOptimizer.job => c:\programdata\{f34f0cd2-d6b6-5bd8-f34f-f0cd2d6b334b}\5907901995387593853b.exe <==== ATTENTION
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-03-03]
    FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
    C:\Program Files (x86)\PragmaInstance
    folder: C:\ProgramData\kglgcfnbkhgdnpdhkelddjehdhicddpk
    folder: C:\ProgramData\lghldfnhhcodhcdihlokeohgjpbcjelk
    folder: C:\Program Files (x86)\Responsive Feel
    folder: C:\Program Files (x86)\Scant Nerve
    
  • Save it next to FRST.exe as filename fixlist.txt
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.


SHOW ALL FILES

Next, we need to make sure we can find all of the files we will be dealing with. Please do the following:

1. Open Folder Options in Control Panel.
• Click Start, and then click Control Panel.
• Click Appearance and Themes, and then click Folder Options.
2. On the View tab, under Hidden files and folders, click Show hidden files and folders. Also, please clear the Hide file extensions for known file types check box.


File Scans

There are some files that I have not been able to find any information on in your logs. Therefore, I need to have the uploaded to be analyzed. We will use an online multi-antivirus scanner. Please go to Virus Total and upload -only one file per scan- the following file(s) for scanning:

C:\Program Files (x86)\Responsive Feel\Responsive Feel.exe
C:\Program Files (x86)\Scant Nerve\Scant Nerve.exe
C:\Users\Claud\AppData\Local\Temp\AA37.exe

Using Virus Total
  1. Press the Browse button and navigate to -one- of the files in the list.
  2. Double click the located file name... The file name should now appear in the online scanner's text entry box.
  3. Click on Send File...button.
  4. The file will be queued, uploaded and scanned by various antivirus scanners..this may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse file now button, so your file will be scanned.
  5. When each scan is completed... the results page is displayed
  6. Please highlight and copy the page web address link from your browser window.
    Example of web address :
    Image
  7. Please repeat this procedure for each file listed above.
  8. Paste the Web address link(s) for the scan results in your next reply.


No Anti-virus

You currently do not have an active real-time anti-virus installed. This needs to be installed, otherwise you will probably get reinfected while we are fixing your computer and we will never get ahead. For our purposes now, I am going to recommend two that are free. Choose only one - do not install both!!!

Once we are done, you are welcome to do research and select an AV that will suit your needs into the future.

Avast free can be downloaded and installed from here: http://download.cnet.com/Avast-Free-Ant ... tag=button

Microsoft Security Essentials can be downloaded and installed from here: http://windows.microsoft.com/en-us/wind ... s-download

This may take some time, and you may need to reboot. Please allow all prompts including updates.


Next Steps

1. Confirm program removals
2. Confirm AV install
3. Post fixlog.txt
4. Post links for the scanned files.

Questions -

1. There was a folder which did not get deleted by AdwCleaner but was indicated as being malware. Did you purposfully select to not remove: C:\Users\Claud\Favorites\StumbleUpon?
2. You have a program installed called CODEC pack. Did you install this intentionally?
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm

Re: Take the Coupon and More!

Unread postby kokuorei » August 19th, 2015, 7:12 pm

Answer to your question: No, I did not. At least, not intentionally.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-08-2015
Ran by Claud (administrator) on CLAUD (19-08-2015 18:31:55)
Running from C:\Users\Claud\Desktop
Loaded Profiles: Claud (Available Profiles: Claud & Administrator)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
() C:\Program Files (x86)\Responsive Feel\Responsive Feel.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Scant Nerve\Scant Nerve.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\HDD Accelerator\THAccelSvc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-26] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [Arc] => C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe [416080 2015-07-31] (Perfect World Entertainment)
HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\WINDOWS\SysWOW64\C2MP\CodecUACManager.exe [60416 2015-03-05] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [USB Optical Mouse] => C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe [245248 2010-03-30] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKU\S-1-5-21-3048285104-2006604149-165245714-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3048285104-2006604149-165245714-1001\...\Run: [Codec Pack Update Checker] => "C:\WINDOWS\system32\C2MP\UpdateChecker.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2015-03-15]
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\C2MP\TrayMenu.exe ()
Startup: C:\Users\Claud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ AD.lnk [2015-04-20]
ShortcutTarget: AD.lnk -> C:\ProgramData\{03038c47-7473-8af3-0303-38c47747311d}\ AD.exe (No File)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
CHR HKU\S-1-5-21-3048285104-2006604149-165245714-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-3048285104-2006604149-165245714-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-3048285104-2006604149-165245714-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
SearchScopes: HKU\S-1-5-21-3048285104-2006604149-165245714-1001 -> DefaultScope {92544912-734A-4084-AB73-1C568654AB23} URL =
SearchScopes: HKU\S-1-5-21-3048285104-2006604149-165245714-1001 -> {92544912-734A-4084-AB73-1C568654AB23} URL =
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{27A498BD-2781-454C-92A6-FEF977857437}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Claud\AppData\Roaming\Mozilla\Firefox\Profiles\fei3oldc.default
FF DefaultSearchEngine.US: Google
FF Homepage: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-06] ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\npArcPluginFF.dll [2015-07-31] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-14] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Plugin HKU\S-1-5-21-3048285104-2006604149-165245714-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Claud\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-05-11] (Unity Technologies ApS)
FF Extension: Block The Ads - C:\Users\Claud\AppData\Roaming\Mozilla\Firefox\Profiles\fei3oldc.default\Extensions\adyfcwljxkuoeh_zh@clmjbhrcxlutsld.com [2015-08-09]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2015-07-31] (Perfect World Entertainment Inc)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe [123320 2012-07-23] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe [126392 2012-07-23] (Symantec Corporation)
R2 Responsive Feel; C:\Program Files (x86)\Responsive Feel\Responsive Feel.exe [8016288 2015-07-07] () [File not signed] <==== ATTENTION
R2 Scant Nerve; C:\Program Files (x86)\Scant Nerve\Scant Nerve.exe [8016353 2015-07-22] () [File not signed] <==== ATTENTION
R2 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214488 2012-08-10] (TOSHIBA CORPORATION)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S5 3ware; C:\Windows\System32\drivers\3ware.sys [108896 2013-08-22] (LSI)
R5 ACPI; C:\Windows\System32\drivers\ACPI.sys [533824 2014-11-21] (Microsoft Corporation)
R5 acpiex; C:\Windows\System32\Drivers\acpiex.sys [79712 2013-08-22] (Microsoft Corporation)
S5 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S5 agp440; C:\Windows\System32\drivers\agp440.sys [62304 2013-08-22] (Microsoft Corporation)
S5 amdsata; C:\Windows\System32\drivers\amdsata.sys [79200 2013-08-22] (Advanced Micro Devices)
S5 amdsbs; C:\Windows\System32\drivers\amdsbs.sys [259424 2013-08-22] (AMD Technologies Inc.)
S5 amdxata; C:\Windows\System32\drivers\amdxata.sys [25952 2013-08-22] (Advanced Micro Devices)
S5 arcsas; C:\Windows\System32\drivers\arcsas.sys [114016 2013-08-22] (PMC-Sierra, Inc.)
S5 atapi; C:\Windows\System32\drivers\atapi.sys [26464 2013-08-22] (Microsoft Corporation)
S5 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [531296 2013-08-22] (Broadcom Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R5 CLFS; C:\Windows\System32\drivers\CLFS.sys [377152 2015-03-04] (Microsoft Corporation)
R5 CNG; C:\Windows\System32\Drivers\cng.sys [561928 2015-03-30] (Microsoft Corporation)
R5 disk; C:\Windows\System32\drivers\disk.sys [100192 2013-08-22] (Microsoft Corporation)
S5 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R5 EhStorClass; C:\Windows\System32\drivers\EhStorClass.sys [82784 2013-08-22] (Microsoft Corporation)
S5 EhStorTcgDrv; C:\Windows\System32\drivers\EhStorTcgDrv.sys [114016 2013-08-22] (Microsoft Corporation)
R5 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [79192 2014-11-21] (Microsoft Corporation)
R5 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [354112 2014-11-21] (Microsoft Corporation)
U5 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [30048 2013-08-22] (Microsoft Corporation)
R5 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [589656 2014-11-21] (Microsoft Corporation)
S5 gagp30kx; C:\Windows\System32\drivers\gagp30kx.sys [65888 2013-08-22] (Microsoft Corporation)
S3 ghsandroid; C:\Windows\System32\Drivers\ghsandroid.sys [38424 2011-03-30] (Google Inc)
S5 HpSAMD; C:\Windows\System32\drivers\HpSAMD.sys [64352 2013-08-22] (Hewlett-Packard Company)
S5 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [24416 2013-08-22] (Microsoft Corporation)
S5 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
S5 iaStorV; C:\Windows\System32\drivers\iaStorV.sys [412000 2013-08-22] (Intel Corporation)
S5 intelide; C:\Windows\System32\drivers\intelide.sys [18272 2013-08-22] (Microsoft Corporation)
R5 intelpep; C:\Windows\System32\drivers\intelpep.sys [39744 2014-11-21] (Microsoft Corporation)
S5 isapnp; C:\Windows\System32\drivers\isapnp.sys [21856 2013-08-22] (Microsoft Corporation)
R5 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [100672 2014-11-21] (Microsoft Corporation)
R5 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [178008 2015-06-28] (Microsoft Corporation)
S5 LSI_SAS; C:\Windows\System32\drivers\lsi_sas.sys [109408 2013-08-22] (LSI Corporation)
S5 LSI_SAS2; C:\Windows\System32\drivers\lsi_sas2.sys [93536 2013-08-22] (LSI Corporation)
S5 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
S5 LSI_SSS; C:\Windows\System32\drivers\lsi_sss.sys [82784 2013-08-22] (LSI Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
S5 megasas; C:\Windows\System32\drivers\megasas.sys [56672 2013-08-22] (LSI Corporation)
S5 megasr; C:\Windows\System32\drivers\megasr.sys [575840 2013-08-22] (LSI Corporation, Inc.)
R5 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [101720 2015-07-15] (Microsoft Corporation)
R5 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [17248 2013-08-22] (Microsoft Corporation)
R5 Mup; C:\Windows\System32\Drivers\mup.sys [78688 2013-08-22] (Microsoft Corporation)
S5 mvumis; C:\Windows\System32\drivers\mvumis.sys [63840 2013-08-22] (Marvell Semiconductor, Inc.)
R5 NDIS; C:\Windows\System32\drivers\ndis.sys [1113944 2015-07-14] (Microsoft Corporation)
R3 NMgamingmsFltr; C:\Windows\system32\drivers\NMgamingms.sys [11648 2014-02-27] (LXD Development, Inc.)
S5 nvraid; C:\Windows\System32\drivers\nvraid.sys [150368 2013-08-22] (NVIDIA Corporation)
S5 nvstor; C:\Windows\System32\drivers\nvstor.sys [168288 2013-08-22] (NVIDIA Corporation)
S5 nv_agp; C:\Windows\System32\drivers\nv_agp.sys [124768 2013-08-22] (Microsoft Corporation)
R5 partmgr; C:\Windows\System32\drivers\partmgr.sys [88896 2014-11-21] (Microsoft Corporation)
R5 pci; C:\Windows\System32\drivers\pci.sys [280384 2014-11-21] (Microsoft Corporation)
S5 pciide; C:\Windows\System32\drivers\pciide.sys [14688 2013-08-22] (Microsoft Corporation)
S5 pcmcia; C:\Windows\System32\drivers\pcmcia.sys [114528 2013-08-22] (Microsoft Corporation)
R5 pcw; C:\Windows\System32\drivers\pcw.sys [50016 2013-08-22] (Microsoft Corporation)
R5 pdc; C:\Windows\System32\drivers\pdc.sys [86336 2014-11-21] (Microsoft Corporation)
R5 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [249688 2014-11-21] (Microsoft Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
S5 sbp2port; C:\Windows\System32\drivers\sbp2port.sys [107872 2013-08-22] (Microsoft Corporation)
S5 SiSRaid2; C:\Windows\System32\drivers\SiSRaid2.sys [44896 2013-08-22] (Silicon Integrated Systems Corp.)
S5 SiSRaid4; C:\Windows\System32\drivers\sisraid4.sys [81760 2013-08-22] (Silicon Integrated Systems)
R5 spaceport; C:\Windows\System32\drivers\spaceport.sys [415040 2014-11-21] (Microsoft Corporation)
S5 stexstor; C:\Windows\System32\drivers\stexstor.sys [31072 2013-08-22] (Promise Technology, Inc.)
R5 storahci; C:\Windows\System32\drivers\storahci.sys [107872 2013-08-22] (Microsoft Corporation)
S5 storflt; C:\Windows\System32\drivers\vmstorfl.sys [49944 2014-11-21] (Microsoft Corporation)
S5 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2014-11-21] (Microsoft Corporation)
S5 storvsc; C:\Windows\System32\drivers\storvsc.sys [45888 2013-08-22] (Microsoft Corporation)
R5 Tcpip; C:\Windows\System32\drivers\tcpip.sys [2476376 2015-06-11] (Microsoft Corporation)
R5 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [131520 2012-08-10] (TOSHIBA CORPORATION)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
R5 tos_sps64; C:\Windows\System32\drivers\tos_sps64.sys [499096 2012-06-18] (TOSHIBA Corporation)
R5 TVALZ; C:\Windows\System32\drivers\TVALZ_O.SYS [32832 2012-07-25] (TOSHIBA Corporation)
S5 uagp35; C:\Windows\System32\drivers\uagp35.sys [64864 2013-08-22] (Microsoft Corporation)
S5 uliagpkx; C:\Windows\System32\drivers\uliagpkx.sys [65888 2013-08-22] (Microsoft Corporation)
R5 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [37728 2013-08-22] (Microsoft Corporation)
S5 viaide; C:\Windows\System32\drivers\viaide.sys [19808 2013-08-22] (VIA Technologies, Inc.)
S5 vmbus; C:\Windows\System32\drivers\vmbus.sys [97048 2014-11-21] (Microsoft Corporation)
R5 volmgr; C:\Windows\System32\drivers\volmgr.sys [73568 2013-08-22] (Microsoft Corporation)
R5 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [377696 2013-08-22] (Microsoft Corporation)
R5 volsnap; C:\Windows\System32\drivers\volsnap.sys [310080 2014-11-21] (Microsoft Corporation)
S5 vsmraid; C:\Windows\System32\drivers\vsmraid.sys [168800 2013-08-22] (VIA Technologies Inc.,Ltd)
S5 VSTXRAID; C:\Windows\System32\drivers\vstxraid.sys [305504 2013-08-22] (VIA Corporation)
R5 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [839488 2013-08-22] (Microsoft Corporation)
R5 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R5 WFPLWFS; C:\Windows\System32\DRIVERS\wfplwfs.sys [136512 2014-11-21] (Microsoft Corporation)
R5 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-11-21] (Microsoft Corporation)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-19 18:30 - 2015-08-19 18:30 - 00002879 _____ C:\Users\Claud\Desktop\fixlist.txt
2015-08-17 20:02 - 2015-08-17 20:03 - 00030922 _____ C:\Users\Claud\Desktop\Addition.txt
2015-08-17 20:00 - 2015-08-19 18:31 - 00020433 _____ C:\Users\Claud\Desktop\FRST.txt
2015-08-17 20:00 - 2015-08-19 18:31 - 00000000 ____D C:\Users\Claud\Desktop\FRST-OlderVersion
2015-08-17 19:21 - 2015-08-17 19:52 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-17 19:21 - 2015-08-17 19:21 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-17 19:21 - 2015-08-17 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-17 19:21 - 2015-08-17 19:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-17 19:21 - 2015-08-17 19:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-17 19:21 - 2015-04-14 09:47 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-08-17 19:21 - 2015-04-14 09:46 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-17 19:21 - 2015-04-14 09:46 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-17 19:14 - 2015-08-17 19:20 - 21547816 _____ (Malwarebytes Corporation ) C:\Users\Claud\Downloads\mbam-setup.exe
2015-08-17 19:13 - 2015-08-17 19:13 - 00013770 _____ C:\Users\Claud\Desktop\AdwCleaner[C1].txt
2015-08-17 19:09 - 2015-08-17 19:10 - 00013770 _____ C:\AdwCleaner[C1].txt
2015-08-17 19:07 - 2015-08-17 19:09 - 00021476 _____ C:\AdwCleaner[S1].txt
2015-08-17 19:07 - 2015-08-17 19:09 - 00000000 ____D C:\AdwCleaner
2015-08-17 19:04 - 2015-08-17 19:04 - 01573888 _____ C:\Users\Claud\Desktop\adwcleaner_5.001.exe
2015-08-17 07:16 - 2015-08-17 07:16 - 00280040 _____ C:\WINDOWS\Minidump\081715-51906-01.dmp
2015-08-16 09:30 - 2015-08-16 09:30 - 09284296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-08-14 20:02 - 2015-07-05 06:08 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-08-14 00:59 - 2015-08-14 01:00 - 00279984 _____ C:\WINDOWS\Minidump\081415-36343-01.dmp
2015-08-13 19:38 - 2015-08-13 19:38 - 00000000 ____D C:\ProgramData\kglgcfnbkhgdnpdhkelddjehdhicddpk
2015-08-13 19:37 - 2015-08-13 19:37 - 00000000 ____D C:\ProgramData\lghldfnhhcodhcdihlokeohgjpbcjelk
2015-08-12 19:31 - 2015-08-12 19:32 - 00008443 _____ C:\Users\Claud\Documents\Uninstall STAR WARS The Old Republic.log
2015-08-11 22:51 - 2015-07-30 10:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 22:51 - 2015-07-30 09:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 21:57 - 2015-07-16 17:14 - 25192448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-11 21:57 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-11 21:57 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-11 21:57 - 2015-07-16 16:20 - 19870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-11 21:57 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-11 21:57 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-11 21:57 - 2015-07-16 15:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-11 21:57 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-11 21:57 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-11 21:57 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-11 21:57 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-11 21:57 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-11 21:56 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-08-11 21:56 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-11 21:56 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-11 21:56 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-08-11 21:56 - 2015-07-16 15:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-11 21:56 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-11 21:56 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-11 21:56 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-11 21:56 - 2015-07-16 15:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-08-11 21:56 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-11 21:56 - 2015-07-16 15:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-08-11 21:56 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-08-11 21:56 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-08-11 21:56 - 2015-07-16 15:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-11 21:56 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-11 21:56 - 2015-07-16 14:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-11 21:56 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-08-11 21:56 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-11 21:56 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-11 21:54 - 2015-07-18 21:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-11 21:54 - 2015-07-18 14:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-11 21:54 - 2015-07-18 14:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-11 21:54 - 2015-07-18 14:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-11 21:54 - 2015-07-18 14:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-11 21:54 - 2015-07-18 14:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-11 21:54 - 2015-07-18 14:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-11 21:54 - 2015-07-18 14:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-11 21:54 - 2015-07-18 14:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-11 21:54 - 2015-07-18 14:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-11 21:54 - 2015-07-18 14:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-11 21:54 - 2015-07-18 14:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-11 21:53 - 2015-07-29 10:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-11 21:53 - 2015-07-29 10:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-11 21:53 - 2015-07-29 10:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-11 21:53 - 2015-07-24 14:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-08-11 21:53 - 2015-07-24 14:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-11 21:53 - 2015-07-24 14:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-11 21:53 - 2015-07-24 13:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-11 21:53 - 2015-07-24 13:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-11 21:53 - 2015-06-09 14:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-11 21:50 - 2015-07-15 20:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-11 21:50 - 2015-07-15 20:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-11 21:50 - 2015-07-15 20:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-11 21:50 - 2015-07-15 20:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-11 21:50 - 2015-07-10 13:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-11 21:49 - 2015-06-12 13:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-11 21:49 - 2015-06-12 12:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-11 21:48 - 2015-07-28 19:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-08-11 21:48 - 2015-07-28 10:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-08-11 21:48 - 2015-07-28 10:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-08-11 21:48 - 2015-07-28 10:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-08-11 21:48 - 2015-07-28 10:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-08-11 21:48 - 2015-07-28 10:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-08-11 21:48 - 2015-07-28 10:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-11 21:48 - 2015-07-07 05:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-11 21:48 - 2015-07-07 05:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-11 21:48 - 2015-07-07 05:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-11 21:48 - 2015-07-01 18:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-11 21:48 - 2015-07-01 18:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-11 21:48 - 2015-07-01 17:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-11 21:48 - 2015-07-01 17:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-11 21:42 - 2015-07-14 17:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-11 21:42 - 2015-07-14 17:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-08-11 21:42 - 2015-07-14 17:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-08-11 21:42 - 2015-07-13 15:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-11 21:42 - 2015-07-13 15:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-11 21:42 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-11 21:42 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-11 21:42 - 2015-07-09 12:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-11 21:41 - 2015-07-13 23:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-08-11 21:41 - 2015-07-13 23:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-08-11 21:41 - 2015-07-10 14:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-11 21:41 - 2015-07-10 13:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-08-11 21:41 - 2015-07-10 13:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-11 21:41 - 2015-07-10 13:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-11 21:41 - 2015-07-10 12:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-08-11 21:41 - 2015-07-10 12:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-11 21:41 - 2015-06-11 16:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-08-11 21:41 - 2015-06-11 16:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-08-11 21:41 - 2015-05-11 20:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-08-10 20:28 - 2015-08-10 20:29 - 00036078 _____ C:\Users\Claud\Downloads\Addition.txt
2015-08-10 20:22 - 2015-08-19 18:31 - 00000000 ____D C:\FRST
2015-08-10 20:21 - 2015-08-19 18:31 - 02173952 _____ (Farbar) C:\Users\Claud\Desktop\FRST64.exe
2015-08-10 20:11 - 2015-08-10 20:11 - 00688992 _____ (Swearware) C:\Users\Claud\Downloads\dds (1).scr
2015-08-10 20:11 - 2015-08-10 20:11 - 00000126 _____ C:\Users\Claud\Desktop\download.htm
2015-08-10 20:09 - 2015-08-10 20:10 - 00688992 _____ (Swearware) C:\Users\Claud\Downloads\dds.scr
2015-08-09 21:12 - 2015-08-17 19:49 - 00000000 ____D C:\Program Files (x86)\FreshStart Cross Browser Session Manager
2015-08-09 00:44 - 2015-08-09 00:44 - 01032744 _____ C:\WINDOWS\Minidump\080915-38671-01.dmp
2015-08-04 11:12 - 2015-08-04 11:13 - 00279984 _____ C:\WINDOWS\Minidump\080415-34406-01.dmp
2015-08-01 22:32 - 2015-08-01 22:32 - 00280040 _____ C:\WINDOWS\Minidump\080115-46875-01.dmp
2015-07-30 18:53 - 2015-07-30 18:56 - 32694320 _____ (Fitbit Inc.) C:\Users\Claud\Downloads\FitbitConnect_Win_20150619_2.0.0.6598.exe
2015-07-24 07:41 - 2015-07-24 07:41 - 00279984 _____ C:\WINDOWS\Minidump\072415-38015-01.dmp
2015-07-22 09:02 - 2015-07-22 09:02 - 00000000 ____D C:\Program Files (x86)\Scant Nerve
2015-07-20 07:28 - 2015-07-20 07:28 - 00000000 ____D C:\Users\Claud\AppData\Local\SWTORPerf
2015-07-20 07:20 - 2015-07-20 07:20 - 00000000 ____D C:\Users\hedev
2015-07-20 07:11 - 2015-07-20 07:11 - 00931408 _____ (Google Inc.) C:\Users\Claud\Downloads\ChromeSetup (1).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-19 18:31 - 2015-02-28 17:58 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3048285104-2006604149-165245714-1001
2015-08-19 18:30 - 2015-07-14 19:36 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-19 18:28 - 2015-03-27 15:06 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-19 18:27 - 2015-02-28 15:11 - 00000000 ____D C:\Users\Claud\AppData\Local\Google
2015-08-19 18:27 - 2015-02-28 15:11 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-19 18:25 - 2015-02-28 16:08 - 00000000 ____D C:\Users\Claud\AppData\Roaming\Skype
2015-08-19 18:25 - 2015-02-28 16:07 - 00000000 ____D C:\ProgramData\Skype
2015-08-19 18:02 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-19 17:43 - 2015-03-14 12:59 - 01739627 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-19 17:32 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-19 07:36 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-18 19:26 - 2015-05-23 21:51 - 00000024 _____ C:\Users\Claud\AppData\Roaming\appdataFr25.bin
2015-08-17 19:56 - 2014-11-21 04:44 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-17 19:53 - 2015-03-14 13:46 - 00000000 ___RD C:\Users\Claud\OneDrive
2015-08-17 19:51 - 2014-11-21 04:34 - 00886100 _____ C:\WINDOWS\PFRO.log
2015-08-17 19:51 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppCompat
2015-08-17 19:51 - 2013-08-22 10:46 - 00348293 _____ C:\WINDOWS\setupact.log
2015-08-17 19:51 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-17 19:49 - 2015-06-06 18:54 - 00000000 ____D C:\Program Files (x86)\Craigslist
2015-08-17 19:10 - 2015-06-02 19:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-17 19:10 - 2015-03-14 13:12 - 00000000 ____D C:\Users\Claud
2015-08-17 19:10 - 2013-08-22 09:25 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2015-08-17 07:16 - 2015-03-14 12:57 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-17 07:15 - 2015-03-14 12:56 - 932197677 _____ C:\WINDOWS\MEMORY.DMP
2015-08-16 16:54 - 2015-03-14 16:54 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-16 16:27 - 2015-07-10 09:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-16 09:30 - 2015-07-14 19:36 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-14 07:33 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-08-13 19:12 - 2013-11-20 10:22 - 00837632 ___SH C:\Users\Claud\Desktop\Thumbs.db
2015-08-13 19:11 - 2013-08-22 10:44 - 00362544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-13 07:35 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-13 07:35 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-13 07:35 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-13 07:35 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-13 07:34 - 2015-03-16 12:20 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-13 07:34 - 2014-11-21 11:56 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-08-12 20:52 - 2015-03-03 15:28 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-12 20:36 - 2015-03-03 15:27 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-12 19:33 - 2015-02-28 21:27 - 00000000 ____D C:\ProgramData\Yahoo!
2015-08-12 19:33 - 2015-02-28 16:36 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-08-12 19:31 - 2013-10-10 16:05 - 00000000 ____D C:\Games
2015-08-12 19:22 - 2014-01-29 09:34 - 00000000 ____D C:\Users\Claud\Downloads\New folder
2015-08-11 22:52 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-11 22:48 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-11 22:48 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-11 05:00 - 2015-04-29 19:45 - 00000079 _____ C:\Program Files (x86)\prefs.js
2015-08-08 09:55 - 2014-11-21 12:03 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-08 09:55 - 2014-11-21 12:03 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-07 20:02 - 2015-02-28 15:20 - 00000000 ____D C:\Users\Claud\AppData\Local\CrashDumps
2015-08-05 19:21 - 2015-02-20 11:30 - 00000000 ____D C:\Users\Claud\AppData\Local\Packages
2015-08-05 14:32 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-08-02 10:05 - 2012-11-15 01:29 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-07-25 21:18 - 2015-02-11 12:18 - 00000000 ____D C:\Users\Claud\Desktop\RP
2015-07-25 17:40 - 2015-05-13 21:29 - 00003914 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D5DE5A82-040D-47C4-9DE5-DC979221DCAE}
2015-07-25 05:39 - 2015-04-04 00:15 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-20 07:21 - 2013-08-31 18:13 - 00015084 _____ C:\Users\Claud\Documents\Install STAR WARS The Old Republic.log

==================== Files in the root of some directories =======

2015-04-29 19:45 - 2015-08-11 05:00 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-05-23 21:51 - 2015-08-18 19:26 - 0000024 _____ () C:\Users\Claud\AppData\Roaming\appdataFr25.bin
2015-04-25 14:45 - 2015-05-19 19:42 - 0000020 _____ () C:\Users\Claud\AppData\Roaming\appdataFr3.bin
2015-04-30 18:12 - 2015-04-30 18:13 - 0000802 _____ () C:\Users\Claud\AppData\Local\Temp-log.txt

Some files in TEMP:
====================
C:\Users\Claud\AppData\Local\Temp\3200.exe
C:\Users\Claud\AppData\Local\Temp\5907901995387593853b.exe
C:\Users\Claud\AppData\Local\Temp\AA37.exe
C:\Users\Claud\AppData\Local\Temp\amd-catalyst-omega-14.12-without-dotnet45-win8.1-64bit.exe
C:\Users\Claud\AppData\Local\Temp\APNSetup.exe
C:\Users\Claud\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\Claud\AppData\Local\Temp\BRSVC_326897562_hlp.exe
C:\Users\Claud\AppData\Local\Temp\C3E9.exe
C:\Users\Claud\AppData\Local\Temp\ntwdblib.dll
C:\Users\Claud\AppData\Local\Temp\raptrpatch.exe
C:\Users\Claud\AppData\Local\Temp\raptr_stub.exe
C:\Users\Claud\AppData\Local\Temp\setacl.exe
C:\Users\Claud\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-17 22:34

==================== End of log ============================

https://www.virustotal.com/en/file/9b31 ... 440024527/
https://www.virustotal.com/en/file/af2f ... 440024854/
https://www.virustotal.com/en/file/af2f ... 440025837/


Installing the Anti-virus now. In case I have to restart, I didn't want to loose this file and have to redo all of this.
kokuorei
Active Member
 
Posts: 11
Joined: August 10th, 2015, 8:04 pm

Re: Take the Coupon and More!

Unread postby Firefly » August 19th, 2015, 7:15 pm

You did a FRST scan. I needed you to press the "Fix" button. If this reaches you in time, please do this before the AV. If not, its not a big deal, just preferred.
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm

Re: Take the Coupon and More!

Unread postby kokuorei » August 19th, 2015, 9:31 pm

Fix result of Farbar Recovery Scan Tool (x64) Version:20-08-2015
Ran by Claud (2015-08-19 21:27:52) Run:1
Running from C:\Users\Claud\Desktop
Loaded Profiles: Claud (Available Profiles: Claud & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
() C:\Program Files (x86)\Responsive Feel\Responsive Feel.exe
() C:\Program Files (x86)\Scant Nerve\Scant Nerve.exe
Startup: C:\Users\Claud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ AD.lnk [2015-04-20]
ShortcutTarget: AD.lnk -> C:\ProgramData\{03038c47-7473-8af3-0303-38c47747311d}\ AD.exe (No File)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
CHR HKU\S-1-5-21-3048285104-2006604149-165245714-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3048285104-2006604149-165245714-1001 -> DefaultScope {92544912-734A-4084-AB73-1C568654AB23} URL =
SearchScopes: HKU\S-1-5-21-3048285104-2006604149-165245714-1001 -> {92544912-734A-4084-AB73-1C568654AB23} URL =
FF Extension: Block The Ads - C:\Users\Claud\AppData\Roaming\Mozilla\Firefox\Profiles\fei3oldc.default\Extensions\adyfcwljxkuoeh_zh@clmjbhrcxlutsld.com [2015-08-09]
2015-08-09 21:12 - 2015-08-17 19:49 - 00000000 ____D C:\Program Files (x86)\FreshStart Cross Browser Session Manager
2015-08-17 19:49 - 2015-06-06 18:54 - 00000000 ____D C:\Program Files (x86)\Craigslist
2015-08-16 09:10 - 2015-05-23 21:51 - 00000024 _____ C:\Users\Claud\AppData\Roaming\appdataFr25.bin
2015-08-11 05:00 - 2015-04-29 19:45 - 00000079 _____ C:\Program Files (x86)\prefs.js
2015-07-18 16:32 - 2015-02-28 16:07 - 00000000 ____D C:\ProgramData\Skype
Task: {9B5AE1DB-7C55-4F31-B47B-96C6AAFEC395} - System32\Tasks\{268EC9A0-9065-41A0-9F5B-42C4140A4B7E} => Chrome.exe http://ui.skype.com/ui/0/7.1.0.105/en/a ... age=tsBing
Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task.job => C:\ProgramData\{03038c47-7473-8af3-0303-38c47747311d}\ AD.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ShadowOptimizer.job => c:\programdata\{f34f0cd2-d6b6-5bd8-f34f-f0cd2d6b334b}\5907901995387593853b.exe <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-03-03]
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
C:\Program Files (x86)\PragmaInstance
folder: C:\ProgramData\kglgcfnbkhgdnpdhkelddjehdhicddpk
folder: C:\ProgramData\lghldfnhhcodhcdihlokeohgjpbcjelk
folder: C:\Program Files (x86)\Responsive Feel
folder: C:\Program Files (x86)\Scant Nerve
*****************

Restore point was successfully created.
[1996] C:\Program Files (x86)\Responsive Feel\Responsive Feel.exe => process closed successfully.
[2376] C:\Program Files (x86)\Scant Nerve\Scant Nerve.exe => process closed successfully.
C:\Users\Claud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ AD.lnk => moved successfully
C:\ProgramData\{03038c47-7473-8af3-0303-38c47747311d}\ AD.exe not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKU\S-1-5-21-3048285104-2006604149-165245714-1001\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-3048285104-2006604149-165245714-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3048285104-2006604149-165245714-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{92544912-734A-4084-AB73-1C568654AB23}" => key removed successfully
HKCR\CLSID\{92544912-734A-4084-AB73-1C568654AB23} => key not found.
C:\Users\Claud\AppData\Roaming\Mozilla\Firefox\Profiles\fei3oldc.default\Extensions\adyfcwljxkuoeh_zh@clmjbhrcxlutsld.com => moved successfully
C:\Users\Claud\AppData\Roaming\Mozilla\Firefox\Profiles\fei3oldc.default\Extensions\adyfcwljxkuoeh_zh@clmjbhrcxlutsld.com => path removed successfully"C:\Program Files (x86)\FreshStart Cross Browser Session Manager" => File/Folder not found.
C:\Program Files (x86)\Craigslist => moved successfully
C:\Users\Claud\AppData\Roaming\appdataFr25.bin => moved successfully
C:\Program Files (x86)\prefs.js => moved successfully
C:\ProgramData\Skype => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B5AE1DB-7C55-4F31-B47B-96C6AAFEC395}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B5AE1DB-7C55-4F31-B47B-96C6AAFEC395}" => key removed successfully
C:\WINDOWS\System32\Tasks\{268EC9A0-9065-41A0-9F5B-42C4140A4B7E} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{268EC9A0-9065-41A0-9F5B-42C4140A4B7E}" => key removed successfully
C:\WINDOWS\Tasks\Bidaily Synchronize Task.job => moved successfully
C:\WINDOWS\Tasks\ShadowOptimizer.job => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk not found.
C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found.
"C:\Program Files (x86)\PragmaInstance" => File/Folder not found.

========================= folder: C:\ProgramData\kglgcfnbkhgdnpdhkelddjehdhicddpk ========================

2015-08-13 19:38 - 2015-08-13 19:38 - 0000110 _____ () C:\ProgramData\kglgcfnbkhgdnpdhkelddjehdhicddpk\background.html
2015-08-13 19:38 - 2015-08-13 19:38 - 0037832 _____ () C:\ProgramData\kglgcfnbkhgdnpdhkelddjehdhicddpk\gcX.js
2015-08-13 19:38 - 2015-08-13 19:38 - 0000829 _____ () C:\ProgramData\kglgcfnbkhgdnpdhkelddjehdhicddpk\manifest.json
2015-08-13 19:38 - 2015-08-13 19:38 - 0000927 _____ () C:\ProgramData\kglgcfnbkhgdnpdhkelddjehdhicddpk\O8X9BbUn.js
2015-08-13 19:38 - 2015-08-13 19:38 - 0000854 _____ () C:\ProgramData\kglgcfnbkhgdnpdhkelddjehdhicddpk\scqGmDhl.js

====== End of Folder: ======


========================= folder: C:\ProgramData\lghldfnhhcodhcdihlokeohgjpbcjelk ========================

2015-08-13 19:37 - 2015-08-13 19:37 - 0000115 _____ () C:\ProgramData\lghldfnhhcodhcdihlokeohgjpbcjelk\background.html
2015-08-13 19:37 - 2015-08-13 19:37 - 0038243 _____ () C:\ProgramData\lghldfnhhcodhcdihlokeohgjpbcjelk\KHUfMFcg.js
2015-08-13 19:37 - 2015-08-13 19:37 - 0000854 _____ () C:\ProgramData\lghldfnhhcodhcdihlokeohgjpbcjelk\kMRLz.js
2015-08-13 19:37 - 2015-08-13 19:37 - 0000927 _____ () C:\ProgramData\lghldfnhhcodhcdihlokeohgjpbcjelk\lGt.js
2015-08-13 19:37 - 2015-08-13 19:37 - 0000816 _____ () C:\ProgramData\lghldfnhhcodhcdihlokeohgjpbcjelk\manifest.json

====== End of Folder: ======


========================= folder: C:\Program Files (x86)\Responsive Feel ========================

2015-07-07 21:23 - 2015-08-19 17:59 - 0006184 _____ () C:\Program Files (x86)\Responsive Feel\Responsive Feel.dat
2015-07-07 21:23 - 2015-07-07 21:22 - 8016288 _____ () C:\Program Files (x86)\Responsive Feel\Responsive Feel.exe

====== End of Folder: ======


========================= folder: C:\Program Files (x86)\Scant Nerve ========================

2015-07-22 09:02 - 2015-08-19 17:59 - 0006150 _____ () C:\Program Files (x86)\Scant Nerve\Scant Nerve.dat
2015-07-22 09:02 - 2015-08-19 19:55 - 8016353 _____ () C:\Program Files (x86)\Scant Nerve\Scant Nerve.exe

====== End of Folder: ======


==== End of Fixlog 21:29:01 ====
kokuorei
Active Member
 
Posts: 11
Joined: August 10th, 2015, 8:04 pm

Re: Take the Coupon and More!

Unread postby Firefly » August 19th, 2015, 9:37 pm

Good job. Try to avoid restarting the computer while I look this over. It may be tomorrow.
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm

Re: Take the Coupon and More!

Unread postby Firefly » August 19th, 2015, 10:09 pm

By the way, did you install the CODEC pack intentionally?
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm

Re: Take the Coupon and More!

Unread postby kokuorei » August 20th, 2015, 6:45 pm

The what?
kokuorei
Active Member
 
Posts: 11
Joined: August 10th, 2015, 8:04 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 129 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware