Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Removed malware caused regsvr32 error [Solved]

Started by ShoKRyou , Mar 01 2015 11:55 AM

  • This topic is locked This topic is locked

#1
ShoKRyou
Posted 01 March 2015 - 11:55 AM

ShoKRyou

    Member

  • Member
  • PipPip
  • 12 posts

Windows Defender/Anti-Malwarebytes recently detected a malware (trojan) and so I deleted it. Then this window started to popup after logging in my computer. 

 

RegSvr32 error.png

 

Maybe I should have unregistered this first before deleting it. I did not know that deleting .dll files would cause RegSvr32 problems. Is there a way to remove this recurring popup window? 

Thank you.

 

I recently joined this community to be able to solve computer problems with the help of experts/professionals instead of doing things by myself. I'm still unfamiliar with the methods frequently used in this website, so easy-to-follow directions would be much appreciated. Thanks again.


  • 0

Advertisements

#2
pystryker
Posted 01 March 2015 - 12:23 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello and welcome to Geeks To Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, let's get a look at your system and see what's going on. :)


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Farbar's Recovery Scan Tool (FRST)


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log
  • 0

#3
ShoKRyou
Posted 01 March 2015 - 01:15 PM

ShoKRyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

FRST Log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015

Ran by ShoKatsu (administrator) on SHOKRYOU on 01-03-2015 11:12:11
Running from C:\Users\ShoKatsu\Downloads
Loaded Profiles: ShoKatsu (Available profiles: ShoKatsu & Guest)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
() C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
( ) C:\Windows\System32\lxducoms.exe
(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
(Pharos Systems International) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHT\ChtIME.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\KOR\KorIME.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
() C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1549392 2013-03-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [lxdumon.exe] => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe [676520 2010-02-04] ()
HKLM\...\Run: [lxduamon] => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe [16040 2010-02-04] ()
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-04-18] (Alcor Micro Corp.)
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\Run: [] => [X]
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\Run: [SkyDrive] => C:\Users\ShoKatsu\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation)
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\Run: [Nimbus.exe] => C:\Program Files (x86)\Nimbus Note\nimbus.exe /autorun
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\Run: [YffwPack] => regsvr32.exe C:\Users\ShoKatsu\AppData\Local\YffwPack\cscompmgd.DLL <===== ATTENTION
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\Run: [YhbnPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\ShoKatsu\AppData\Local\Oxvkics\CNBLR4.DLL
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
Startup: C:\Users\ShoKatsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll ()
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.toshiba.com?cid=J13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.toshiba.com?cid=J13
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1565841611-4075189342-3673294717-1001 -> {601B93FA-ED79-4494-9D54-15EBEBFC0348} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1565841611-4075189342-3673294717-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5D7511A3-70A0-4CCE-AF7E-097B6094DD79}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{886278B3-C2AA-484D-A51B-8A770BAF6104}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{F678389D-F3BF-413C-B6A0-25F143251531}: [NameServer] 8.8.8.8,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\ShoKatsu\AppData\Roaming\Mozilla\Firefox\Profiles\q1qxlj5t.default-1393184488866
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1210150.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ncsoft.com/Plugin -> C:\Program Files (x86)\NCSOFT\NCPlugin\npncllm3.dll (NCSOFT Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1565841611-4075189342-3673294717-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\ShoKatsu\AppData\Roaming\Mozilla\Firefox\Profiles\q1qxlj5t.default-1393184488866\Extensions\[email protected] [2015-02-16]
FF Extension: MSDAOSP - C:\Users\ShoKatsu\AppData\Roaming\Mozilla\Firefox\Profiles\q1qxlj5t.default-1393184488866\Extensions\{DFB50953-D7AB-DCBE-D237-32648EA00A46} [2015-02-26]
FF Extension: YouTube mp3 - C:\Users\ShoKatsu\AppData\Roaming\Mozilla\Firefox\Profiles\q1qxlj5t.default-1393184488866\Extensions\[email protected] [2014-11-05]
FF Extension: FXChrome - C:\Users\ShoKatsu\AppData\Roaming\Mozilla\Firefox\Profiles\q1qxlj5t.default-1393184488866\Extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi [2014-08-25]
FF Extension: Adblock Plus - C:\Users\ShoKatsu\AppData\Roaming\Mozilla\Firefox\Profiles\q1qxlj5t.default-1393184488866\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-23]
FF Extension: Youtube Video Replay - C:\Users\ShoKatsu\AppData\Roaming\Mozilla\Firefox\Profiles\q1qxlj5t.default-1393184488866\Extensions\{e1aaa9f8-4500-47f1-9a0a-b02bd60e4076}.xpi [2014-10-30]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-02-25]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
 
Chrome: 
=======
CHR Profile: C:\Users\ShoKatsu\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\ShoKatsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-17]
CHR Extension: (Google Docs) - C:\Users\ShoKatsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-17]
CHR Extension: (Google Drive) - C:\Users\ShoKatsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ShoKatsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-17]
CHR Extension: (YouTube) - C:\Users\ShoKatsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-17]
CHR Extension: (Adblock Plus) - C:\Users\ShoKatsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-17]
CHR Extension: (Google Search) - C:\Users\ShoKatsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-17]
CHR Extension: (SAO Theme 1920x1080) - C:\Users\ShoKatsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgikfepnnphbmgngmpiflajcbmoomnll [2015-01-17]
CHR Extension: (Google Sheets) - C:\Users\ShoKatsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-17]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\ShoKatsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-17]
CHR Extension: (Google Wallet) - C:\Users\ShoKatsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-17]
CHR Extension: (Gmail) - C:\Users\ShoKatsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-17]
CHR HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\ShoKatsu\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-02-11]
CHR HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-17] (WildTangent)
S3 GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [197632 2014-04-27] (WildTangent, Inc.) [File not signed]
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
S2 lxduCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2009-10-16] (Lexmark International, Inc.)
R2 lxdu_device; C:\windows\system32\lxducoms.exe [1039360 2009-10-16] ( )
R2 lxdu_device; C:\windows\SysWOW64\lxducoms.exe [589824 2009-10-16] ( )
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132056 2013-01-31] (Symantec Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-12] (Electronic Arts)
R2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [339456 2012-12-13] (Pharos Systems International) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-10-17] (TOSHIBA CORPORATION)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-08-14] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R3 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-10-25] (DT Soft Ltd)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2987224 2013-11-24] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated)
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [111488 2013-10-15] (TOSHIBA Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-02-22] (StdLib)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-01 11:12 - 2015-03-01 11:12 - 00023923 _____ () C:\Users\ShoKatsu\Downloads\FRST.txt
2015-03-01 11:11 - 2015-03-01 11:12 - 00000000 ____D () C:\FRST
2015-03-01 11:09 - 2015-03-01 11:10 - 02092544 _____ (Farbar) C:\Users\ShoKatsu\Downloads\FRST64.exe
2015-03-01 09:43 - 2015-03-01 09:43 - 00000000 ____D () C:\Users\ShoKatsu\Documents\Comp. Problems
2015-03-01 09:25 - 2015-03-01 09:25 - 00602112 _____ (OldTimer Tools) C:\Users\ShoKatsu\Downloads\OTL.exe
2015-02-28 21:40 - 2015-02-28 21:43 - 07365120 _____ (Safebytes) C:\Users\ShoKatsu\Downloads\TotalSystemCare_Installer.exe
2015-02-26 18:36 - 2015-02-26 18:36 - 00000761 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2015-02-26 18:29 - 2015-02-26 18:29 - 00003508 _____ () C:\WINDOWS\System32\Tasks\[email protected]
2015-02-26 18:22 - 2015-02-28 21:01 - 00000000 ____D () C:\Users\ShoKatsu\AppData\Local\YffwPack
2015-02-26 18:22 - 2015-02-28 18:28 - 00000000 ____D () C:\Users\ShoKatsu\AppData\Local\Oxvkics
2015-02-26 18:14 - 2015-02-26 18:25 - 00000000 ____D () C:\Users\ShoKatsu\Downloads\Adobe Photoshop
2015-02-26 17:50 - 2014-12-13 13:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-26 17:50 - 2014-12-13 13:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-26 17:50 - 2014-10-28 17:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-26 17:50 - 2014-10-28 17:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-26 17:50 - 2014-10-28 17:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-26 17:50 - 2014-10-28 17:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-25 18:46 - 2015-02-25 18:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-18 16:36 - 2015-01-22 20:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-18 16:35 - 2015-01-22 19:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-12 23:19 - 2014-04-15 15:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-02-12 23:19 - 2014-04-15 15:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-02-12 14:00 - 2015-02-12 14:00 - 00002047 _____ () C:\Users\ShoKatsu\Desktop\Key commands - SimCity Wiki - SimCity 5 Community Wiki and Guide - Shortcut.lnk
2015-02-12 11:42 - 2015-02-12 11:42 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-02-12 11:34 - 2015-02-12 11:34 - 00001008 _____ () C:\Users\ShoKatsu\Desktop\Origin.lnk
2015-02-12 11:33 - 2015-02-12 11:42 - 00000000 ____D () C:\Users\ShoKatsu\AppData\Roaming\Origin
2015-02-12 11:33 - 2015-02-12 11:42 - 00000000 ____D () C:\Users\ShoKatsu\AppData\Local\Origin
2015-02-10 14:10 - 2015-02-10 14:10 - 00000000 ____D () C:\a2736e8ef15591a0e6889e
2015-02-10 13:14 - 2015-01-15 14:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-10 13:14 - 2015-01-15 14:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-10 13:14 - 2015-01-13 20:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-10 13:14 - 2015-01-13 19:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-10 13:14 - 2015-01-13 14:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-10 13:14 - 2015-01-13 14:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-10 13:14 - 2015-01-10 01:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-10 13:14 - 2015-01-10 01:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-10 13:14 - 2015-01-10 00:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-10 13:14 - 2015-01-09 23:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-10 13:14 - 2015-01-09 22:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-10 13:14 - 2014-12-08 19:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-10 13:14 - 2014-12-08 17:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-10 13:14 - 2014-10-28 18:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-10 13:14 - 2014-10-28 18:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-10 13:14 - 2014-10-28 18:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-10 13:14 - 2014-10-28 18:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-10 13:14 - 2014-10-28 18:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-10 13:14 - 2014-10-28 18:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-10 13:14 - 2014-10-28 17:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-10 13:14 - 2014-10-28 17:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-10 13:14 - 2014-10-28 17:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-10 13:14 - 2014-10-28 17:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-10 13:14 - 2014-10-28 17:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-10 13:14 - 2014-10-28 17:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-10 13:14 - 2014-10-28 17:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-10 13:13 - 2015-02-03 15:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-10 13:13 - 2015-02-03 15:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-10 13:13 - 2015-02-03 15:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-10 13:13 - 2015-02-02 15:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-10 13:13 - 2015-02-02 15:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-10 13:13 - 2015-02-02 15:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-10 13:13 - 2015-01-19 10:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-10 13:13 - 2015-01-11 19:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-10 13:13 - 2015-01-11 18:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-10 13:13 - 2015-01-11 18:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-10 13:13 - 2015-01-11 18:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-10 13:13 - 2015-01-11 18:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-10 13:13 - 2015-01-11 18:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-10 13:13 - 2015-01-11 18:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-10 13:13 - 2015-01-11 18:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-10 13:13 - 2015-01-11 18:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-10 13:13 - 2015-01-11 18:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-10 13:13 - 2015-01-11 18:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-10 13:13 - 2015-01-11 17:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-10 13:13 - 2015-01-11 17:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-10 13:13 - 2015-01-11 17:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-10 13:13 - 2015-01-11 17:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-10 13:13 - 2015-01-11 17:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-10 13:13 - 2015-01-11 17:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-10 13:13 - 2015-01-11 17:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-10 13:13 - 2015-01-11 17:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-10 13:13 - 2015-01-11 17:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-10 13:13 - 2015-01-11 17:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-10 13:13 - 2015-01-11 17:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-10 13:13 - 2015-01-11 17:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-10 13:13 - 2015-01-11 17:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-10 13:13 - 2015-01-11 17:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-10 13:13 - 2015-01-11 17:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-10 13:13 - 2015-01-11 17:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-10 13:13 - 2015-01-11 17:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-10 13:13 - 2015-01-11 17:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-10 13:13 - 2015-01-11 17:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-10 13:13 - 2015-01-11 17:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-10 13:13 - 2015-01-11 17:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-10 13:13 - 2015-01-11 16:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-10 13:13 - 2015-01-11 16:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-10 13:13 - 2015-01-10 00:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-10 13:13 - 2014-12-19 00:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-10 13:13 - 2014-12-19 00:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-10 13:13 - 2014-12-08 15:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-10 11:10 - 2015-02-10 11:10 - 00000912 _____ () C:\Users\ShoKatsu\Desktop\µTorrent.lnk
2015-02-08 10:12 - 2015-02-08 10:12 - 00001747 _____ () C:\Users\ShoKatsu\Desktop\Play SimCity 2013 Offline.lnk
2015-02-08 10:12 - 2015-02-08 10:12 - 00000000 ____D () C:\Users\ShoKatsu\Documents\SimCity
2015-02-08 10:10 - 2015-02-08 10:12 - 00000000 ____D () C:\Games
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-01 11:00 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-01 10:56 - 2013-07-19 17:54 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-01 10:39 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-01 10:28 - 2013-07-19 16:41 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-01 10:01 - 2014-08-13 15:59 - 00000000 ____D () C:\Users\ShoKatsu\AppData\Local\Adobe
2015-03-01 09:53 - 2013-10-17 11:27 - 01372233 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-01 09:42 - 2013-10-17 11:44 - 00000000 ____D () C:\Users\ShoKatsu\AppData\Roaming\ClassicShell
2015-03-01 09:26 - 2013-07-19 16:41 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1565841611-4075189342-3673294717-1001
2015-03-01 09:24 - 2013-10-17 19:20 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5705568E-CFF1-49B2-81B9-5CE4C76E679F}
2015-03-01 09:21 - 2013-07-30 19:45 - 00000000 __RDO () C:\Users\ShoKatsu\SkyDrive
2015-03-01 09:21 - 2013-07-19 16:41 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-28 23:24 - 2013-08-22 06:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-28 23:23 - 2013-08-22 06:46 - 00359734 _____ () C:\WINDOWS\setupact.log
2015-02-28 23:23 - 2013-08-22 05:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-28 21:32 - 2015-01-17 07:23 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-28 21:05 - 2013-09-29 19:55 - 00068008 _____ () C:\WINDOWS\PFRO.log
2015-02-28 20:29 - 2013-10-17 11:11 - 00000000 ____D () C:\Users\ShoKatsu
2015-02-26 23:09 - 2014-02-10 20:24 - 00000000 ____D () C:\Users\ShoKatsu\AppData\Roaming\uTorrent
2015-02-26 21:49 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-26 18:24 - 2013-07-19 17:52 - 00000000 ____D () C:\Users\ShoKatsu\Downloads\MISC!
2015-02-26 18:07 - 2013-07-19 16:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-26 17:47 - 2012-07-25 23:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-23 17:30 - 2013-07-30 19:39 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-18 16:48 - 2013-10-30 16:01 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-18 09:59 - 2013-09-29 20:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-14 21:59 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-12 23:32 - 2013-07-29 20:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 23:22 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-12 23:22 - 2013-07-28 09:16 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-12 14:13 - 2013-05-05 23:02 - 00000000 ____D () C:\ProgramData\Origin
2015-02-12 13:59 - 2013-07-20 11:30 - 00000000 ____D () C:\Users\ShoKatsu\Documents\Larkspur Fun!
2015-02-12 11:33 - 2013-05-05 23:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-02-12 11:33 - 2013-05-05 23:02 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-10 23:50 - 2013-08-22 06:44 - 00438144 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-10 23:49 - 2014-12-09 14:51 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-10 23:49 - 2014-07-10 00:04 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-10 12:04 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\SchCache
2015-02-04 15:22 - 2013-08-20 12:05 - 00000000 ____D () C:\Users\ShoKatsu\Documents\MISC!
2015-02-04 13:56 - 2013-07-19 17:54 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-03 11:31 - 2014-12-09 15:11 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 11:31 - 2014-12-09 15:11 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 10:53 - 2013-07-19 16:31 - 00000000 ____D () C:\Users\ShoKatsu\AppData\Local\Packages
 
==================== Files in the root of some directories =======
 
2014-01-31 23:14 - 2014-03-16 16:21 - 0000132 _____ () C:\Users\ShoKatsu\AppData\Roaming\Adobe BMP Format CS5 Prefs
2014-02-15 22:15 - 2014-02-15 22:18 - 0000132 _____ () C:\Users\ShoKatsu\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-07-19 23:43 - 2014-10-05 19:00 - 0007605 _____ () C:\Users\ShoKatsu\AppData\Local\resmon.resmoncfg
2014-05-10 22:32 - 2014-05-10 22:57 - 0000372 _____ () C:\ProgramData\lxdu.log
2014-05-10 22:25 - 2014-05-10 22:26 - 0000248 _____ () C:\ProgramData\lxduDiagnostics.log
2013-08-01 23:11 - 2013-08-01 23:11 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
 
Some content of TEMP:
====================
C:\Users\ShoKatsu\AppData\Local\Temp\wget.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-27 21:37
 
==================== End Of Log ============================

  • 0

#4
ShoKRyou
Posted 01 March 2015 - 01:15 PM

ShoKRyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Addition Log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-02-2015

Ran by ShoKatsu at 2015-03-01 11:13:28
Running from C:\Users\ShoKatsu\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.1.0.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 12 (HKLM\...\PremElem120) (Version: 12.1.0.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 12 (Version: 12.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.7.1245.73473 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 4.7.1245.73473 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Battle Realms WOTW Expansion (HKLM-x32\...\{88D489A4-D954-414F-9F49-117EFB372951}) (Version: 0.20.000 - Liquid Entertainment)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden
Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
Command and ConquerTM Generals Zero Hour (x32 Version: 1.00.0000 - Electronic Arts) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
DTS Studio Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
Elementals - The Magic Key (x32 Version: 2.2.0.97 - WildTangent) Hidden
Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
IDT Audio Driver (HKLM\...\{588A747E-CFF6-46B3-9207-CD754F9473AF}) (Version: 6.10.6491.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Lexmark 5600-6600 Series (HKLM\...\Lexmark 5600-6600 Series) (Version:  - Lexmark International, Inc.)
Lexmark Printable Web (HKLM-x32\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
Lyrics Plugin for Windows Media Player (HKLM-x32\...\{43002AE2-4093-49E0-A03D-990EE184C568}) (Version: 0.4 - Lyrics Plugin)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft Office 校正ツール 2013 - 日本語 (HKLM-x32\...\{90150000-001F-0411-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.7.0.24 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.3.0.14 - Symantec Corporation) Hidden
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.5.38.0 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.1.12.73 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
Pharos (HKLM-x32\...\Pharos) (Version:  - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Pokki (HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\Pokki) (Version: 0.262.11.408 - Pokki)
PRE12 STI 64Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0021 - REALTEK Semiconductor Corp.)
ShockWave (HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\ShockWave) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
Synthesia (HKLM-x32\...\Synthesia) (Version: 8.6 - Synthesia LLC)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.5 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.2.0000 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.342 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.8.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
Toshiba Start (HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76) (Version: 1.0.0.0 - Pokki)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102  - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update for CHS Microsoft IME HAP Dictionary (Version: 16.0.1376.1 - Microsoft Corporation) Hidden
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM\...\{1B2C85A0-2B9E-4291-8B37-468D57503E98}) (Version: 16.0.1171.1 - Microsoft Corporation)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{15015752-9990-4516-A2B1-93823281FB8E}) (Version: 15.0.1759 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM\...\{5A1CD0BB-7E65-45DC-9A9A-682CE8B62AA4}) (Version: 16.0.1065.1 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{7DB71278-9AD7-4480-AB08-8649C5010B17}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Japanese Microsoft IME Trending Words Dictionary (HKLM\...\{B939BFEB-824F-4456-A4EE-2B86ED04033D}) (Version: 16.0.1016.1 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Warcraft III Reign of Chaos & The Frozen Throne (HKLM-x32\...\Warcraft III Reign of Chaos & The Frozen Throne) (Version:  - )
WD Drive Utilities (HKLM-x32\...\{72E40002-8CEC-47C1-A099-83AC8E173BF0}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.9 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Wonderland Solitaire (x32 Version: 2.2.0.110 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1565841611-4075189342-3673294717-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\ShoKatsu\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1565841611-4075189342-3673294717-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\ShoKatsu\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1565841611-4075189342-3673294717-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\ShoKatsu\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1565841611-4075189342-3673294717-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\ShoKatsu\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1565841611-4075189342-3673294717-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\ShoKatsu\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
10-02-2015 14:09:17 Windows Update
18-02-2015 16:36:13 Windows Update
26-02-2015 17:50:08 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 05:25 - 2015-02-26 18:36 - 00001506 _RASH C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
89.163.213.174 www.google-analytics.com.
89.163.213.174 google-analytics.com.
89.163.213.174 connect.facebook.net.
195.162.69.25 www.google-analytics.com.
195.162.69.25 google-analytics.com.
195.162.69.25 connect.facebook.net.
185.53.9.210 www.google-analytics.com.
185.53.9.210 google-analytics.com.
185.53.9.210 connect.facebook.net.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0A3430E3-EC0A-4C22-8DB3-1CB8ABFC2D7D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {0A46578D-8BFF-42F3-8AF7-68C3D209E403} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-19] (Google Inc.)
Task: {0F1F2F3A-F233-4A71-BBD3-1313B223A162} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.3.0.14\\Ara.exe [2013-08-27] (Symantec Corporation)
Task: {16CB4E20-4C4A-4372-B9FD-64680D5A9F03} - System32\Tasks\{27511AA9-57F1-40AE-9C09-75D18C4D03F7} => pcalua.exe -a "C:\Users\ShoKatsu\Documents\crack 1\SETUPREG.EXE" -d "C:\Users\ShoKatsu\Documents\crack 1"
Task: {1B028804-7F90-439B-B96B-18BCDA6C99CE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-19] (Google Inc.)
Task: {2D42C0BD-EB6D-429B-BA42-0272825ED56F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2FC508B4-862B-4199-9A15-9E2A58A722E2} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {39363D23-248E-4194-841C-0CAB22BD237C} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {3B00BFF5-61ED-4BA6-97E1-728B660D4C8C} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1565841611-4075189342-3673294717-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {499159C1-FF2F-44FF-B4EE-4FA74CA818EB} - System32\Tasks\{D00D2D3B-9631-49D5-A8C4-DA74BE9F1DDD} => pcalua.exe -a "C:\Program Files\Lexmark 5600-6600 Series\Install\x64\Uninst.exe"
Task: {4E1ACA35-FA79-4661-99F7-8C76243AB392} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1565841611-4075189342-3673294717-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {52D63F32-1284-4628-8A39-74F9564972C2} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe [2010-02-04] ()
Task: {58EDE2BB-0EA5-4C2B-A150-8B132D367486} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {5D719968-6201-4156-AF98-0DA34FD63ED5} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1565841611-4075189342-3673294717-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {68A90736-22A8-4DB7-A215-5851BC553FB1} - \YourFile DownloaderUpdate No Task File <==== ATTENTION
Task: {68AD0E13-F56A-4BCE-9F50-A7BA16851B73} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)
Task: {6D76DF6D-81F6-4C2A-B0E8-72EADFA9F295} - System32\Tasks\{6D7B349A-76A2-49C9-B0DD-27D0C7E5C003} => pcalua.exe -a C:\ProgramData\NexonUS\NGM\NGM.exe -c -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:0 -locale:US -load_from_local
Task: {72D5571A-8D2B-4AC2-A44A-B22EC5F3F048} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-12] (Microsoft Corporation)
Task: {7697693A-F08F-4F4F-857C-4F8D0593E2B5} - System32\Tasks\{C410AA26-808A-4C27-8E18-D97274FE6800} => pcalua.exe -a "D:\~miKo-yuNi~ Official Games\Battle Realms WOTW\Cracks\crack 1\SETUPREG.EXE" -d "D:\~miKo-yuNi~ Official Games\Battle Realms WOTW\Cracks\crack 1"
Task: {7A3281E0-F1E7-464E-A9C3-0BC8CF7C59B1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {834E8D9A-40A3-4B12-BC37-D40117E0F8F0} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {90A3CD14-0767-4F01-895C-2B7E1208E708} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
Task: {91141E79-B293-4FFF-885E-6DF64353FF4E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {936E1D82-7591-4F9A-866B-E3CC2A41E0DF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {94E80228-751D-4CC5-BF67-59C974156B0E} - System32\Tasks\Norton PCCU OOBE Mode => C:\Program Files (x86)\PC Checkup\OOBEHelper.exe [2013-01-31] (Symantec Corporation)
Task: {A79BF4C7-DDC6-4190-9724-142A73F9675A} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.8.0.32\SymErr.exe
Task: {B14BF561-3F78-41AA-8C25-FAFDE1215993} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {B2969464-FBC5-41C1-B916-17AAF0EF9879} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {BB243DA9-4AFC-4810-8ABF-B577BCD15D9A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {C045A740-7ABD-4E6E-8FF0-006C688A58D7} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {C1054AE0-7914-4229-A277-7985056CDAFB} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1565841611-4075189342-3673294717-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {CCB620A0-29A8-4FF9-B983-226E3D906653} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.8.0.32\SymErr.exe
Task: {FA41868B-C3D1-4524-94C3-CDD79048F882} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-03-27 13:53 - 2013-03-27 13:53 - 00163168 _____ () C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
2013-08-01 23:13 - 2009-10-16 10:07 - 00186880 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\lxdudrpp.dll
2014-03-20 09:58 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-09-10 11:54 - 2013-09-10 11:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2015-02-23 17:29 - 2014-12-23 11:53 - 08898728 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-02-26 18:20 - 2015-02-26 18:20 - 02622464 _____ () C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll
2015-02-26 18:20 - 2015-02-26 18:20 - 02165760 _____ () C:\ProgramData\Microsoft\Security\Client\SecurityHelper.dll
2014-11-25 10:58 - 2014-11-25 10:58 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-08-01 23:12 - 2010-02-04 04:10 - 00676520 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
2012-07-18 17:38 - 2012-07-18 17:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2013-08-01 13:24 - 2013-08-01 13:24 - 00438112 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
2013-10-03 22:42 - 2013-10-03 22:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-06-06 06:39 - 2012-07-18 05:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-08-01 23:12 - 2010-02-04 03:28 - 00380928 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduscw.dll
2013-08-01 23:12 - 2009-10-16 09:53 - 00188416 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudatr.dll
2013-08-01 23:12 - 2010-02-04 03:28 - 01036288 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduDRS.dll
2013-08-01 23:12 - 2010-02-04 03:28 - 00081920 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducaps.dll
2013-08-01 23:12 - 2010-02-04 03:17 - 00069632 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducnv4.dll
2015-02-26 18:22 - 2015-02-26 18:22 - 01299456 _____ () C:\Users\ShoKatsu\AppData\Local\Oxvkics\CNBLR4.DLL
2015-01-17 17:41 - 2015-01-08 16:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-17 17:41 - 2015-01-08 16:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-17 17:41 - 2015-01-08 16:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-17 17:41 - 2015-01-08 16:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\WINDOWS\system32\lxducomm.dll:Microsoft_Appcompat_ReinstallUpgrade
AlternateDataStreams: C:\Users\ShoKatsu\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ShoKatsu\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 8.8.8.8
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "lxduamon"
HKLM\...\StartupApproved\Run32: => "ToshibaAppPlace"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "WD Quick View"
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\StartupApproved\StartupFolder: => "DesktopWeatherAlerts.lnk"
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\StartupApproved\StartupFolder: => "Weather Alerts.lnk"
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\StartupApproved\Run: => "Pokki"
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\StartupApproved\Run: => "SkyDrive"
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\StartupApproved\Run: => "CAHeadless"
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\StartupApproved\Run: => "swg"
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_9AC593D5D814C645A8F711467C0DB236"
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\StartupApproved\Run: => "Nimbus.exe"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1565841611-4075189342-3673294717-500 - Administrator - Disabled)
Guest (S-1-5-21-1565841611-4075189342-3673294717-501 - Limited - Disabled) => C:\Users\Guest
ShoKatsu (S-1-5-21-1565841611-4075189342-3673294717-1001 - Administrator - Enabled) => C:\Users\ShoKatsu
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/28/2015 09:04:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PhotoshopElementsFileAgent.exe, version: 12.0.0.0, time stamp: 0x52250aa6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x329c6eec
Faulting process id: 0x1768
Faulting application start time: 0xPhotoshopElementsFileAgent.exe0
Faulting application path: PhotoshopElementsFileAgent.exe1
Faulting module path: PhotoshopElementsFileAgent.exe2
Report Id: PhotoshopElementsFileAgent.exe3
Faulting package full name: PhotoshopElementsFileAgent.exe4
Faulting package-relative application ID: PhotoshopElementsFileAgent.exe5
 
Error: (02/28/2015 08:02:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
Faulting module name: ntdll.dll, version: 6.3.9600.17630, time stamp: 0x54b0d74f
Exception code: 0xc0000409
Fault offset: 0x000e581f
Faulting process id: 0x2330
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (02/28/2015 07:23:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
Faulting module name: ntdll.dll, version: 6.3.9600.17630, time stamp: 0x54b0d74f
Exception code: 0xc0000409
Fault offset: 0x000e581f
Faulting process id: 0x3f70
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (02/28/2015 06:52:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
Faulting module name: ntdll.dll, version: 6.3.9600.17630, time stamp: 0x54b0d74f
Exception code: 0xc0000409
Fault offset: 0x000e581f
Faulting process id: 0x1900
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (02/28/2015 03:42:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
Faulting module name: ntdll.dll, version: 6.3.9600.17630, time stamp: 0x54b0d74f
Exception code: 0xc0000409
Fault offset: 0x000e581f
Faulting process id: 0x147c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (02/28/2015 02:23:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
Faulting module name: ntdll.dll, version: 6.3.9600.17630, time stamp: 0x54b0d74f
Exception code: 0xc0000409
Fault offset: 0x000e581f
Faulting process id: 0x188c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (02/28/2015 02:22:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
Faulting module name: ntdll.dll, version: 6.3.9600.17630, time stamp: 0x54b0d74f
Exception code: 0xc0000409
Fault offset: 0x000e581f
Faulting process id: 0x1410
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (02/27/2015 08:23:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
Faulting module name: ntdll.dll, version: 6.3.9600.17630, time stamp: 0x54b0d74f
Exception code: 0xc0000409
Fault offset: 0x000e581f
Faulting process id: 0x1f60
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (02/27/2015 06:56:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
Faulting module name: ntdll.dll, version: 6.3.9600.17630, time stamp: 0x54b0d74f
Exception code: 0xc0000409
Fault offset: 0x000e581f
Faulting process id: 0x9c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (02/27/2015 11:26:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
Faulting module name: ntdll.dll, version: 6.3.9600.17630, time stamp: 0x54b0d74f
Exception code: 0xc0000409
Fault offset: 0x000e581f
Faulting process id: 0x217c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
 
System errors:
=============
Error: (02/28/2015 11:24:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxduCATSCustConnectService service failed to start due to the following error: 
%%1053
 
Error: (02/28/2015 11:24:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService service to connect.
 
Error: (02/28/2015 09:30:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxduCATSCustConnectService service failed to start due to the following error: 
%%1053
 
Error: (02/28/2015 09:30:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService service to connect.
 
Error: (02/28/2015 09:23:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxduCATSCustConnectService service failed to start due to the following error: 
%%1053
 
Error: (02/28/2015 09:23:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService service to connect.
 
Error: (02/28/2015 09:05:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxduCATSCustConnectService service failed to start due to the following error: 
%%1053
 
Error: (02/28/2015 09:05:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService service to connect.
 
Error: (02/28/2015 09:04:17 PM) (Source: DCOM) (EventID: 10010) (User: SHOKRYOU)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (02/28/2015 09:04:17 PM) (Source: DCOM) (EventID: 10010) (User: SHOKRYOU)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
 
Microsoft Office Sessions:
=========================
Error: (02/28/2015 09:04:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PhotoshopElementsFileAgent.exe12.0.0.052250aa6unknown0.0.0.000000000c0000005329c6eec176801d053dd32a723c8C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exeunknown7096727c-bfd0-11e4-bec3-7c0507b091a6
 
Error: (02/28/2015 08:02:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9ntdll.dll6.3.9600.1763054b0d74fc0000409000e581f233001d053d475cfcc21C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\ntdll.dllc5e6911b-bfc7-11e4-bec2-7c0507b091a6
 
Error: (02/28/2015 07:23:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9ntdll.dll6.3.9600.1763054b0d74fc0000409000e581f3f7001d053cf0c8f3292C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\ntdll.dll5db8d503-bfc2-11e4-bec2-7c0507b091a6
 
Error: (02/28/2015 06:52:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9ntdll.dll6.3.9600.1763054b0d74fc0000409000e581f190001d053caafbb4d3dC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\ntdll.dllee007186-bfbd-11e4-bec2-7c0507b091a6
 
Error: (02/28/2015 03:42:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9ntdll.dll6.3.9600.1763054b0d74fc0000409000e581f147c01d053b0255b48a7C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\ntdll.dll76e7b85a-bfa3-11e4-bec1-7c0507b091a6
 
Error: (02/28/2015 02:23:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9ntdll.dll6.3.9600.1763054b0d74fc0000409000e581f188c01d05340895abc3eC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\ntdll.dllc771c535-bf33-11e4-bec1-7c0507b091a6
 
Error: (02/28/2015 02:22:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9ntdll.dll6.3.9600.1763054b0d74fc0000409000e581f141001d0534072a91c64C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\ntdll.dllc2d0adf3-bf33-11e4-bec1-7c0507b091a6
 
Error: (02/27/2015 08:23:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9ntdll.dll6.3.9600.1763054b0d74fc0000409000e581f1f6001d0530e482929edC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\ntdll.dll9839806e-bf01-11e4-bec1-7c0507b091a6
 
Error: (02/27/2015 06:56:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9ntdll.dll6.3.9600.1763054b0d74fc0000409000e581f9c01d053021f4a6453C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\ntdll.dll5d6c08ae-bef5-11e4-bec1-7c0507b091a6
 
Error: (02/27/2015 11:26:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9ntdll.dll6.3.9600.1763054b0d74fc0000409000e581f217c01d052c34376b3feC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\ntdll.dll939ab98c-beb6-11e4-bec1-7c0507b091a6
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-07-21 12:20:42.820
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Toshiba Shared\TosQEP64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 22%
Total physical RAM: 12163.27 MB
Available physical RAM: 9426.01 MB
Total Pagefile: 14019.27 MB
Available Pagefile: 11133.43 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
 
==================== Drives ================================
 
Drive c: (TI10667700F) (Fixed) (Total:919.81 GB) (Free:786.36 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

  • 0

#5
pystryker
Posted 01 March 2015 - 01:31 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Thank you for the logs. :) I have one further scan I need before I can start posting instructions.

Scan with CKScanner


Download CKScanner from here.

Important: Save it to your desktop.

Doubleclick CKScanner.exe and click Search For Files.(If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on CKScanner.exe and select Run as Administrator.)

After a very short time, when the cursor hourglass disappears, click Save List To File.

A message box will verify that the file is saved.

Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
  • 0

#6
ShoKRyou
Posted 01 March 2015 - 06:43 PM

ShoKRyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

CKfiles

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad

c:\program files (x86)\pharossystems\core\ctskmstr.exe
c:\program files (x86)\pharossystems\core\ctskmstr.exe.config
c:\users\guest\favorites\movies & tv\crackle - free hollywood movies & tv series.url
c:\users\shokatsu\favorites\movies & tv\crackle - free hollywood movies & tv series.url
scanner sequence 3.CA.11.AINAA0
 ----- EOF ----- 

  • 0

#7
pystryker
Posted 01 March 2015 - 07:29 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello ShoKRyou,

I am sorry, but the scans show you have an cracked/pirated copy of Battle Realms WOTW on your computer. This is a violation of our Terms of Use as quoted below:
 

"The posting of links or references to warez or any other type of illegal software is strictly forbidden. By doing so you risk having your user account terminated without warning. We will NOT help anyone we suspect of having obtained their software or services illegally."


We aren't able to offer help to anyone with pirated/illegally obtained software. If you want to continue, please uninstall the cracked software from your machine and provide new FRST and Addition logs.
  • 0

#8
ShoKRyou
Posted 01 March 2015 - 07:43 PM

ShoKRyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

I apologize for not knowing this rule. I'd really like to continue this technical support, so I'll uninstall those programs and redo scanning.

 

I'll be posting the new files in a few moments.


  • 0

#9
ShoKRyou
Posted 01 March 2015 - 07:44 PM

ShoKRyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by ShoKatsu (administrator) on SHOKRYOU on 01-03-2015 17:41:51
Running from C:\Users\ShoKatsu\Downloads
Loaded Profiles: ShoKatsu (Available profiles: ShoKatsu & Guest)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
() C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
( ) C:\Windows\System32\lxducoms.exe
(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
(Pharos Systems International) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHT\ChtIME.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\KOR\KorIME.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
() C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.3.0.14\ARA.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1549392 2013-03-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [lxdumon.exe] => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe [676520 2010-02-04] ()
HKLM\...\Run: [lxduamon] => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe [16040 2010-02-04] ()
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-04-18] (Alcor Micro Corp.)
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\Run: [] => [X]
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\Run: [SkyDrive] => C:\Users\ShoKatsu\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation)
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\Run: [Nimbus.exe] => C:\Program Files (x86)\Nimbus Note\nimbus.exe /autorun
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\Run: [YffwPack] => regsvr32.exe C:\Users\ShoKatsu\AppData\Local\YffwPack\cscompmgd.DLL <===== ATTENTION
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\Run: [YhbnPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\ShoKatsu\AppData\Local\Oxvkics\CNBLR4.DLL
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
Startup: C:\Users\ShoKatsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll ()
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.toshiba.com?cid=J13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.toshiba.com?cid=J13
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1565841611-4075189342-3673294717-1001 -> {601B93FA-ED79-4494-9D54-15EBEBFC0348} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1565841611-4075189342-3673294717-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5D7511A3-70A0-4CCE-AF7E-097B6094DD79}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{886278B3-C2AA-484D-A51B-8A770BAF6104}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{F678389D-F3BF-413C-B6A0-25F143251531}: [NameServer] 8.8.8.8,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\ShoKatsu\AppData\Roaming\Mozilla\Firefox\Profiles\q1qxlj5t.default-1393184488866
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1210150.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ncsoft.com/Plugin -> C:\Program Files (x86)\NCSOFT\NCPlugin\npncllm3.dll (NCSOFT Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1565841611-4075189342-3673294717-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\ShoKatsu\AppData\Roaming\Mozilla\Firefox\Profiles\q1qxlj5t.default-1393184488866\Extensions\[email protected] [2015-02-16]
FF Extension: MSDAOSP - C:\Users\ShoKatsu\AppData\Roaming\Mozilla\Firefox\Profiles\q1qxlj5t.default-1393184488866\Extensions\{DFB50953-D7AB-DCBE-D237-32648EA00A46} [2015-02-26]
FF Extension: YouTube mp3 - C:\Users\ShoKatsu\AppData\Roaming\Mozilla\Firefox\Profiles\q1qxlj5t.default-1393184488866\Extensions\[email protected] [2014-11-05]
FF Extension: FXChrome - C:\Users\ShoKatsu\AppData\Roaming\Mozilla\Firefox\Profiles\q1qxlj5t.default-1393184488866\Extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi [2014-08-25]
FF Extension: Adblock Plus - C:\Users\ShoKatsu\AppData\Roaming\Mozilla\Firefox\Profiles\q1qxlj5t.default-1393184488866\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-23]
FF Extension: Youtube Video Replay - C:\Users\ShoKatsu\AppData\Roaming\Mozilla\Firefox\Profiles\q1qxlj5t.default-1393184488866\Extensions\{e1aaa9f8-4500-47f1-9a0a-b02bd60e4076}.xpi [2014-10-30]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-02-25]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
 
Chrome: 
=======
CHR Profile: C:\Users\ShoKatsu\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\ShoKatsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-17]
CHR Extension: (Google Docs) - C:\Users\ShoKatsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-17]
CHR Extension: (Google Drive) - C:\Users\ShoKatsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ShoKatsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-17]
CHR Extension: (YouTube) - C:\Users\ShoKatsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-17]
CHR Extension: (Adblock Plus) - C:\Users\ShoKatsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-17]
CHR Extension: (Google Search) - C:\Users\ShoKatsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-17]
CHR Extension: (SAO Theme 1920x1080) - C:\Users\ShoKatsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgikfepnnphbmgngmpiflajcbmoomnll [2015-01-17]
CHR Extension: (Google Sheets) - C:\Users\ShoKatsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-17]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\ShoKatsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-17]
CHR Extension: (Google Wallet) - C:\Users\ShoKatsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-17]
CHR Extension: (Gmail) - C:\Users\ShoKatsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-17]
CHR HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\ShoKatsu\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-02-11]
CHR HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-17] (WildTangent)
S3 GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [197632 2014-04-27] (WildTangent, Inc.) [File not signed]
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
S2 lxduCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2009-10-16] (Lexmark International, Inc.)
R2 lxdu_device; C:\windows\system32\lxducoms.exe [1039360 2009-10-16] ( )
R2 lxdu_device; C:\windows\SysWOW64\lxducoms.exe [589824 2009-10-16] ( )
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132056 2013-01-31] (Symantec Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-12] (Electronic Arts)
R2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [339456 2012-12-13] (Pharos Systems International) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-10-17] (TOSHIBA CORPORATION)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-08-14] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R3 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-10-25] (DT Soft Ltd)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2987224 2013-11-24] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated)
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [111488 2013-10-15] (TOSHIBA Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-02-22] (StdLib)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-01 16:36 - 2015-03-01 16:36 - 00468480 _____ () C:\Users\ShoKatsu\Desktop\CKScanner.exe
2015-03-01 11:13 - 2015-03-01 11:14 - 00043201 _____ () C:\Users\ShoKatsu\Downloads\Addition.txt
2015-03-01 11:12 - 2015-03-01 17:42 - 00024222 _____ () C:\Users\ShoKatsu\Downloads\FRST.txt
2015-03-01 11:11 - 2015-03-01 17:41 - 00000000 ____D () C:\FRST
2015-03-01 11:09 - 2015-03-01 11:10 - 02092544 _____ (Farbar) C:\Users\ShoKatsu\Downloads\FRST64.exe
2015-03-01 09:43 - 2015-03-01 16:47 - 00000000 ____D () C:\Users\ShoKatsu\Documents\Comp. Problems
2015-03-01 09:25 - 2015-03-01 09:25 - 00602112 _____ (OldTimer Tools) C:\Users\ShoKatsu\Downloads\OTL.exe
2015-02-28 21:40 - 2015-02-28 21:43 - 07365120 _____ (Safebytes) C:\Users\ShoKatsu\Downloads\TotalSystemCare_Installer.exe
2015-02-26 18:36 - 2015-02-26 18:36 - 00000761 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2015-02-26 18:29 - 2015-02-26 18:29 - 00003508 _____ () C:\WINDOWS\System32\Tasks\[email protected]
2015-02-26 18:22 - 2015-02-28 21:01 - 00000000 ____D () C:\Users\ShoKatsu\AppData\Local\YffwPack
2015-02-26 18:22 - 2015-02-28 18:28 - 00000000 ____D () C:\Users\ShoKatsu\AppData\Local\Oxvkics
2015-02-26 18:14 - 2015-02-26 18:25 - 00000000 ____D () C:\Users\ShoKatsu\Downloads\Adobe Photoshop
2015-02-26 17:50 - 2014-12-13 13:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-26 17:50 - 2014-12-13 13:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-26 17:50 - 2014-10-28 17:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-26 17:50 - 2014-10-28 17:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-26 17:50 - 2014-10-28 17:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-26 17:50 - 2014-10-28 17:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-25 18:46 - 2015-02-25 18:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-18 16:36 - 2015-01-22 20:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-18 16:35 - 2015-01-22 19:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-12 23:19 - 2014-04-15 15:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-02-12 23:19 - 2014-04-15 15:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-02-12 14:00 - 2015-02-12 14:00 - 00002047 _____ () C:\Users\ShoKatsu\Desktop\Key commands - SimCity Wiki - SimCity 5 Community Wiki and Guide - Shortcut.lnk
2015-02-12 11:42 - 2015-02-12 11:42 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-02-12 11:34 - 2015-02-12 11:34 - 00001008 _____ () C:\Users\ShoKatsu\Desktop\Origin.lnk
2015-02-12 11:33 - 2015-02-12 11:42 - 00000000 ____D () C:\Users\ShoKatsu\AppData\Roaming\Origin
2015-02-12 11:33 - 2015-02-12 11:42 - 00000000 ____D () C:\Users\ShoKatsu\AppData\Local\Origin
2015-02-10 14:10 - 2015-02-10 14:10 - 00000000 ____D () C:\a2736e8ef15591a0e6889e
2015-02-10 13:14 - 2015-01-15 14:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-10 13:14 - 2015-01-15 14:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-10 13:14 - 2015-01-13 20:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-10 13:14 - 2015-01-13 19:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-10 13:14 - 2015-01-13 14:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-10 13:14 - 2015-01-13 14:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-10 13:14 - 2015-01-10 01:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-10 13:14 - 2015-01-10 01:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-10 13:14 - 2015-01-10 00:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-10 13:14 - 2015-01-09 23:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-10 13:14 - 2015-01-09 22:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-10 13:14 - 2014-12-08 19:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-10 13:14 - 2014-12-08 17:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-10 13:14 - 2014-10-28 18:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-10 13:14 - 2014-10-28 18:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-10 13:14 - 2014-10-28 18:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-10 13:14 - 2014-10-28 18:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-10 13:14 - 2014-10-28 18:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-10 13:14 - 2014-10-28 18:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-10 13:14 - 2014-10-28 17:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-10 13:14 - 2014-10-28 17:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-10 13:14 - 2014-10-28 17:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-10 13:14 - 2014-10-28 17:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-10 13:14 - 2014-10-28 17:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-10 13:14 - 2014-10-28 17:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-10 13:14 - 2014-10-28 17:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-10 13:13 - 2015-02-03 15:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-10 13:13 - 2015-02-03 15:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-10 13:13 - 2015-02-03 15:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-10 13:13 - 2015-02-02 15:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-10 13:13 - 2015-02-02 15:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-10 13:13 - 2015-02-02 15:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-10 13:13 - 2015-01-19 10:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-10 13:13 - 2015-01-11 19:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-10 13:13 - 2015-01-11 18:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-10 13:13 - 2015-01-11 18:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-10 13:13 - 2015-01-11 18:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-10 13:13 - 2015-01-11 18:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-10 13:13 - 2015-01-11 18:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-10 13:13 - 2015-01-11 18:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-10 13:13 - 2015-01-11 18:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-10 13:13 - 2015-01-11 18:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-10 13:13 - 2015-01-11 18:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-10 13:13 - 2015-01-11 18:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-10 13:13 - 2015-01-11 17:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-10 13:13 - 2015-01-11 17:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-10 13:13 - 2015-01-11 17:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-10 13:13 - 2015-01-11 17:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-10 13:13 - 2015-01-11 17:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-10 13:13 - 2015-01-11 17:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-10 13:13 - 2015-01-11 17:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-10 13:13 - 2015-01-11 17:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-10 13:13 - 2015-01-11 17:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-10 13:13 - 2015-01-11 17:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-10 13:13 - 2015-01-11 17:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-10 13:13 - 2015-01-11 17:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-10 13:13 - 2015-01-11 17:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-10 13:13 - 2015-01-11 17:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-10 13:13 - 2015-01-11 17:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-10 13:13 - 2015-01-11 17:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-10 13:13 - 2015-01-11 17:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-10 13:13 - 2015-01-11 17:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-10 13:13 - 2015-01-11 17:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-10 13:13 - 2015-01-11 17:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-10 13:13 - 2015-01-11 17:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-10 13:13 - 2015-01-11 16:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-10 13:13 - 2015-01-11 16:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-10 13:13 - 2015-01-10 00:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-10 13:13 - 2014-12-19 00:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-10 13:13 - 2014-12-19 00:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-10 13:13 - 2014-12-08 15:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-10 11:10 - 2015-02-10 11:10 - 00000912 _____ () C:\Users\ShoKatsu\Desktop\µTorrent.lnk
2015-02-08 10:12 - 2015-02-08 10:12 - 00001747 _____ () C:\Users\ShoKatsu\Desktop\Play SimCity 2013 Offline.lnk
2015-02-08 10:12 - 2015-02-08 10:12 - 00000000 ____D () C:\Users\ShoKatsu\Documents\SimCity
2015-02-08 10:10 - 2015-02-08 10:12 - 00000000 ____D () C:\Games
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-01 17:40 - 2013-05-05 23:01 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-01 17:38 - 2013-07-19 16:41 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1565841611-4075189342-3673294717-1001
2015-03-01 17:34 - 2013-10-17 11:44 - 00000000 ____D () C:\Users\ShoKatsu\AppData\Roaming\ClassicShell
2015-03-01 17:28 - 2013-07-19 16:41 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-01 17:00 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-01 16:56 - 2013-07-19 17:54 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-01 16:46 - 2013-10-17 11:27 - 01417596 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-01 16:40 - 2013-10-17 19:20 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5705568E-CFF1-49B2-81B9-5CE4C76E679F}
2015-03-01 10:39 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-01 10:01 - 2014-08-13 15:59 - 00000000 ____D () C:\Users\ShoKatsu\AppData\Local\Adobe
2015-03-01 09:21 - 2013-07-30 19:45 - 00000000 __RDO () C:\Users\ShoKatsu\SkyDrive
2015-03-01 09:21 - 2013-07-19 16:41 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-28 23:24 - 2013-08-22 06:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-28 23:23 - 2013-08-22 06:46 - 00359734 _____ () C:\WINDOWS\setupact.log
2015-02-28 23:23 - 2013-08-22 05:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-28 21:32 - 2015-01-17 07:23 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-28 21:05 - 2013-09-29 19:55 - 00068008 _____ () C:\WINDOWS\PFRO.log
2015-02-28 20:29 - 2013-10-17 11:11 - 00000000 ____D () C:\Users\ShoKatsu
2015-02-26 23:09 - 2014-02-10 20:24 - 00000000 ____D () C:\Users\ShoKatsu\AppData\Roaming\uTorrent
2015-02-26 21:49 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-26 18:24 - 2013-07-19 17:52 - 00000000 ____D () C:\Users\ShoKatsu\Downloads\MISC!
2015-02-26 18:07 - 2013-07-19 16:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-26 17:47 - 2012-07-25 23:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-23 17:30 - 2013-07-30 19:39 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-18 16:48 - 2013-10-30 16:01 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-18 09:59 - 2013-09-29 20:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-14 21:59 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-12 23:32 - 2013-07-29 20:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 23:22 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-12 23:22 - 2013-07-28 09:16 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-12 14:13 - 2013-05-05 23:02 - 00000000 ____D () C:\ProgramData\Origin
2015-02-12 13:59 - 2013-07-20 11:30 - 00000000 ____D () C:\Users\ShoKatsu\Documents\Larkspur Fun!
2015-02-12 11:33 - 2013-05-05 23:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-02-12 11:33 - 2013-05-05 23:02 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-10 23:50 - 2013-08-22 06:44 - 00438144 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-10 23:49 - 2014-12-09 14:51 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-10 23:49 - 2014-07-10 00:04 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-10 12:04 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\SchCache
2015-02-04 15:22 - 2013-08-20 12:05 - 00000000 ____D () C:\Users\ShoKatsu\Documents\MISC!
2015-02-04 13:56 - 2013-07-19 17:54 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-03 11:31 - 2014-12-09 15:11 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 11:31 - 2014-12-09 15:11 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 10:53 - 2013-07-19 16:31 - 00000000 ____D () C:\Users\ShoKatsu\AppData\Local\Packages
 
==================== Files in the root of some directories =======
 
2014-01-31 23:14 - 2014-03-16 16:21 - 0000132 _____ () C:\Users\ShoKatsu\AppData\Roaming\Adobe BMP Format CS5 Prefs
2014-02-15 22:15 - 2014-02-15 22:18 - 0000132 _____ () C:\Users\ShoKatsu\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-07-19 23:43 - 2014-10-05 19:00 - 0007605 _____ () C:\Users\ShoKatsu\AppData\Local\resmon.resmoncfg
2014-05-10 22:32 - 2014-05-10 22:57 - 0000372 _____ () C:\ProgramData\lxdu.log
2014-05-10 22:25 - 2014-05-10 22:26 - 0000248 _____ () C:\ProgramData\lxduDiagnostics.log
2013-08-01 23:11 - 2013-08-01 23:11 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
 
Some content of TEMP:
====================
C:\Users\ShoKatsu\AppData\Local\Temp\uninst1.exe
C:\Users\ShoKatsu\AppData\Local\Temp\wget.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-27 21:37
 
==================== End Of Log ============================

  • 0

#10
ShoKRyou
Posted 01 March 2015 - 07:45 PM

ShoKRyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Additional.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-02-2015
Ran by ShoKatsu at 2015-03-01 17:42:49
Running from C:\Users\ShoKatsu\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.1.0.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 12 (HKLM\...\PremElem120) (Version: 12.1.0.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 12 (Version: 12.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.7.1245.73473 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 4.7.1245.73473 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
DTS Studio Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
Elementals - The Magic Key (x32 Version: 2.2.0.97 - WildTangent) Hidden
Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
IDT Audio Driver (HKLM\...\{588A747E-CFF6-46B3-9207-CD754F9473AF}) (Version: 6.10.6491.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Lexmark 5600-6600 Series (HKLM\...\Lexmark 5600-6600 Series) (Version:  - Lexmark International, Inc.)
Lexmark Printable Web (HKLM-x32\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
Lyrics Plugin for Windows Media Player (HKLM-x32\...\{43002AE2-4093-49E0-A03D-990EE184C568}) (Version: 0.4 - Lyrics Plugin)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft Office 校正ツール 2013 - 日本語 (HKLM-x32\...\{90150000-001F-0411-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.7.0.24 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.3.0.14 - Symantec Corporation) Hidden
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.5.38.0 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.1.12.73 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
Pharos (HKLM-x32\...\Pharos) (Version:  - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Pokki (HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\Pokki) (Version: 0.262.11.408 - Pokki)
PRE12 STI 64Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0021 - REALTEK Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
Synthesia (HKLM-x32\...\Synthesia) (Version: 8.6 - Synthesia LLC)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.5 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.2.0000 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.342 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.8.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
Toshiba Start (HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76) (Version: 1.0.0.0 - Pokki)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102  - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update for CHS Microsoft IME HAP Dictionary (Version: 16.0.1376.1 - Microsoft Corporation) Hidden
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM\...\{1B2C85A0-2B9E-4291-8B37-468D57503E98}) (Version: 16.0.1171.1 - Microsoft Corporation)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{15015752-9990-4516-A2B1-93823281FB8E}) (Version: 15.0.1759 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM\...\{5A1CD0BB-7E65-45DC-9A9A-682CE8B62AA4}) (Version: 16.0.1065.1 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{7DB71278-9AD7-4480-AB08-8649C5010B17}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Japanese Microsoft IME Trending Words Dictionary (HKLM\...\{B939BFEB-824F-4456-A4EE-2B86ED04033D}) (Version: 16.0.1016.1 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WD Drive Utilities (HKLM-x32\...\{72E40002-8CEC-47C1-A099-83AC8E173BF0}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.9 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Wonderland Solitaire (x32 Version: 2.2.0.110 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1565841611-4075189342-3673294717-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\ShoKatsu\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1565841611-4075189342-3673294717-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\ShoKatsu\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1565841611-4075189342-3673294717-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\ShoKatsu\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1565841611-4075189342-3673294717-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\ShoKatsu\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1565841611-4075189342-3673294717-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\ShoKatsu\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
10-02-2015 14:09:17 Windows Update
18-02-2015 16:36:13 Windows Update
26-02-2015 17:50:08 Windows Update
01-03-2015 17:34:51 Removed Battle Realms WOTW Expansion
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 05:25 - 2015-02-26 18:36 - 00001506 _RASH C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
89.163.213.174 www.google-analytics.com.
89.163.213.174 google-analytics.com.
89.163.213.174 connect.facebook.net.
195.162.69.25 www.google-analytics.com.
195.162.69.25 google-analytics.com.
195.162.69.25 connect.facebook.net.
185.53.9.210 www.google-analytics.com.
185.53.9.210 google-analytics.com.
185.53.9.210 connect.facebook.net.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0A3430E3-EC0A-4C22-8DB3-1CB8ABFC2D7D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {0A46578D-8BFF-42F3-8AF7-68C3D209E403} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-19] (Google Inc.)
Task: {0F1F2F3A-F233-4A71-BBD3-1313B223A162} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.3.0.14\\Ara.exe [2013-08-27] (Symantec Corporation)
Task: {16CB4E20-4C4A-4372-B9FD-64680D5A9F03} - System32\Tasks\{27511AA9-57F1-40AE-9C09-75D18C4D03F7} => pcalua.exe -a "C:\Users\ShoKatsu\Documents\crack 1\SETUPREG.EXE" -d "C:\Users\ShoKatsu\Documents\crack 1"
Task: {1B028804-7F90-439B-B96B-18BCDA6C99CE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-19] (Google Inc.)
Task: {2D42C0BD-EB6D-429B-BA42-0272825ED56F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2FC508B4-862B-4199-9A15-9E2A58A722E2} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {39363D23-248E-4194-841C-0CAB22BD237C} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {3B00BFF5-61ED-4BA6-97E1-728B660D4C8C} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1565841611-4075189342-3673294717-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {499159C1-FF2F-44FF-B4EE-4FA74CA818EB} - System32\Tasks\{D00D2D3B-9631-49D5-A8C4-DA74BE9F1DDD} => pcalua.exe -a "C:\Program Files\Lexmark 5600-6600 Series\Install\x64\Uninst.exe"
Task: {4E1ACA35-FA79-4661-99F7-8C76243AB392} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1565841611-4075189342-3673294717-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {52D63F32-1284-4628-8A39-74F9564972C2} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe [2010-02-04] ()
Task: {58EDE2BB-0EA5-4C2B-A150-8B132D367486} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {5D719968-6201-4156-AF98-0DA34FD63ED5} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1565841611-4075189342-3673294717-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {68A90736-22A8-4DB7-A215-5851BC553FB1} - \YourFile DownloaderUpdate No Task File <==== ATTENTION
Task: {68AD0E13-F56A-4BCE-9F50-A7BA16851B73} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)
Task: {6D76DF6D-81F6-4C2A-B0E8-72EADFA9F295} - System32\Tasks\{6D7B349A-76A2-49C9-B0DD-27D0C7E5C003} => pcalua.exe -a C:\ProgramData\NexonUS\NGM\NGM.exe -c -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:0 -locale:US -load_from_local
Task: {72D5571A-8D2B-4AC2-A44A-B22EC5F3F048} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-12] (Microsoft Corporation)
Task: {7697693A-F08F-4F4F-857C-4F8D0593E2B5} - System32\Tasks\{C410AA26-808A-4C27-8E18-D97274FE6800} => pcalua.exe -a "D:\~miKo-yuNi~ Official Games\Battle Realms WOTW\Cracks\crack 1\SETUPREG.EXE" -d "D:\~miKo-yuNi~ Official Games\Battle Realms WOTW\Cracks\crack 1"
Task: {7A3281E0-F1E7-464E-A9C3-0BC8CF7C59B1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {834E8D9A-40A3-4B12-BC37-D40117E0F8F0} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {90A3CD14-0767-4F01-895C-2B7E1208E708} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
Task: {91141E79-B293-4FFF-885E-6DF64353FF4E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {936E1D82-7591-4F9A-866B-E3CC2A41E0DF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {94E80228-751D-4CC5-BF67-59C974156B0E} - System32\Tasks\Norton PCCU OOBE Mode => C:\Program Files (x86)\PC Checkup\OOBEHelper.exe [2013-01-31] (Symantec Corporation)
Task: {A79BF4C7-DDC6-4190-9724-142A73F9675A} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.8.0.32\SymErr.exe
Task: {B14BF561-3F78-41AA-8C25-FAFDE1215993} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {B2969464-FBC5-41C1-B916-17AAF0EF9879} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {BB243DA9-4AFC-4810-8ABF-B577BCD15D9A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {C045A740-7ABD-4E6E-8FF0-006C688A58D7} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {C1054AE0-7914-4229-A277-7985056CDAFB} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1565841611-4075189342-3673294717-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {CCB620A0-29A8-4FF9-B983-226E3D906653} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.8.0.32\SymErr.exe
Task: {FA41868B-C3D1-4524-94C3-CDD79048F882} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-03-27 13:53 - 2013-03-27 13:53 - 00163168 _____ () C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
2013-08-01 23:13 - 2009-10-16 10:07 - 00186880 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\lxdudrpp.dll
2014-03-20 09:58 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-09-10 11:54 - 2013-09-10 11:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2015-02-23 17:29 - 2014-12-23 11:53 - 08898728 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-02-26 18:20 - 2015-02-26 18:20 - 02622464 _____ () C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll
2015-02-26 18:20 - 2015-02-26 18:20 - 02165760 _____ () C:\ProgramData\Microsoft\Security\Client\SecurityHelper.dll
2014-11-25 10:58 - 2014-11-25 10:58 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-08-01 23:12 - 2010-02-04 04:10 - 00676520 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
2012-07-18 17:38 - 2012-07-18 17:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2013-08-01 13:24 - 2013-08-01 13:24 - 00438112 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
2013-10-03 22:42 - 2013-10-03 22:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-06-06 06:39 - 2012-07-18 05:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-08-01 23:12 - 2010-02-04 03:28 - 00380928 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduscw.dll
2013-08-01 23:12 - 2009-10-16 09:53 - 00188416 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudatr.dll
2013-08-01 23:12 - 2010-02-04 03:28 - 01036288 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduDRS.dll
2013-08-01 23:12 - 2010-02-04 03:28 - 00081920 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducaps.dll
2013-08-01 23:12 - 2010-02-04 03:17 - 00069632 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducnv4.dll
2015-02-26 18:22 - 2015-02-26 18:22 - 01299456 _____ () C:\Users\ShoKatsu\AppData\Local\Oxvkics\CNBLR4.DLL
2015-01-17 17:41 - 2015-01-08 16:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-17 17:41 - 2015-01-08 16:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-17 17:41 - 2015-01-08 16:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-17 17:41 - 2015-01-08 16:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\WINDOWS\system32\lxducomm.dll:Microsoft_Appcompat_ReinstallUpgrade
AlternateDataStreams: C:\Users\ShoKatsu\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ShoKatsu\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 8.8.8.8
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "lxduamon"
HKLM\...\StartupApproved\Run32: => "ToshibaAppPlace"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "WD Quick View"
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\StartupApproved\StartupFolder: => "DesktopWeatherAlerts.lnk"
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\StartupApproved\StartupFolder: => "Weather Alerts.lnk"
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\StartupApproved\Run: => "Pokki"
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\StartupApproved\Run: => "SkyDrive"
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\StartupApproved\Run: => "CAHeadless"
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\StartupApproved\Run: => "swg"
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_9AC593D5D814C645A8F711467C0DB236"
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\StartupApproved\Run: => "Nimbus.exe"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1565841611-4075189342-3673294717-500 - Administrator - Disabled)
Guest (S-1-5-21-1565841611-4075189342-3673294717-501 - Limited - Disabled) => C:\Users\Guest
ShoKatsu (S-1-5-21-1565841611-4075189342-3673294717-1001 - Administrator - Enabled) => C:\Users\ShoKatsu
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/01/2015 04:41:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CKScanner.exe version 2.5.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 17e8
 
Start Time: 01d0548174f6c7e8
 
Termination Time: 3
 
Application Path: C:\Users\ShoKatsu\Desktop\CKScanner.exe
 
Report Id: c9f5765a-c074-11e4-bec7-7c0507b091a6
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/01/2015 04:40:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CKScanner.exe version 2.5.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 13e4
 
Start Time: 01d0548138492928
 
Termination Time: 3
 
Application Path: C:\Users\ShoKatsu\Desktop\CKScanner.exe
 
Report Id: 9ff553e4-c074-11e4-bec7-7c0507b091a6
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/01/2015 04:38:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CKScanner.exe version 2.5.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 15e4
 
Start Time: 01d054810cc068d3
 
Termination Time: 4294967295
 
Application Path: C:\Users\ShoKatsu\Desktop\CKScanner.exe
 
Report Id: 6dc46558-c074-11e4-bec7-7c0507b091a6
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (02/28/2015 09:04:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PhotoshopElementsFileAgent.exe, version: 12.0.0.0, time stamp: 0x52250aa6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x329c6eec
Faulting process id: 0x1768
Faulting application start time: 0xPhotoshopElementsFileAgent.exe0
Faulting application path: PhotoshopElementsFileAgent.exe1
Faulting module path: PhotoshopElementsFileAgent.exe2
Report Id: PhotoshopElementsFileAgent.exe3
Faulting package full name: PhotoshopElementsFileAgent.exe4
Faulting package-relative application ID: PhotoshopElementsFileAgent.exe5
 
Error: (02/28/2015 08:02:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
Faulting module name: ntdll.dll, version: 6.3.9600.17630, time stamp: 0x54b0d74f
Exception code: 0xc0000409
Fault offset: 0x000e581f
Faulting process id: 0x2330
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (02/28/2015 07:23:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
Faulting module name: ntdll.dll, version: 6.3.9600.17630, time stamp: 0x54b0d74f
Exception code: 0xc0000409
Fault offset: 0x000e581f
Faulting process id: 0x3f70
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (02/28/2015 06:52:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
Faulting module name: ntdll.dll, version: 6.3.9600.17630, time stamp: 0x54b0d74f
Exception code: 0xc0000409
Fault offset: 0x000e581f
Faulting process id: 0x1900
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (02/28/2015 03:42:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
Faulting module name: ntdll.dll, version: 6.3.9600.17630, time stamp: 0x54b0d74f
Exception code: 0xc0000409
Fault offset: 0x000e581f
Faulting process id: 0x147c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (02/28/2015 02:23:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
Faulting module name: ntdll.dll, version: 6.3.9600.17630, time stamp: 0x54b0d74f
Exception code: 0xc0000409
Fault offset: 0x000e581f
Faulting process id: 0x188c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (02/28/2015 02:22:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
Faulting module name: ntdll.dll, version: 6.3.9600.17630, time stamp: 0x54b0d74f
Exception code: 0xc0000409
Fault offset: 0x000e581f
Faulting process id: 0x1410
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
 
System errors:
=============
Error: (02/28/2015 11:24:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxduCATSCustConnectService service failed to start due to the following error: 
%%1053
 
Error: (02/28/2015 11:24:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService service to connect.
 
Error: (02/28/2015 09:30:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxduCATSCustConnectService service failed to start due to the following error: 
%%1053
 
Error: (02/28/2015 09:30:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService service to connect.
 
Error: (02/28/2015 09:23:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxduCATSCustConnectService service failed to start due to the following error: 
%%1053
 
Error: (02/28/2015 09:23:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService service to connect.
 
Error: (02/28/2015 09:05:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxduCATSCustConnectService service failed to start due to the following error: 
%%1053
 
Error: (02/28/2015 09:05:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService service to connect.
 
Error: (02/28/2015 09:04:17 PM) (Source: DCOM) (EventID: 10010) (User: SHOKRYOU)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (02/28/2015 09:04:17 PM) (Source: DCOM) (EventID: 10010) (User: SHOKRYOU)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
 
Microsoft Office Sessions:
=========================
Error: (03/01/2015 04:41:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: CKScanner.exe2.5.1.117e801d0548174f6c7e83C:\Users\ShoKatsu\Desktop\CKScanner.exec9f5765a-c074-11e4-bec7-7c0507b091a6
 
Error: (03/01/2015 04:40:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: CKScanner.exe2.5.1.113e401d05481384929283C:\Users\ShoKatsu\Desktop\CKScanner.exe9ff553e4-c074-11e4-bec7-7c0507b091a6
 
Error: (03/01/2015 04:38:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: CKScanner.exe2.5.1.115e401d054810cc068d34294967295C:\Users\ShoKatsu\Desktop\CKScanner.exe6dc46558-c074-11e4-bec7-7c0507b091a6
 
Error: (02/28/2015 09:04:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PhotoshopElementsFileAgent.exe12.0.0.052250aa6unknown0.0.0.000000000c0000005329c6eec176801d053dd32a723c8C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exeunknown7096727c-bfd0-11e4-bec3-7c0507b091a6
 
Error: (02/28/2015 08:02:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9ntdll.dll6.3.9600.1763054b0d74fc0000409000e581f233001d053d475cfcc21C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\ntdll.dllc5e6911b-bfc7-11e4-bec2-7c0507b091a6
 
Error: (02/28/2015 07:23:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9ntdll.dll6.3.9600.1763054b0d74fc0000409000e581f3f7001d053cf0c8f3292C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\ntdll.dll5db8d503-bfc2-11e4-bec2-7c0507b091a6
 
Error: (02/28/2015 06:52:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9ntdll.dll6.3.9600.1763054b0d74fc0000409000e581f190001d053caafbb4d3dC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\ntdll.dllee007186-bfbd-11e4-bec2-7c0507b091a6
 
Error: (02/28/2015 03:42:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9ntdll.dll6.3.9600.1763054b0d74fc0000409000e581f147c01d053b0255b48a7C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\ntdll.dll76e7b85a-bfa3-11e4-bec1-7c0507b091a6
 
Error: (02/28/2015 02:23:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9ntdll.dll6.3.9600.1763054b0d74fc0000409000e581f188c01d05340895abc3eC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\ntdll.dllc771c535-bf33-11e4-bec1-7c0507b091a6
 
Error: (02/28/2015 02:22:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9ntdll.dll6.3.9600.1763054b0d74fc0000409000e581f141001d0534072a91c64C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\ntdll.dllc2d0adf3-bf33-11e4-bec1-7c0507b091a6
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-07-21 12:20:42.820
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Toshiba Shared\TosQEP64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 27%
Total physical RAM: 12163.27 MB
Available physical RAM: 8834.68 MB
Total Pagefile: 14019.27 MB
Available Pagefile: 10554.16 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
 
==================== Drives ================================
 
Drive c: (TI10667700F) (Fixed) (Total:919.81 GB) (Free:791.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 

 

==================== End Of Log ============================

  • 0

Advertisements

#11
ShoKRyou
Posted 01 March 2015 - 07:46 PM

ShoKRyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Just now, Windows Defender detected some malware. Should I reboot my computer to complete its task?

 

New malware detected.png


Edited by ShoKRyou, 01 March 2015 - 07:49 PM.

  • 0

#12
pystryker
Posted 01 March 2015 - 08:03 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

I apologize for not knowing this rule. I'd really like to continue this technical support, so I'll uninstall those programs and redo scanning.


No worries, and thank you. :)

Just now, Windows Defender detected some malware. Should I reboot my computer to complete its task?
 
attachicon.gifNew malware detected.png


Yes, go ahead. I'm in the process of working up some fixes and additional scans.
  • 0

#13
pystryker
Posted 01 March 2015 - 08:16 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Alright, let's get started. :) There's much to do, so please take your time with each step. We do this at the pace you are most comfortable with. :thumbsup: Also, please let me know how the machine is running at the end of these steps. This will help me determine our next steps.



Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Program Uninstall and P2P Warning

Please uninstall the following program as it uses psuedo P2P technology and gives no thought to the security of your system.

Pando Media Booster


The Dangers of P2P Programs

I noticed that you have a P2P file sharing program (uTorrent) on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.


Step 2: Fix with FRST

Note: Before performing this step, please move FRST64.exe from C:\Users\ShoKatsu\Downloads to your desktop. All tools must be run from the desktop to ensure program execution.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\Run: [] => [X]
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\Run: [YffwPack] => regsvr32.exe C:\Users\ShoKatsu\AppData\Local\YffwPack\cscompmgd.DLL <===== ATTENTION
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
C:\PROGRA~2\SearchProtect
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1565841611-4075189342-3673294717-1001 -> {601B93FA-ED79-4494-9D54-15EBEBFC0348} URL =
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-1565841611-4075189342-3673294717-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
2015-02-28 21:40 - 2015-02-28 21:43 - 07365120 _____ (Safebytes) C:\Users\ShoKatsu\Downloads\TotalSystemCare_Installer.exe
Task: {68A90736-22A8-4DB7-A215-5851BC553FB1} - \YourFile DownloaderUpdate No Task File <==== ATTENTION
Task: {7697693A-F08F-4F4F-857C-4F8D0593E2B5} - System32\Tasks\{C410AA26-808A-4C27-8E18-D97274FE6800} => pcalua.exe -a "D:\~miKo-yuNi~ Official Games\Battle Realms WOTW\Cracks\crack 1\SETUPREG.EXE" -d "D:\~miKo-yuNi~ Official Games\Battle Realms WOTW\Cracks\crack 1"
C:\Users\ShoKatsu\AppData\Local\YffwPack
HKU\S-1-5-21-1565841611-4075189342-3673294717-1001\...\Run: [YhbnPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\ShoKatsu\AppData\Local\Oxvkics\CNBLR4.DLL
C:\Users\ShoKatsu\AppData\Local\Oxvkics
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 5: Scan with TDSSKiller


Please download TDSSKiller to the desktop.

Alternate download is here.
  • Right-click on TDSSKiller.exe and select Run as Administrator to start the program and follow the prompts.
  • When the main GUI(graphical user interface) window opens, click on Change Parameters
  • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • A Report will have been created by TDSSKiller in your root directory C:\
  • To find the log go to Start(Windows 7 Orb) > Computer > C: >> TDSSKiller.V.V.V.VV_DD.DD.YYYY_TT.TT.TT_log <-- The letters denote the version and date & time etc.
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!


Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

TDSSKiller Log

How is the machine running at this time?
  • 0

#14
ShoKRyou
Posted 01 March 2015 - 08:46 PM

ShoKRyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
My computer acted weird after completing step 2. I was prompted to restart my computer after using Farbar fix. I was able to log in, but then during start-up I believe the Windows Explorer kept refreshing or the screen kept flashing repeatedly and can't open any programs, so I am unable to continue. I currently am using my phone to communicate. How shall I fix this? I haven't turned off Windows Defender/Malwarebytes because I don't know how to turn it off. I need my computer by tomorrow...

Edited by ShoKRyou, 01 March 2015 - 08:48 PM.

  • 0

#15
ShoKRyou
Posted 01 March 2015 - 08:59 PM

ShoKRyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I've figured out the problem. I think it's called Thumbnail Handler Extraction Host Loop.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP