Computer freezes up

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Prinny
    PCHF Member
    • Dec 2016
    • 36

    #1

    Computer freezes up

    Not even sure if this is the right place to post this, but here goes.

    [MEDIA=reddit]techsupport/comments/5hormh/computer_basically_freezes_after_login[/MEDIA]

    Here I am What started out as annoying game crashing has somehow escalated into this. I don’t know how/if I can even fix it if I don’t know what’s wrong. I’m pretty desperate and appreciate any and all help.
  • Malnutrition
    PCHF Moderator
    • Jul 2016
    • 7045

    #2
    Welcome to PCHF

    From Safe Mode With Networking please run this tool.

    Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

    If you are unsure if your operating system is 32 or 64 Bit please go HERE.

    Once downloaded right click the FRST desktop icon and select “Run as administrator” from the menu"



    If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
    FRST will open with two dialogue boxes, accept the disclaimer.


    [ol]
    [li]Accept the default whitelist options,[/li][li]If the additions.txt options box is not checked please select it. [/li]
    [li]Then select Scan[/li][/ol]



    Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.



    Please Copy and Paste the contents of these logs in your next post for review

    Comment

    • Prinny
      PCHF Member
      • Dec 2016
      • 36

      #3
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
      Ran by OWNER (administrator) on OWNER-PC (10-12-2016 23:16:14)
      Running from C:\Users\OWNER\Desktop
      Loaded Profiles: OWNER (Available Profiles: OWNER)
      Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
      Internet Explorer Version 10 (Default browser: FF)
      Boot Mode: Safe Mode (with Networking)
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

      ==================== Registry (Whitelisted) ====================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKU\S-1-5-21-2941685042-3306150061-3194319401-1000...\MountPoints2: {646cb0c1-6b01-11e2-8017-806e6f6e6963} - D:\Run.exe
      GroupPolicyScripts: Restriction <======= ATTENTION

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Tcpip..\Interfaces{26F54C70-E6A9-4026-AAE6-12027642A3E0}: [DhcpNameServer] 192.168.1.254
      Tcpip..\Interfaces{2B0F3536-45DB-43BD-8D5D-6D24B03F4ECD}: [DhcpNameServer] 192.168.1.254
      [HEADING=1]Internet Explorer:[/HEADING]
      HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ja-jp/?ocid=iehp
      HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
      SearchScopes: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000 → DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={E8FE87FC-B90F-4F8E-8E76-77F54D022E86}&mid=6950e4184e674fa896e387d2fbc29959-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&d s=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2016-03-18 00:35:34&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={search Terms}
      SearchScopes: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000 → {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
      SearchScopes: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000 → {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={E8FE87FC-B90F-4F8E-8E76-77F54D022E86}&mid=6950e4184e674fa896e387d2fbc29959-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&d s=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2016-03-18 00:35:34&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={search Terms}
      BHO: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files\Java\jre7\bin\ssv.dll [2016-11-19] (Oracle Corporation)
      BHO: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files\Java\jre7\bin\jp2ssv.dll [2016-11-19] (Oracle Corporation)
      BHO-x32: ATLAS Toolbar → {3C6301ED-0F78-4AF2-8150-D9C052361A8E} → C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL [2007-10-04] (FUJITSU LIMITED)
      BHO-x32: No Name → {95B7759C-8C7F-4BF1-B163-73684A933233} → No File
      Toolbar: HKLM-x32 - ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL [2007-10-04] (FUJITSU LIMITED)
      Toolbar: HKU.DEFAULT → No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
      Toolbar: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000 → No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
      DPF: HKLM-x32 {F8160836-0C11-4CA4-AD87-944542C7BCBD} hxxp://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
      [HEADING=1]FireFox:[/HEADING]
      FF DefaultProfile: v88yth1x.default-1396169490810
      FF ProfilePath: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Pro files\v88yth1x.default-1396169490810 [2016-12-10]
      FF DefaultSearchEngine: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 → Google
      FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 → Google
      FF Homepage: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 → hxxps://www.google.com
      FF NetworkProxy: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 → ftp_port", 3128
      FF NetworkProxy: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 → http_port", 3128
      FF NetworkProxy: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 → no_proxies_on", “localhost, 189.17.1.245”
      FF NetworkProxy: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 → socks_port", 3128
      FF NetworkProxy: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 → ssl_port", 3128
      FF Extension: (AVG Web TuneUp) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Pro files\v88yth1x.default-1396169490810\Extensions\avg@toolbar.xpi [2016-04-27]
      FF Extension: (Ghostery) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Pro files\v88yth1x.default-1396169490810\Extensions\firefox@ghostery.com.xpi [2016-11-29]
      FF Extension: (ExHentai Easy 2) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Pro files\v88yth1x.default-1396169490810\Extensions\jid1-7NbXi2AqS1oUFw@jetpack.xpi [2016-08-12]
      FF Extension: (NoScript) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Pro files\v88yth1x.default-1396169490810\Extensions{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-11-28]
      FF SearchPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Pro files\v88yth1x.default-1396169490810\searchplugins\yahoo_ff.xml [2014-05-16]
      FF HKLM...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox => not found
      FF HKLM-x32...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox => not found
      FF HKLM-x32...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files (x86)\BetterSurf\ff => not found
      FF Plugin: @adobe.com/FlashPlayer → C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_ 209.dll [2016-08-10] ()
      FF Plugin: @java.com/DTPlugin,version=10.79.2 → C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-11-19] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=10.79.2 → C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2016-11-19] (Oracle Corporation)
      FF Plugin: @microsoft.com/GENUINE → disabled [No File]
      FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 → C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2014-11-11] (Unity Technologies ApS)
      FF Plugin-x32: @adobe.com/FlashPlayer → C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_ 209.dll [2016-08-10] ()
      FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin → C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.9\npsitesafety.dll [No File]
      FF Plugin-x32: @microsoft.com/GENUINE → disabled [No File]
      FF Plugin-x32: @qq.com/npAndroidAssistant → C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\1.8.101.2154\npQQPhon eManagerExt.dll [2012-12-20] (腾讯公司)
      FF Plugin-x32: @qq.com/TXSSO → C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.37\Bin\npSSOAxCtrlForPTL ogin.dll [2013-12-30] (Tencent)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
      FF Plugin-x32: pmang.jp/pmangdiagnostic-1 → C:\GameOn\Common files\nppmangdiagnostic_0.dll [No File]
      FF Plugin HKU\S-1-5-21-2941685042-3306150061-3194319401-1000: @unity3d.com/UnityPlayer,version=1.0 → C:\Users\OWNER\AppData\LocalLow\Unity\WebPlayer\lo ader\npUnity3D32.dll [2015-09-03] (Unity Technologies ApS)
      [HEADING=1]Chrome:[/HEADING]
      CHR DefaultProfile: Default
      CHR StartupUrls: Default → “hxxp://www.google.com/
      CHR Profile: C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default [2016-12-10]
      CHR Extension: (Sad Panda) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohapeiooecafommnlaiccilac gmkaoc [2016-08-25]
      CHR Extension: (Adblock Plus) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddi lifddb [2016-10-27]
      CHR Extension: (グランブルーファンタジー[ChromeApps版]) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\eablgejicbklomgaiclcolfilb kckngf [2016-11-06]
      CHR Extension: (KanColle Command Center 改) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgmldnainaglpjngpajnnjfhp djkohh [2016-12-10]
      CHR Extension: (Chrome Web Store Payments) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2016-04-05]
      CHR Extension: (Chrome Media Router) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2016-12-09]
      CHR Profile: C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-05-04]
      CHR Profile: C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\System Profile [2016-05-04]
      CHR HKLM-x32...\Chrome\Extension: [cikkkfooompgefbcjlgdjejfdknkheaj] - C:\Program Files (x86)\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx
      CHR HKLM-x32...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx
      CHR HKLM-x32...\Chrome\Extension: [gpiifgmgnfdiblgpaepbmfdkcheicgof] - C:\Program Files (x86)\Common Files\Spigot\GC\nta_1.0_0.crx
      CHR HKLM-x32...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx
      CHR HKLM-x32...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\OWNER\AppData\Local\Slick Savings\coupons.crx [2014-05-16]
      CHR HKLM-x32...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx
      CHR HKLM-x32...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      S4 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-10-12] (Advanced Micro Devices, Inc.)
      S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
      S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
      S4 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
      S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-07-31] (SurfRight B.V.)
      S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2016-04-05] (LogMeIn, Inc.)
      R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
      S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
      S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5449136 2016-05-16] (INCA Internet Co., Ltd.)
      S4 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4374072 2015-01-09] (SoftEther VPN Project at University of Tsukuba, Japan.)
      S4 Thorn; C:\Users\OWNER\AppData\Local\THORN\Thorn.exe [56824 2015-10-01] (GGS)
      S4 UCManSvc; C:\Program Files (x86)\SoftDenchi\UCManSvc.exe [186512 2012-11-01] (Paltiosoft Inc.) [File not signed]
      S4 vToolbarUpdater40.2.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\ToolbarUpdater.exe [1964616 2016-04-13] (AVG Secure Search)
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
      S4 WtuSystemSupport; “C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe”

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      S2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
      S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
      S3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [99440 2011-08-10] (Atheros Communications, Inc.)
      S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [89304 2015-10-01] (Malwarebytes Corporation)
      S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
      S3 Neo_JP; C:\Windows\System32\DRIVERS\Neo_0038.sys [28768 2015-01-09] (SoftEther VPN Project at University of Tsukuba, Japan.)
      S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
      R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2013-05-08] () [File not signed]
      S3 TesSafe; C:\Windows\system32\TesSafe.sys [910992 2015-01-10] (TENCENT)
      S3 vhidmini; C:\Windows\System32\DRIVERS\vjoy.sys [15544 2013-04-18] (Headsoft)
      S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
      U3 a3fmwe7o; C:\Windows\System32\Drivers\a3fmwe7o.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
      S2 AODDriver4.2.0; ??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
      S3 EagleX64; ??\C:\Windows\system32\drivers\EagleX64.sys
      S3 hxsyol; ??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys
      S1 QMUdisk; ??\C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QMUdisk64.sys
      S3 Synth3dVsc; System32\drivers\synth3dvsc.sys
      S3 tsusbhub; system32\drivers\tsusbhub.sys
      S3 VGPU; System32\drivers\rdvgkmd.sys
      S3 WinRing0_1_2_0; ??\C:\Users\OWNER\Desktop\OpenHardwareMonitor\Open HardwareMonitorLib.sys
      S3 xhunter1; ??\C:\Windows\xhunter1.sys

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2016-12-10 23:16 - 2016-12-10 23:17 - 00014625 _____ C:\Users\OWNER\Desktop\FRST.txt
      2016-12-10 23:09 - 2016-12-10 23:16 - 00000000 ____D C:\FRST
      2016-12-10 23:08 - 2016-12-10 23:08 - 02420224 _____ (Farbar) C:\Users\OWNER\Desktop\FRST64.exe
      2016-12-10 20:52 - 2016-12-10 22:36 - 00193720 _____ C:\Windows\ntbtlog.txt
      2016-12-10 20:43 - 2016-12-10 20:43 - 00003744 ____N C:\bootsqm.dat
      2016-12-10 02:27 - 2016-12-10 02:27 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
      2016-12-10 02:27 - 2016-12-10 02:27 - 00000000 ____D C:\Program Files\Microsoft Security Client
      2016-12-10 02:27 - 2016-12-10 02:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
      2016-12-10 01:16 - 2016-12-10 02:18 - 00000000 ____D C:\AVG_Remover
      2016-12-09 19:28 - 2016-12-09 19:28 - 00001113 _____ C:\Users\OWNER\Desktop\WhoCrashed.lnk
      2016-12-09 18:11 - 2016-12-09 23:27 - 00000000 ____D C:\Users\Default\Desktop\WhoCrashed
      2016-12-09 18:11 - 2016-12-09 23:27 - 00000000 ____D C:\Users\Default User\Desktop\WhoCrashed
      2016-12-09 18:11 - 2016-12-09 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
      2016-12-09 18:09 - 2016-12-09 18:09 - 04958280 _____ (Resplendence Software Projects Sp. ) C:\Users\OWNER\Desktop\whocrashedSetup.exe
      2016-12-09 17:12 - 2016-12-09 17:12 - 00514172 _____ C:\Users\OWNER\Desktop\openhardwaremonitor-v0.8.0-beta.zip
      2016-12-07 12:12 - 2016-12-09 23:35 - 00000000 ____D C:\Users\OWNER\AppData\Local\SWPatcher
      2016-12-07 12:12 - 2016-12-07 12:12 - 00000390 _____ C:\Users\OWNER\Desktop\Soulworker Patcher.appref-ms
      2016-12-07 12:12 - 2016-12-07 12:12 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\MiyuPatcher
      2016-12-06 23:33 - 2016-12-06 23:33 - 00000575 _____ C:\Users\OWNER\Desktop\バンダイナムコオンラインランチャー.lnk
      2016-12-06 23:33 - 2016-12-06 23:33 - 00000000 ____D C:\Users\OWNER\Desktop\BNO
      2016-12-06 16:29 - 2016-12-06 16:44 - 00000000 ____D C:\Users\OWNER\Desktop\Convenience
      2016-12-06 16:26 - 2016-12-07 16:08 - 00000000 ____D C:\Users\OWNER\Desktop\Extra
      2016-12-06 16:25 - 2016-12-06 23:32 - 00000000 ____D C:\Users\OWNER\Desktop\Launchers
      2016-12-05 23:04 - 2016-12-05 23:04 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\FALCOM
      2016-12-03 16:20 - 2016-05-16 04:25 - 05449136 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
      2016-12-03 16:20 - 2005-01-02 04:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys
      2016-12-03 16:20 - 2003-07-18 13:17 - 00005174 _____ C:\Windows\SysWOW64\nppt9x.vxd
      2016-12-02 21:52 - 2016-11-02 07:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
      2016-12-02 21:52 - 2016-11-02 07:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
      2016-12-02 21:52 - 2016-11-02 07:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
      2016-12-02 21:52 - 2016-11-02 07:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
      2016-12-02 21:52 - 2016-11-02 07:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
      2016-12-02 21:52 - 2016-11-02 07:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
      2016-12-02 21:52 - 2016-11-02 07:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
      2016-12-02 21:52 - 2016-11-02 07:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
      2016-12-02 21:52 - 2016-11-02 07:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
      2016-12-02 21:52 - 2016-11-02 06:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
      2016-12-02 21:52 - 2016-10-25 07:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
      2016-12-02 21:52 - 2016-10-15 07:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
      2016-12-02 21:52 - 2016-10-15 07:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
      2016-12-02 21:52 - 2016-10-15 07:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
      2016-12-02 21:52 - 2016-10-15 07:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
      2016-12-02 21:52 - 2016-10-11 07:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
      2016-12-02 21:52 - 2016-10-11 07:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
      2016-12-02 21:52 - 2016-10-11 07:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
      2016-12-02 21:52 - 2016-10-11 07:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
      2016-12-02 21:52 - 2016-10-11 07:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
      2016-12-02 21:52 - 2016-10-11 07:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
      2016-12-02 21:52 - 2016-10-11 07:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
      2016-12-02 21:52 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
      2016-12-02 21:52 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
      2016-12-02 21:52 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
      2016-12-02 21:52 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
      2016-12-02 21:52 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
      2016-12-02 21:52 - 2016-10-11 07:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
      2016-12-02 21:52 - 2016-10-11 07:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
      2016-12-02 21:52 - 2016-10-11 07:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
      2016-12-02 21:52 - 2016-10-11 07:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
      2016-12-02 21:52 - 2016-10-11 07:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
      2016-12-02 21:52 - 2016-10-11 07:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
      2016-12-02 21:52 - 2016-10-11 07:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
      2016-12-02 21:52 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
      2016-12-02 21:52 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
      2016-12-02 21:52 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
      2016-12-02 21:52 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
      2016-12-02 21:52 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
      2016-12-02 21:52 - 2016-10-11 07:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
      2016-12-02 21:52 - 2016-10-11 05:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
      2016-12-02 21:52 - 2016-10-11 05:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
      2016-12-02 21:52 - 2016-10-10 07:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
      2016-12-02 21:52 - 2016-10-10 07:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
      2016-12-02 21:52 - 2016-10-10 07:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
      2016-12-02 21:52 - 2016-10-10 07:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
      2016-12-02 21:52 - 2016-10-10 07:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
      2016-12-02 21:52 - 2016-10-10 07:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
      2016-12-02 21:52 - 2016-10-10 07:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
      2016-12-02 21:52 - 2016-10-10 07:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
      2016-12-02 21:52 - 2016-10-10 07:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
      2016-12-02 21:52 - 2016-10-10 07:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
      2016-12-02 21:52 - 2016-10-10 07:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
      2016-12-02 21:52 - 2016-10-10 07:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
      2016-12-02 21:52 - 2016-10-10 07:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
      2016-12-02 21:52 - 2016-10-10 07:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
      2016-12-02 21:52 - 2016-10-10 07:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
      2016-12-02 21:52 - 2016-10-10 07:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
      2016-12-02 21:52 - 2016-10-10 07:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
      2016-12-02 21:52 - 2016-10-10 07:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
      2016-12-02 21:52 - 2016-10-10 07:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
      2016-12-02 21:52 - 2016-10-10 07:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
      2016-12-02 21:52 - 2016-10-10 07:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
      2016-12-02 21:52 - 2016-10-10 07:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
      2016-12-02 21:52 - 2016-10-10 07:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
      2016-12-02 21:52 - 2016-10-10 07:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
      2016-12-02 21:52 - 2016-10-10 07:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
      2016-12-02 21:52 - 2016-10-10 07:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
      2016-12-02 21:52 - 2016-10-10 07:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
      2016-12-02 21:52 - 2016-10-10 07:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
      2016-12-02 21:52 - 2016-10-10 07:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
      2016-12-02 21:52 - 2016-10-10 07:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
      2016-12-02 21:52 - 2016-10-10 07:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
      2016-12-02 21:52 - 2016-10-10 07:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
      2016-12-02 21:52 - 2016-10-10 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
      2016-12-02 21:52 - 2016-10-10 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
      2016-12-02 21:52 - 2016-10-10 07:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
      2016-12-02 21:52 - 2016-10-10 07:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
      2016-12-02 21:52 - 2016-10-10 06:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
      2016-12-02 21:52 - 2016-10-10 06:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
      2016-12-02 21:52 - 2016-10-10 06:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
      2016-12-02 21:52 - 2016-10-10 06:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
      2016-12-02 21:52 - 2016-10-10 06:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
      2016-12-02 21:52 - 2016-10-10 06:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
      2016-12-02 21:52 - 2016-10-07 07:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
      2016-12-02 21:52 - 2016-10-07 07:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
      2016-12-02 21:52 - 2016-10-07 07:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
      2016-12-02 21:52 - 2016-10-07 07:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
      2016-12-02 21:52 - 2016-10-07 07:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
      2016-12-02 21:52 - 2016-10-07 07:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 07:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
      2016-12-02 21:52 - 2016-10-07 07:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
      2016-12-02 21:52 - 2016-10-07 07:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
      2016-12-02 21:52 - 2016-10-07 07:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
      2016-12-02 21:52 - 2016-10-07 07:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
      2016-12-02 21:52 - 2016-10-07 06:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
      2016-12-02 21:52 - 2016-10-07 06:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
      2016-12-02 21:52 - 2016-10-07 06:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
      2016-12-02 21:52 - 2016-10-07 06:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
      2016-12-02 21:52 - 2016-10-07 06:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
      2016-12-02 21:52 - 2016-10-07 06:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 06:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 06:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-07 06:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
      2016-12-02 21:52 - 2016-10-05 06:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
      2016-12-02 21:52 - 2016-09-15 06:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
      2016-12-02 21:52 - 2016-09-13 07:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
      2016-12-02 21:52 - 2016-09-13 07:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
      2016-12-02 21:52 - 2016-09-09 10:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
      2016-12-02 21:52 - 2016-09-09 10:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
      2016-12-02 21:52 - 2016-08-22 08:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
      2016-11-30 21:47 - 2016-11-30 21:47 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Mudfish Cloud VPN
      2016-11-30 21:43 - 2016-11-30 21:43 - 02015880 _____ C:\Users\OWNER\Downloads\mudfish-4.4.3-x86_64-win2k-setup.exe
      2016-11-30 19:02 - 2016-11-30 19:02 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\JDownloader
      2016-11-30 18:41 - 2016-11-30 18:42 - 00076504 _____ (AppWork GmbH) C:\Users\OWNER\Downloads\WebInstaller.exe
      2016-11-30 14:27 - 2016-11-30 21:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
      2016-11-20 03:34 - 2016-11-20 03:34 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\CLIPCRAFT
      2016-11-19 04:50 - 2016-11-19 04:51 - 00000000 ____D C:\Python27
      2016-11-19 04:42 - 2016-11-19 04:42 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Sikuli
      2016-11-19 04:29 - 2016-11-19 04:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
      2016-11-19 04:29 - 2016-11-19 04:28 - 00320424 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
      2016-11-19 04:29 - 2016-11-19 04:28 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
      2016-11-19 04:29 - 2016-11-19 04:28 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
      2016-11-19 04:29 - 2016-11-19 04:28 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
      2016-11-19 04:28 - 2016-11-19 04:28 - 00000000 ____D C:\Users\OWNER\AppData\LocalLow\Sun
      2016-11-19 04:28 - 2016-11-19 04:28 - 00000000 ____D C:\Program Files\Java
      2016-11-18 23:46 - 2016-11-18 23:46 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
      2016-11-18 23:46 - 2016-11-18 23:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
      2016-11-18 23:46 - 2016-11-18 23:46 - 00000000 ____D C:\Program Files\CCleaner
      2016-11-17 21:29 - 2016-12-10 21:55 - 00000000 ____D C:\Users\OWNER\AppData\LocalLow\Mozilla
      2016-11-16 20:21 - 2016-11-16 20:21 - 00000000 ____D C:\Users\OWNER\AppData\LocalLow\AMD
      2016-11-16 15:30 - 2016-11-16 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
      2016-11-14 23:40 - 2016-11-14 23:40 - 00000000 ____D C:\Users\OWNER\AppData\Local\Smooth and Flat
      2016-11-14 23:39 - 2016-11-14 23:39 - 00000000 ____D C:\Users\OWNER\Documents\KanColleViewer!
      2016-11-14 23:34 - 2016-11-14 23:34 - 00000000 ____D C:\Users\OWNER\AppData\Local\Smooth_and_Flat
      2016-11-14 23:33 - 2016-11-14 23:33 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Smooth and Flat
      2016-11-14 22:53 - 2016-11-14 22:57 - 00000000 ____D C:\Users\OWNER\AppData\Local\grabacr.net
      2016-11-14 22:53 - 2016-11-14 22:53 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\grabacr.net
      2016-11-14 22:22 - 2016-11-14 22:22 - 00000000 ____D C:\Users\OWNER\AppData\Local\KanColleTool
      2016-11-11 23:29 - 2016-11-11 23:29 - 00001169 _____ C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\TeamSpeak 3 Client.lnk
      2016-11-11 23:28 - 2016-11-11 23:29 - 00000000 ____D C:\Users\OWNER\AppData\Local\TeamSpeak 3 Client
      2016-11-11 23:27 - 2016-11-11 23:27 - 32019840 _____ (TeamSpeak Systems GmbH) C:\Users\OWNER\Downloads\TeamSpeak3-Client-win64-3.0.19.4.exe

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2016-12-10 22:36 - 2013-12-11 21:34 - 00000000 ____D C:\ProgramData\Malwarebytes’ Anti-Malware (portable)
      2016-12-10 22:25 - 2013-03-23 13:54 - 00000000 ____D C:\Users\OWNER\AppData\Local\ElevatedDiagnostics
      2016-12-10 22:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
      2016-12-10 22:15 - 2013-12-11 21:34 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
      2016-12-10 21:42 - 2013-01-30 11:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
      2016-12-10 21:41 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
      2016-12-10 21:40 - 2016-08-08 11:27 - 00065536 _____ C:\Windows\system32\spu_storage.bin
      2016-12-10 21:40 - 2016-05-04 18:29 - 00000000 ____D C:\Windows\pss
      2016-12-10 21:32 - 2009-07-13 20:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2016-12-10 21:32 - 2009-07-13 20:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2016-12-10 18:41 - 2013-11-19 18:28 - 00007601 _____ C:\Users\OWNER\AppData\Local\Resmon.ResmonCfg
      2016-12-10 17:50 - 2015-12-13 15:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
      2016-12-10 17:29 - 2013-01-30 11:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
      2016-12-10 14:52 - 2015-01-09 01:04 - 00000000 ____D C:\Program Files\SoftEther VPN Client
      2016-12-10 14:50 - 2015-01-10 02:15 - 00000000 ____D C:\Users\OWNER\AppData\Local\Deployment
      2016-12-10 14:29 - 2016-01-11 14:38 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\discord
      2016-12-10 03:31 - 2016-04-14 00:57 - 00000000 ____D C:\Program Files (x86)\Mudfish Cloud VPN
      2016-12-10 02:28 - 2013-01-29 20:53 - 00001945 _____ C:\Windows\epplauncher.mif
      2016-12-10 02:18 - 2015-05-26 13:10 - 00000000 ____D C:\Users\OWNER\AppData\Local\Avg
      2016-12-10 01:36 - 2015-06-12 12:40 - 00000000 ____D C:\Program Files\Common Files\AV
      2016-12-09 20:07 - 2013-01-30 20:13 - 00000000 ____D C:\Program Files (x86)\Steam
      2016-12-09 18:15 - 2010-01-31 14:00 - 00000000 ____D C:\Users\OWNER\Desktop\OpenHardwareMonitor
      2016-12-09 18:01 - 2014-10-25 06:18 - 00000000 ____D C:\Program Files (x86)\SpeedFan
      2016-12-09 16:31 - 2016-09-20 01:49 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
      2016-12-09 10:02 - 2015-02-07 02:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\light
      2016-12-09 09:53 - 2014-07-30 11:34 - 00000000 ____D C:\PSOT
      2016-12-08 14:48 - 2013-02-27 18:56 - 00000000 ____D C:\AtelierW
      2016-12-08 14:31 - 2013-05-09 15:11 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2016-12-06 23:33 - 2016-05-05 19:06 - 00000575 _____ C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\バンダイナムコオンラインランチャー.lnk
      2016-12-06 16:26 - 2013-01-21 20:48 - 00000000 ____D C:\Users\OWNER\Downloads\G121028
      2016-12-06 16:22 - 2013-11-29 21:39 - 00000000 ____D C:\Users\OWNER\Documents\BnS
      2016-12-06 15:13 - 2013-01-29 19:45 - 00000000 ____D C:\Users\OWNER\Documents\SEGA
      2016-12-05 23:10 - 2015-02-07 02:34 - 00000000 ____D C:\Program Files (x86)\light
      2016-12-05 23:04 - 2009-07-13 21:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
      2016-12-05 23:02 - 2013-01-30 09:33 - 00000000 ____D C:\AMD
      2016-12-05 23:00 - 2013-05-20 14:17 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Steam
      2016-12-05 22:45 - 2013-02-02 17:03 - 00416826 _____ C:\Windows\system32\perfh011.dat
      2016-12-05 22:45 - 2013-02-02 17:03 - 00122208 _____ C:\Windows\system32\perfc011.dat
      2016-12-05 22:45 - 2009-07-13 21:13 - 01313166 _____ C:\Windows\system32\PerfStringBackup.INI
      2016-12-05 22:42 - 2013-12-22 18:37 - 00000000 ____D C:\Users\OWNER\Downloads\aooni_en
      2016-12-03 14:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
      2016-12-03 12:30 - 2013-01-30 09:27 - 00000000 ____D C:\Users\OWNER
      2016-12-03 12:28 - 2009-07-13 20:45 - 00266824 _____ C:\Windows\system32\FNTCACHE.DAT
      2016-12-02 19:07 - 2016-04-17 03:21 - 00000000 ____D C:\Users\OWNER\Downloads\Kancolle
      2016-12-02 03:07 - 2013-08-14 00:55 - 00000000 ____D C:\Windows\system32\MRT
      2016-12-02 03:00 - 2013-02-02 16:35 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
      2016-12-01 00:54 - 2013-10-08 18:50 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Media Player Classic
      2016-12-01 00:54 - 2013-05-25 15:50 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\DAEMON Tools Pro
      2016-12-01 00:54 - 2013-03-03 20:20 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Azureus
      2016-11-30 21:49 - 2013-02-09 14:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2016-11-30 21:46 - 2016-05-30 02:29 - 00000000 ____D C:\Users\OWNER\Downloads\BBS
      2016-11-27 23:34 - 2013-05-10 23:41 - 00000000 ____D C:\Users\OWNER\Downloads\SC
      2016-11-24 05:50 - 2014-05-01 17:22 - 00000000 ____D C:\AtelierR
      2016-11-21 19:33 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
      2016-11-21 12:54 - 2009-07-13 21:08 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
      2016-11-20 03:38 - 2013-05-11 12:13 - 00000000 ____D C:\Users\OWNER\Downloads\NHSC
      2016-11-19 04:51 - 2014-06-20 16:04 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Python 2.7
      2016-11-18 23:48 - 2014-06-16 10:20 - 00000000 ____D C:\ProgramData\BlueStacksSetup
      2016-11-18 23:48 - 2013-05-20 16:41 - 00000000 ____D C:\Users\OWNER\AppData\Local\LogMeIn Hamachi
      2016-11-18 23:48 - 2013-05-08 21:33 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\DAEMON Tools Lite
      2016-11-16 15:36 - 2013-01-30 11:11 - 00000000 ____D C:\Users\OWNER\AppData\Local\AMD
      2016-11-16 15:31 - 2016-01-12 14:33 - 00004224 _____ C:\Windows\System32\Tasks\AMD Updater
      2016-11-16 15:30 - 2016-04-05 12:57 - 00000000 ____D C:\Program Files (x86)\AMD
      2016-11-16 15:25 - 2016-04-05 12:58 - 00000000 ____D C:\Program Files (x86)\VulkanRT
      2016-11-16 15:24 - 2013-01-30 09:34 - 00000000 ____D C:\Program Files\AMD
      2016-11-14 23:30 - 2013-03-21 20:14 - 01297678 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
      2016-11-12 22:53 - 2013-11-03 19:15 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\TS3Client

      ==================== Files in the root of some directories =======

      2015-07-16 19:12 - 2015-10-07 23:26 - 68888507 _____ () C:\Users\OWNER\AppData\Roaming\chport.exe
      2016-05-18 14:06 - 2016-05-18 14:15 - 0000558 _____ () C:\Users\OWNER\AppData\Roaming\odalaunch.ini
      2015-07-16 19:12 - 2015-10-07 23:26 - 282715648 _____ () C:\Users\OWNER\AppData\Roaming\steam_api.dmc
      2015-07-16 19:12 - 2015-10-07 23:25 - 0000009 _____ () C:\Users\OWNER\AppData\Roaming\update.dat
      2014-06-27 21:32 - 2014-06-30 21:32 - 0000600 _____ () C:\Users\OWNER\AppData\Local\PUTTY.RND
      2013-11-19 18:28 - 2016-12-10 18:41 - 0007601 _____ () C:\Users\OWNER\AppData\Local\Resmon.ResmonCfg
      2013-12-18 20:42 - 2015-01-10 05:39 - 0000040 _____ () C:\ProgramData\DT0001.dat
      2014-07-03 00:09 - 2015-01-10 05:39 - 0000040 _____ () C:\ProgramData\DT0006.dat
      2013-12-06 16:09 - 2013-12-06 16:09 - 0000058 _____ () C:\ProgramData\Update.ini
      [HEADING=1]Files to move or delete:[/HEADING]
      C:\ProgramData\DT0001.dat
      C:\ProgramData\DT0006.dat
      [HEADING=1]Some files in TEMP:[/HEADING]
      C:\Users\OWNER\AppData\Local\Temp\avguirn_08151269 7443.exe
      C:\Users\OWNER\AppData\Local\Temp\avguirn_08226517 269.exe
      C:\Users\OWNER\AppData\Local\Temp\c20c448073abd1a0 423d9c57b1875b06.dll
      C:\Users\OWNER\AppData\Local\Temp\d2e1e3fedab3ed89 2a0df92c63e9a780.dll
      C:\Users\OWNER\AppData\Local\Temp\JDSetup131250338 117512660.exe
      C:\Users\OWNER\AppData\Local\Temp\proxy_vole246182 6566935967893.dll
      C:\Users\OWNER\AppData\Local\Temp\proxy_vole306687 1754856067764.dll
      C:\Users\OWNER\AppData\Local\Temp\proxy_vole532477 3033895722492.dll
      C:\Users\OWNER\AppData\Local\Temp\sfamcc00001.dll
      C:\Users\OWNER\AppData\Local\Temp\sfareca00001.dll
      C:\Users\OWNER\AppData\Local\Temp\SkypeSetup.exe

      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2016-12-04 20:22

      ==================== End of FRST.txt ============================
      [HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
      Ran by OWNER (10-12-2016 23:18:17)
      Running from C:\Users\OWNER\Desktop
      Windows 7 Ultimate Service Pack 1 (X64) (2013-01-30 17:27:45)
      Boot Mode: Safe Mode (with Networking)[/HEADING]
      ==================== Accounts: =============================

      Administrator (S-1-5-21-2941685042-3306150061-3194319401-500 - Administrator - Disabled)
      Guest (S-1-5-21-2941685042-3306150061-3194319401-501 - Limited - Disabled)
      HomeGroupUser$ (S-1-5-21-2941685042-3306150061-3194319401-1003 - Limited - Enabled)
      OWNER (S-1-5-21-2941685042-3306150061-3194319401-1000 - Administrator - Enabled) => C:\Users\OWNER

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
      AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
      AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

      ==================== Installed Programs ======================

      (Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      inmm.dll 2.38 (HKLM-x32..._inmm) (Version: - )
      7-Zip 9.20 (HKLM-x32...\7-Zip) (Version: - )
      Adobe Flash Player 21 ActiveX (HKLM-x32...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
      Adobe Flash Player 22 NPAPI (HKLM-x32...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
      Aeria Ignite (HKLM-x32...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
      Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
      Akamai NetSession Interface (HKU\S-1-5-21-2941685042-3306150061-3194319401-1000...\Akamai) (Version: - Akamai Technologies, Inc)
      AMD Install Manager (HKLM...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
      Apowersoft Online Launcher version 1.4.4 (HKU\S-1-5-21-2941685042-3306150061-3194319401-1000...{20BF67A8-D81A-4489-8225-FABAA0896E2D}is1) (Version: 1.4.4 - APOWERSOFT LIMITED)
      Application Profiles (HKLM-x32...{77A795C8-E532-4B09-5C58-7FFFC3CC9171}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
      ATLAS Translation Standard V14.0 Trial Version (HKLM-x32...{6652750B-AA69-49B7-9D09-C0A28B6FFC9F}) (Version: 14.00.0000 - FUJITSU LIMITED)
      AutoHotkey 1.0.48.05 (HKLM-x32...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
      BlueStacks App Player (HKLM-x32...\BlueStacks App Player) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
      BlueStacks Notification Center (HKLM-x32...{4FCF716C-CEB4-499D-AFB8-A5375105EC2A}) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
      Catalyst Control Center Next Localization BR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CHS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CHT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization DA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization DE (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization EL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization ES (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization FI (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization FR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization HU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization IT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization JA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization KO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization NL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization NO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization PL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization RU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization SV (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization TH (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization TR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      CCleaner (HKLM...\CCleaner) (Version: 5.24 - Piriform)
      ChuSingura46+1 S (HKLM...\Steam App 464780) (Version: - インレ)
      CPUID CPU-Z 1.71 (HKLM...\CPUID CPU-Z_is1) (Version: - )
      Creatures of Darkness (HKLM-x32...{573F9269-A022-4C6F-97BD-CF1316A76369}) (Version: 3.3.1 - Screaming Bee)
      Cybertroopers Virtual-ON version PC (HKLM-x32...{379E152B-4215-44D7-ADBC-DC280791A042}is1) (Version: PC - Installer by TheArcadeStriker - Game by SEGA)
      Deep Space Voices (HKLM-x32...{67CEC218-B250-4B4C-B23F-A597EC8DB153}) (Version: 3.3.1 - Screaming Bee)
      Dies irae -Amantes amentes- (HKLM-x32...\InstallShield
      {91F5A357-7173-408C-85B7-FAAC69B5AD22}) (Version: 1.00.0000 - 株式会社グリーンウッド)
      Dies irae -Amantes amentes- (x32 Version: 1.00.0000 - 株式会社グリーンウッド) Hidden
      Discord (HKU\S-1-5-21-2941685042-3306150061-3194319401-1000...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
      Etron USB3.0 Host Controller (HKLM-x32...\InstallShield
      {DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.104 - Etron Technology)
      Etron USB3.0 Host Controller (x32 Version: 0.104 - Etron Technology) Hidden
      Fantasy Voice Pack (HKLM-x32...{5F4C3E1F-87FC-41BD-B219-E4156BBD8AE5}) (Version: 1.3.2 - Screaming Bee)
      FINAL FANTASY XIV - A Realm Reborn (HKLM-x32...{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
      Fraps (HKLM-x32...\Fraps) (Version: - )
      Galactic Voices (HKLM-x32...{891D8FC9-726D-46F2-ADC0-E060A6EB1DC3}) (Version: 1.3.1 - Screaming Bee)
      Google Chrome (HKLM-x32...\Google Chrome) (Version: 56.0.2924.21 - Google Inc.)
      Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
      Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
      HitmanPro 3.7 (HKLM...\HitmanPro37) (Version: 3.7.9.212 - SurfRight B.V.)
      HxD Hex Editor version 1.7.7.0 (HKLM-x32...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Ma・ Hz)
      Java 7 Update 79 (64-bit) (HKLM...{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
      K-Lite Mega Codec Pack 10.0.5 (HKLM-x32...\KLiteCodecPack_is1) (Version: 10.0.5 - )
      LogMeIn Hamachi (HKLM-x32...\LogMeIn Hamachi) (Version: 2.2.0.422 - LogMeIn, Inc.)
      LogMeIn Hamachi (x32 Version: 2.2.0.422 - LogMeIn, Inc.) Hidden
      Male Voice Pack (HKLM-x32...{71DD9C2C-3C7A-4B8D-AA36-C5C528A0CD69}) (Version: 1.3.2 - Screaming Bee)
      MeCab 0.98 (HKLM-x32...\MeCab_is1) (Version: 0.98 - Taku Kudo)
      Microsoft .NET Framework 4.6.2 (HKLM...{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
      Microsoft Games for Windows - LIVE (HKLM-x32...{A1C962E2-2426-49C6-A38B-9A07E40D607C}) (Version: 3.2.217.0 - Microsoft Corporation)
      Microsoft Security Essentials (HKLM...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM...{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM...{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32...{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
      MorphVOX Pro (HKLM-x32...{1DDBB040-3BEB-4057-90BB-B38B5E081D1B}) (Version: 4.3.21 - Screaming Bee)
      Mozilla Firefox 50.0.2 (x86 en-US) (HKLM-x32...\Mozilla Firefox 50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla)
      Mozilla Maintenance Service (HKLM-x32...\MozillaMaintenanceService) (Version: 50.0.2.6177 - Mozilla)
      Mudfish Cloud VPN v4.4.3 (HKLM-x32...\Mudfish Cloud VPN) (Version: 4.4.3 - Mudfish Networks)
      Personality Voices (HKLM-x32...{4B886E97-AF5B-46F0-9F48-6BE03149D972}) (Version: 1.0.1 - Screaming Bee)
      PHANTASY STAR ONLINE 2 (HKLM-x32...\ ページが見つかりません|『PSO2 ニュージェネシス』プレイヤーズサイト|SEGA ) (Version: - SEGA)
      puush (HKLM-x32...{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
      Python 2.7.12 (HKLM-x32...{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)
      Realtek Ethernet Controller Driver (HKLM-x32...{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
      RGSS-RTP 1.03 (HKLM-x32...\RGSS-RTP) (Version: 1.03 - Enterbrain Inc.)
      RPG Maker VX RTP (HKLM-x32...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
      Sci-Fi Voice Pack (HKLM-x32...{BC038C91-D3C6-4E43-8439-B65976FE7937}) (Version: 1.3.1 - Screaming Bee)
      sdrt(5.0, 64bit) (HKLM...{63A3DBCF-FB40-4398-9AE5-94EE6206CE12}) (Version: 5.0.3.0 - パルティオソフト株式会社)
      Skype™ 7.26 (HKLM-x32...{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
      SoftEther VPN Client (HKLM...\softether_sevpnclient) (Version: 4.12.9514 - SoftEther VPN Project)
      Soulworker Patcher (HKU\S-1-5-21-2941685042-3306150061-3194319401-1000...\4f8fec11a5e6e736) (Version: 2.4.1.2 - MiyuPatcher)
      SpeedFan (remove only) (HKLM-x32...\SpeedFan) (Version: - )
      Steam (HKLM-x32...{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
      TeamSpeak 3 Client (HKU\S-1-5-21-2941685042-3306150061-3194319401-1000...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
      Ultimate Knight ƒEƒBƒ“ƒ_ƒ€XP (HKLM-x32...{D5C424A1-5C0A-426C-BB0B-D75907243EC3}) (Version: - )
      Unity Web Player (HKU\S-1-5-21-2941685042-3306150061-3194319401-1000...\UnityWebPlayer) (Version: - Unity Technologies ApS)
      Unity Web Player (x64) (All users) (HKLM...\UnityWebPlayer) (Version: 4.6.0f2 - Unity Technologies ApS)
      VirtualCloneDrive (HKLM-x32...\VirtualCloneDrive) (Version: - Elaborate Bytes)
      Visual Studio 2012 x64 Redistributables (HKLM...{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
      Visual Studio 2012 x86 Redistributables (HKLM-x32...{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
      VLC media player 1.1.11 (HKLM-x32...\VLC media player) (Version: 1.1.11 - VideoLAN)
      Vulkan Run Time Libraries 1.0.17.0 (HKLM...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
      Vulkan Run Time Libraries 1.0.26.0 (HKLM...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
      Vulkan Run Time Libraries 1.0.3.1 (HKLM...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
      Vuze (HKLM...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.)
      WhoCrashed 5.53 (HKLM...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
      WinRAR 5.31 beta 1 (64-bit) (HKLM...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH)
      XSplit Gamecaster (HKLM-x32...{4EDB1851-7427-4324-AAAA-9E3852C73DAE}) (Version: 2.2.1502.1741 - SplitmediaLabs)
      いろとりどりのセカイ (HKLM-x32...{3DC8D5BA-E704-402F-88F0-E22BF4C41F6F}) (Version: 1.00.0000 - FAVORITE)
      ソウルワーカー (HKLM-x32...\ソウルワーカー) (Version: 1.0.0 - NHN PlayArt Corp.)
      バンダイナムコオンラインランチャー (HKLM-x32...\bno_starter) (Version: 1.0.3 - 株式会社バンダイナムコオンライン)
      ユニオリズム・カルテット A3-DAYS (HKLM-x32...\UQA3) (Version: 1.00 - CLIPCRAFT)
      機動戦士ガンダムオンライン (HKLM-x32...\Olive_is1) (Version: 1.0.0.4 - 株式会社バンダイナムコオンライン)
      神咒神威神楽 曙之光 (HKLM-x32...\InstallShield
      {E836AF82-7D3E-415F-BB09-0A124EF73909}) (Version: 1.00.0000 - 株式会社グリーンウッド)
      神咒神威神楽 曙之光 (x32 Version: 1.00.0000 - 株式会社グリーンウッド) Hidden
      相州戦神館學園 八命陣 (x32 Version: 1.00.0000 - 株式会社グリーンウッド) Hidden
      相州戦神館學園 万仙陣 (x32 Version: 1.00.0000 - 株式会社グリーンウッド) Hidden
      大迷宮&大迷惑 (HKLM-x32...{12BB3C50-4D4F-4D1F-8217-527477FEC813}) (Version: 1.1.1 - (c)Liar-soft/HOBIBOX)
      凍京NECRO (HKLM-x32...{96448B65-910B-41D9-8CC9-3E6BBC6B299D}) (Version: 1.00.000 - Nitroplus)
      セイバーフィッシュ (HKLM-x32...\JHPCIPOOIKKLILEOCNJDPHJGFPICMGJCIGIPGPICLFI CPAILIBICNPICOJIDEJIDJDIDGJJCECCN) (Version: - )

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {0D7DCF91-8711-45D3-851E-DBFBAD9B86C9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2016-08-10] (Adobe Systems Incorporated)
      Task: {119B33B7-2A52-412F-968F-109066C199D0} - System32\Tasks{155BAE76-F0D7-4B0B-8CA4-8169F3350BAD} => C:\Users\OWNER\Downloads\BlazBlue Continuum Shift\The.King.Of.Fighters.XIII.TaitoTypeX2 - Pimbax\game.exe
      Task: {1BEBC858-0DD7-4C06-99CC-74402FFD4D02} - System32\Tasks{798C79DE-8C69-49BE-BC05-9F1D0406861C} => C:\Users\OWNER\Downloads\BlazBlue Continuum Shift\The.King.Of.Fighters.XIII.TaitoTypeX2 - Pimbax\typex_loader.exe
      Task: {4C7B474F-2044-479A-9012-C8B5F401E616} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
      Task: {65D5F258-01B7-4F96-BFF2-41D77A1F0270} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
      Task: {6802DDAE-8916-4EFF-98BD-A0E04D63120C} - System32\Tasks{395B8B54-1DCC-4D89-B5C5-B83AA920524C} => C:\Games\Mangagamer\Kara no Shoujo\Kara no Shoujo.exe
      Task: {6B51DEC8-0E54-43EB-887E-3D37F8E9D3B7} - System32\Tasks{79417B52-B97C-4187-A43F-ED27EE3514F7} => C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe [2016-09-27] (SQUARE ENIX CO., LTD.)
      Task: {8218B5A6-854D-477F-952C-3BD9EB65F334} - System32\Tasks{33802990-D4AF-4FCD-B413-352904CD37E1} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-07-13] (Skype Technologies S.A.)
      Task: {8444EB68-097D-42C9-9553-715691D0D02F} - System32\Tasks\GameNet => C:\Program Files (x86)\QGNA\qgna.exe
      Task: {8AAA8B63-7E8A-4A08-88CD-BD473CFAFCF3} - System32\Tasks\Microsoft\Windows\MemDiag => C:\Windows\system32\mdres.exe [2009-07-13] (Microsoft Corporation)
      Task: {913872D3-8E70-4710-910E-8EDE843EE95E} - System32\Tasks\0715avUpdateInfo => C:\ProgramData\Avg_Update_0715av\0715av_AVG-Secure-Search-Update.exe [2015-07-07] ()
      Task: {A47CF2BC-B23D-43D5-96DA-8B3303A72483} - System32\Tasks{0A419879-A9D4-4082-814A-F36FDE0CA71F} => pcalua.exe -a E:\INSTALL.EXE -d E:
      Task: {A78647C6-7CE7-49B6-A6F7-4E02D6642903} - System32\Tasks{31789F64-6B41-4888-B118-06F62E982B47} => C:\Users\OWNER\Desktop\PSO2T\PSO2 Tweaker.exe
      Task: {A9113257-1100-4C3F-A909-CFC6B1251201} - System32\Tasks{4818B540-D086-4B0E-9692-4777D5FFB6E1} => C:\Users\OWNER\Desktop\PSO2T\PSO2 Tweaker.exe
      Task: {C3360EFD-679C-4B7B-B0BC-6F4FFA9382BE} - System32\Tasks{7DD725DA-3F70-4955-BC2C-5EFE6E6B081A} => pcalua.exe -a E:\SETUP.EXE -d E:
      Task: {C4D56D25-3B3B-42D0-BC29-B6179C688653} - System32\Tasks{87025ECC-BC61-4DE0-B1C6-EF8ADB1E4B54} => C:\Program Files (x86)\The King Of Fighters XIII\kofxiii.exe
      Task: {C9726BA4-2F4C-4184-BE94-1258EEF480FA} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [2016-09-16] (Advanced Micro Devices, Inc.)
      Task: {CA6A7396-2C11-4062-9E95-6E6694466A50} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
      Task: {D44F974B-E561-41CD-A5C6-E19175E93F60} - System32\Tasks{79D623CB-126D-446F-BC10-F0EAF1AFF3DE} => pcalua.exe -a C:\Windows\eiunin21.exe -c “C:\Program Files (x86)\Ultimate Knight WindomXP\INSTALL.DAT”
      Task: {D4C9905F-E29B-45A8-B439-E3F754221E67} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
      Task: {DC6B3D1A-C333-4155-AC48-28989B1B7B5A} - System32\Tasks{91C7824F-6C42-4D5F-8E4A-8B6BB406F230} => pcalua.exe -a C:\Users\OWNER\Desktop\Saves\Bruteforce_Save_Data_ installer.exe -d C:\Users\OWNER\Desktop\Saves
      Task: {F3E33077-9794-4CFA-A437-949BDA420261} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

      Task: C:\Windows\Tasks\0715avUpdateInfo.job => C:\ProgramData\Avg_Update_0715av\0715av_AVG-Secure-Search-Update.exe
      Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
      Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

      ==================== Shortcuts =============================

      (The entries could be listed to be restored or removed.)

      ShortcutWithArgument: C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Chrome Apps\グランブルーファンタジー[ChromeApps版].lnk → C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) → --profile-directory=Default --app-id=eablgejicbklomgaiclcolfilbkckngf
      ShortcutWithArgument: C:\Users\OWNER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Googl e Chrome.lnk → C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) → --profile-directory=Default

      ==================== Loaded Modules (Whitelisted) ==============

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)

      AlternateDataStreams: C:\Windows:nlsPreferences [386]

      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Opt ion => “OptionValue”=“2”
      e"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\QQPCRTP => “”=“service”
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Hamachi2Svc => “”=“Service”
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\QQPCRTP => “”=“service”

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)

      IE trusted site: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000...\aeriagames.com → hxxps://aeriagames.com
      IE trusted site: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000...\aeriagames.com → hxxp://aeriagames.com

      ==================== Hosts content: ===============================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2009-07-13 18:34 - 2015-05-24 13:44 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\Control Panel\Desktop\Wallpaper → C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\T hemes\TranscodedWallpaper.jpg
      DNS Servers: 192.168.1.254
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
      Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==

      MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
      MSCONFIG\Services: AMD External Events Utility => 2
      MSCONFIG\Services: AMD FUEL Service => 2
      MSCONFIG\Services: AvgAMPS => 3
      MSCONFIG\Services: AVGIDSAgent => 2
      MSCONFIG\Services: avgsvc => 2
      MSCONFIG\Services: avgwd => 2
      MSCONFIG\Services: BstHdAndroidSvc => 3
      MSCONFIG\Services: BstHdLogRotatorSvc => 3
      MSCONFIG\Services: BstHdUpdaterSvc => 3
      MSCONFIG\Services: bthserv => 3
      MSCONFIG\Services: gupdate => 2
      MSCONFIG\Services: gupdatem => 3
      MSCONFIG\Services: Hamachi2Svc => 2
      MSCONFIG\Services: HitmanProScheduler => 2
      MSCONFIG\Services: LMIGuardianSvc => 2
      MSCONFIG\Services: MozillaMaintenance => 3
      MSCONFIG\Services: nlsX86cc => 2
      MSCONFIG\Services: SEVPNCLIENT => 3
      MSCONFIG\Services: SkypeUpdate => 2
      MSCONFIG\Services: Spooler => 2
      MSCONFIG\Services: Steam Client Service => 3
      MSCONFIG\Services: Thorn => 2
      MSCONFIG\Services: UCManSvc => 2
      MSCONFIG\Services: vToolbarUpdater40.2.9 => 2
      MSCONFIG\Services: WinRM => 3
      MSCONFIG\Services: WtuSystemSupport => 2
      MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk => C:\Windows\pss\SoftEther VPN Client Manager Startup.lnk.CommonStartup
      MSCONFIG\startupreg: Aeria Ignite => “C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe” silent
      MSCONFIG\startupreg: Akamai NetSession Interface => “C:\Users\OWNER\AppData\Local\Akamai\netsession_wi n.exe”
      MSCONFIG\startupreg: AvgUi => “C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe” /lps=fmw
      MSCONFIG\startupreg: AVG_UI => “C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe” /lps=av
      MSCONFIG\startupreg: CCleaner Monitoring => “C:\Program Files\CCleaner\CCleaner64.exe” /MONITOR
      MSCONFIG\startupreg: DAEMON Tools Lite => “C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe” -autorun
      MSCONFIG\startupreg: LogMeIn Hamachi Ui => “C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe” --auto-start
      MSCONFIG\startupreg: MSC => “c:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
      MSCONFIG\startupreg: Skype => “C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun
      MSCONFIG\startupreg: SoftEther VPN Client UI Helper => “C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe” /uihelp
      MSCONFIG\startupreg: StartCN => “C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe” atlogon
      MSCONFIG\startupreg: Steam => “C:\Program Files (x86)\Steam\steam.exe” -silent
      MSCONFIG\startupreg: VirtualCloneDrive => “C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe” /s
      MSCONFIG\startupreg: vProt => “C:\Program Files (x86)\AVG Web TuneUp\vprot.exe”

      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [{A37007B0-C511-42A4-A80D-B2A493BC9E83}] => C:\Program Files (x86)\Steam\Steam.exe
      FirewallRules: [{4B13B2A3-EA31-4F0E-96E2-6FD62031BF17}] => C:\Program Files (x86)\Steam\Steam.exe
      FirewallRules: [{C8B9C95B-B5E3-4240-ACBD-612C067B00A1}] => C:\Program Files (x86)\Steam\SteamApps\common\amd driver updater, vista and 7, 64 bit\Setup.exe
      FirewallRules: [{1FA1861D-4D74-4618-B835-1A3A6684ACC6}] => C:\Program Files (x86)\Steam\SteamApps\common\amd driver updater, vista and 7, 64 bit\Setup.exe
      FirewallRules: [{ABFFC196-CA4F-4A20-B019-A357185C77F3}] => C:\Program Files\Vuze\Azureus.exe
      FirewallRules: [{BFC9AD65-AC9C-447A-96BC-E8360DC337D4}] => C:\Program Files\Vuze\Azureus.exe
      FirewallRules: [{C9B9F7A7-907D-439D-A726-22A63660B765}] => C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
      FirewallRules: [{5B2C43D3-DA7E-4656-8ED1-A154F0FA0EF2}] => C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
      FirewallRules: [{8E378657-2A7D-4A75-8ABC-EBAE4902AABC}] => C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
      FirewallRules: [{0F5A2F51-E385-4CC1-B0CC-543CB1BAAFC7}] => C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
      FirewallRules: [TCP Query User{FEB00C31-D7CF-4271-95D0-4882A06CFB67}C:\program files (x86)\google\chrome\application\chrome.exe] => C:\program files (x86)\google\chrome\application\chrome.exe
      FirewallRules: [UDP Query User{B12D0D6E-C255-4A7F-B6B6-76D08D534BE6}C:\program files (x86)\google\chrome\application\chrome.exe] => C:\program files (x86)\google\chrome\application\chrome.exe
      FirewallRules: [{37E57F7F-DF88-4D00-A438-D533BA7BFB7F}] => C:\Program Files (x86)\Steam\Steam.exe
      FirewallRules: [{43AA7642-E111-4A20-B575-9EE78F749727}] => C:\Program Files (x86)\Steam\Steam.exe
      FirewallRules: [{E1B6CC6A-64D9-44A3-90A9-B4BECAC6999E}] => C:\program files (x86)\common files\tencent\qqdownload\125\tencentdl.exe
      FirewallRules: [TCP Query User{BA2C90A2-B943-47E1-AD45-B8E3E3A17DDB}C:\program files (x86)\mozilla firefox\plugin-container.exe] => C:\program files (x86)\mozilla firefox\plugin-container.exe
      FirewallRules: [UDP Query User{00755B10-986F-41C7-9E76-60746319748B}C:\program files (x86)\mozilla firefox\plugin-container.exe] => C:\program files (x86)\mozilla firefox\plugin-container.exe
      FirewallRules: [{5DBF9405-0686-431F-9B86-1310C5868BA6}] => C:\Program Files\Vuze\Azureus.exe
      FirewallRules: [{60579BDF-620B-45B1-809E-063F284F0492}] => C:\Program Files\Vuze\Azureus.exe
      FirewallRules: [TCP Query User{C963F1FB-13FF-4D57-863F-8E26273565A7}C:\users\owner\appdata\local\akamai\n etsession_win.exe] => C:\users\owner\appdata\local\akamai\netsession_win .exe
      FirewallRules: [UDP Query User{44484DD1-FFBD-44AD-A349-34EB1570AF22}C:\users\owner\appdata\local\akamai\n etsession_win.exe] => C:\users\owner\appdata\local\akamai\netsession_win .exe
      FirewallRules: [TCP Query User{E4233B95-F006-4DE6-8999-60BF162911E7}C:\users\owner\appdata\local\akamai\n etsession_win.exe] => C:\users\owner\appdata\local\akamai\netsession_win .exe
      FirewallRules: [UDP Query User{7D8E96C0-39A8-4FFC-89BC-FDDDB97B98E8}C:\users\owner\appdata\local\akamai\n etsession_win.exe] => C:\users\owner\appdata\local\akamai\netsession_win .exe
      FirewallRules: [{E2D1A806-F7AE-4ABF-836A-5DD14BF9897D}] => C:\program files (x86)\common files\tencent\qqdownload\125\tencentdl.exe
      FirewallRules: [{4B0E5EFF-2913-44E5-A4FF-6C9F8A18776F}] => C:\Program Files\SoftEther VPN Client\vpnclient.exe
      FirewallRules: [{D4670DC2-BC2F-49B3-983B-103A1E6283BC}] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
      FirewallRules: [{2A27AB8F-BE2E-4DFC-ABF7-ED631EF71771}] => C:\Program Files\SoftEther VPN Client\vpncmgr.exe
      FirewallRules: [{102CEC09-496B-421C-A9ED-78A7C3DFB268}] => C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
      FirewallRules: [{559DC12D-42F7-4C90-BFF1-4E9E386CAE97}] => C:\Program Files\SoftEther VPN Client\vpncmd.exe
      FirewallRules: [{E6E987D6-AB0B-4C4F-9CCC-63BB0DD69E28}] => C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
      FirewallRules: [{2F3C586F-B363-4BDB-8209-9FB3E381D857}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      FirewallRules: [{E781EB9F-1422-4650-BA97-0903725E9B9F}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      FirewallRules: [TCP Query User{E7CC5CCE-6BFE-4120-9BF3-C8BBC72B3B6F}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
      FirewallRules: [UDP Query User{59830114-98A8-42CE-8E6E-D1CC8AE30296}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
      FirewallRules: [TCP Query User{A208AB74-B314-471D-9046-4A1320AA5686}C:\windows\syswow64\dpnsvr.exe] => C:\windows\syswow64\dpnsvr.exe
      FirewallRules: [UDP Query User{B7D5BE9A-3434-4F5F-819D-2CDA0A3F13FF}C:\windows\syswow64\dpnsvr.exe] => C:\windows\syswow64\dpnsvr.exe
      FirewallRules: [{7C2FE924-4D68-421D-B64E-86043E441E67}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      FirewallRules: [{AD7B88B2-43B1-40CE-A52F-6693D94EF5DD}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      FirewallRules: [TCP Query User{70A82ED5-F834-4FEE-B683-7A956A754188}C:\hanpurple\soulworker\soulworker100 .exe] => C:\hanpurple\soulworker\soulworker100.exe
      FirewallRules: [UDP Query User{F22093BF-5E99-430E-B8F1-FE31BEB8F28F}C:\hanpurple\soulworker\soulworker100 .exe] => C:\hanpurple\soulworker\soulworker100.exe
      FirewallRules: [{DD908611-8699-4086-AC09-3B28E5E6CF3A}] => C:\hanpurple\soulworker\soulworker100.exe
      FirewallRules: [{186CCE6A-FAC5-4362-B5D0-0527A8CF3843}] => C:\hanpurple\soulworker\soulworker100.exe
      FirewallRules: [{9AC80891-4A11-4FB3-9C6D-552032A75752}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
      FirewallRules: [{93C52A69-01CD-40E0-B6F3-8AD6CCE79B2C}] => C:\Program Files (x86)\Steam\SteamApps\common\ChuSingura46+1\ChuSin Gura46+1.exe
      FirewallRules: [{C68F3345-6C37-4294-A8DD-4586924544FB}] => C:\Program Files (x86)\Steam\SteamApps\common\ChuSingura46+1\ChuSin Gura46+1.exe
      FirewallRules: [{65FEDDBC-A06F-4AE9-A8F0-87CCCE5C9EE4}] => C:\Program Files (x86)\AVG\Av\avgemca.exe
      FirewallRules: [{FDE4DD04-7B4C-4B29-A038-E4CD316286BE}] => C:\Program Files (x86)\AVG\Av\avgemca.exe
      FirewallRules: [{C2D5403A-8C86-49D9-8A7D-B3D80D5CEE84}] => C:\Program Files (x86)\AVG\Av\avgemca.exe
      FirewallRules: [{2F01BE73-EDFA-4820-B10F-6415E56CD0CE}] => C:\Program Files (x86)\AVG\Av\avgemca.exe
      FirewallRules: [{9918DDD5-624C-45E3-9FFD-ADC23A8973D9}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

      ==================== Restore Points =========================

      ==================== Faulty Device Manager Devices =============

      Name: VPN Client Adapter - JP
      Description: VPN Client Adapter - JP
      Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
      Manufacturer: SoftEther VPN Project
      Service: Neo_JP
      Problem: : This device is disabled. (Code 22)
      Resolution: In Device Manager, click “Action”, and then click “Enable Device”. This starts the Enable Device wizard. Follow the instructions.

      Name: Security Processor Loader Driver
      Description: Security Processor Loader Driver
      Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
      Manufacturer:
      Service: spldr
      Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
      Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
      Devices stay in this state if they have been prepared for removal.
      After you remove the device, this error disappears.Remove the device, and this error should be resolved.

      ==================== Event log errors: =========================
      [HEADING=1]Application errors:[/HEADING]
      Error: (12/10/2016 05:41:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
      Description: The program Explorer.EXE version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

      Process ID: 870

      Start Time: 01d252cee2fa2701

      Termination Time: 11

      Application Path: C:\Windows\Explorer.EXE

      Report Id: 66fd8912-bede-11e6-a80a-bc5ff48644ac

      Error: (12/10/2016 02:29:58 AM) (Source: VSS) (EventID: 8193) (User: )
      Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2941685042-3306150061-3194319401-1000.bak). hr = 0x80070539, The security ID structure is invalid.
      .

      Operation:
      OnIdentify event
      Gathering Writer Data

      Context:
      Execution Context: Shadow Copy Optimization Writer
      Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
      Writer Name: Shadow Copy Optimization Writer
      Writer Instance ID: {2e8ea6ea-3069-4236-8492-53faad90bc69}

      Error: (12/10/2016 01:14:54 AM) (Source: MsiInstaller) (EventID: 11719) (User: OWNER-PC)
      Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG – Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

      Error: (12/10/2016 12:53:07 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
      Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 4820. Message ID: [0x2509].

      Error: (12/10/2016 12:51:07 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
      Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 2508. Message ID: [0x2509].

      Error: (12/10/2016 12:50:33 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
      Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 4632. Message ID: [0x2509].

      Error: (12/09/2016 11:18:22 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
      Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

      Details:
      The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

      Error: (12/09/2016 11:18:22 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
      Description: The index cannot be initialized.

      Details:
      The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

      Error: (12/09/2016 11:18:22 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
      Description: The application cannot be initialized.

      Context: Windows Application

      Details:
      The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

      Error: (12/09/2016 11:18:22 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
      Description: The gatherer object cannot be initialized.

      Context: Windows Application, SystemIndex Catalog

      Details:
      The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
      [HEADING=1]System errors:[/HEADING]
      Error: (12/10/2016 11:18:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
      The dependency service or group failed to start.

      Error: (12/10/2016 11:18:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
      The dependency service or group failed to start.

      Error: (12/10/2016 11:18:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
      The dependency service or group failed to start.

      Error: (12/10/2016 11:17:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
      The dependency service or group failed to start.

      Error: (12/10/2016 11:17:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
      The dependency service or group failed to start.

      Error: (12/10/2016 11:17:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
      The dependency service or group failed to start.

      Error: (12/10/2016 11:17:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
      The dependency service or group failed to start.

      Error: (12/10/2016 11:17:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
      The dependency service or group failed to start.

      Error: (12/10/2016 11:17:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
      The dependency service or group failed to start.

      Error: (12/10/2016 11:16:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
      The dependency service or group failed to start.
      [HEADING=1]CodeIntegrity:[/HEADING]
      Date: 2014-09-03 00:56:09.870
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\win32k.sy s because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-09-03 00:56:09.761
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\win32k.sy s because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      ==================== Memory info ===========================

      Processor: AMD FX™-6300 Six-Core Processor
      Percentage of memory in use: 20%
      Total physical RAM: 8149.64 MB
      Available physical RAM: 6500.41 MB
      Total Virtual: 16297.47 MB
      Available Virtual: 14873.64 MB

      ==================== Drives ================================

      Drive c: () (Fixed) (Total:465.66 GB) (Free:106.01 GB) NTFS

      ==================== MBR & Partition Table ==================

      ================================================== ======
      Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F0B3B938)
      Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

      ==================== End of Addition.txt ============================

      Comment

      • Malnutrition
        PCHF Moderator
        • Jul 2016
        • 7045

        #4
        Adware Cleaner Scan. Run in Safe Mode With Networking

        Please download AdwCleaner by Xplode onto your desktop.

        [ul]
        [li]Close all open programs and internet browsers.[/li][li]Double click on adwcleaner.exe to run the tool.[/li][li]Click on Scan button.[/li][li]When the scan has finished click on Clean button.[/li][li]Your computer will be rebooted automatically. A text file will open after the restart.[/li][li]Please post the contents of that logfile with your next reply.[/li][li]You can find the logfile at C:\AdwCleaner[S1].txt as well.[/li][/ul]

        JRT Scan.Run in Safe Mode With Networking

        Please download Junkware Removal Tool and save it on your desktop.

        [ul]
        [li]Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.[/li][li]Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.[/li][li]The tool will open and start scanning your system.[/li][li]Please be patient as this can take a while to complete depending on your system’s specifications.[/li][li]On completion, a log is saved to your desktop and will automatically open.[/li][li]Please post the JRT log.[/li][/ul]

        Adware Removal Tool Scan.Run in Safe Mode With Networking

        Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

        [MEDIA=imgur]LOr0Gd7[/MEDIA]

        Hit Ok.

        [MEDIA=imgur]sYFsqHx[/MEDIA]

        Hit next make sure to leave all items checked, for removal.

        [MEDIA=imgur]8NcZjGc[/MEDIA]

        The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

        Now place Process Close into your startup folder. Boot the machine into normal mode. Then use the built in browser within the Process Close tool to download and run a full scan with Zemana Antimalware.

        You can simply place the Process Close program inside of your documents folder from within safemode, right click it and create a shortcut. Then drag that shortcut into the startup folder. To open the startup folder type shell:startup into the start search box. Click the folder to open it then drag the Process close shortcut into it. Then boot windows into normal mode, this program will start automatically before anything else. You can then use the built in browser from the process close tool to download and run a full scan with Zemana antimalware. You may need to use the Portable version of the Zemana tool. Found Here.

        Zemana Deep Scan.
        If you are unable to perform the deep scan, then just run the standard scan, this will suffice for the time being.



        [ul]
        • [li]Right click on Zemana and run as admin.[/li][/ul]
          [ul]
          [li]Click the Cog/Sproket Wheel, at the top right of Zemana[/li][/ul]
          [ul]
          [li]Select Advanced - I have read the warning and wish to proceed.[/li][/ul]
          [ul]
          [li]Place a tick next to Detect Suspicious (Root CA) Certificates.[/li][/ul]
          [ul]
          [li]Then click the house icon in Zemana.[/li][/ul]
          [ul]
          [li]Then hit your start button at the lower left hand corner of your desktop.[/li][/ul]
          [ul]
          [li]Then left click on Computer.[/li][/ul]
          [ul]
          [li]Drag Local Disk C: Into the area of Zemana that reads Drag and drop files here to scan them.[/li][/ul]
          [ul]
          [li]http://i.imgur.com/bOVO6lY.png[/li][/ul]
          [ul]
          [li]Once the scan has completed click graph icon on the top right of the programs User interface.[/li][/ul]
          [ul]
          [li]Double click to open the latest log-file.[/li][/ul]
          [ul]
          [li]Copy it to your clipboard.[/li][/ul]
          [ul]
          [li]Post the log here in your next reply.[/li][/ul]

        Comment

        • Malnutrition
          PCHF Moderator
          • Jul 2016
          • 7045

          #5
          FRST Fix.

          Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

          Comment

          • Prinny
            PCHF Member
            • Dec 2016
            • 36

            #6
            Originally posted by Malnutrition
            FRST Fix.

            Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
            After the above steps first, right?

            Comment

            • Malnutrition
              PCHF Moderator
              • Jul 2016
              • 7045

              #7
              Originally posted by Prinny
              After the above steps first, right?
              Yes, indeed. If you run into a problem getting the Zemana Scan to run, then skip it and move onto the FRST fix.

              Comment

              • Prinny
                PCHF Member
                • Dec 2016
                • 36

                #8
                Also, I don’t seem to have C:\AdwCleaner[S1].txt but I do have [S0] and [C0]

                Comment

                • Malnutrition
                  PCHF Moderator
                  • Jul 2016
                  • 7045

                  #9
                  Post the log that shows the items were removed. Also, if you do not know what those programs are with the Chinese writing, then I suggest that you remove them with Geek Uninstaller in normal mode, you should be able to work in normal mode with the Process Close Tool enabled in your startup.

                  いろとりどりのセカイ (HKLM-x32...{3DC8D5BA-E704-402F-88F0-E22BF4C41F6F}) (Version: 1.00.0000 - FAVORITE)
                  ソウルワーカー (HKLM-x32...\ソウルワーカー) (Version: 1.0.0 - NHN PlayArt Corp.)
                  バンダイナムコオンラインランチャー (HKLM-x32...\bno_starter) (Version: 1.0.3 - 株式会社バンダイナムコオンライン)
                  ユニオリズム・カルテット A3-DAYS (HKLM-x32...\UQA3) (Version: 1.00 - CLIPCRAFT)
                  機動戦士ガンダムオンライン (HKLM-x32...\Olive_is1) (Version: 1.0.0.4 - 株式会社バンダイナムコオンライン)
                  神咒神威神楽 曙之光 (HKLM-x32...\InstallShield_{E836AF82-7D3E-415F-BB09-0A124EF73909}) (Version: 1.00.0000 - 株式会社グリーンウッド)
                  神咒神威神楽 曙之光 (x32 Version: 1.00.0000 - 株式会社グリーンウッド) Hidden
                  相州戦神館學園 八命陣 (x32 Version: 1.00.0000 - 株式会社グリーンウッド) Hidden
                  相州戦神館學園 万仙陣 (x32 Version: 1.00.0000 - 株式会社グリーンウッド) Hidden
                  大迷宮&大迷惑 (HKLM-x32...{12BB3C50-4D4F-4D1F-8217-527477FEC813}) (Version: 1.1.1 - (c)Liar-soft/HOBIBOX)
                  凍京NECRO (HKLM-x32...{96448B65-910B-41D9-8CC9-3E6BBC6B299D}) (Version: 1.00.000 - Nitroplus)
                  セイバーフィッシュ (HKLM-x32...\JHPCIPOOIKKLILEOCNJDPHJGFPICMGJCIGIPGPICLFI CPAILIBICNPICOJIDEJIDJDIDGJJCECCN) (Version: - )

                  Comment

                  • Prinny
                    PCHF Member
                    • Dec 2016
                    • 36

                    #10
                    I believe you are referring to this. If not, I’ll put the other in my next post. Running the next step now.
                    [HEADING=1]AdwCleaner v6.040 - Logfile created 11/12/2016 at 00:35:41[/HEADING]
                    [HEADING=1]Updated on 02/12/2016 by Malwarebytes[/HEADING]
                    [HEADING=1]Database : 2016-12-11.2 [Server][/HEADING]
                    [HEADING=1]Operating System : Windows 7 Ultimate Service Pack 1 (X64)[/HEADING]
                    [HEADING=1]Username : OWNER - OWNER-PC[/HEADING]
                    [HEADING=1]Running from : C:\Users\OWNER\Desktop\adwcleaner_6.040.exe[/HEADING]
                    [HEADING=1]Mode: Clean[/HEADING]
                    [HEADING=1]Support : https://www.malwarebytes.com/support[/HEADING]
                    ***** [ Services ] *****

                    [-] Service deleted: vToolbarUpdater40.2.9
                    [-] Service deleted: QMUdisk
                    [-] Service deleted: WtuSystemSupport
                    [-] Service deleted: Thorn

                    ***** [ Folders ] *****

                    [-] Folder deleted: C:\ProgramData\Avg_Update_0516tb
                    [-] Folder deleted: C:\ProgramData\Avg_Update_0715av
                    [-] Folder deleted: C:\ProgramData\MuaGGnniPuic
                    [-] Folder deleted: C:\Users\OWNER\AppData\Local\PackageAware
                    [-] Folder deleted: C:\Users\OWNER\AppData\Local\Slick Savings
                    [-] Folder deleted: C:\Users\OWNER\AppData\Local\SwvUpdater
                    [-] Folder deleted: C:\Users\OWNER\AppData\Local\avg web tuneup
                    [-] Folder deleted: C:\Users\OWNER\AppData\Local\VirtualStore\Program Files\腾讯游戏
                    [-] Folder deleted: C:\Users\OWNER\AppData\Roaming\chportu
                    [-] Folder deleted: C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\腾讯游戏
                    [-] Folder deleted: C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\腾讯软件
                    [-] Folder deleted: C:\Program Files\Common Files\AVG Secure Search
                    [-] Folder deleted: C:\ProgramData\AVG Secure Search
                    [-] Folder deleted: C:\ProgramData\clsoft ltd
                    [-] Folder deleted: C:\ProgramData\Tarma Installer
                    [-] Folder deleted: C:\ProgramData\avg web tuneup
                    [#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG Secure Search
                    [#] Folder deleted on reboot: C:\ProgramData\Application Data\clsoft ltd
                    [#] Folder deleted on reboot: C:\ProgramData\Application Data\Tarma Installer
                    [#] Folder deleted on reboot: C:\ProgramData\Application Data\avg web tuneup
                    [-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
                    [-] Folder deleted: C:\Program Files (x86)\Common Files\AVG Secure Search
                    [-] Folder deleted: C:\Program Files (x86)\Common Files\Tencent
                    [-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Tencent
                    [-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\L ocalLow\Application Updater
                    [-] Folder deleted: C:\Users\OWNER\AppData\Roaming\taskmgr

                    ***** [ Files ] *****

                    [-] File deleted: C:\Windows\SysNative\drivers\TFsFltX64.sys
                    [-] File deleted: C:\Windows\uninstaller.exe
                    [-] File deleted: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Pro files\v88yth1x.default-1396169490810\extensions\Avg@toolbar.xpi
                    [-] File deleted: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Pro files\v88yth1x.default-1396169490810\searchplugins\yahoo_ff.xml

                    ***** [ DLL ] *****

                    ***** [ WMI ] *****

                    ***** [ Shortcuts ] *****

                    ***** [ Scheduled Tasks ] *****

                    [-] Task deleted: GameNet

                    ***** [ Registry ] *****

                    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\WtuSystemSupport
                    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Thorn
                    [-] Key deleted: HKLM\SOFTWARE\Classes\metnsd
                    [-] Key deleted: HKLM\SOFTWARE\Classes\QQAppIEAgentEx.AgentForAndro id
                    [-] Key deleted: HKLM\SOFTWARE\Classes\QQAppIEAgentEx.AgentForAndro id.1
                    [-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
                    [-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
                    [-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
                    [-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
                    [-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
                    [-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi .1
                    [-] Key deleted: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
                    [-] Key deleted: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
                    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\metnsd
                    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QQAppIEAgentEx.AgentForAndro id
                    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QQAppIEAgentEx.AgentForAndro id.1
                    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
                    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
                    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
                    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
                    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
                    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi .1
                    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
                    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
                    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
                    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
                    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
                    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
                    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
                    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID{50F4150A-48B2-417A-BE4C-C83F580FB904}
                    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
                    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID{CA3A5461-96B5-46DD-9341-5350D3C94615}
                    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface{03E2A1F3-4402-4121-8B35-733216D61217}
                    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface{462862BE-9A5C-49A5-9CBD-A649EAC63645}
                    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
                    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
                    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface{E7270EC6-0113-4A78-B610-E501D0A9E48E}
                    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib{0113A098-06EA-4776-A011-D75590778F1E}
                    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
                    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
                    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib{6E1533F0-E0B5-465A-9F16-98FF0C76D493}
                    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib{8519F1E4-E25B-42B1-B361-0C643F45CF11}
                    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{95B7759C-8C7F-4BF1-B163-73684A933233}
                    [-] Key deleted: HKU.DEFAULT\Software\Microsoft\Windows\CurrentVers ion\Ext\Stats{40C78C4E-5AE5-4762-9B7D-D2DE31B03B77}
                    [-] Key deleted: HKU.DEFAULT\Software\Microsoft\Windows\CurrentVers ion\Ext\Settings{40C78C4E-5AE5-4762-9B7D-D2DE31B03B77}
                    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats{95B7759C-8C7F-4BF1-B163-73684A933233}
                    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats{50F4150A-48B2-417A-BE4C-C83F580FB904}
                    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
                    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats{29B6CFD5-0064-411A-8C42-9890C83F9921}
                    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings{95B7759C-8C7F-4BF1-B163-73684A933233}
                    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings{50F4150A-48B2-417A-BE4C-C83F580FB904}
                    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings{29B6CFD5-0064-411A-8C42-9890C83F9921}
                    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
                    [-] Key deleted: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\Software\PrivitizeVPNInstallDates
                    [-] Key deleted: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\Software\SocialBit
                    [-] Key deleted: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\Software\AppDataLow\Software\Search Settings
                    [#] Key deleted on reboot: HKCU\Software\PrivitizeVPNInstallDates
                    [#] Key deleted on reboot: HKCU\Software\SocialBit
                    [-] Key deleted: HKU.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Updater By Sweetpacks
                    [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Search Settings
                    [-] Key deleted: HKLM\SOFTWARE\BetterSurf
                    [-] Key deleted: HKLM\SOFTWARE\dt soft\daemon tools toolbar
                    [-] Key deleted: HKLM\SOFTWARE\AVG Tuneup
                    [#] Key deleted on reboot: [x64] HKCU\Software\PrivitizeVPNInstallDates
                    [#] Key deleted on reboot: [x64] HKCU\Software\SocialBit
                    [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Search Settings
                    [-] Key deleted: [x64] HKLM\SOFTWARE\Tarma Installer
                    [-] Key deleted: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\Software\Microsoft\Internet Explorer\SearchScopes{95B7759C-8C7F-4BF1-B163-73684A933233}
                    [-] Data restored: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
                    [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes{95B7759C-8C7F-4BF1-B163-73684A933233}
                    [-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
                    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes{95B7759C-8C7F-4BF1-B163-73684A933233}
                    [-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
                    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
                    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
                    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\vProt
                    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
                    [-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\a vgsh
                    [-] Key deleted: HKLM\SOFTWARE\MozillaPlugins@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
                    [-] Key deleted: HKLM\SOFTWARE\MozillaPlugins@qq.com/TXSSO
                    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\QQPCRTP
                    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\QQPCRTP
                    [-] Key deleted: HKLM\SOFTWARE\MozillaPlugins@qq.com/npandroidassistant
                    [-] Value deleted: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [xz123@ya456.com]
                    [#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [xz123@ya456.com]
                    [#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [xz123@ya456.com]
                    [-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\cikkkfooomp gefbcjlgdjejfdknkheaj
                    [-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaff kenlfdcbganndoghblmap
                    [-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\gpiifgmgnfd iblgpaepbmfdkcheicgof
                    [-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfa agdopikcegfcobcadeocj
                    [-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcpp mmioggniknbnbdbcigpkk
                    [-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkc khggblphicnnhlgljnoje
                    [-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgoll adniicklehhancnlgocpp

                    ***** [ Web browsers ] *****

                    [-] Chrome preferences cleaned: “startpage.ntsearch_url” - “hxxp://search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=994519&p={searchTerms}”
                    [-] [C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: yahoo.com Search
                    [-] [C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: cikkkfooompgefbcjlgdjejfdknkheaj
                    [-] [C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: dedmngkbaffkenlfdcbganndoghblmap
                    [-] [C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: gpiifgmgnfdiblgpaepbmfdkcheicgof
                    [-] [C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: hbcennhacfaagdopikcegfcobcadeocj
                    [-] [C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: mhkaekfpcppmmioggniknbnbdbcigpkk
                    [-] [C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: pfndaklgolladniicklehhancnlgocpp


                    :: “Tracing” keys deleted
                    :: Winsock settings cleared


                    C:\AdwCleaner\AdwCleaner[C0].txt - [12351 Bytes] - [11/12/2016 00:35:41]
                    C:\AdwCleaner\AdwCleaner[S0].txt - [11732 Bytes] - [11/12/2016 00:16:49]

                    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [12499 Bytes] ##########

                    Comment

                    • Malnutrition
                      PCHF Moderator
                      • Jul 2016
                      • 7045

                      #11
                      Yes that is the log I am looking for.

                      Forgot to mention that you can download the Portable Version of Zemana In Safe Mode With Networking.
                      Save it to your desktop.
                      Boot into Normal Mode.
                      Then run the Process Close Tool on startup, with the previous instructions.
                      Then Click Browse [ATTACH]1051[/ATTACH]
                      Then click on the Users Folder [ATTACH]1052[/ATTACH]
                      Then Go to Desktop [ATTACH]1053[/ATTACH]

                      Run the Zemana Portable App from there, if the other method fails.
                      You can simply run the Standard Scan to get things going if needed.

                      Comment

                      • Prinny
                        PCHF Member
                        • Dec 2016
                        • 36

                        #12
                        Code:
                        Junkware Removal Tool (JRT) by Malwarebytes
                        Version: 8.0.9 (09.30.2016)
                        Operating System: Windows 7 Ultimate x64
                        Ran by OWNER (Limited) on 2016/12/11 at  1:07:06.12
                        File System: 29

                        Successfully deleted: C:\ProgramData\DT0001.dat (File)
                        Successfully deleted: C:\ProgramData\DT0006.dat (File)
                        Successfully deleted: C:\Windows\system32\Tasks\0715avUpdateInfo (Task)
                        Successfully deleted: C:\Windows\Tasks\0715avUpdateInfo.job (Task)
                        Successfully deleted: C:\Windows\wininit.ini (File)
                        Successfully deleted: C:\Users\OWNER\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
                        Successfully deleted: C:\Users\OWNER\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\0UKZHO3F (Temporary Internet Files Folder)
                        Successfully deleted: C:\Users\OWNER\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\3R7FGBQO (Temporary Internet Files Folder)
                        Successfully deleted: C:\Users\OWNER\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
                        Successfully deleted: C:\Users\OWNER\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\7XHXZNJ6 (Temporary Internet Files Folder)
                        Successfully deleted: C:\Users\OWNER\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\C901234S (Temporary Internet Files Folder)
                        Successfully deleted: C:\Users\OWNER\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
                        Successfully deleted: C:\Users\OWNER\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
                        Successfully deleted: C:\Users\OWNER\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\PXGDB0L8 (Temporary Internet Files Folder)
                        Successfully deleted: C:\Users\OWNER\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\UK328Q8V (Temporary Internet Files Folder)
                        Successfully deleted: C:\Users\OWNER\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\VSLWO5BG (Temporary Internet Files Folder)
                        Successfully deleted: C:\Users\OWNER\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\ZAXT1B3Z (Temporary Internet Files Folder)
                        Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
                        Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UKZHO3F (Temporary Internet Files Folder)
                        Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\3R7FGBQO (Temporary Internet Files Folder)
                        Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
                        Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\7XHXZNJ6 (Temporary Internet Files Folder)
                        Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\C901234S (Temporary Internet Files Folder)
                        Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
                        Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
                        Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\PXGDB0L8 (Temporary Internet Files Folder)
                        Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\UK328Q8V (Temporary Internet Files Folder)
                        Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\VSLWO5BG (Temporary Internet Files Folder)
                        Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAXT1B3Z (Temporary Internet Files Folder)

                        Registry: 1

                        Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990} (Registry Key)
                        Code:
                        Scan was completed on 2016/12/11 at  1:08:30.53
                        End of JRT log

                        Comment

                        • Prinny
                          PCHF Member
                          • Dec 2016
                          • 36

                          #13


                          Adware Removal Tool 5.1
                          Time: 2016_12_11_01_12_25
                          OS: Windows 7 Ultimate - x64 Bit
                          Account Name: OWNER
                          Adware Definition: 12012016
                          Elapsed time: 20:28
                          Repair Status:- Automatic Done
                          \\\\\\\\\\\\ Repair Logs \\\\\\\\\\\

                          [-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\mozilla\Firefox\Extens ions\ RegValue: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} RegData: C:\Program Files\Updater By SweetPacks\Firefox : C:\Program Files\Updater By SweetPacks\Firefox

                          [-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\mozilla\Fi refox\Extensions\ RegValue: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} RegData: C:\Program Files\Updater By SweetPacks\Firefox : C:\Program Files\Updater By SweetPacks\Firefox

                          [-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\mozilla\Firefox\Extens ions\ RegValue: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} RegData: C:\Program Files\Updater By SweetPacks\Firefox : C:\Program Files\Updater By SweetPacks\Firefox

                          [-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\mozilla\Fi refox\Extensions\ RegValue: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} RegData: C:\Program Files\Updater By SweetPacks\Firefox : C:\Program Files\Updater By SweetPacks\Firefox

                          [-] Repaired ->> File ->> C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Web Data

                          [-] Repaired ->> File ->> C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Comment

                          • Prinny
                            PCHF Member
                            • Dec 2016
                            • 36

                            #14
                            Is it necessary that I run zemana from process close? I just started the deepscan on a normal boot up.

                            Comment

                            • Malnutrition
                              PCHF Moderator
                              • Jul 2016
                              • 7045

                              #15
                              Originally posted by Prinny
                              Is it necessary that I run zemana from process close? I just started the deepscan on a normal boot up.
                              No, I made those instructions assuming that things were not working in normal mode. I suppose things are getting better if you are able to do it from normal mode now?


                              Correcting Errors.


                              [ICODE]Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved.[/ICODE]

                              [ul]
                              [li]Hit the start button.[/li][li]Type Device Manager[/li][li]Open device manager.[/li][li]Click View – Show hidden devices[/li][li]Click Non Plug & Play Drivers.[/li][li]Scroll to Security Processor Loader Driver[/li][li]Right Click It – Select Uninstall[/li][li]Close Device Manager[/li][li]Then reboot your machine.[/li][li]This should be done from normal mode.[/li][/ul]

                              Zoek Scan

                              Note: Zoek Can take up to an hour to run, this is normal. Do not try and stop it even it if seems to be stalled. Let it run it’s course!
                              ----
                              Can be ran from normal mode or Safe Mode with networking.-----

                              Disable your antivirus prior to this scan.
                              Download Zoek
                              Save the file to your desktop.
                              Right click Zoek.exe and run as administrator. (Xp Users double click)
                              Copy and paste the items in red below and paste them into Zoek.

                              createsrpoint;
                              emptyfolderscheck;delete
                              emptyclsid;
                              emptyalltemp;
                              ipconfig /flushdns;b
                              ResetHosts;
                              autoclean;

                              Now hit the run script button.
                              The log will appear after a reboot, also you can find it on the C: drive.
                              Post the log in your next reply.


                              Fresh FRST Logs.


                              Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

                              [ul]
                              [li]Right-click on FRST icon and select Run as Administrator to start the tool.[/li](XP users click run after receipt of Windows Security Warning - Open File).
                              [li]Make sure that Addition option is checked.[/li][li]Press Scan button and wait.[/li][li]The tool will produce two logfiles on your desktop: FRST.txt, and Addition.txt.[/li][/ul]
                              Please Copy & Paste them into your next reply

                              I am signing off for the night, I will check this thread in the morning.

                              Comment

                              Working...