Computer freezes up

Some stuff happened. First up, the Zemana scan. It toook roughly 3+ hours, everything went off without a hitch. It detected a few false positives which I ignored, some stuff from adwcleaner’s virus vault, and a few other things. As it was getting to the actual cleaning/deleting part part though, I had a folder open and went into (backed up into, to be more specific) the C drive, which didn’t load. The window froze up, was hoping it’d just keep going with the clean but I was greeted with the crash/freeze screen I usually only seen when gaming (covered in a bunch of reddit threads). It looks something like this.

Zemana still has the logs though, it took a while so I haven’t had time to rerun in yet.

Fast forward to the FRST fix and deleting that security driver, both went through without a problem. I’ll post the logs.

Then we have Zoek, it took a while to get running (tried running it multiple times). I’m not sure if it’s done as it hasn’t told me it finished and it didn’t close, but the last thing it got to was this-
— Firefox Extensions 6:31:26.65
I’m guessing those are the times they finished up to the right, so it’s been a few hours since it stopped at that.

[HEADING=1]Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by OWNER (11-12-2016 05:44:49) Run:1
Running from C:\Users\OWNER\Desktop
Loaded Profiles: OWNER (Available Profiles: OWNER)
Boot Mode: Normal[/HEADING]
fixlist content:

---

start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2941685042-3306150061-3194319401-1000...\MountPoints2: {646cb0c1-6b01-11e2-8017-806e6f6e6963} - D:\Run.exe
GroupPolicyScripts: Restriction <======= ATTENTION
HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ja-jp/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000 → DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={E8FE87FC-B90F-4F8E-8E76-77F54D022E86}&mid=6950e4184e674fa896e387d2fbc29959-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&d s=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2016-03-18 00:35:34&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={search Terms}
SearchScopes: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000 → {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000 → {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={E8FE87FC-B90F-4F8E-8E76-77F54D022E86}&mid=6950e4184e674fa896e387d2fbc29959-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&d s=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2016-03-18 00:35:34&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={search Terms}
BHO-x32: No Name → {95B7759C-8C7F-4BF1-B163-73684A933233} → No File
Toolbar: HKLM-x32 - ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL [2007-10-04] (FUJITSU LIMITED)
Toolbar: HKU.DEFAULT → No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000 → No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {F8160836-0C11-4CA4-AD87-944542C7BCBD} hxxp://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
FF NetworkProxy: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 → ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 → http_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 → no_proxies_on", “localhost, 189.17.1.245”
FF NetworkProxy: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 → socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 → ssl_port", 3128
FF SearchPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Pro files\v88yth1x.default-1396169490810\searchplugins\yahoo_ff.xml [2014-05-16]
FF HKLM...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox => not found
FF HKLM-x32...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox => not found
FF HKLM-x32...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files (x86)\BetterSurf\ff => not found
FF Plugin: @microsoft.com/GENUINE → disabled [No File]
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 → C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2014-11-11] (Unity Technologies ApS)
FF Plugin: @microsoft.com/GENUINE → disabled [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin → C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.9\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE → disabled [No File]
FF Plugin-x32: @qq.com/npAndroidAssistant → C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\1.8.101.2154\npQQPhon eManagerExt.dll [2012-12-20] (???)
FF Plugin-x32: @qq.com/TXSSO → C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.37\Bin\npSSOAxCtrlForPTL ogin.dll [2013-12-30] (Tencent)
C:\Program Files (x86)\Common Files\Tencent
FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: pmang.jp/pmangdiagnostic-1 → C:\GameOn\Common files\nppmangdiagnostic_0.dll [No File]
CHR Extension: (???[ChromeApps?]) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\eablgejicbklomgaiclcolfilb kckngf [2016-11-06]
CHR Extension: (KanColle Command Center ?) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgmldnainaglpjngpajnnjfhp djkohh [2016-12-10]
CHR HKLM-x32...\Chrome\Extension: [cikkkfooompgefbcjlgdjejfdknkheaj] - C:\Program Files (x86)\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx
CHR HKLM-x32...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx
CHR HKLM-x32...\Chrome\Extension: [gpiifgmgnfdiblgpaepbmfdkcheicgof] - C:\Program Files (x86)\Common Files\Spigot\GC\nta_1.0_0.crx
CHR HKLM-x32...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx
CHR HKLM-x32...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\OWNER\AppData\Local\Slick Savings\coupons.crx [2014-05-16]
CHR HKLM-x32...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx
CHR HKLM-x32...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\BetterSurf
S4 Thorn; C:\Users\OWNER\AppData\Local\THORN\Thorn.exe [56824 2015-10-01] (GGS)
S4 UCManSvc; C:\Program Files (x86)\SoftDenchi\UCManSvc.exe [186512 2012-11-01] (Paltiosoft Inc.) [File not signed]
S4 vToolbarUpdater40.2.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\ToolbarUpdater.exe [1964616 2016-04-13] (AVG Secure Search)
C:\Users\OWNER\AppData\Local\THORN
C:\Program Files (x86)\Common Files\AVG Secure Search
S4 WtuSystemSupport; “C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe”
C:\Program Files (x86)\AVG Web TuneUp
S3 TesSafe; C:\Windows\system32\TesSafe.sys [910992 2015-01-10] (TENCENT)
C:\Windows\system32\TesSafe.sys
S3 EagleX64; ??\C:\Windows\system32\drivers\EagleX64.sys
S3 hxsyol; ??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys
S1 QMUdisk; ??\C:\Program Files????\QQPCMgr\8.11.11347.801\QMUdisk64.sys
S3 WinRing0_1_2_0; ??\C:\Users\OWNER\Desktop\OpenHardwareMonitor\Open HardwareMonitorLib.sys
S3 xhunter1; ??\C:\Windows\xhunter1.sys
2016-12-06 23:33 - 2016-12-06 23:33 - 00000575 _____ C:\Users\OWNER\Desktop????.lnk
C:\Windows\System32\Tasks\AVG EUpdate Task
C:\ProgramData\DT0001.dat
C:\ProgramData\DT0006.dat
C:\Users\OWNER\AppData\Local\Temp\avguirn_08151269 7443.exe
C:\Users\OWNER\AppData\Local\Temp\avguirn_08226517 269.exe
C:\Users\OWNER\AppData\Local\Temp\c20c448073abd1a0 423d9c57b1875b06.dll
C:\Users\OWNER\AppData\Local\Temp\d2e1e3fedab3ed89 2a0df92c63e9a780.dll
C:\Users\OWNER\AppData\Local\Temp\JDSetup131250338 117512660.exe
C:\Users\OWNER\AppData\Local\Temp\proxy_vole246182 6566935967893.dll
C:\Users\OWNER\AppData\Local\Temp\proxy_vole306687 1754856067764.dll
C:\Users\OWNER\AppData\Local\Temp\proxy_vole532477 3033895722492.dll
C:\Users\OWNER\AppData\Local\Temp\sfamcc00001.dll
C:\Users\OWNER\AppData\Local\Temp\sfareca00001.dll
C:\Users\OWNER\AppData\Local\Temp\SkypeSetup.exe
Task: {65D5F258-01B7-4F96-BFF2-41D77A1F0270} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {8444EB68-097D-42C9-9553-715691D0D02F} - System32\Tasks\GameNet => C:\Program Files (x86)\QGNA\qgna.exe
C:\Program Files (x86)\QGNA\qgna.exe
Task: C:\Windows\Tasks\0715avUpdateInfo.job => C:\ProgramData\Avg_Update_0715av\0715av_AVG-Secure-Search-Update.exe
C:\ProgramData\Avg_Update_0715av
ShortcutWithArgument: C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Chrome Apps????[ChromeApps?].lnk → C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) → --profile-directory=Default --app-id=eablgejicbklomgaiclcolfilbkckngf
ShortcutWithArgument: C:\Users\OWNER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Googl e Chrome.lnk → C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) → --profile-directory=Default
AlternateDataStreams: C:\Windows:nlsPreferences [386]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\QQPCRTP => “”=“service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\QQPCRTP => “”=“service”
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f
RemoveProxy:
hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
reboot:
end

---

Restore point was successfully created.
Processes closed successfully.
“HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2{646cb0c1-6b01-11e2-8017-806e6f6e6963}” => key removed successfully
HKCR\CLSID{646cb0c1-6b01-11e2-8017-806e6f6e6963} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\Software\Microsoft\Internet Explorer\Main\Start Page Redirect Cache => value removed successfully
HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value removed successfully
HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKCR\CLSID{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKCR\CLSID{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKCR\Wow6432Node\CLSID{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{3C6301ED-0F78-4AF2-8150-D9C052361A8E} => value removed successfully
“HKCR\Wow6432Node\CLSID{3C6301ED-0F78-4AF2-8150-D9C052361A8E}” => key removed successfully
HKU.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
“HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units{F8160836-0C11-4CA4-AD87-944542C7BCBD}” => key removed successfully
“HKCR\Wow6432Node\CLSID{F8160836-0C11-4CA4-AD87-944542C7BCBD}” => key removed successfully
Firefox Proxy settings were reset.
FF NetworkProxy: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 → http_port", 3128 => not found
FF NetworkProxy: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 → no_proxies_on", “localhost, 189.17.1.245” => not found
FF NetworkProxy: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 → socks_port", 3128 => not found
FF NetworkProxy: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 → ssl_port", 3128 => not found
“C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Pr ofiles\v88yth1x.default-1396169490810\searchplugins\yahoo_ff.xml” => not found.
HKLM\Software\Mozilla\Firefox\Extensions\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensio ns\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensio ns\xz123@ya456.com => value not found.
“HKLM\Software\MozillaPlugins@microsoft.com/GENUINE” => key removed successfully
“HKLM\Software\MozillaPlugins@unity3d.com/UnityPlayer64,version=1.0” => key removed successfully
C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll => moved successfully
HKLM\Software\MozillaPlugins@microsoft.com/GENUINE => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => key not found.
“HKLM\Software\Wow6432Node\MozillaPlugins@microsoft.com/GENUINE” => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins@qq.com/npAndroidAssistant => key not found.
C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\1.8.101.2154\npQQPhon eManagerExt.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins@qq.com/TXSSO => key not found.
C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.37\Bin\npSSOAxCtrlForPTL ogin.dll => not found.
“C:\Program Files (x86)\Common Files\Tencent” => not found.
“HKLM\Software\Wow6432Node\MozillaPlugins@tools.google.com/Google Update;version=3” => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll => moved successfully
“HKLM\Software\Wow6432Node\MozillaPlugins@tools.google.com/Google Update;version=9” => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll => not found.
“HKLM\Software\Wow6432Node\MozillaPlugins\pmang.jp/pmangdiagnostic-1” => key removed successfully
C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\eablgejicbklomgaiclcolfilb kckngf => moved successfully
C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgmldnainaglpjngpajnnjfhp djkohh => moved successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \cikkkfooompgefbcjlgdjejfdknkheaj => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \dedmngkbaffkenlfdcbganndoghblmap => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \gpiifgmgnfdiblgpaepbmfdkcheicgof => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \hbcennhacfaagdopikcegfcobcadeocj => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \mhkaekfpcppmmioggniknbnbdbcigpkk => key not found.
“C:\Users\OWNER\AppData\Local\Slick Savings\coupons.crx” => not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \nbmafkdmkkckhggblphicnnhlgljnoje => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \pfndaklgolladniicklehhancnlgocpp => key not found.
“C:\Program Files (x86)\Common Files\Spigot” => not found.
“C:\Program Files (x86)\BetterSurf” => not found.
Thorn => service not found.
UCManSvc => service removed successfully
vToolbarUpdater40.2.9 => service not found.
C:\Users\OWNER\AppData\Local\THORN => moved successfully
“C:\Program Files (x86)\Common Files\AVG Secure Search” => not found.
WtuSystemSupport => service not found.
“C:\Program Files (x86)\AVG Web TuneUp” => not found.
TesSafe => service removed successfully
C:\Windows\system32\TesSafe.sys => moved successfully
EagleX64 => service removed successfully
hxsyol => service removed successfully
QMUdisk => service not found.
WinRing0_1_2_0 => service removed successfully
xhunter1 => service removed successfully
“C:\Users\OWNER\Desktop????.lnk” => not found.
C:\Windows\System32\Tasks\AVG EUpdate Task => moved successfully
“C:\ProgramData\DT0001.dat” => not found.
“C:\ProgramData\DT0006.dat” => not found.
C:\Users\OWNER\AppData\Local\Temp\avguirn_08151269 7443.exe => moved successfully
C:\Users\OWNER\AppData\Local\Temp\avguirn_08226517 269.exe => moved successfully
C:\Users\OWNER\AppData\Local\Temp\c20c448073abd1a0 423d9c57b1875b06.dll => moved successfully
C:\Users\OWNER\AppData\Local\Temp\d2e1e3fedab3ed89 2a0df92c63e9a780.dll => moved successfully
C:\Users\OWNER\AppData\Local\Temp\JDSetup131250338 117512660.exe => moved successfully
C:\Users\OWNER\AppData\Local\Temp\proxy_vole246182 6566935967893.dll => moved successfully
C:\Users\OWNER\AppData\Local\Temp\proxy_vole306687 1754856067764.dll => moved successfully
C:\Users\OWNER\AppData\Local\Temp\proxy_vole532477 3033895722492.dll => moved successfully
C:\Users\OWNER\AppData\Local\Temp\sfamcc00001.dll => moved successfully
C:\Users\OWNER\AppData\Local\Temp\sfareca00001.dll => moved successfully
C:\Users\OWNER\AppData\Local\Temp\SkypeSetup.exe => moved successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot{65D5F258-01B7-4F96-BFF2-41D77A1F0270}” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{65D5F25 8-01B7-4F96-BFF2-41D77A1F0270}” => key removed successfully
C:\Windows\System32\Tasks\AVG EUpdate Task => not found.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG EUpdate Task” => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{8444EB6 8-097D-42C9-9553-715691D0D02F} => key not found.
C:\Windows\System32\Tasks\GameNet => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GameNet => key not found.
“C:\Program Files (x86)\QGNA\qgna.exe” => not found.
C:\Windows\Tasks\0715avUpdateInfo.job => not found.
“C:\ProgramData\Avg_Update_0715av” => not found.
C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Chrome Apps????[ChromeApps?].lnk => Could not remove or repair shortcut argument. The shortcut could be damaged.
C:\Users\OWNER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Googl e Chrome.lnk => Shortcut argument removed successfully.
C:\Windows => “:nlsPreferences” ADS removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Net work\QQPCRTP => key not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Min imal\QQPCRTP => key not found.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= RemoveProxy: =========

HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully
HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ip reset c:\resetlog.txt =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Reseting Subinterface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= ipconfig /release =========

Windows IP Configuration

No operation can be performed on Local Area Connection 3 while it has its media disconnected.

Ethernet adapter Local Area Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2602:306:cd48:4e40:a141:7c2a:3092:8fbb
Temporary IPv6 Address. . . . . . : 2602:306:cd48:4e40:903:ea85:8b5d:e57e
Link-local IPv6 Address . . . . . : fe80::a141:7c2a:3092:8fbb%14
Default Gateway . . . . . . . . . : fe80::3a3b:c8ff:feec:1381%14

Ethernet adapter Hamachi:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2620:9b::198a:78bb
Link-local IPv6 Address . . . . . : fe80::a08f:463f:15b:4d4c%13
Default Gateway . . . . . . . . . : 2620:9b::1900:1
25.0.0.1

Tunnel adapter isatap.{E5C93915-BB53-4393-BF75-339C19EBDF90}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter isatap.{1E6DD484-184B-45CA-AB20-507D76352621}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter isatap.attlocal.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

========= End of CMD: =========

========= ipconfig /renew =========

Windows IP Configuration

No operation can be performed on Local Area Connection 3 while it has its media disconnected.

Ethernet adapter Local Area Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . : attlocal.net
IPv6 Address. . . . . . . . . . . : 2602:306:cd48:4e40:a141:7c2a:3092:8fbb
Temporary IPv6 Address. . . . . . : 2602:306:cd48:4e40:903:ea85:8b5d:e57e
Link-local IPv6 Address . . . . . : fe80::a141:7c2a:3092:8fbb%14
IPv4 Address. . . . . . . . . . . : 192.168.1.81
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::3a3b:c8ff:feec:1381%14
192.168.1.254

Ethernet adapter Hamachi:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2620:9b::198a:78bb
Link-local IPv6 Address . . . . . : fe80::a08f:463f:15b:4d4c%13
IPv4 Address. . . . . . . . . . . : 25.138.120.187
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . : 2620:9b::1900:1
25.0.0.1

Tunnel adapter isatap.{E5C93915-BB53-4393-BF75-339C19EBDF90}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter isatap.{1E6DD484-184B-45CA-AB20-507D76352621}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter isatap.attlocal.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

========= End of CMD: =========

========= netsh int ipv4 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= netsh int ipv6 reset =========

Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12595912 B
Java, Flash, Steam htmlcache => 365299460 B
Windows/system/drivers => 17763860 B
Edge => 0 B
Chrome => 527316625 B
Firefox => 9526513 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42319841 B
systemprofile32 => 66088 B
LocalService => 66228 B
NetworkService => 78084 B
OWNER => 44319396 B
TEMP => 0 B

RecycleBin => 0 B
EmptyTemp: => 980.1 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 05:46:04 ====

Zoek had this, I’ll be closing it now as I have to go out for the day, will be back later.

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by OWNER on 2016/12/11 at 6:07:51.80.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\OWNER\Desktop\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 6:11:00.38 =====

— Create Environment Variables 6:11:01.35
— Create System Restore Point 6:11:06.48
— Checking Input 6:11:43.04
— Reset Hosts File 6:12:08.67
— AU AppData Check 6:12:09.27
— Remove From Windows Installer 6:12:11.85
— Empty Folders Check 6:13:32.81
— Registry HKLM Software Check 6:13:33.37
— Quick Launch Shortcut Check 6:13:50.88
— IE Startpage Check 6:13:58.22
— Program Files DB Check 6:14:14.91
— C:\Users\Default\AppData\Roaming DB Check 6:14:52.75
— C:\Users\Default User\AppData\Roaming DB Check 6:14:52.75
— C:\Users\OWNER\AppData\Roaming DB Check 6:14:52.75
— C:\Users\TEMP\AppData\Roaming DB Check 6:14:52.75
— C:\Windows\SysNative\config\systemprofile\AppData\ Roaming DB Check 6:14:52.75
— C:\Windows\sysWoW64\config\systemprofile\AppData\R oaming DB Check 6:14:52.75
— C:\Windows\serviceprofiles\networkservice\AppData\ Roaming DB Check 6:14:52.75
— C:\Windows\serviceprofiles\Localservice\AppData\Ro aming DB Check 6:14:52.75
— C:\Users\OWNER DB Check 6:17:05.50
— C:\PROGRA~3 DB Check 6:17:20.96
— C:\Users\Default\AppData\Local DB Check 6:17:39.13
— C:\Users\Default User\AppData\Local DB Check 6:17:39.13
— C:\Users\OWNER\AppData\Local DB Check 6:17:39.13
— C:\Users\TEMP\AppData\Local DB Check 6:17:39.13
— C:\Windows\SysNative\config\systemprofile\AppData\ Local DB Check 6:17:39.13
— C:\Windows\sysWoW64\config\systemprofile\AppData\L ocal DB Check 6:17:39.13
— C:\Windows\serviceprofiles\networkservice\AppData\ Local DB Check 6:17:39.13
— C:\Windows\serviceprofiles\Localservice\AppData\Lo cal DB Check 6:17:39.13
— DB Check 6:19:30.25
— C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs DB Check 6:26:31.36
— Tasks DB Check 6:26:36.83
— Downloads DB Check 6:26:40.46
— C:\Users\OWNER\AppData\LocalLow DB Check 6:26:43.72
— C:\Windows\SysNative\config\systemprofile\AppData\ LocalLow DB Check 6:26:43.72
— C:\Windows\sysWoW64\config\systemprofile\AppData\L ocalLow DB Check 6:26:43.72
— C:\Windows\serviceprofiles\networkservice\AppData\ LocalLow DB Check 6:26:43.72
— C:\Windows\serviceprofiles\Localservice\AppData\Lo calLow DB Check 6:26:43.72
— Tasks2 DB Check 6:27:22.32
— Documents DB Check 6:27:49.42
— C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Pro files\v88yth1x.default-1396169490810 DB Check 6:27:56.50
— C:\Users\Public\Desktop DB Check 6:27:58.55
— C:\Users\OWNER\Desktop DB Check 6:28:03.77
— Services DB Check 6:28:12.65
— FF prefs.js DB Check 6:28:34.39
— Emptyclsid 6:29:07.76
— Del by CLSID 6:29:08.86
— Delete Services 6:30:11.61
— Firefox Fix 6:30:14.49
— Batch Commands 6:30:16.60
— Delete files\folders 6:30:16.72
— Create Backups 6:30:17.00
— Firefox Extensions 6:31:26.65

Also, not sure if you want the logs for the failed zemana scan/clean, but I’ll post them later when I’m back if you do.

Sometime Zemana will not run, it is what it is. But it may help if you run it Via the Process Close App or in Safe Mode with networking. You could also run Zemana Again this time a quick regular scan.

ZHP Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.

1. Once you have started the program, you will need to click the scanner button.

[IMG alt="EgsT69u" width="602px" height="129px"]https://windowsinstructed.com/wp-content/uploads/2015/06/EgsT69u.png[/IMG]

The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.
[URL unfurl="true"]http://windowsinstructed.com/wp-content/uploads/2015/06/6QJjV50.png[/URL]

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.
Copy and paste the report here in your next reply.

Security Check Scan.

[ul]
[li]Download Security Check to your desktop.[/li][li]Right click it run as administrator.[/li][li]When the program completes, the tool will automatically open a log file.[/li][li]Please post that log here in your next post.[/li][/ul]

Fresh FRST Logs.

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

[ul]
[li]Right-click on FRST icon and select Run as Administrator to start the tool.[/li](XP users click run after receipt of Windows Security Warning - Open File).
[li]Make sure that Addition option is checked.[/li][li]Press Scan button and wait.[/li][li]The tool will produce two logfiles on your desktop: FRST.txt, and Addition.txt.[/li][/ul]
Please Copy & Paste them into your next reply

ZHP Diag.

Download ZHP Diag to your desktop.

1. Right Click Run as Admin.
   2. Click the Scanner button.

When complete please push the report button.
A notepad will open… copy and paste the report in your next reply.

Yes, I need to know what was and was not removed from your machine.

[ul]
[li]Get the Everything Search Engine [/li][li]Install Program, Right Click Run As Admin. Type or copy and paste C:\Windows\System32\Tasks into to search window.[/li][li]Then Click Edit.[/li][li]Select all.[/li][li]Right Click highlighted items.[/li][li]Copy full name to clipboard.[/li][li]Paste content of clipboard, here in your next reply.[/li][/ul]
Perform the same steps above for the following in the code boxes below one at a time.
[ICODE] GWX[/code] [code] AVG[/ICODE]

The security check log first, because it doesn’t wanna save the text file for some reason.

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 11.12.2016 18:21:22
Path starting: C:\Users\OWNER\AppData\Local\Temp\SecurityCheck\Se curityCheck.exe
Log directory: C:\SecurityCheck
IsAdmin: True
User: OWNER
VersionXML: 3.59is-11.12.2016

---

Windows 7(6.1.7601) Service Pack 1 (x64) Ultimate Lang: English(0409)
Installation date OS: 30.01.2013 17:27:45
LicenseStatus: Windows(R) 7, Ultimate edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [465.7 Gb] Used: [360.2 Gb] Free: [105.5 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 10.0.9200.17609 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
User Account Control disabled
The elevation prompt for administrators disabled
^It is recommended to enable: Win+R typing UserAccountControlSettings and Enter[1]
Automatically download and schedule installation
Date install updates: 2016-12-03 20:32:12
Windows Update (wuauserv) - The service has stopped
Security Center (wscsvc) - The service has stopped
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Microsoft Security Essentials (disabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Microsoft Security Essentials (disabled and up to date)
Windows Defender (disabled and out of date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Microsoft Security Essentials v.4.10.209.0
-------------------------- [ SecurityUtilities ] --------------------------
HitmanPro 3.7 v.3.7.9.212
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.31 beta 1 (64-bit) v.5.31.1 Warning! Download Update
7-Zip 9.20
VLC media player 1.1.11 v.1.1.11 Warning! Download Update
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.26 v.7.26.101 Warning! Download Update
^Optional update.[2]
--------------------------------- [ P2P ] ---------------------------------
Vuze v.5.3.0.0 Warning! P2P-client.
-------------------------------- [ Java ] ---------------------------------
Java 7 Update 79 (64-bit) v.7.0.790 Warning! This software is no longer supported. Please uninstall it and use Java SE 8 (jre-8u112-windows-x64.exe).
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 21 ActiveX v.21.0.0.213 Warning! Download Update
Adobe Flash Player 22 NPAPI v.22.0.0.209 Warning! Download Update
------------------------------- [ Browser ] -------------------------------
Google Chrome v.56.0.2924.21
Mozilla Firefox 50.0.2 (x86 en-US) v.50.0.2
------------------ [ AntivirusFirewallProcessServices ] -------------------
HitmanPro Scheduler (HitmanProScheduler) - The service has stopped
Microsoft Antimalware Service (MsMpSvc) - The service is running
C:\Program Files\Microsoft Security Client\MsMpEng.exe v.4.10.209.0
Microsoft Network Inspection (NisSrv) - The service has stopped
Windows Defender (WinDefend) - The service has stopped
---------------------------- [ UnwantedApps ] -----------------------------
Unity Web Player (x64) (All users) v.4.6.0f2 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
Unity Web Player Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
----------------------------- [ End of Log ] ------------------------------

---

1. /b ↩︎
2. /b ↩︎

Alright, obviously you should update the items suggested in the security check log, and post the other logs suggested when you have time. If Zoek will not run on your machine then that is not an issue. I have seen it not work on several machines, so no big deal there.

The Zemana log. Some of the things that I excluded were marked for quarantine anyway, don’t think I lost them though.

Zemana AntiMalware 2.70.2.118 (Portable)

---

Scan Result : Completed
Scan Date : 2016/12/11
Operating System : Windows 7 64-bit
Processor : 6X AMD FX™-6300 Six-Core Processor
BIOS Mode : Legacy
CUID : 12603E636D19501E25BE80
Scan Type : Custom Scan
Duration : 216m 32s
Scanned Objects : 359517
Detected Objects : 35
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
[HEADING=1]Detected Objects[/HEADING]
networkdlllsp.dll
Status : Scanned
Object : %systemroot%\syswow64\networkdlllsp.dll
MD5 : 4AAB6F4DB09D5641C0E322EAC1982ACA
Publisher : Zhengzhou longlin technology Co.,Ltd.
Size : 421744
Version : 1.0.0.0
Detection : Heur.Malicious
Cleaning Action : Delete
Related Objects :
File - %systemroot%\syswow64\networkdlllsp.dll

TesSafe.sys
Status : Scanned
Object : %systemroot%\system32\tessafe.sys
MD5 : 8D3FACB922606821A3F65934DE18CA4A
Publisher : Tencent Technology(Shenzhen) Company Limited
Size : 910992
Version : 2.0.1.25169
Detection : PUA:Win32/BrowserHijacker!Ep
Cleaning Action : Delete
Related Objects :
File - %systemroot%\system32\tessafe.sys

TokyoNecro.exe
Status : Scanned
Object : %programfiles%\nitroplus\凍京necro\tokyonecro.exe
MD5 : DE4E2415929F7B72180E3220F299A412
Publisher : -
Size : 2163200
Version : 1.0.0.0
Detection : TrojanCryptor:Win32/Generic
Cleaning Action : Exclude
Related Objects :
File - %programfiles%\nitroplus\凍京necro\tokyonecro.exe
Reference - C:\Users\OWNER\Downloads\NHSC\TokyoNecro - Shortcut.lnk

hjsplit30zip.exe
Status : Scanned
Object : %userprofile%\downloads\hjsplit30zip.exe
MD5 : A22F81BBC0D8D013822F2B2C7CD327FE
Publisher : AfterDawn
Size : 370264
Version : 1.18.0.2810
Detection : Adware:Win32/AutoBulk.bdae6d!Ep
Cleaning Action : Delete
Related Objects :
File - %userprofile%\downloads\hjsplit30zip.exe

processclose_1.0.0.3.exe
Status : Scanned
Object : %userprofile%\documents\processclose_1.0.0.3.exe
MD5 : A39045265A4AE05A5B76C0C2E2762035
Publisher : -
Size : 988160
Version : 1.0.0.3
Detection : Malware:Win32/Obfus.A!Kkee
Cleaning Action : Delete
Related Objects :
File - %userprofile%\documents\processclose_1.0.0.3.exe

agth.dll
Status : Scanned
Object : %userprofile%\desktop\extra\text hook\translation tools\translation aggregator 0.4.8.r165\agth.dll
MD5 : 7800942CEF4F7894D6DC848B13D6BF73
Publisher : -
Size : 29184
Version : 2011.4.21.0
Detection : Adware:Win32/Fooster.A!Eemr
Cleaning Action : Exclude
Related Objects :
File - %userprofile%\desktop\extra\text hook\translation tools\translation aggregator 0.4.8.r165\agth.dll

agth.dll
Status : Scanned
Object : %userprofile%\desktop\extra\text hook\ithvnr-3.5640.1-win32\translation aggregator 0.4.8.r165\agth.dll
MD5 : 7800942CEF4F7894D6DC848B13D6BF73
Publisher : -
Size : 29184
Version : 2011.4.21.0
Detection : Adware:Win32/Fooster.A!Eemr
Cleaning Action : Exclude
Related Objects :
File - %userprofile%\desktop\extra\text hook\ithvnr-3.5640.1-win32\translation aggregator 0.4.8.r165\agth.dll

mism.exe
Status : Scanned
Object : %programw6432%\vuze.install4j\user\mism.exe
MD5 : CB7D8F3EE1CDB0B87F2E82425F429096
Publisher : Conduit Ltd.
Size : 81016
Version : 2.0.0.0
Detection : Win32/Adware.Conduit!Ep
Cleaning Action : Delete
Related Objects :
File - %programw6432%\vuze.install4j\user\mism.exe

gszjxyhfovoljrgbnfmttwfnrtofpwfn.back
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\gszjxyhfov oljrgbnfmttwfnrtofpwfn.back
MD5 : 53E5930240A4CC8F7CA709FD6C3E4A89
Publisher : Tencent Technology(Shenzhen) Company Limited
Size : 87864
Version : 1.0.10.52
Detection : PUA:Win32/BrowserHijacker!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\gszjxyhfov oljrgbnfmttwfnrtofpwfn.back

SSOCommon.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txsso\bin\ssocommon.dll
MD5 : 8C7DCB72444562693EEAF091553DE96D
Publisher : Tencent Technology(Shenzhen) Company Limited
Size : 1527352
Version : 1.2.2.37
Detection : PUA:Win32/BrowserHijacker!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txsso\bin\ssocommon.dll

SSOCommon.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txsso\1.2.2.37\bin\ssocommo n.dll
MD5 : 8C7DCB72444562693EEAF091553DE96D
Publisher : Tencent Technology(Shenzhen) Company Limited
Size : 1527352
Version : 1.2.2.37
Detection : PUA:Win32/BrowserHijacker!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txsso\1.2.2.37\bin\ssocommo n.dll

SSOPlatform.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txsso\bin\ssoplatform.dll
MD5 : B4103238FCE525837E466AEFD44CC0F0
Publisher : Tencent Technology(Shenzhen) Company Limited
Size : 1588792
Version : 1.2.2.37
Detection : PUA:Win32/BrowserHijacker!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txsso\bin\ssoplatform.dll

SSOLUIControl.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txsso\bin\ssoluicontrol.dll
MD5 : 861E742B915114D72A4AD547BACDD386
Publisher : Tencent Technology(Shenzhen) Company Limited
Size : 495160
Version : 1.0.1.14
Detection : PUA:Win32/BrowserHijacker!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txsso\bin\ssoluicontrol.dll

SSOPlatform.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txsso\1.2.2.37\bin\ssoplatf orm.dll
MD5 : B4103238FCE525837E466AEFD44CC0F0
Publisher : Tencent Technology(Shenzhen) Company Limited
Size : 1588792
Version : 1.2.2.37
Detection : PUA:Win32/BrowserHijacker!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txsso\1.2.2.37\bin\ssoplatf orm.dll

SSOLUIControl.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txsso\1.2.2.37\bin\ssoluico ntrol.dll
MD5 : 861E742B915114D72A4AD547BACDD386
Publisher : Tencent Technology(Shenzhen) Company Limited
Size : 495160
Version : 1.0.1.14
Detection : PUA:Win32/BrowserHijacker!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txsso\1.2.2.37\bin\ssoluico ntrol.dll

SSOLUIControl.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txsso\1.2.2.18\bin\ssoluico ntrol.dll
MD5 : C737F0FEE9C9025B9B33FC726F19B21F
Publisher : Tencent Technology(Shenzhen) Company Limited
Size : 493920
Version : 1.0.1.14
Detection : PUA:Win32/BrowserHijacker!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txsso\1.2.2.18\bin\ssoluico ntrol.dll

npSSOAxCtrlForPTLogin.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txsso\bin\npssoaxctrlforptl ogin.dll
MD5 : 1FB6CA3E87460F56C941775BD713DBFF
Publisher : Tencent Technology(Shenzhen) Company Limited
Size : 224824
Version : 1.0.1.13
Detection : PUA:Win32/BrowserHijacker!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txsso\bin\npssoaxctrlforptl ogin.dll

npSSOAxCtrlForPTLogin.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txsso\1.2.2.37\bin\npssoaxc trlforptlogin.dll
MD5 : 1FB6CA3E87460F56C941775BD713DBFF
Publisher : Tencent Technology(Shenzhen) Company Limited
Size : 224824
Version : 1.0.1.13
Detection : PUA:Win32/BrowserHijacker!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txsso\1.2.2.37\bin\npssoaxc trlforptlogin.dll

SSOPlatform.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txsso\1.2.2.18\bin\ssoplatf orm.dll
MD5 : 7449AD092A8ACBD395B2D24FE51E04ED
Publisher : Tencent Technology(Shenzhen) Company Limited
Size : 1558880
Version : 1.2.2.18
Detection : PUA:Win32/BrowserHijacker!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txsso\1.2.2.18\bin\ssoplatf orm.dll

extract.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\qqdownload\125\extract.dll
MD5 : 9DA51D4506BD094FBFC7D337338FC872
Publisher : Tencent Technology(Shenzhen) Company Limited
Size : 367480
Version : 1.9.273.402
Detection : PUA:Win32/BrowserHijacker!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\qqdownload\125\extract.dll

Tencentdl.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\qqdownload\125\tencentdl.ex e
MD5 : 92347A3335388FD8DE040B24E4B8A472
Publisher : Tencent Technology(Shenzhen) Company Limited
Size : 904760
Version : 1.0.125.3
Detection : PUA:Win32/BrowserHijacker!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\qqdownload\125\tencentdl.ex e

QMScriptHost.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txpltsafe\qmscripthost.dll
MD5 : 924D87CE36CF6BB17E18959F4582816F
Publisher : Tencent Technology(Shenzhen) Company Limited
Size : 369552
Version : 1.0.1.201
Detection : PUA:Win32/BrowserHijacker!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txpltsafe\qmscripthost.dll

npQQPhoneManagerExt.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\qqphonemanager\1.8.101.2154 \npqqphonemanagerext.dll
MD5 : 0AD974D0B876505720A28B2758898682
Publisher : Tencent Technology(Shenzhen) Company Limited
Size : 115600
Version : 1.8.101.2154
Detection : PUA:Win32/BrowserHijacker!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\qqphonemanager\1.8.101.2154 \npqqphonemanagerext.dll

SSOCommon.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txsso\1.2.2.18\bin\ssocommo n.dll
MD5 : AFE0691A4E798A11DE41A434C6A22B1A
Publisher : Tencent Technology(Shenzhen) Company Limited
Size : 1526112
Version : 1.2.2.18
Detection : PUA:Win32/BrowserHijacker!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txsso\1.2.2.18\bin\ssocommo n.dll

npSSOAxCtrlForPTLogin.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txsso\1.2.2.18\bin\npssoaxc trlforptlogin.dll
MD5 : 201FA005BE8D6B2E63FAA652DD701204
Publisher : Tencent Technology(Shenzhen) Company Limited
Size : 211296
Version : 1.0.1.12
Detection : PUA:Win32/BrowserHijacker!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txsso\1.2.2.18\bin\npssoaxc trlforptlogin.dll

Update.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txpltsafe\update.dll
MD5 : 92B5F5E4A01EEAE5192D2ECAF3E4DA31
Publisher : Tencent Technology(Shenzhen) Company Limited
Size : 340880
Version : 1.0.1.201
Detection : PUA:Win32/BrowserHijacker!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txpltsafe\update.dll

TXPltSafeInf.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txpltsafe\txpltsafeinf.dll
MD5 : 350961B3E27E1589C9D114781A904FCD
Publisher : Tencent Technology(Shenzhen) Company Limited
Size : 624664
Version : 1.0.1.201
Detection : PUA:Win32/BrowserHijacker!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txpltsafe\txpltsafeinf.dll

TXPltSafe.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txpltsafe\txpltsafe.dll
MD5 : FAA582F64A5B2079484DE7DBE8B14B67
Publisher : Tencent Technology(Shenzhen) Company Limited
Size : 456536
Version : 1.0.1.201
Detection : PUA:Win32/BrowserHijacker!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txpltsafe\txpltsafe.dll

QMSysRepProv.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txpltsafe\qmsysrepprov.dll
MD5 : 58C8E857E895D1D510A14A40444308B9
Publisher : Tencent Technology(Shenzhen) Company Limited
Size : 504720
Version : 1.0.1.201
Detection : PUA:Win32/BrowserHijacker!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\txpltsafe\qmsysrepprov.dll

dlcore.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\qqdownload\125\dlcore.dll
MD5 : D112EE395F419C6CFA825C6E9F35AC27
Publisher : Tencent Technology(Shenzhen) Company Limited
Size : 2031160
Version : 1.9.639.401
Detection : PUA:Win32/BrowserHijacker!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\fedwvjsnny ohxaoxlbbfovgqorgazmsy\qqdownload\125\dlcore.dll

Option.exe
Status : Scanned
Object : %homedrive%\hanpurple\soulworker\option.exe
MD5 : 8EAEDAB102985B07BDBF4E87F0652C1E
Publisher : LIONGAMES Co.,Ltd.
Size : 38936
Version : 1.0.0.0
Detection : Adware:Win32/BulkHeur2.b4363a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\hanpurple\soulworker\option.exe

SWLoading.exe
Status : Scanned
Object : %homedrive%\hanpurple\soulworker\swloading.exe
MD5 : 076B62922FF58E9C27DF93A48347BC8C
Publisher : LIONGAMES Co.,Ltd.
Size : 950776
Version : 1.0.0.0
Detection : Adware:Win32/BulkHeur2.b4363a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\hanpurple\soulworker\swloading.exe

SoulWorker100.exe
Status : Scanned
Object : %homedrive%\hanpurple\soulworker\soulworker100.exe
MD5 : 61BD1343AE74029152C42EE52CF3284E
Publisher : LIONGAMES Co.,Ltd.
Size : 14441472
Version : 1.6.0.10
Detection : Adware:Win32/BulkHeur2.b4363a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\hanpurple\soulworker\soulworker100.exe

Outbound.exe
Status : Scanned
Object : %homedrive%\hanpurple\soulworker\outbound.exe
MD5 : 0F4B3855C9AE33EB353D7E108280939C
Publisher : LIONGAMES Co.,Ltd.
Size : 44056
Version : 1.0.0.0
Detection : Adware:Win32/BulkHeur2.b4363a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\hanpurple\soulworker\outbound.exe

DumpReport.exe
Status : Scanned
Object : %homedrive%\hanpurple\soulworker\dumpreport.exe
MD5 : C383494BE144A93268139A10AAAEB5D0
Publisher : LIONGAMES Co.,Ltd.
Size : 2529304
Version : -
Detection : Adware:Win32/BulkHeur2.b4363a!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\hanpurple\soulworker\dumpreport.exe

ZHP Clean

~ ZHPCleaner v2016.12.11.214 by Nicolas Coolman (2016/12/11)
~ Run by OWNER (Administrator) (11/12/2016 18:01:49)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook : ZHP
~ State version :
~ Type : Repair
~ Report : C:\Users\OWNER\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\OWNER\AppData\Roaming\ZHP\ZHPCleaner_Quar antine.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)

—\ Services (0)
~ No malicious or unnecessary items found.

—\ Browser internet (0)
~ No malicious or unnecessary items found.

—\ Hosts file (1)
~ The hosts file is legitimate (21)

—\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

—\ Explorer ( File, Folder) (103)
MOVED file: C:\Windows\Installer\wix{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Users\OWNER\AppData\Local\Akamai\netsession_win .exe [Akamai Technologies, Inc. - Akamai NetSession Client] =>.Superfluous.AkamaiHD
MOVED folder: C:\ProgramData\HappyCloud =>.Superfluous.HappyCloud
MOVED folder: C:\Users\OWNER\AppData\Roaming\HMYGSetting =>Adware.Suspect
MOVED folder: C:\Users\OWNER\AppData\Local\Akamai =>.Superfluous.AkamaiHD
MOVED folder: C:\Windows\Installer\MSI1270.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI16E2.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI1869.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI1B66.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI1CF8.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI1D6A.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI1F5D.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI2073.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI20E4.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI2132.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI227B.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI23A1.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI2420.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI251C.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI2545.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI268E.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI26FE.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI2851.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI28B1.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI2907.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI2929.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI299D.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI2C0A.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI2DD0.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI2E68.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI2F67.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI3016.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI3161.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI3175.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI33B7.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI33CC.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI3411.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI3525.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI3591.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI35DA.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI3FF1.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI441F.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI46CE.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI4AF8.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI4DE6.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI4F6.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI5273.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI5297.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI583E.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI58AB.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI5ADE.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI5C06.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI5E96.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI60F8.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI69A0.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI778.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI7F81.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI8415.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI8677.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI88D8.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI8B71.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI8C62.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI8D08.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI8FAD.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI921E.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI9451.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI96C3.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI9D3D.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIA09.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIA52.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIAA68.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIAA6A.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIACC.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIAD27.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIB0C1.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIB102.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIB360.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIB411.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIBB92.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIBE52.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIBF0E.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIBFE9.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIC0B6.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIC146.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIC2AC.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIC309.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIC3E4.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIC491.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIC4F3.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIC68A.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSICA4.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSICD29.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSID009.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSID017.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSID269.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSID5B4.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSID9EA.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIDEEA.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIE4B5.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIEC25.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIEF28.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIF107.tmp- =>.Superfluous.Empty

—\ Registry ( Key, Value, Data) (17)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface [“C:\Users\OWNER\AppData\Local\Akamai\netsession_wi n.exe” (Not File)] =>.Superfluous.AkamaiHD
DELETED key*: HKEY_USERS\S-1-5-21-2941685042-3306150061-3194319401-1000\SOFTWARE\Akamai =>.Superfluous.AkamaiHD
DELETED key*: HKEY_USERS\S-1-5-21-2941685042-3306150061-3194319401-1000\SOFTWARE\HappyCloud =>.Superfluous.HappyCloud
DELETED key*: HKEY_USERS\S-1-5-21-2941685042-3306150061-3194319401-1000\SOFTWARE\MiniQQDownloader =>Trojan.GenericKD
DELETED key*: HKEY_USERS\S-1-5-21-2941685042-3306150061-3194319401-1000\SOFTWARE\TENCENT =>.Superfluous.Tencent
DELETED key: HKCU\Software\Akamai =>.Superfluous.AkamaiHD
DELETED key: HKCU\Software\HappyCloud =>.Superfluous.HappyCloud
DELETED key: HKCU\Software\MiniQQDownloader =>Trojan.GenericKD
DELETED key: HKCU\Software\TENCENT =>.Superfluous.Tencent
DELETED key*: HKCU\Software\AppDataLow\Tencent =>.Superfluous.Tencent
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uni nstall\Akamai [Akamai Technologies, Inc] =>.Superfluous.AkamaiHD
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\CscService =>.Superfluous.PCSpeedUp
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\02E2ECC138509744D9CE60776EF799FE [C:\Program Files (x86)\Aeria Games\Ignite\AGAkamai.dll] =>.Superfluous.AkamaiHD
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\0D7B51C7BE09A4847B26970AFABDCD19 [C:\Program Files (x86)\Common Files\Spigot\GC\ (Not File)] =>PUP.Optional.Dealio
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\34B66CF356D744245B0C8EDE24AC03DC [C:\Program Files (x86)\Common Files\Spigot\GC\ (Not File)] =>PUP.Optional.Dealio
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Tencent =>.Superfluous.Tencent
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.] =>Heuristic.Suspect

—\ Summary of the elements found (9)
Blog - Nicolas Coolman =>.Superfluous.Empty
Blog - Nicolas Coolman =>.Superfluous.AkamaiHD
Blog - Nicolas Coolman =>.Superfluous.HappyCloud
Redirecting... =>Adware.Suspect
https://www.nicolascoolman.com/fr/re...et_infections/ =>Trojan.GenericKD
https://www.nicolascoolman.com/fr/ad...entaddressbar/ =>.Superfluous.Tencent
https://www.nicolascoolman.com/fr/su...-pcspeeduppro/ =>.Superfluous.PCSpeedUp
https://www.nicolascoolman.com/fr/pup-dealio/ =>PUP.Optional.Dealio
Redirecting... =>Heuristic.Suspect

—\ Other deletions. (33)
~ Registry Keys Tracing deleted (33)
~ Remove the old reports ZHPCleaner. (0)

—\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)

—\ Statistics
~ Items scanned : 705
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 120

~ End of clean in 00h00mn37s
~====================
ZHPCleaner-[R]-11122016-18_02_26.txt
ZHPCleaner--11122016-17_59_52.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by OWNER (administrator) on OWNER-PC (11-12-2016 18:28:45)
Running from C:\Users\OWNER\Desktop
Loaded Profiles: OWNER (Available Profiles: OWNER)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
Startup: C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\processclose_1.0.0.3 - Shortcut.lnk [2016-12-11]

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip..\Interfaces{26F54C70-E6A9-4026-AAE6-12027642A3E0}: [DhcpNameServer] 192.168.1.254
Tcpip..\Interfaces{2B0F3536-45DB-43BD-8D5D-6D24B03F4ECD}: [DhcpNameServer] 192.168.1.254
[HEADING=1]Internet Explorer:[/HEADING]
HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000 → {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files\Java\jre7\bin\ssv.dll [2016-11-19] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files\Java\jre7\bin\jp2ssv.dll [2016-11-19] (Oracle Corporation)
[HEADING=1]FireFox:[/HEADING]
FF DefaultProfile: v88yth1x.default-1396169490810
FF ProfilePath: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Pro files\v88yth1x.default-1396169490810 [2016-12-11]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 → Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 → Google
FF Homepage: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 → hxxps://www.google.com
FF Extension: (Sadpanda 2) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Pro files\v88yth1x.default-1396169490810\Extensions\jid1-7NbXi2AqS1oUFw@jetpack.xpi [2016-08-12]
FF Extension: (NoScript) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Pro files\v88yth1x.default-1396169490810\Extensions{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-11-28]
FF Plugin: @adobe.com/FlashPlayer → C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_ 209.dll [2016-08-10] ()
FF Plugin: @java.com/DTPlugin,version=10.79.2 → C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-11-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 → C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2016-11-19] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer → C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_ 209.dll [2016-08-10] ()
FF Plugin HKU\S-1-5-21-2941685042-3306150061-3194319401-1000: @unity3d.com/UnityPlayer,version=1.0 → C:\Users\OWNER\AppData\LocalLow\Unity\WebPlayer\lo ader\npUnity3D32.dll [No File]
[HEADING=1]Chrome:[/HEADING]
CHR DefaultProfile: Default
CHR StartupUrls: Default → “hxxp://www.google.com/”
CHR Profile: C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default [2016-12-11]
CHR Extension: (Sad Panda) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohapeiooecafommnlaiccilac gmkaoc [2016-08-25]
CHR Extension: (Adblock Plus) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddi lifddb [2016-10-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2016-04-05]
CHR Extension: (Chrome Media Router) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2016-12-09]
CHR Profile: C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-12-11]
CHR Profile: C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\System Profile [2016-12-11]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-10-12] (Advanced Micro Devices, Inc.)
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
S4 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-07-31] (SurfRight B.V.)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2016-04-05] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5449136 2016-05-16] (INCA Internet Co., Ltd.)
S4 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4374072 2015-01-09] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
S3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [99440 2011-08-10] (Atheros Communications, Inc.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [89304 2015-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 Neo_JP; C:\Windows\System32\DRIVERS\Neo_0038.sys [28768 2015-01-09] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2013-05-08] () [File not signed]
S3 vhidmini; C:\Windows\System32\DRIVERS\vjoy.sys [15544 2013-04-18] (Headsoft)
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-12-11] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-12-11] (Zemana Ltd.)
U3 ataasbnl; C:\Windows\System32\Drivers\ataasbnl.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S2 AODDriver4.2.0; ??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys
S3 tsusbhub; system32\drivers\tsusbhub.sys
S3 VGPU; System32\drivers\rdvgkmd.sys

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-11 18:28 - 2016-12-11 18:29 - 00008398 _____ C:\Users\OWNER\Desktop\FRST.txt
2016-12-11 18:27 - 2016-12-11 18:27 - 01014086 _____ () C:\Users\OWNER\Desktop\Everything-1.3.4.686.x64.Multilingual-Setup.exe
2016-12-11 18:05 - 2016-12-11 18:21 - 00000000 ____D C:\SecurityCheck
2016-12-11 18:03 - 2016-12-11 18:03 - 00011793 _____ C:\Users\OWNER\Desktop\ZHP clean.txt
2016-12-11 17:59 - 2016-12-11 18:02 - 00011793 _____ C:\Users\OWNER\Desktop\ZHPCleaner.txt
2016-12-11 17:48 - 2016-12-11 18:02 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\ZHP
2016-12-11 17:47 - 2016-12-11 17:47 - 00000000 ____D C:\Users\OWNER\Desktop\first logs
2016-12-11 17:46 - 2016-12-11 17:47 - 02576896 _____ C:\Users\OWNER\Desktop\ZHPDiag3.exe
2016-12-11 17:45 - 2016-12-11 17:46 - 02620416 _____ C:\Users\OWNER\Desktop\ZHPCleaner.exe
2016-12-11 06:29 - 2016-12-11 06:29 - 00000000 ____D C:\zoek
2016-12-11 06:07 - 2016-12-11 06:31 - 00003215 _____ C:\runcheck.txt
2016-12-11 06:07 - 2016-12-11 06:31 - 00000000 ____D C:\zoek_backup
2016-12-11 06:06 - 2016-12-11 06:07 - 01309184 _____ C:\Users\OWNER\Desktop\zoek.exe
2016-12-11 05:44 - 2016-12-11 05:46 - 00025905 _____ C:\Users\OWNER\Desktop\Fixlog.txt
2016-12-11 05:39 - 2016-12-11 05:39 - 00020982 _____ C:\Users\OWNER\Desktop\zemana.txt
2016-12-11 01:47 - 2016-12-11 18:29 - 00037600 _____ C:\Windows\ZAM.krnl.trace
2016-12-11 01:47 - 2016-12-11 18:29 - 00010201 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-12-11 01:47 - 2016-12-11 01:47 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-12-11 01:47 - 2016-12-11 01:47 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-12-11 01:47 - 2016-12-11 01:47 - 00000000 ____D C:\Users\OWNER\AppData\Local\Zemana
2016-12-11 01:12 - 2016-12-11 01:12 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2016-12-11 01:12 - 2016-12-11 01:12 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2016-12-11 01:10 - 2016-12-11 01:10 - 05211584 _____ (Zemana Ltd.) C:\Users\OWNER\Desktop\Zemana.AntiMalware.Portable .exe
2016-12-11 01:08 - 2016-12-11 01:08 - 00004923 _____ C:\Users\OWNER\Desktop\JRT.txt
2016-12-11 00:12 - 2016-12-11 00:13 - 00752296 _____ C:\Users\OWNER\Desktop\Adware Removal Tool by TSA.exe
2016-12-11 00:06 - 2016-12-11 00:35 - 00000000 ____D C:\AdwCleaner
2016-12-11 00:06 - 2016-12-11 00:06 - 01631928 _____ (Malwarebytes) C:\Users\OWNER\Desktop\JRT.exe
2016-12-11 00:05 - 2016-12-11 00:05 - 03968464 _____ C:\Users\OWNER\Desktop\adwcleaner_6.040.exe
2016-12-10 23:09 - 2016-12-11 18:28 - 00000000 ____D C:\FRST
2016-12-10 23:08 - 2016-12-10 23:08 - 02420224 _____ (Farbar) C:\Users\OWNER\Desktop\FRST64.exe
2016-12-10 20:52 - 2016-12-11 01:03 - 00382316 _____ C:\Windows\ntbtlog.txt
2016-12-10 20:43 - 2016-12-10 20:43 - 00003744 ____N C:\bootsqm.dat
2016-12-10 02:27 - 2016-12-10 02:27 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-12-10 02:27 - 2016-12-10 02:27 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-12-10 02:27 - 2016-12-10 02:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-12-10 01:16 - 2016-12-10 02:18 - 00000000 ____D C:\AVG_Remover
2016-12-09 19:28 - 2016-12-09 19:28 - 00001113 _____ C:\Users\OWNER\Desktop\WhoCrashed.lnk
2016-12-09 18:11 - 2016-12-09 23:27 - 00000000 ____D C:\Users\Default\Desktop\WhoCrashed
2016-12-09 18:11 - 2016-12-09 23:27 - 00000000 ____D C:\Users\Default User\Desktop\WhoCrashed
2016-12-09 18:11 - 2016-12-09 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
2016-12-09 17:12 - 2016-12-09 17:12 - 00514172 _____ C:\Users\OWNER\Desktop\openhardwaremonitor-v0.8.0-beta.zip
2016-12-07 12:12 - 2016-12-09 23:35 - 00000000 ____D C:\Users\OWNER\AppData\Local\SWPatcher
2016-12-07 12:12 - 2016-12-07 12:12 - 00000390 _____ C:\Users\OWNER\Desktop\Soulworker Patcher.appref-ms
2016-12-07 12:12 - 2016-12-07 12:12 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\MiyuPatcher
2016-12-06 23:33 - 2016-12-06 23:33 - 00000575 _____ C:\Users\OWNER\Desktop\バンダイナムコオンラインランチャー.lnk
2016-12-06 23:33 - 2016-12-06 23:33 - 00000000 ____D C:\Users\OWNER\Desktop\BNO
2016-12-06 16:29 - 2016-12-06 16:44 - 00000000 ____D C:\Users\OWNER\Desktop\Convenience
2016-12-06 16:26 - 2016-12-07 16:08 - 00000000 ____D C:\Users\OWNER\Desktop\Extra
2016-12-06 16:25 - 2016-12-06 23:32 - 00000000 ____D C:\Users\OWNER\Desktop\Launchers
2016-12-05 23:04 - 2016-12-05 23:04 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\FALCOM
2016-12-03 16:20 - 2016-05-16 04:25 - 05449136 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
2016-12-03 16:20 - 2005-01-02 04:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys
2016-12-03 16:20 - 2003-07-18 13:17 - 00005174 _____ C:\Windows\SysWOW64\nppt9x.vxd
2016-12-02 21:52 - 2016-11-02 07:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-12-02 21:52 - 2016-11-02 07:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-12-02 21:52 - 2016-11-02 07:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-12-02 21:52 - 2016-11-02 07:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-12-02 21:52 - 2016-11-02 07:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-12-02 21:52 - 2016-11-02 07:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-12-02 21:52 - 2016-11-02 07:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-12-02 21:52 - 2016-11-02 07:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-12-02 21:52 - 2016-11-02 07:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-12-02 21:52 - 2016-11-02 06:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-12-02 21:52 - 2016-10-25 07:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-12-02 21:52 - 2016-10-15 07:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-12-02 21:52 - 2016-10-15 07:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-12-02 21:52 - 2016-10-15 07:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-12-02 21:52 - 2016-10-15 07:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-12-02 21:52 - 2016-10-11 07:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-12-02 21:52 - 2016-10-11 07:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-12-02 21:52 - 2016-10-11 07:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-12-02 21:52 - 2016-10-11 07:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-12-02 21:52 - 2016-10-11 07:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-12-02 21:52 - 2016-10-11 07:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-12-02 21:52 - 2016-10-11 07:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-12-02 21:52 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-12-02 21:52 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-12-02 21:52 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-12-02 21:52 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-12-02 21:52 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-12-02 21:52 - 2016-10-11 07:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-12-02 21:52 - 2016-10-11 07:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-12-02 21:52 - 2016-10-11 07:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-12-02 21:52 - 2016-10-11 07:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-12-02 21:52 - 2016-10-11 07:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-12-02 21:52 - 2016-10-11 07:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-12-02 21:52 - 2016-10-11 07:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-12-02 21:52 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2016-12-02 21:52 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-12-02 21:52 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2016-12-02 21:52 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-12-02 21:52 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2016-12-02 21:52 - 2016-10-11 07:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-12-02 21:52 - 2016-10-11 05:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-12-02 21:52 - 2016-10-11 05:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-12-02 21:52 - 2016-10-10 07:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-12-02 21:52 - 2016-10-10 07:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-12-02 21:52 - 2016-10-10 07:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-12-02 21:52 - 2016-10-10 07:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-12-02 21:52 - 2016-10-10 07:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-12-02 21:52 - 2016-10-10 07:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-12-02 21:52 - 2016-10-10 07:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-12-02 21:52 - 2016-10-10 07:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-12-02 21:52 - 2016-10-10 07:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-12-02 21:52 - 2016-10-10 07:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-12-02 21:52 - 2016-10-10 07:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-12-02 21:52 - 2016-10-10 07:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-12-02 21:52 - 2016-10-10 07:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-12-02 21:52 - 2016-10-10 07:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-12-02 21:52 - 2016-10-10 07:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-12-02 21:52 - 2016-10-10 07:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-12-02 21:52 - 2016-10-10 07:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-12-02 21:52 - 2016-10-10 07:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-12-02 21:52 - 2016-10-10 07:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-12-02 21:52 - 2016-10-10 07:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-12-02 21:52 - 2016-10-10 07:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-12-02 21:52 - 2016-10-10 07:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-12-02 21:52 - 2016-10-10 07:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-12-02 21:52 - 2016-10-10 07:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-12-02 21:52 - 2016-10-10 07:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-12-02 21:52 - 2016-10-10 07:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-12-02 21:52 - 2016-10-10 07:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-12-02 21:52 - 2016-10-10 07:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-12-02 21:52 - 2016-10-10 07:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-12-02 21:52 - 2016-10-10 07:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-12-02 21:52 - 2016-10-10 07:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-12-02 21:52 - 2016-10-10 07:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-12-02 21:52 - 2016-10-10 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-12-02 21:52 - 2016-10-10 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-12-02 21:52 - 2016-10-10 07:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-12-02 21:52 - 2016-10-10 07:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-12-02 21:52 - 2016-10-10 06:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-12-02 21:52 - 2016-10-10 06:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-12-02 21:52 - 2016-10-10 06:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-12-02 21:52 - 2016-10-10 06:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-12-02 21:52 - 2016-10-10 06:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-12-02 21:52 - 2016-10-10 06:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-12-02 21:52 - 2016-10-07 07:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-12-02 21:52 - 2016-10-07 07:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-12-02 21:52 - 2016-10-07 07:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-12-02 21:52 - 2016-10-07 07:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-12-02 21:52 - 2016-10-07 07:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-12-02 21:52 - 2016-10-07 07:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-12-02 21:52 - 2016-10-07 07:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-12-02 21:52 - 2016-10-07 07:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-12-02 21:52 - 2016-10-07 07:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-12-02 21:52 - 2016-10-07 07:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-12-02 21:52 - 2016-10-07 06:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-12-02 21:52 - 2016-10-07 06:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-12-02 21:52 - 2016-10-07 06:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-12-02 21:52 - 2016-10-07 06:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-12-02 21:52 - 2016-10-07 06:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-12-02 21:52 - 2016-10-07 06:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 06:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 06:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 06:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-12-02 21:52 - 2016-10-05 06:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-12-02 21:52 - 2016-09-15 06:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-12-02 21:52 - 2016-09-13 07:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-12-02 21:52 - 2016-09-13 07:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-12-02 21:52 - 2016-09-09 10:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-12-02 21:52 - 2016-09-09 10:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-12-02 21:52 - 2016-08-22 08:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-30 21:47 - 2016-11-30 21:47 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Mudfish Cloud VPN
2016-11-30 21:43 - 2016-11-30 21:43 - 02015880 _____ C:\Users\OWNER\Downloads\mudfish-4.4.3-x86_64-win2k-setup.exe
2016-11-30 19:02 - 2016-11-30 19:02 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\JDownloader
2016-11-30 18:41 - 2016-11-30 18:42 - 00076504 _____ (AppWork GmbH) C:\Users\OWNER\Downloads\WebInstaller.exe
2016-11-30 14:27 - 2016-11-30 21:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-20 03:34 - 2016-11-20 03:34 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\CLIPCRAFT
2016-11-19 04:50 - 2016-11-19 04:51 - 00000000 ____D C:\Python27
2016-11-19 04:42 - 2016-11-19 04:42 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Sikuli
2016-11-19 04:29 - 2016-11-19 04:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-19 04:29 - 2016-11-19 04:28 - 00320424 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2016-11-19 04:29 - 2016-11-19 04:28 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2016-11-19 04:29 - 2016-11-19 04:28 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2016-11-19 04:29 - 2016-11-19 04:28 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-11-19 04:28 - 2016-11-19 04:28 - 00000000 ____D C:\Users\OWNER\AppData\LocalLow\Sun
2016-11-19 04:28 - 2016-11-19 04:28 - 00000000 ____D C:\Program Files\Java
2016-11-18 23:46 - 2016-11-18 23:46 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-11-18 23:46 - 2016-11-18 23:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-11-18 23:46 - 2016-11-18 23:46 - 00000000 ____D C:\Program Files\CCleaner
2016-11-17 21:29 - 2016-12-11 18:28 - 00000000 ____D C:\Users\OWNER\AppData\LocalLow\Mozilla
2016-11-16 20:21 - 2016-11-16 20:21 - 00000000 ____D C:\Users\OWNER\AppData\LocalLow\AMD
2016-11-16 15:30 - 2016-11-16 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2016-11-14 23:40 - 2016-11-14 23:40 - 00000000 ____D C:\Users\OWNER\AppData\Local\Smooth and Flat
2016-11-14 23:39 - 2016-11-14 23:39 - 00000000 ____D C:\Users\OWNER\Documents\KanColleViewer!
2016-11-14 23:34 - 2016-11-14 23:34 - 00000000 ____D C:\Users\OWNER\AppData\Local\Smooth_and_Flat
2016-11-14 23:33 - 2016-11-14 23:33 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Smooth and Flat
2016-11-14 22:53 - 2016-11-14 22:57 - 00000000 ____D C:\Users\OWNER\AppData\Local\grabacr.net
2016-11-14 22:53 - 2016-11-14 22:53 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\grabacr.net
2016-11-14 22:22 - 2016-11-14 22:22 - 00000000 ____D C:\Users\OWNER\AppData\Local\KanColleTool
2016-11-11 23:29 - 2016-11-11 23:29 - 00001169 _____ C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\TeamSpeak 3 Client.lnk
2016-11-11 23:28 - 2016-11-11 23:29 - 00000000 ____D C:\Users\OWNER\AppData\Local\TeamSpeak 3 Client
2016-11-11 23:27 - 2016-11-11 23:27 - 32019840 _____ (TeamSpeak Systems GmbH) C:\Users\OWNER\Downloads\TeamSpeak3-Client-win64-3.0.19.4.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-11 18:29 - 2013-01-30 11:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-11 18:27 - 2009-07-13 20:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-11 18:27 - 2009-07-13 20:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-11 18:20 - 2013-01-30 11:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-11 18:19 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-11 17:50 - 2015-12-13 15:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-11 06:31 - 2013-01-30 09:27 - 00000000 ____D C:\Users\OWNER
2016-12-11 06:31 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-12-11 06:03 - 2016-08-08 11:27 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-12-11 05:58 - 2013-01-29 20:53 - 00002127 _____ C:\Windows\epplauncher.mif
2016-12-11 05:46 - 2016-01-26 20:52 - 00000000 ____D C:\Users\OWNER\AppData\LocalLow\Temp
2016-12-10 22:25 - 2013-03-23 13:54 - 00000000 ____D C:\Users\OWNER\AppData\Local\ElevatedDiagnostics
2016-12-10 22:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-12-10 22:15 - 2013-12-11 21:34 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-10 21:40 - 2016-05-04 18:29 - 00000000 ____D C:\Windows\pss
2016-12-10 18:41 - 2013-11-19 18:28 - 00007601 _____ C:\Users\OWNER\AppData\Local\Resmon.ResmonCfg
2016-12-10 14:52 - 2015-01-09 01:04 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2016-12-10 14:50 - 2015-01-10 02:15 - 00000000 ____D C:\Users\OWNER\AppData\Local\Deployment
2016-12-10 03:31 - 2016-04-14 00:57 - 00000000 ____D C:\Program Files (x86)\Mudfish Cloud VPN
2016-12-10 02:18 - 2015-05-26 13:10 - 00000000 ____D C:\Users\OWNER\AppData\Local\Avg
2016-12-09 20:07 - 2013-01-30 20:13 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-09 18:15 - 2010-01-31 14:00 - 00000000 ____D C:\Users\OWNER\Desktop\OpenHardwareMonitor
2016-12-09 18:01 - 2014-10-25 06:18 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2016-12-09 10:02 - 2015-02-07 02:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\light
2016-12-09 09:53 - 2014-07-30 11:34 - 00000000 ____D C:\PSOT
2016-12-08 14:48 - 2013-02-27 18:56 - 00000000 ____D C:\AtelierW
2016-12-08 14:31 - 2013-05-09 15:11 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-06 23:33 - 2016-05-05 19:06 - 00000575 _____ C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\バンダイナムコオンラインランチャー.lnk
2016-12-06 16:26 - 2013-01-21 20:48 - 00000000 ____D C:\Users\OWNER\Downloads\G121028
2016-12-06 16:22 - 2013-11-29 21:39 - 00000000 ____D C:\Users\OWNER\Documents\BnS
2016-12-06 15:13 - 2013-01-29 19:45 - 00000000 ____D C:\Users\OWNER\Documents\SEGA
2016-12-05 23:10 - 2015-02-07 02:34 - 00000000 ____D C:\Program Files (x86)\light
2016-12-05 23:04 - 2009-07-13 21:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-12-05 23:02 - 2013-01-30 09:33 - 00000000 ____D C:\AMD
2016-12-05 23:00 - 2013-05-20 14:17 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Steam
2016-12-05 22:45 - 2013-02-02 17:03 - 00416826 _____ C:\Windows\system32\perfh011.dat
2016-12-05 22:45 - 2013-02-02 17:03 - 00122208 _____ C:\Windows\system32\perfc011.dat
2016-12-05 22:45 - 2009-07-13 21:13 - 01313166 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-05 22:42 - 2013-12-22 18:37 - 00000000 ____D C:\Users\OWNER\Downloads\aooni_en
2016-12-03 14:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-12-03 12:28 - 2009-07-13 20:45 - 00266824 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-02 19:07 - 2016-04-17 03:21 - 00000000 ____D C:\Users\OWNER\Downloads\Kancolle
2016-12-02 03:07 - 2013-08-14 00:55 - 00000000 ____D C:\Windows\system32\MRT
2016-12-02 03:00 - 2013-02-02 16:35 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-12-01 00:54 - 2013-03-03 20:20 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Azureus
2016-11-30 21:49 - 2013-02-09 14:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-30 21:46 - 2016-05-30 02:29 - 00000000 ____D C:\Users\OWNER\Downloads\BBS
2016-11-27 23:34 - 2013-05-10 23:41 - 00000000 ____D C:\Users\OWNER\Downloads\SC
2016-11-24 05:50 - 2014-05-01 17:22 - 00000000 ____D C:\AtelierR
2016-11-21 19:33 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2016-11-21 12:54 - 2009-07-13 21:08 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-20 03:38 - 2013-05-11 12:13 - 00000000 ____D C:\Users\OWNER\Downloads\NHSC
2016-11-19 04:51 - 2014-06-20 16:04 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Python 2.7
2016-11-18 23:48 - 2014-06-16 10:20 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-11-18 23:48 - 2013-05-20 16:41 - 00000000 ____D C:\Users\OWNER\AppData\Local\LogMeIn Hamachi
2016-11-18 23:48 - 2013-05-08 21:33 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\DAEMON Tools Lite
2016-11-16 15:36 - 2013-01-30 11:11 - 00000000 ____D C:\Users\OWNER\AppData\Local\AMD
2016-11-16 15:31 - 2016-01-12 14:33 - 00004224 _____ C:\Windows\System32\Tasks\AMD Updater
2016-11-16 15:30 - 2016-04-05 12:57 - 00000000 ____D C:\Program Files (x86)\AMD
2016-11-16 15:25 - 2016-04-05 12:58 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-11-16 15:24 - 2013-01-30 09:34 - 00000000 ____D C:\Program Files\AMD
2016-11-14 23:30 - 2013-03-21 20:14 - 01297678 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-11-12 22:53 - 2013-11-03 19:15 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\TS3Client

==================== Files in the root of some directories =======

2015-07-16 19:12 - 2015-10-07 23:26 - 282715648 _____ () C:\Users\OWNER\AppData\Roaming\steam_api.dmc
2015-07-16 19:12 - 2015-10-07 23:25 - 0000009 _____ () C:\Users\OWNER\AppData\Roaming\update.dat
2014-06-27 21:32 - 2014-06-30 21:32 - 0000600 _____ () C:\Users\OWNER\AppData\Local\PUTTY.RND
2013-11-19 18:28 - 2016-12-10 18:41 - 0007601 _____ () C:\Users\OWNER\AppData\Local\Resmon.ResmonCfg
2013-12-06 16:09 - 2013-12-06 16:09 - 0000058 _____ () C:\ProgramData\Update.ini
[HEADING=1]Some files in TEMP:[/HEADING]
C:\Users\OWNER\AppData\Local\Temp\7za.exe
C:\Users\OWNER\AppData\Local\Temp\DaS_21.exe
C:\Users\OWNER\AppData\Local\Temp\hijackthis.exe
C:\Users\OWNER\AppData\Local\Temp\NirCmd.exe
C:\Users\OWNER\AppData\Local\Temp\PEVZ.EXE
C:\Users\OWNER\AppData\Local\Temp\remove.exe
C:\Users\OWNER\AppData\Local\Temp\sed.exe
C:\Users\OWNER\AppData\Local\Temp\shortcut.exe
C:\Users\OWNER\AppData\Local\Temp\swreg.exe
C:\Users\OWNER\AppData\Local\Temp\swxcacls.exe
C:\Users\OWNER\AppData\Local\Temp\wget.exe
C:\Users\OWNER\AppData\Local\Temp\zoek-delete.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-04 20:22

==================== End of FRST.txt ============================

Ok, good. Do you know what those programs are with the Chinese Characters I mentioned earlier in the thread? You should remove anything that you do not know with Geek Uninstaller… Go ahead with the other logs.

[HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by OWNER (11-12-2016 18:31:31)
Running from C:\Users\OWNER\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2013-01-30 17:27:45)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

Administrator (S-1-5-21-2941685042-3306150061-3194319401-500 - Administrator - Disabled)
Guest (S-1-5-21-2941685042-3306150061-3194319401-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2941685042-3306150061-3194319401-1003 - Limited - Enabled)
OWNER (S-1-5-21-2941685042-3306150061-3194319401-1000 - Administrator - Enabled) => C:\Users\OWNER

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

inmm.dll 2.38 (HKLM-x32..._inmm) (Version: - )
7-Zip 9.20 (HKLM-x32...\7-Zip) (Version: - )
Adobe Flash Player 21 ActiveX (HKLM-x32...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
AMD Install Manager (HKLM...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Apowersoft Online Launcher version 1.4.4 (HKU\S-1-5-21-2941685042-3306150061-3194319401-1000...{20BF67A8-D81A-4489-8225-FABAA0896E2D}is1) (Version: 1.4.4 - APOWERSOFT LIMITED)
Application Profiles (HKLM-x32...{77A795C8-E532-4B09-5C58-7FFFC3CC9171}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
ATLAS Translation Standard V14.0 Trial Version (HKLM-x32...{6652750B-AA69-49B7-9D09-C0A28B6FFC9F}) (Version: 14.00.0000 - FUJITSU LIMITED)
AutoHotkey 1.0.48.05 (HKLM-x32...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
BlueStacks App Player (HKLM-x32...\BlueStacks App Player) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32...{4FCF716C-CEB4-499D-AFB8-A5375105EC2A}) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
Catalyst Control Center Next Localization BR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM...\CCleaner) (Version: 5.24 - Piriform)
ChuSingura46+1 S (HKLM...\Steam App 464780) (Version: - インレ)
CPUID CPU-Z 1.71 (HKLM...\CPUID CPU-Z_is1) (Version: - )
Creatures of Darkness (HKLM-x32...{573F9269-A022-4C6F-97BD-CF1316A76369}) (Version: 3.3.1 - Screaming Bee)
Cybertroopers Virtual-ON version PC (HKLM-x32...{379E152B-4215-44D7-ADBC-DC280791A042}is1) (Version: PC - Installer by TheArcadeStriker - Game by SEGA)
Deep Space Voices (HKLM-x32...{67CEC218-B250-4B4C-B23F-A597EC8DB153}) (Version: 3.3.1 - Screaming Bee)
Dies irae -Amantes amentes- (HKLM-x32...\InstallShield{91F5A357-7173-408C-85B7-FAAC69B5AD22}) (Version: 1.00.0000 - 株式会社グリーンウッド)
Dies irae -Amantes amentes- (x32 Version: 1.00.0000 - 株式会社グリーンウッド) Hidden
Discord (HKU\S-1-5-21-2941685042-3306150061-3194319401-1000...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Etron USB3.0 Host Controller (HKLM-x32...\InstallShield{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.104 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.104 - Etron Technology) Hidden
Fantasy Voice Pack (HKLM-x32...{5F4C3E1F-87FC-41BD-B219-E4156BBD8AE5}) (Version: 1.3.2 - Screaming Bee)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32...{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Fraps (HKLM-x32...\Fraps) (Version: - )
Galactic Voices (HKLM-x32...{891D8FC9-726D-46F2-ADC0-E060A6EB1DC3}) (Version: 1.3.1 - Screaming Bee)
Google Chrome (HKLM-x32...\Google Chrome) (Version: 56.0.2924.21 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM...\HitmanPro37) (Version: 3.7.9.212 - SurfRight B.V.)
HxD Hex Editor version 1.7.7.0 (HKLM-x32...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Ma・ Hz)
Java 7 Update 79 (64-bit) (HKLM...{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
K-Lite Mega Codec Pack 10.0.5 (HKLM-x32...\KLiteCodecPack_is1) (Version: 10.0.5 - )
LogMeIn Hamachi (HKLM-x32...\LogMeIn Hamachi) (Version: 2.2.0.422 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.422 - LogMeIn, Inc.) Hidden
Male Voice Pack (HKLM-x32...{71DD9C2C-3C7A-4B8D-AA36-C5C528A0CD69}) (Version: 1.3.2 - Screaming Bee)
MeCab 0.98 (HKLM-x32...\MeCab_is1) (Version: 0.98 - Taku Kudo)
Microsoft .NET Framework 4.6.2 (HKLM...{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32...{A1C962E2-2426-49C6-A38B-9A07E40D607C}) (Version: 3.2.217.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM...{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM...{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32...{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MorphVOX Pro (HKLM-x32...{1DDBB040-3BEB-4057-90BB-B38B5E081D1B}) (Version: 4.3.21 - Screaming Bee)
Mozilla Firefox 50.0.2 (x86 en-US) (HKLM-x32...\Mozilla Firefox 50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32...\MozillaMaintenanceService) (Version: 50.0.2.6177 - Mozilla)
Mudfish Cloud VPN v4.4.3 (HKLM-x32...\Mudfish Cloud VPN) (Version: 4.4.3 - Mudfish Networks)
Personality Voices (HKLM-x32...{4B886E97-AF5B-46F0-9F48-6BE03149D972}) (Version: 1.0.1 - Screaming Bee)
PHANTASY STAR ONLINE 2 (HKLM-x32...\ ページが見つかりません｜『PSO2 ニュージェネシス』プレイヤーズサイト｜SEGA ) (Version: - SEGA)
puush (HKLM-x32...{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Python 2.7.12 (HKLM-x32...{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32...{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
RGSS-RTP 1.03 (HKLM-x32...\RGSS-RTP) (Version: 1.03 - Enterbrain Inc.)
RPG Maker VX RTP (HKLM-x32...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
Sci-Fi Voice Pack (HKLM-x32...{BC038C91-D3C6-4E43-8439-B65976FE7937}) (Version: 1.3.1 - Screaming Bee)
sdrt(5.0, 64bit) (HKLM...{63A3DBCF-FB40-4398-9AE5-94EE6206CE12}) (Version: 5.0.3.0 - パルティオソフト株式会社)
Skype™ 7.26 (HKLM-x32...{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
SoftEther VPN Client (HKLM...\softether_sevpnclient) (Version: 4.12.9514 - SoftEther VPN Project)
Soulworker Patcher (HKU\S-1-5-21-2941685042-3306150061-3194319401-1000...\4f8fec11a5e6e736) (Version: 2.4.1.2 - MiyuPatcher)
SpeedFan (remove only) (HKLM-x32...\SpeedFan) (Version: - )
Steam (HKLM-x32...{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-2941685042-3306150061-3194319401-1000...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
Ultimate Knight ƒEƒBƒ“ƒ_ƒ€XP (HKLM-x32...{D5C424A1-5C0A-426C-BB0B-D75907243EC3}) (Version: - )
Unity Web Player (HKU\S-1-5-21-2941685042-3306150061-3194319401-1000...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unity Web Player (x64) (All users) (HKLM...\UnityWebPlayer) (Version: 4.6.0f2 - Unity Technologies ApS)
VirtualCloneDrive (HKLM-x32...\VirtualCloneDrive) (Version: - Elaborate Bytes)
Visual Studio 2012 x64 Redistributables (HKLM...{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32...{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.1.11 (HKLM-x32...\VLC media player) (Version: 1.1.11 - VideoLAN)
Vulkan Run Time Libraries 1.0.17.0 (HKLM...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (HKLM...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Vuze (HKLM...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.)
WhoCrashed 5.53 (HKLM...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
WinRAR 5.31 beta 1 (64-bit) (HKLM...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH)
XSplit Gamecaster (HKLM-x32...{4EDB1851-7427-4324-AAAA-9E3852C73DAE}) (Version: 2.2.1502.1741 - SplitmediaLabs)
いろとりどりのセカイ (HKLM-x32...{3DC8D5BA-E704-402F-88F0-E22BF4C41F6F}) (Version: 1.00.0000 - FAVORITE)
ソウルワーカー (HKLM-x32...\ソウルワーカー) (Version: 1.0.0 - NHN PlayArt Corp.)
バンダイナムコオンラインランチャー (HKLM-x32...\bno_starter) (Version: 1.0.3 - 株式会社バンダイナムコオンライン)
ユニオリズム・カルテット A3-DAYS (HKLM-x32...\UQA3) (Version: 1.00 - CLIPCRAFT)
機動戦士ガンダムオンライン (HKLM-x32...\Olive_is1) (Version: 1.0.0.4 - 株式会社バンダイナムコオンライン)
神咒神威神楽 曙之光 (HKLM-x32...\InstallShield{E836AF82-7D3E-415F-BB09-0A124EF73909}) (Version: 1.00.0000 - 株式会社グリーンウッド)
神咒神威神楽 曙之光 (x32 Version: 1.00.0000 - 株式会社グリーンウッド) Hidden
相州戦神館學園 八命陣 (x32 Version: 1.00.0000 - 株式会社グリーンウッド) Hidden
相州戦神館學園 万仙陣 (x32 Version: 1.00.0000 - 株式会社グリーンウッド) Hidden
大迷宮＆大迷惑 (HKLM-x32...{12BB3C50-4D4F-4D1F-8217-527477FEC813}) (Version: 1.1.1 - (c)Liar-soft/HOBIBOX)
凍京NECRO (HKLM-x32...{96448B65-910B-41D9-8CC9-3E6BBC6B299D}) (Version: 1.00.000 - Nitroplus)
セイバーフィッシュ- (HKLM-x32...\JHPCIPOOIKKLILEOCNJDPHJGFPICMGJCIGIPGPICLFI CPAILIBICNPICOJIDEJIDJDIDGJJCECCN) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D7DCF91-8711-45D3-851E-DBFBAD9B86C9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2016-08-10] (Adobe Systems Incorporated)
Task: {119B33B7-2A52-412F-968F-109066C199D0} - System32\Tasks{155BAE76-F0D7-4B0B-8CA4-8169F3350BAD} => C:\Users\OWNER\Downloads\BlazBlue Continuum Shift\The.King.Of.Fighters.XIII.TaitoTypeX2 - Pimbax\game.exe
Task: {1BEBC858-0DD7-4C06-99CC-74402FFD4D02} - System32\Tasks{798C79DE-8C69-49BE-BC05-9F1D0406861C} => C:\Users\OWNER\Downloads\BlazBlue Continuum Shift\The.King.Of.Fighters.XIII.TaitoTypeX2 - Pimbax\typex_loader.exe
Task: {4C7B474F-2044-479A-9012-C8B5F401E616} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {6802DDAE-8916-4EFF-98BD-A0E04D63120C} - System32\Tasks{395B8B54-1DCC-4D89-B5C5-B83AA920524C} => C:\Games\Mangagamer\Kara no Shoujo\Kara no Shoujo.exe
Task: {6B51DEC8-0E54-43EB-887E-3D37F8E9D3B7} - System32\Tasks{79417B52-B97C-4187-A43F-ED27EE3514F7} => C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe [2016-09-27] (SQUARE ENIX CO., LTD.)
Task: {8218B5A6-854D-477F-952C-3BD9EB65F334} - System32\Tasks{33802990-D4AF-4FCD-B413-352904CD37E1} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-07-13] (Skype Technologies S.A.)
Task: {913872D3-8E70-4710-910E-8EDE843EE95E} - \0715avUpdateInfo → No File <==== ATTENTION
Task: {9AA49771-7879-42BA-98BC-552888F4F49E} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {A47CF2BC-B23D-43D5-96DA-8B3303A72483} - System32\Tasks{0A419879-A9D4-4082-814A-F36FDE0CA71F} => pcalua.exe -a E:\INSTALL.EXE -d E:
Task: {A78647C6-7CE7-49B6-A6F7-4E02D6642903} - System32\Tasks{31789F64-6B41-4888-B118-06F62E982B47} => C:\Users\OWNER\Desktop\PSO2T\PSO2 Tweaker.exe
Task: {A9113257-1100-4C3F-A909-CFC6B1251201} - System32\Tasks{4818B540-D086-4B0E-9692-4777D5FFB6E1} => C:\Users\OWNER\Desktop\PSO2T\PSO2 Tweaker.exe
Task: {C3360EFD-679C-4B7B-B0BC-6F4FFA9382BE} - System32\Tasks{7DD725DA-3F70-4955-BC2C-5EFE6E6B081A} => pcalua.exe -a E:\SETUP.EXE -d E:
Task: {C4D56D25-3B3B-42D0-BC29-B6179C688653} - System32\Tasks{87025ECC-BC61-4DE0-B1C6-EF8ADB1E4B54} => C:\Program Files (x86)\The King Of Fighters XIII\kofxiii.exe
Task: {C9726BA4-2F4C-4184-BE94-1258EEF480FA} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [2016-09-16] (Advanced Micro Devices, Inc.)
Task: {CA6A7396-2C11-4062-9E95-6E6694466A50} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D44F974B-E561-41CD-A5C6-E19175E93F60} - System32\Tasks{79D623CB-126D-446F-BC10-F0EAF1AFF3DE} => pcalua.exe -a C:\Windows\eiunin21.exe -c “C:\Program Files (x86)\Ultimate Knight WindomXP\INSTALL.DAT”
Task: {D4C9905F-E29B-45A8-B439-E3F754221E67} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
Task: {DC6B3D1A-C333-4155-AC48-28989B1B7B5A} - System32\Tasks{91C7824F-6C42-4D5F-8E4A-8B6BB406F230} => pcalua.exe -a C:\Users\OWNER\Desktop\Saves\Bruteforce_Save_Data_ installer.exe -d C:\Users\OWNER\Desktop\Saves

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Chrome Apps\グランブルーファンタジー[ChromeApps版].lnk → C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) → --profile-directory=Default --app-id=eablgejicbklomgaiclcolfilbkckngf

==================== Loaded Modules (Whitelisted) ==============

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Hamachi2Svc => “”=“Service”

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000...\aeriagames.com → hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000...\aeriagames.com → hxxp://aeriagames.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2016-12-11 06:12 - 00000841 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\Control Panel\Desktop\Wallpaper → C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\T hemes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: AvgAMPS => 3
MSCONFIG\Services: AVGIDSAgent => 2
MSCONFIG\Services: avgsvc => 2
MSCONFIG\Services: avgwd => 2
MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 3
MSCONFIG\Services: BstHdUpdaterSvc => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: HitmanProScheduler => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nlsX86cc => 2
MSCONFIG\Services: SEVPNCLIENT => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: UCManSvc => 2
MSCONFIG\Services: vToolbarUpdater40.2.9 => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk => C:\Windows\pss\SoftEther VPN Client Manager Startup.lnk.CommonStartup
MSCONFIG\startupreg: Aeria Ignite => “C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe” silent
MSCONFIG\startupreg: AvgUi => “C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe” /lps=fmw
MSCONFIG\startupreg: AVG_UI => “C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe” /lps=av
MSCONFIG\startupreg: CCleaner Monitoring => “C:\Program Files\CCleaner\CCleaner64.exe” /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite => “C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe” -autorun
MSCONFIG\startupreg: LogMeIn Hamachi Ui => “C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe” --auto-start
MSCONFIG\startupreg: Skype => “C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun
MSCONFIG\startupreg: SoftEther VPN Client UI Helper => “C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe” /uihelp
MSCONFIG\startupreg: StartCN => “C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe” atlogon
MSCONFIG\startupreg: Steam => “C:\Program Files (x86)\Steam\steam.exe” -silent
MSCONFIG\startupreg: VirtualCloneDrive => “C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe” /s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

11-12-2016 06:11:10 zoek.exe restore point

==================== Faulty Device Manager Devices =============

Name: VPN Client Adapter - JP
Description: VPN Client Adapter - JP
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SoftEther VPN Project
Service: Neo_JP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click “Action”, and then click “Enable Device”. This starts the Enable Device wizard. Follow the instructions.

Name: AODDriver4.2.0
Description: AODDriver4.2.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.2.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================
[HEADING=1]Application errors:[/HEADING]
Error: (12/11/2016 06:11:10 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2941685042-3306150061-3194319401-1000.bak). hr = 0x80070539, The security ID structure is invalid.
.

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {90bebbc0-21a1-40c2-bc69-9a1422cc6c31}

Error: (12/11/2016 05:58:08 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: OWNER-PC)
Description: HRESULT:0x8004FF0A
Description:Security Essentials is still installed on your computer.. Security Essentials was not removed from your computer. It will continue to monitor your computer and help protect it from potential threats. Error code:0x8004FF0A.

Error: (12/11/2016 05:44:50 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2941685042-3306150061-3194319401-1000.bak). hr = 0x80070539, The security ID structure is invalid.
.

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {71afe0c8-c3c5-4771-b88b-8dafc0c11677}

Error: (12/11/2016 05:44:50 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {81e56240-4fb1-4201-b162-e6bad4a47ff5}

Error: (12/11/2016 05:44:50 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2941685042-3306150061-3194319401-1000.bak). hr = 0x80070539, The security ID structure is invalid.
.

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {71afe0c8-c3c5-4771-b88b-8dafc0c11677}

Error: (12/11/2016 01:07:06 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\OWNER\AppData\Local\Temp\jrt\CreateRestor ePoint.exe “JRT Pre-Junkware Removal”; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).

Error: (12/11/2016 12:31:28 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (12/11/2016 12:27:41 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (12/10/2016 05:41:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 870

Start Time: 01d252cee2fa2701

Termination Time: 11

Application Path: C:\Windows\Explorer.EXE

Report Id: 66fd8912-bede-11e6-a80a-bc5ff48644ac

Error: (12/10/2016 02:29:58 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2941685042-3306150061-3194319401-1000.bak). hr = 0x80070539, The security ID structure is invalid.
.

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {2e8ea6ea-3069-4236-8492-53faad90bc69}
[HEADING=1]System errors:[/HEADING]
Error: (12/11/2016 06:26:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (12/11/2016 06:19:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
The system cannot find the path specified.

Error: (12/11/2016 06:19:46 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:07:18 PM on ‎12/‎11/‎2016 was unexpected.

Error: (12/11/2016 05:38:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
The system cannot find the path specified.

Error: (12/11/2016 05:37:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:30:47 AM on ‎12/‎11/‎2016 was unexpected.

Error: (12/11/2016 06:30:14 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (12/11/2016 06:30:13 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (12/11/2016 06:30:13 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (12/11/2016 06:30:12 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (12/11/2016 06:30:12 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2014-09-03 00:56:09.870
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\win32k.sy s because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-03 00:56:09.761
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\win32k.sy s because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD FX™-6300 Six-Core Processor
Percentage of memory in use: 17%
Total physical RAM: 8149.64 MB
Available physical RAM: 6711.73 MB
Total Virtual: 16297.47 MB
Available Virtual: 14898.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:105.52 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F0B3B938)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Thankfully I do, they won’t be a problem.

ZHP Diag

~ ZHPDiag v2016.12.11.240 By Nicolas Coolman (2016/12/11)
~ Run by OWNER (Administrator) (2016/12/11 19:00:32)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook: ZHP
~ State version:
~ Mode: Scan
~ Report: C:\Users\OWNER\Desktop\ZHPDiag.txt
~ Report: C:\Users\OWNER\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Deactivate
~ System startup: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601) =>.Microsoft Corporation

—\ Internet Browsers (3) - 0s
~ GCIE: Google Chrome v56.0.2924.21
~ MFIE: Mozilla Firefox 50.0.2 (x86 en-US)
~ MSIE: Internet Explorer v10.0.9200.17609

—\ Windows Product Information (4) - 4s
~ Windows Server License Manager Script : OK
~ Licence Script File Génération : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Surveillance software (1) - 1s
~ Adobe Flash Player 22 NPAPI (Surveillance)

—\ Information on the system (6) - 0s
~ Operating System: AMD64 Family 21 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64-bit
~ Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Total RAM: 8345.236 MB (86% free) : OK =>.RAM Value
System Restore: Activé (Enable)
System drive C: has 108 GB (22%) free of 476 GB : OK =>.Disk Space

—\ Connection to the system mode (3) - 0s
~ Computer Name: OWNER-PC
~ User Name: OWNER
~ Logged in as Administrator

—\ Enumeration of the disk units (1) - 0s
~ Drive C: has 108 GB free of 476 GB (System)

—\ State of the Windows Security Center (11) - 0s
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK

—\ Search Generic System Files (25) - 2s
[MD5.AC4C51EB24AA95B77F705AB159189E24] - 20/11/2010 - (.Microsoft Corporation - Windows Explorer.) – C:\Windows\Explorer.exe [2872320] =>.Microsoft Corporation
[MD5.DD81D91FF3B0763C392422865C9AC12E] - 13/07/2009 - (.Microsoft Corporation - Windows host process (Rundll32).) – C:\Windows\System32\rundll32.exe [45568] =>.Microsoft Corporation
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - 13/07/2009 - (.Microsoft Corporation - Windows Start-Up Application.) – C:\Windows\System32\Wininit.exe [129024] =>.Microsoft Corporation
[MD5.F34A9FB73E8EF1CC099BCAA5D1E3B716] - 16/12/2015 - (.Microsoft Corporation - Internet Extensions for Win32.) – C:\Windows\System32\wininet.dll [2238976] =>.Microsoft Corporation
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - 16/07/2014 - (.Microsoft Corporation - Windows Logon Application.) – C:\Windows\System32\Winlogon.exe [455168] =>.Microsoft Corporation
[MD5.067FA52BFB59A56110A12312EF9AF243] - 20/11/2010 - (.Microsoft Corporation - Software Licensing Library.) – C:\Windows\System32\sppcomapi.dll [232448] =>.Microsoft Corporation
[MD5.492D07D79E7024CA310867B526D9636D] - 02/03/2011 - (.Microsoft Corporation - DNS Client API DLL.) – C:\Windows\System32\dnsapi.dll [357888] =>.Microsoft Corporation
[MD5.B40420876B9288E0A1C8CCA8A84E5DC9] - 02/03/2011 - (.Microsoft Corporation - DNS Client API DLL.) – C:\Windows\Syswow64\dnsapi.dll [270336] =>Hijacker.DNS.Hosts
[MD5.9A4A1EEE802BF2F878EE8EAB407B21B7] - 13/10/2015 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) – C:\Windows\System32\drivers\AFD.sys [497664] =>.Microsoft Corporation
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - 13/07/2009 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) – C:\Windows\System32\drivers\atapi.sys [24128] =>.Microsoft Windowsｮ
[MD5.B8BD2BB284668C84865658C77574381A] - 13/07/2009 - (.Microsoft Corporation - CD-ROM File System Driver.) – C:\Windows\System32\drivers\Cdfs.sys [92160] =>.Microsoft Corporation
[MD5.F036CE71586E93D94DAB220D7BDF4416] - 20/11/2010 - (.Microsoft Corporation - SCSI CD-ROM Driver.) – C:\Windows\System32\drivers\Cdrom.sys [147456] =>.Microsoft Corporation
[MD5.9B38580063D281A99E68EF5813022A5F] - 08/09/2016 - (.Microsoft Corporation - DFS Namespace Client Driver.) – C:\Windows\System32\drivers\DfsC.sys [106496] =>.Microsoft Corporation
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - 20/11/2010 - (.Microsoft Corporation - High Definition Audio Bus Driver.) – C:\Windows\System32\drivers\HDAudBus.sys [122368] =>.Microsoft Corporation
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - 13/07/2009 - (.Microsoft Corporation - i8042 Port Driver.) – C:\Windows\System32\drivers\i8042prt.sys [105472] =>.Microsoft Corporation
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - 13/07/2009 - (.Microsoft Corporation - IP Network Address Translator.) – C:\Windows\System32\drivers\IpNat.sys [116224] =>.Microsoft Corporation
[MD5.25F918BB5D57C99FFEB0255143D0DF9A] - 10/10/2016 - (.Microsoft Corporation - Windows NT SMB Minirdr.) – C:\Windows\System32\drivers\MRxSmb.sys [159744] =>.Microsoft Corporation
[MD5.E47D571FEC2C76E867935109AB2A770C] - 11/05/2016 - (.Microsoft Corporation - MBT Transport driver.) – C:\Windows\System32\drivers\netBT.sys [262144] =>.Microsoft Corporation
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - 12/04/2013 - (.Microsoft Corporation - NT File System Driver.) – C:\Windows\System32\drivers\ntfs.sys [1656680] =>.Microsoft Windowsｮ
[MD5.0086431C29C35BE1DBC43F52CC273887] - 13/07/2009 - (.Microsoft Corporation - Parallel Port Driver.) – C:\Windows\System32\drivers\Parport.sys [97280] =>.Microsoft Corporation
[MD5.471815800AE33E6F1C32FB1B97C490CA] - 20/11/2010 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) – C:\Windows\System32\drivers\Rasl2tp.sys [129536] =>.Microsoft Corporation
[MD5.1B6163C503398B23FF8B939C67747683] - 20/11/2010 - (.Microsoft Corporation - Microsoft RDP Device redirector.) – C:\Windows\System32\drivers\rdpdr.sys [165888] =>.Microsoft Corporation
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - 13/07/2009 - (.Microsoft Corporation - SMB Transport driver.) – C:\Windows\System32\drivers\smb.sys [93184] =>.Microsoft Corporation
[MD5.AA77EB517D2F07A947294F260E3ACA83] - 13/10/2015 - (.Microsoft Corporation - TDI Translation Driver.) – C:\Windows\System32\drivers\tdx.sys [118272] =>.Microsoft Corporation
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - 20/11/2010 - (.Microsoft Corporation - Volume Shadow Copy Driver.) – C:\Windows\System32\drivers\volsnap.sys [295808] =>.Microsoft Windowsｮ

—\ Services not Microsoft (SR=Run, SS=Stop) (16) - 14s
SS - Disabl [10/08/2016] [ 270016] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe =>.Adobe Systems Incorporatedｮ
SS - Disabl [16/09/2016] [ 287112] (AMD External Events Utility) . (.AMD.) - C:\Windows\system32\atiesrxx.exe =>.Advanced Micro Devices, Inc.ｮ
SS - Disabl [12/10/2015] [ 351944] AMD FUEL Service (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe =>.Advanced Micro Devices, Inc.ｮ
SS - Disabl [16/06/2015] [ 433784] BlueStacks Android Service (BstHdAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-Service.exe =>.Bluestack Systems, Inc.ｮ
SS - Disabl [16/06/2015] [ 413304] BlueStacks Log Rotator Service (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe =>.Bluestack Systems, Inc.ｮ
SS - Disabl [21/07/2015] [ 831096] BlueStacks Updater Service;gadgetDataDir=C:\ProgramData\Blu (BstHdUpdaterSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe =>.Bluestack Systems, Inc.ｮ
SS - Disabl [28/08/2015] [ 144200] Google Update Service (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Incｮ
SS - Disabl [28/08/2015] [ 144200] Google Update Service (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Incｮ
SS - Disabl [05/04/2016] [ 2550280] LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe =>.LogMeIn, Inc.ｮ
SS - Disabl [31/07/2014] [ 127752] HitmanPro Scheduler (HitmanProScheduler) . (.SurfRight B.V..) - C:\Program Files\HitmanPro\hmpsched.exe =>.SurfRight B.V.ｮ
SS - Disabl [05/04/2016] [ 417552] LMIGuardianSvc (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe =>.LogMeIn, Inc.ｮ
SS - Disabl [30/11/2016] [ 172488] Mozilla Maintenance Service (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe =>.Mozilla Corporationｮ
SS - Disabl [07/07/2014] [ 70768] Nalpeiron Licensing Service (nlsX86cc) . (.Nalpeiron Ltd..) - C:\Windows\SysWOW64\nlssrv32.exe =>.Nalpeiron Incｮ
SS - Disabl [09/01/2015] [ 4374072] SoftEther VPN Client (SEVPNCLIENT) . (.SoftEther VPN Project at University of Tsukuba, Japan.) - C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe =>.SoftEther K.K.ｮ
SS - Disabl [23/05/2016] [ 324224] Skype Updater (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe =>.Skype Software Sarlｮ
SS - Disabl [23/05/2016] [ 324224] Steam Client Service (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe =>.Valveｮ

—\ Task Planned Automatically (21) - 3s
O39 - APT: Unknown - (.Adobe Inc..) – C:\Windows\Tasks\Adobe Flash Player Updater.job [324224] =>.Adobe Inc.
O39 - APT: Unknown - (.Google Inc..) – C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [324224] =>.Google Inc.
O39 - APT: Unknown - (.Google Inc..) – C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [324224] =>.Google Inc.
O39 - APT: Unknown - (.Adobe Inc..) – C:\Windows\System32\Tasks\Adobe Flash Player Updater [324224] =>.Adobe Inc.
O39 - APT: Unknown - (…) – C:\Windows\System32\Tasks\AMD Updater [324224]
O39 - APT: Unknown - (.IObit.) – C:\Windows\System32\Tasks\CCleanerSkipUAC [324224] =>.IObit
O39 - APT: Unknown - (.Google Inc..) – C:\Windows\System32\Tasks\GoogleUpdateTaskMachineC ore [324224] =>.Google Inc.
O39 - APT: Unknown - (.Google Inc..) – C:\Windows\System32\Tasks\GoogleUpdateTaskMachineU A [324224] =>.Google Inc.
O39 - APT: Unknown - (.Microsoft Corporation.) – C:\Windows\System32\Tasks\SidebarExecute [324224] =>.Microsoft Corporation
O39 - APT: Unknown - (…) – C:\Windows\System32\Tasks{0A419879-A9D4-4082-814A-F36FDE0CA71F} [324224]
O39 - APT: Unknown - (…) – C:\Windows\System32\Tasks{155BAE76-F0D7-4B0B-8CA4-8169F3350BAD} [324224]
O39 - APT: Unknown - (…) – C:\Windows\System32\Tasks{31789F64-6B41-4888-B118-06F62E982B47} [324224]
O39 - APT: Unknown - (…) – C:\Windows\System32\Tasks{33802990-D4AF-4FCD-B413-352904CD37E1} [324224]
O39 - APT: Unknown - (…) – C:\Windows\System32\Tasks{395B8B54-1DCC-4D89-B5C5-B83AA920524C} [324224]
O39 - APT: Unknown - (…) – C:\Windows\System32\Tasks{4818B540-D086-4B0E-9692-4777D5FFB6E1} [324224]
O39 - APT: Unknown - (…) – C:\Windows\System32\Tasks{79417B52-B97C-4187-A43F-ED27EE3514F7} [324224]
O39 - APT: Unknown - (…) – C:\Windows\System32\Tasks{798C79DE-8C69-49BE-BC05-9F1D0406861C} [324224]
O39 - APT: Unknown - (…) – C:\Windows\System32\Tasks{79D623CB-126D-446F-BC10-F0EAF1AFF3DE} [324224]
O39 - APT: Unknown - (…) – C:\Windows\System32\Tasks{7DD725DA-3F70-4955-BC2C-5EFE6E6B081A} [324224]
O39 - APT: Unknown - (…) – C:\Windows\System32\Tasks{87025ECC-BC61-4DE0-B1C6-EF8ADB1E4B54} [324224]
O39 - APT: Unknown - (…) – C:\Windows\System32\Tasks{91C7824F-6C42-4D5F-8E4A-8B6BB406F230} [324224]

—\ Auto loading programs from Registry and folders (5) - 1s
O4 - HKLM..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) – c:\Program Files\Microsoft Security Client\msseces.exe =>.Microsoft Corporationｮ
O4 - HKUS\S-1-5-19..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) – C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) – C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) – C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) – C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation

—\ Process running (3) - 0s
[MD5.D6F38FD2B90CD7DC139279BB73DD0C7B] - (.Mozilla Corporation - Firefox.) – C:\Program Files (x86)\Mozilla Firefox\firefox.exe [510920] [PID.1916] =>.Mozilla Corporationｮ
[MD5.D6F38FD2B90CD7DC139279BB73DD0C7B] - (.Mozilla Corporation - Firefox.) – C:\Program Files (x86)\Mozilla Firefox\firefox.exe [510920] [PID.1228] =>.Mozilla Corporationｮ
[MD5.CE599CBFD706CC4850BB0F4928940900] - (.Nicolas Coolman - ZHPDiag.) – C:\Users\OWNER\Desktop\ZHPDiag3.exe [2576896] [PID.1116] =>.Nicolas Coolman

—\ Google Chrome, Start,Search,Extensions (5) - 0s
G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://www.google.com =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [bohapeiooecafommnlaiccilacgmkaoc] Sad Panda
G2 - GCE: Preference [User Data\Default] [cfhdojbkjhnklbpkdaibdccddilifddb] MSG_name =>.AdblocPlus Plugin
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome Media Router =>.Google Inc.

—\ Mozilla Firefox,Plugins,Start,Search,Extensions (5) - 2s
M0 - MFSP: prefs.js [OWNER - v88yth1x.default-1396169490810] http://www.google.com =>.Google Inc.
P2 - EXT FILE: (.Sadpanda 2 - Login to ExH with no problems!.) – C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Pro files\v88yth1x.default-1396169490810\extensions\jid1-7NbXi2AqS1oUFw@jetpack.xpi
P2 - EXT FILE: (.NoScript - Extra protection for your Firefox: NoS.) – C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Pro files\v88yth1x.default-1396169490810\extensions{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi =>.NoScript
P2 - FPN: [HKCU] [@unity3d.com/UnityPlayer,version=1.0] - (.Unity Technologies ApS.) – C:\Users\OWNER\AppData\LocalLow\Unity\WebPlayer\lo ader\npUnity3D32.dll =>.Unity Technologies ApS
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) – C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_ 209.dll =>.Adobe Systems Incorporated

—\ Internet Explorer Extensions, Start, Search (17) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ =>.Google Inc.
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R1 - HKEY_USERS\S-1-5-21-2941685042-3306150061-3194319401-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve =>.Microsoft Corporation
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer

—\ Internet Explorer, Proxy Management (7) - 0s
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyEnable = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,MigrateProxy = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,EnableHttp1_1 = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyHttp1.1 = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,EnableHttp1_1 = 1
R5 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyHttp1.1 = 1

—\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=C:\Windows\SysWOW64\SystemPropertiesPerfo rmance.exe (.Microsoft Corporation.) =>.Microsoft Corporation

—\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (21)

—\ Browser Helper Object (BHO) (2) - 0s
O2 - BHO: Java™ Plug-In SSV Helper [64Bits] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (.Orphan.)
O2 - BHO: Java™ Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} (.Orphan.)

—\ Global shortcuts Startup (92) - 7s
O4 - GS\Desktop [Administrator]: Discord.lnk . (.Hammer & Chisel, Inc. - Discord.) C:\Users\OWNER\AppData\Local\Discord\app-0.0.296\Discord.exe =>.Hammer & Chisel Inc.ｮ
O4 - GS\Desktop [Administrator]: WhoCrashed.lnk . (.Resplendence Software Projects - WhoCrashed.) C:\Users\Default\Desktop\WhoCrashed\WhoCrashedEx.e xe =>.Daniel Terhellｮ
O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\OWNER\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Desktop [Administrator]: バンダイナムコオンラインランチャー.lnk . (.Copyright (C) 2012-2015 BANDAI NAMCO Online Inc. - BNOStarter.) C:\Users\OWNER\Desktop\BNO\bno_starter.exe {1121C3C7331D8AA37B3F1272B14448A5C35F}
O4 - GS\Quicklaunch [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Incｮ
O4 - GS\Quicklaunch [Administrator]: HxD.lnk . (.Maël Hörz - HxD Hex Editor.) C:\Program Files (x86)\HxD\HxD.exe =>.Maël Hörz
O4 - GS\Quicklaunch [Administrator]: JDownloader 2.lnk . (.AppWork GmbH - JDownloader 2 Launcher.) C:\Users\OWNER\Desktop\Extra\DL Manager\JDownloader2.exe =>.Appwork GmbHｮ
O4 - GS\Quicklaunch [Administrator]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporationｮ
O4 - GS\Quicklaunch [Administrator]: Vuze.lnk . (.Azureus Software, Inc - .) C:\Program Files (x86)\Vuze\Azureus.exe =>.Azureus Software, Inc
O4 - GS\sendTo [Administrator]: ATLAS Translation Editor.lnk . (.FUJITSU LIMITED - Translation Editor.) C:\Program Files (x86)\ATLAS V14\Atledit.exe {22C4558DE9DE4208230E72015BE7086A} =>.FUJITSU LIMITED
O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Administrator]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarlｮ
O4 - GS\TaskBar [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporationｮ
O4 - GS\TaskBar [Administrator]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporationｮ
O4 - GS\TaskBar [Administrator]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\Programs [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporationｮ
O4 - GS\Programs [Administrator]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) C:\Users\OWNER\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe =>.TeamSpeak Systems GmbHｮ
O4 - GS\Programs [Administrator]: バンダイナムコオンラインランチャー.lnk . (.Copyright (C) 2012-2015 BANDAI NAMCO Online Inc. - BNOStarter.) C:\Users\OWNER\Desktop\BNO\bno_starter.exe {1121C3C7331D8AA37B3F1272B14448A5C35F}
O4 - GS\Desktop [Guest]: Discord.lnk . (.Hammer & Chisel, Inc. - Discord.) C:\Users\OWNER\AppData\Local\Discord\app-0.0.296\Discord.exe =>.Hammer & Chisel Inc.ｮ
O4 - GS\Desktop [Guest]: WhoCrashed.lnk . (.Resplendence Software Projects - WhoCrashed.) C:\Users\Default\Desktop\WhoCrashed\WhoCrashedEx.e xe =>.Daniel Terhellｮ
O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\OWNER\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Desktop [Guest]: バンダイナムコオンラインランチャー.lnk . (.Copyright (C) 2012-2015 BANDAI NAMCO Online Inc. - BNOStarter.) C:\Users\OWNER\Desktop\BNO\bno_starter.exe {1121C3C7331D8AA37B3F1272B14448A5C35F}
O4 - GS\Quicklaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Incｮ
O4 - GS\Quicklaunch [Guest]: HxD.lnk . (.Maël Hörz - HxD Hex Editor.) C:\Program Files (x86)\HxD\HxD.exe =>.Maël Hörz
O4 - GS\Quicklaunch [Guest]: JDownloader 2.lnk . (.AppWork GmbH - JDownloader 2 Launcher.) C:\Users\OWNER\Desktop\Extra\DL Manager\JDownloader2.exe =>.Appwork GmbHｮ
O4 - GS\Quicklaunch [Guest]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporationｮ
O4 - GS\Quicklaunch [Guest]: Vuze.lnk . (.Azureus Software, Inc - .) C:\Program Files (x86)\Vuze\Azureus.exe =>.Azureus Software, Inc
O4 - GS\sendTo [Guest]: ATLAS Translation Editor.lnk . (.FUJITSU LIMITED - Translation Editor.) C:\Program Files (x86)\ATLAS V14\Atledit.exe {22C4558DE9DE4208230E72015BE7086A} =>.FUJITSU LIMITED
O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Guest]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarlｮ
O4 - GS\TaskBar [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporationｮ
O4 - GS\TaskBar [Guest]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporationｮ
O4 - GS\TaskBar [Guest]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\Programs [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporationｮ
O4 - GS\Programs [Guest]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) C:\Users\OWNER\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe =>.TeamSpeak Systems GmbHｮ
O4 - GS\Programs [Guest]: バンダイナムコオンラインランチャー.lnk . (.Copyright (C) 2012-2015 BANDAI NAMCO Online Inc. - BNOStarter.) C:\Users\OWNER\Desktop\BNO\bno_starter.exe {1121C3C7331D8AA37B3F1272B14448A5C35F}
O4 - GS\Desktop [OWNER]: Discord.lnk . (.Hammer & Chisel, Inc. - Discord.) C:\Users\OWNER\AppData\Local\Discord\app-0.0.296\Discord.exe =>.Hammer & Chisel Inc.ｮ
O4 - GS\Desktop [OWNER]: WhoCrashed.lnk . (.Resplendence Software Projects - WhoCrashed.) C:\Users\Default\Desktop\WhoCrashed\WhoCrashedEx.e xe =>.Daniel Terhellｮ
O4 - GS\Desktop [OWNER]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\OWNER\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Desktop [OWNER]: バンダイナムコオンラインランチャー.lnk . (.Copyright (C) 2012-2015 BANDAI NAMCO Online Inc. - BNOStarter.) C:\Users\OWNER\Desktop\BNO\bno_starter.exe {1121C3C7331D8AA37B3F1272B14448A5C35F}
O4 - GS\Quicklaunch [OWNER]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Incｮ
O4 - GS\Quicklaunch [OWNER]: HxD.lnk . (.Maël Hörz - HxD Hex Editor.) C:\Program Files (x86)\HxD\HxD.exe =>.Maël Hörz
O4 - GS\Quicklaunch [OWNER]: JDownloader 2.lnk . (.AppWork GmbH - JDownloader 2 Launcher.) C:\Users\OWNER\Desktop\Extra\DL Manager\JDownloader2.exe =>.Appwork GmbHｮ
O4 - GS\Quicklaunch [OWNER]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporationｮ
O4 - GS\Quicklaunch [OWNER]: Vuze.lnk . (.Azureus Software, Inc - .) C:\Program Files (x86)\Vuze\Azureus.exe =>.Azureus Software, Inc
O4 - GS\sendTo [OWNER]: ATLAS Translation Editor.lnk . (.FUJITSU LIMITED - Translation Editor.) C:\Program Files (x86)\ATLAS V14\Atledit.exe {22C4558DE9DE4208230E72015BE7086A} =>.FUJITSU LIMITED
O4 - GS\sendTo [OWNER]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [OWNER]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarlｮ
O4 - GS\TaskBar [OWNER]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporationｮ
O4 - GS\TaskBar [OWNER]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporationｮ
O4 - GS\TaskBar [OWNER]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\Programs [OWNER]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporationｮ
O4 - GS\Programs [OWNER]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) C:\Users\OWNER\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe =>.TeamSpeak Systems GmbHｮ
O4 - GS\Programs [OWNER]: バンダイナムコオンラインランチャー.lnk . (.Copyright (C) 2012-2015 BANDAI NAMCO Online Inc. - BNOStarter.) C:\Users\OWNER\Desktop\BNO\bno_starter.exe {1121C3C7331D8AA37B3F1272B14448A5C35F}
O4 - GS\Programs [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporationｮ
O4 - GS\Programs [Public]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) C:\Users\OWNER\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe =>.TeamSpeak Systems GmbHｮ
O4 - GS\Programs [Public]: バンダイナムコオンラインランチャー.lnk . (.Copyright (C) 2012-2015 BANDAI NAMCO Online Inc. - BNOStarter.) C:\Users\OWNER\Desktop\BNO\bno_starter.exe {1121C3C7331D8AA37B3F1272B14448A5C35F}
O4 - GS\Accessories [Public]: Command Prompt.lnk . (.Microsoft Corporation - Windows Command Processor.) C:\Windows\system32\cmd.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\Windows\system32\notepad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff =>.Microsoft Corporationｮ
O4 - GS\SystemTools [Public]: Private Character Editor.lnk . (.Microsoft Corporation - Private Character Editor.) C:\Windows\system32\eudcedit.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Calculator.lnk . (.Microsoft Corporation - Windows Calculator.) C:\Windows\system32\calc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: displayswitch.lnk . (.Microsoft Corporation - Display Switch.) C:\Windows\system32\displayswitch.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - Math Input Panel Accessory.) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Mobility Center.lnk . (.Microsoft Corporation - Windows Mobility Center.) C:\Windows\system32\mblctr.exe /open =>.Microsoft Corporation
O4 - GS\Accessories [Public]: NetworkProjection.lnk . (.Microsoft Corporation - Connect to a Network Projector.) C:\Windows\system32\NetProj.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\Windows\system32\mspaint.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\Windows\system32\mstsc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\Windows\system32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sound Recorder.lnk . (.Microsoft Corporation - Windows Sound Recorder.) C:\Windows\system32\SoundRecorder.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sticky Notes.lnk . (.Microsoft Corporation - Sticky Notes.) C:\Windows\system32\StikyNot.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sync Center.lnk . (.Microsoft Corporation - Microsoft Sync Center.) C:\Windows\System32\mobsync.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Welcome Center.lnk . (.Microsoft Corporation - Windows host process (Rundll32).) C:\Windows\system32\rundll32.exe %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCent er LaunchedBy_StartMenuShortcut =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\Windows\system32\charmap.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: dfrgui.lnk . (.Microsoft Corporation - Microsoft® Disk Defragmenter.) C:\Windows\system32\dfrgui.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Disk Cleanup.lnk . (.Microsoft Corporation - Disk Space Cleanup Manager for Windows.) C:\Windows\system32\cleanmgr.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Resource Monitor.lnk . (.Microsoft Corporation - Resource and Performance Monitor.) C:\Windows\system32\perfmon.exe /res =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: System Information.lnk . (.Microsoft Corporation - System Information.) C:\Windows\system32\msinfo32.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: System Restore.lnk . (.Microsoft Corporation - Microsoft® Windows System Restore.) C:\Windows\system32\rstrui.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Task Scheduler.lnk . (…) C:\Windows\system32\taskschd.msc /s =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Windows Easy Transfer Reports.lnk . (.Microsoft Corporation - Windows Easy Transfer Post Migration Applic.) C:\Windows\system32\migwiz\postmig.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Windows Easy Transfer.lnk . (.Microsoft Corporation - Windows Easy Transfer Application.) C:\Windows\system32\migwiz\migwiz.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Incｮ
O4 - GS\ProgramsCommon [Public]: Media Center.lnk . (.Microsoft Corporation - Windows Media Center.) C:\Windows\ehome\ehshell.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Sidebar.lnk . (.Microsoft Corporation - Windows Desktop Gadgets.) C:\Program Files (x86)\Windows Sidebar\sidebar.exe /showgadgets =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Vuze.lnk . (.Azureus Software, Inc - .) C:\Program Files (x86)\Vuze\Azureus.exe =>.Azureus Software, Inc
O4 - GS\ProgramsCommon [Public]: Windows DVD Maker.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\DVD Maker\DVDMaker.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS Viewer.) C:\Windows\system32\xpsrchvw.exe =>.Microsoft Corporation

—\ Lop.com/Domain Hijackers (4) - 0s
O17 - HKLM\System\CCS\Services\Tcpip..{26F54C70-E6A9-4026-AAE6-12027642A3E0}: DhcpNameServer = 192.168.1.254 =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip..{2B0F3536-45DB-43BD-8D5D-6D24B03F4ECD}: DhcpNameServer = 192.168.1.254 =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip..{26F54C70-E6A9-4026-AAE6-12027642A3E0}: DhcpDomain = attlocal.net
O17 - HKLM\System\CCS\Services\Tcpip..{2B0F3536-45DB-43BD-8D5D-6D24B03F4ECD}: DhcpDomain = attlocal.net

—\ Extra protocols (20) - 0s
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) – C:\Windows\System32\inetcomm.dll =>.Microsoft Corporation
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\System32\mscoree.dll =>.Microsoft Corporationｮ
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\System32\mscoree.dll =>.Microsoft Corporationｮ
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\System32\mscoree.dll =>.Microsoft Corporationｮ

—\ Software installed (85) - 20s
O42 - Logiciel: _inmm.dll 2.38 - (..) [HKLM][64Bits] – inmm
O42 - Logiciel: 7-Zip 9.20 - (.Igor Pavlov.) [HKLM][64Bits] – 7-Zip =>.Igor Pavlov
O42 - Logiciel: Adobe Flash Player 21 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] – Adobe Flash Player ActiveX =>.Adobe Systems Incorporatedｮ
O42 - Logiciel: Adobe Flash Player 22 NPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] – Adobe Flash Player NPAPI =>.Adobe Systems Incorporatedｮ
O42 - Logiciel: Aeria Ignite - (.Aeria Games & Entertainment.) [HKLM][64Bits] – {FE2D627E-D7E0-46EA-93A6-8583420285FA} =>.Aeria Games & Entertainment
O42 - Logiciel: Aeria Ignite - (.Aeria Games & Entertainment.) [HKLM][64Bits] – Aeria Ignite 1.13.3296 =>.Aeria Games & Entertainment
O42 - Logiciel: Apowersoft Online Launcher version 1.4.4 - (.APOWERSOFT LIMITED.) [HKCU][64Bits] – {20BF67A8-D81A-4489-8225-FABAA0896E2D}is1 =>.APOWERSOFT LIMITED
O42 - Logiciel: ATLAS Translation Standard V14.0 Trial Version - (.FUJITSU LIMITED.) [HKLM][64Bits] – {6652750B-AA69-49B7-9D09-C0A28B6FFC9F} =>.FUJITSU LIMITED
O42 - Logiciel: AutoHotkey 1.0.48.05 - (.Chris Mallett.) [HKLM][64Bits] – AutoHotkey
O42 - Logiciel: BlueStacks App Player - (.BlueStack Systems, Inc..) [HKLM][64Bits] – BlueStacks App Player =>.Bluestack Systems, Inc.ｮ
O42 - Logiciel: BlueStacks Notification Center - (.BlueStack Systems, Inc..) [HKLM][64Bits] – {4FCF716C-CEB4-499D-AFB8-A5375105EC2A} =>.BlueStack Systems, Inc.
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] – CCleaner =>.Piriform Ltdｮ
O42 - Logiciel: ChuSingura46+1 S - (.インレ.) [HKLM][64Bits] – Steam App 464780 =>.Valveｮ
O42 - Logiciel: CPUID CPU-Z 1.71 - (..) [HKLM][64Bits] – CPUID CPU-Z_is1
O42 - Logiciel: Creatures of Darkness - (.Screaming Bee.) [HKLM][64Bits] – {573F9269-A022-4C6F-97BD-CF1316A76369} =>.Screaming Bee
O42 - Logiciel: Cybertroopers Virtual-ON version PC - (.Installer by TheArcadeStriker - Game by SEGA.) [HKLM][64Bits] – {379E152B-4215-44D7-ADBC-DC280791A042}is1
O42 - Logiciel: Deep Space Voices - (.Screaming Bee.) [HKLM][64Bits] – {67CEC218-B250-4B4C-B23F-A597EC8DB153} =>.Screaming Bee
O42 - Logiciel: Dies irae -Amantes amentes- - (.株式会社グリーンウッド.) [HKLM][64Bits] – {91F5A357-7173-408C-85B7-FAAC69B5AD22}
O42 - Logiciel: Dies irae -Amantes amentes- - (.株式会社グリーンウッド.) [HKLM][64Bits] – InstallShield{91F5A357-7173-408C-85B7-FAAC69B5AD22}
O42 - Logiciel: Discord - (.Hammer & Chisel, Inc..) [HKCU][64Bits] – Discord =>.Hammer & Chisel Inc.ｮ
O42 - Logiciel: Etron USB3.0 Host Controller - (.Etron Technology.) [HKLM][64Bits] – {DFBB738C-71D8-4DC5-B8D2-D65C37680E27} =>.Etron Technology
O42 - Logiciel: Etron USB3.0 Host Controller - (.Etron Technology.) [HKLM][64Bits] – InstallShield{DFBB738C-71D8-4DC5-B8D2-D65C37680E27} =>.Etron Technology
O42 - Logiciel: Fantasy Voice Pack - (.Screaming Bee.) [HKLM][64Bits] – {5F4C3E1F-87FC-41BD-B219-E4156BBD8AE5} =>.Screaming Bee
O42 - Logiciel: FINAL FANTASY XIV - A Realm Reborn - (.SQUARE ENIX CO., LTD..) [HKLM][64Bits] – {2B41E132-07DF-4925-A3D3-F2D1765CCDFE} =>.SQUARE ENIX CO., LTD.
O42 - Logiciel: Fraps - (.Beepa.) [HKLM][64Bits] – Fraps
O42 - Logiciel: Galactic Voices - (.Screaming Bee.) [HKLM][64Bits] – {891D8FC9-726D-46F2-ADC0-E060A6EB1DC3} =>.Screaming Bee
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] – Google Chrome =>.Google Incｮ
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] – {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc.
O42 - Logiciel: HitmanPro 3.7 - (.SurfRight B.V..) [HKLM][64Bits] – HitmanPro37 =>.SurfRight B.V.
O42 - Logiciel: HxD Hex Editor version 1.7.7.0 - (.Ma・ Hz.) [HKLM][64Bits] – HxD Hex Editor_is1
O42 - Logiciel: Java 7 Update 79 (64-bit) - (.Oracle.) [HKLM][64Bits] – {26A24AE4-039D-4CA4-87B4-2F06417079FF} =>.Oracle
O42 - Logiciel: K-Lite Mega Codec Pack 10.0.5 - (.KLite Inc.) [HKLM][64Bits] – KLiteCodecPack_is1 =>.KLite Inc
O42 - Logiciel: LogMeIn Hamachi - (.LogMeIn, Inc..) [HKLM][64Bits] – {446B150E-993B-4D5B-BA82-3C496B5F62D5} =>.LogMeIn, Inc.
O42 - Logiciel: LogMeIn Hamachi - (.LogMeIn, Inc..) [HKLM][64Bits] – LogMeIn Hamachi =>.LogMeIn, Inc.
O42 - Logiciel: Male Voice Pack - (.Screaming Bee.) [HKLM][64Bits] – {71DD9C2C-3C7A-4B8D-AA36-C5C528A0CD69} =>.Screaming Bee
O42 - Logiciel: MeCab 0.98 - (.Taku Kudo.) [HKLM][64Bits] – MeCab_is1
O42 - Logiciel: Microsoft Games for Windows - LIVE - (.Microsoft Corporation.) [HKLM][64Bits] – {A1C962E2-2426-49C6-A38B-9A07E40D607C} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Security Client - (.Microsoft Corporation.) [HKLM][64Bits] – {2AA3C13E-0531-41B8-AE48-AE28C940A809} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Security Essentials - (.Microsoft Corporation.) [HKLM][64Bits] – Microsoft Security Client =>.Microsoft Corporationｮ
O42 - Logiciel: MorphVOX Pro - (.Screaming Bee.) [HKLM][64Bits] – {1DDBB040-3BEB-4057-90BB-B38B5E081D1B} =>.Screaming Bee
O42 - Logiciel: Mozilla Firefox 50.0.2 (x86 en-US) - (.Mozilla.) [HKLM][64Bits] – Mozilla Firefox 50.0.2 (x86 en-US) =>.Mozilla Corporationｮ
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] – MozillaMaintenanceService =>.Mozilla
O42 - Logiciel: Mudfish Cloud VPN v4.4.3 - (.Mudfish Networks.) [HKLM][64Bits] – Mudfish Cloud VPN
O42 - Logiciel: Personality Voices - (.Screaming Bee.) [HKLM][64Bits] – {4B886E97-AF5B-46F0-9F48-6BE03149D972} =>.Screaming Bee
O42 - Logiciel: PHANTASY STAR ONLINE 2 - (.SEGA.) [HKLM][64Bits] – ページが見つかりません｜『PSO2 ニュージェネシス』プレイヤーズサイト｜SEGA {5F4DF13A2D7701135FA8FAB4934015A9} =>.SEGA
O42 - Logiciel: puush - (.Dean Herbert.) [HKLM][64Bits] – {C3592426-531E-4110-911D-BFECE2CE284B} =>.Dean Herbert
O42 - Logiciel: Python 2.7.12 - (.Python Software Foundation.) [HKLM][64Bits] – {9DA28CE5-0AA5-429E-86D8-686ED898C665} =>.Python Software Foundation
O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM][64Bits] – {8833FFB6-5B0C-4764-81AA-06DFEED9A476} =>.Realtek Semiconductor Corpｮ
O42 - Logiciel: RGSS-RTP 1.03 - (.Enterbrain Inc..) [HKLM][64Bits] – RGSS-RTP
O42 - Logiciel: RPG Maker VX RTP - (.Enterbrain.) [HKLM][64Bits] – RPG Maker VX RTP_is1 =>.Enterbrain
O42 - Logiciel: Sci-Fi Voice Pack - (.Screaming Bee.) [HKLM][64Bits] – {BC038C91-D3C6-4E43-8439-B65976FE7937} =>.Screaming Bee
O42 - Logiciel: sdrt(5.0, 64bit) - (.パルティオソフト株式会社.) [HKLM][64Bits] – {63A3DBCF-FB40-4398-9AE5-94EE6206CE12}
O42 - Logiciel: Skype™ 7.26 - (.Skype Technologies S.A..) [HKLM][64Bits] – {FC965A47-4839-40CA-B618-18F486F042C6} =>.Skype Technologies S.A.
O42 - Logiciel: SoftEther VPN Client - (.SoftEther VPN Project.) [HKLM][64Bits] – softether_sevpnclient =>.SoftEther K.K.ｮ
O42 - Logiciel: Soulworker Patcher - (.MiyuPatcher.) [HKCU][64Bits] – 4f8fec11a5e6e736
O42 - Logiciel: SpeedFan (remove only) - (.Almico Software.) [HKLM][64Bits] – SpeedFan =>.Almico Software
O42 - Logiciel: Steam - (.Valve Corporation.) [HKLM][64Bits] – {048298C9-A4D3-490B-9FF9-AB023A9238F3} =>.Valve Corporation
O42 - Logiciel: TeamSpeak 3 Client - (.TeamSpeak Systems GmbH.) [HKCU][64Bits] – TeamSpeak 3 Client =>.TeamSpeak Systems GmbH
O42 - Logiciel: Ultimate Knight ƒEƒBƒ“ƒ_ƒ€XP - (..) [HKLM][64Bits] – {D5C424A1-5C0A-426C-BB0B-D75907243EC3}
O42 - Logiciel: Unity Web Player - (.Unity Technologies ApS.) [HKCU][64Bits] – UnityWebPlayer =>.Unity Technologies ApS
O42 - Logiciel: Unity Web Player (x64) (All users) - (.Unity Technologies ApS.) [HKLM][64Bits] – UnityWebPlayer =>.Unity Technologies ApS
O42 - Logiciel: VirtualCloneDrive - (.Elaborate Bytes.) [HKLM][64Bits] – VirtualCloneDrive =>.Elaborate Bytes
O42 - Logiciel: Visual Studio 2012 x64 Redistributables - (.AVG Technologies.) [HKLM][64Bits] – {8C775E70-A791-4DA8-BCC3-6AB7136F4484} =>.AVG Technologies
O42 - Logiciel: Visual Studio 2012 x86 Redistributables - (.AVG Technologies CZ, s.r.o..) [HKLM][64Bits] – {98EFF19A-30AB-4E4B-B943-F06B1C63EBF8} =>.AVG Technologies CZ, s.r.o.
O42 - Logiciel: VLC media player 1.1.11 - (.VideoLAN.) [HKLM][64Bits] – VLC media player =>.VideoLAN
O42 - Logiciel: Vulkan Run Time Libraries 1.0.17.0 - (.LunarG, Inc..) [HKLM][64Bits] – VulkanRT1.0.17.0 =>.LunarG, Inc.ｮ
O42 - Logiciel: Vulkan Run Time Libraries 1.0.26.0 - (.LunarG, Inc..) [HKLM][64Bits] – VulkanRT1.0.26.0 =>.LunarG, Inc.ｮ
O42 - Logiciel: Vulkan Run Time Libraries 1.0.3.1 - (.LunarG, Inc..) [HKLM][64Bits] – VulkanRT1.0.3.1 =>.LunarG, Inc.
O42 - Logiciel: Vuze - (.Azureus Software, Inc..) [HKLM][64Bits] – 8461-7759-5462-8226 =>.Azureus Software, Inc.ｮ
O42 - Logiciel: WhoCrashed 5.53 - (.Resplendence Software Projects Sp..) [HKLM][64Bits] – WhoCrashed_is1 =>.Resplendence Software Projects Sp.
O42 - Logiciel: WinRAR 5.31 beta 1 (64-bit) - (.win.rar GmbH.) [HKLM][64Bits] – WinRAR archiver =>.win.rar GmbHｮ
O42 - Logiciel: XSplit Gamecaster - (.SplitmediaLabs.) [HKLM][64Bits] – {4EDB1851-7427-4324-AAAA-9E3852C73DAE} =>.SplitMediaLabs
O42 - Logiciel: いろとりどりのセカイ - (.FAVORITE.) [HKLM][64Bits] – {3DC8D5BA-E704-402F-88F0-E22BF4C41F6F}
O42 - Logiciel: ソウルワーカー - (.NHN PlayArt Corp..) [HKLM][64Bits] – ソウルワーカー
O42 - Logiciel: バンダイナムコオンラインランチャー - (.株式会社バンダイナムコオンライン.) [HKLM][64Bits] – bno_starter {1121C3C7331D8AA37B3F1272B14448A5C35F}
O42 - Logiciel: ユニオリズム・カルテット A3-DAYS - (.CLIPCRAFT.) [HKLM][64Bits] – UQA3
O42 - Logiciel: 機動戦士ガンダムオンライン - (.株式会社バンダイナムコオンライン.) [HKLM][64Bits] – Olive_is1
O42 - Logiciel: 神咒神威神楽 曙之光 - (.株式会社グリーンウッド.) [HKLM][64Bits] – {E836AF82-7D3E-415F-BB09-0A124EF73909}
O42 - Logiciel: 神咒神威神楽 曙之光 - (.株式会社グリーンウッド.) [HKLM][64Bits] – InstallShield{E836AF82-7D3E-415F-BB09-0A124EF73909}
O42 - Logiciel: 相州戦神館學園 八命陣 - (.株式会社グリーンウッド.) [HKLM][64Bits] – {BC30387C-AA5F-427F-A64D-E4F27374C7CA}
O42 - Logiciel: 相州戦神館學園 万仙陣 - (.株式会社グリーンウッド.) [HKLM][64Bits] – {47CE86AC-FC80-4C08-A389-41CF2AE1519A}
O42 - Logiciel: 大迷宮＆大迷惑 - (.(c)Liar-soft/HOBIBOX.) [HKLM][64Bits] – {12BB3C50-4D4F-4D1F-8217-527477FEC813}
O42 - Logiciel: 凍京NECRO - (.Nitroplus.) [HKLM][64Bits] – {96448B65-910B-41D9-8CC9-3E6BBC6B299D}
O42 - Logiciel: セイバーフィッシュ- - (..) [HKLM][64Bits] – JHPCIPOOIKKLILEOCNJDPHJGFPICMGJCIGIPGPICLFICPAILIB ICNPICOJIDEJIDJDIDGJJCECCN

—\ HKCU & HKLM Software Keys (178) - 20s
HKLM\SOFTWARE\Wow6432Node\7-Zip =>.Igor Pavlov
HKLM\SOFTWARE\Wow6432Node\Adware Removal Tool by TSA
HKLM\SOFTWARE\Wow6432Node\AMD =>.AMD
HKLM\SOFTWARE\Wow6432Node\ATI =>.ATI
HKLM\SOFTWARE\Wow6432Node\ATI Technologies =>.ATI Technologies
HKLM\SOFTWARE\Wow6432Node\AutoHotkey
HKLM\SOFTWARE\Wow6432Node\AVG SafeGuard toolbar
HKLM\SOFTWARE\Wow6432Node\AVG Web TuneUp =>.AVG Web TuneUp
HKLM\SOFTWARE\Wow6432Node\Avnex
HKLM\SOFTWARE\Wow6432Node\Bethesda Softworks =>.Bethesda Softworks
HKLM\SOFTWARE\Wow6432Node\BlueStacks =>.BlueStack Systems, Inc.
HKLM\SOFTWARE\Wow6432Node\Caphyon =>.Caphyon
HKLM\SOFTWARE\Wow6432Node\DT Soft =>.DT Soft Ltd
HKLM\SOFTWARE\Wow6432Node\Elaborate Bytes =>.Elaborate Bytes
HKLM\SOFTWARE\Wow6432Node\Enterbrain =>.Enterbrain
HKLM\SOFTWARE\Wow6432Node\FAVORITE
HKLM\SOFTWARE\Wow6432Node\FFOnline
HKLM\SOFTWARE\Wow6432Node\Fraps =>.Beepa
HKLM\SOFTWARE\Wow6432Node\Fujitsu =>.Fujitsu
HKLM\SOFTWARE\Wow6432Node\g3n-h@ckm@n =>.g3n-h@ckm@n
HKLM\SOFTWARE\Wow6432Node\GGS =>.GGS
HKLM\SOFTWARE\Wow6432Node\GNU =>.GNU
HKLM\SOFTWARE\Wow6432Node\GOG.com =>.GOG.com
HKLM\SOFTWARE\Wow6432Node\Google =>.Google
HKLM\SOFTWARE\Wow6432Node\HanPurple
HKLM\SOFTWARE\Wow6432Node\IM Providers =>.IM Providers
HKLM\SOFTWARE\Wow6432Node\Intel =>.Intel
HKLM\SOFTWARE\Wow6432Node\irori
HKLM\SOFTWARE\Wow6432Node\Key
HKLM\SOFTWARE\Wow6432Node\Khronos =>.Khronos
HKLM\SOFTWARE\Wow6432Node\KLCodecPack =>.KLite Inc
HKLM\SOFTWARE\Wow6432Node\LAV =>.LAV Inc
HKLM\SOFTWARE\Wow6432Node\light =>.Light
HKLM\SOFTWARE\Wow6432Node\LogMeIn Hamachi =>.LogMeIn Entreprise
HKLM\SOFTWARE\Wow6432Node\Macromedia =>.Macromedia
HKLM\SOFTWARE\Wow6432Node\Malwarebytes Anti-Rootkit =>.Malwarebytes
HKLM\SOFTWARE\Wow6432Node\McAfee.com =>.McAfee Inc.
HKLM\SOFTWARE\Wow6432Node\MeCab
HKLM\SOFTWARE\Wow6432Node\MimarSinan =>.Mimar Sinan
HKLM\SOFTWARE\Wow6432Node\Mozilla =>.Mozilla
HKLM\SOFTWARE\Wow6432Node\mozilla.org =>.mozilla.org
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins =>.MozillaPlugins
HKLM\SOFTWARE\Wow6432Node\Nalpeiron =>.Nalpeiron
HKLM\SOFTWARE\Wow6432Node\Nitroplus
HKLM\SOFTWARE\Wow6432Node\ODBC =>.DB Connectivity Solutions
HKLM\SOFTWARE\Wow6432Node\onOne Software =>.onOne Software
HKLM\SOFTWARE\Wow6432Node\Paltiosoft
HKLM\SOFTWARE\Wow6432Node\Playcoo
HKLM\SOFTWARE\Wow6432Node\Realtek =>.Realtek
HKLM\SOFTWARE\Wow6432Node\SAGAPLANETS
HKLM\SOFTWARE\Wow6432Node\Screaming Bee =>.Screaming Bee
HKLM\SOFTWARE\Wow6432Node\Sega2
HKLM\SOFTWARE\Wow6432Node\Skype =>.Skype
HKLM\SOFTWARE\Wow6432Node\SoftDenchi
HKLM\SOFTWARE\Wow6432Node\SoftEther Project =>.SoftEther Project
HKLM\SOFTWARE\Wow6432Node\SpeedFan =>.Almico Software
HKLM\SOFTWARE\Wow6432Node\SplitmediaLabs =>.SplitMediaLabs
HKLM\SOFTWARE\Wow6432Node\SquareEnix =>.SquareEnix
HKLM\SOFTWARE\Wow6432Node\StepMania 5
HKLM\SOFTWARE\Wow6432Node\ukwxp
HKLM\SOFTWARE\Wow6432Node\Valve =>.Valve
HKLM\SOFTWARE\Wow6432Node\VideoLAN =>.VideoLAN
HKLM\SOFTWARE\Wow6432Node\Volatile =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\WafCX =>.WafCX
HKLM\SOFTWARE\Wow6432Node\Wondershare =>.Wondershare
HKLM\SOFTWARE\Wow6432Node\Wow6432Node =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\wtu =>.WTU
HKLM\SOFTWARE\Wow6432Node\Wuji
HKLM\SOFTWARE\Wow6432Node\げーせん18
HKLM\SOFTWARE\Wow6432Node\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\7-Zip =>.Igor Pavlov
HKCU\SOFTWARE\Aeria Games =>.Aeria Games
HKCU\SOFTWARE\AhnLab =>.AhnLab Inc.
HKCU\SOFTWARE\AIDA
HKCU\SOFTWARE\AI_RecycleBin =>.Legitimate
HKCU\SOFTWARE\AMD =>.AMD
HKCU\SOFTWARE\AMD Driver Downloader
HKCU\SOFTWARE\Apowersoft =>.Apowersoft
HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
HKCU\SOFTWARE\Apple Computer, Inc. =>.Apple Computer, Inc.
HKCU\SOFTWARE\Apple Inc. =>.Apple Inc.
HKCU\SOFTWARE\ATI =>.ATI
HKCU\SOFTWARE\AutoHotkey
HKCU\SOFTWARE\Avg =>.AVG Software
HKCU\SOFTWARE\AVG SafeGuard toolbar
HKCU\SOFTWARE\AVG SafePrice =>.AVG Software
HKCU\SOFTWARE\Avg Secure Update =>.AVG Software
HKCU\SOFTWARE\AVG Web TuneUp =>.AVG Web TuneUp
HKCU\SOFTWARE\Azureus
HKCU\SOFTWARE\BitComet =>.BitComet (P2P)
HKCU\SOFTWARE\BNO
HKCU\SOFTWARE\Burda
HKCU\SOFTWARE\CLIPCRAFT
HKCU\SOFTWARE\DefaultCompany =>.Unity
HKCU\SOFTWARE\DT Soft =>.DT Soft Ltd
HKCU\SOFTWARE\ej-technologies =>.ej-technologies
HKCU\SOFTWARE\Elaborate Bytes =>.Elaborate Bytes
HKCU\SOFTWARE\Enterbrain =>.Enterbrain
HKCU\SOFTWARE\Football News App
HKCU\SOFTWARE\Fraps3 =>.Beepa
HKCU\SOFTWARE\Fujitsu =>.Fujitsu
HKCU\SOFTWARE\g3n-h@ckm@n =>.g3n-h@ckm@n
HKCU\SOFTWARE\Gabest =>.Gabest
HKCU\SOFTWARE\GGS =>.GGS
HKCU\SOFTWARE\GNU =>.GNU
HKCU\SOFTWARE\GOG.com =>.GOG.com
HKCU\SOFTWARE\Google =>.Google
HKCU\SOFTWARE\HADASHI
HKCU\SOFTWARE\HANPURPLE
HKCU\SOFTWARE\HmelyoffLabs =>.Hmelyoff Labs
HKCU\SOFTWARE\Icaros =>.Icaros
HKCU\SOFTWARE\illusion
HKCU\SOFTWARE\IM Providers =>.IM Providers
HKCU\SOFTWARE\INCAInternet =>.INCAInternet
HKCU\SOFTWARE\Inre
HKCU\SOFTWARE\irori
HKCU\SOFTWARE\JavaSoft =>.JavaSoft
HKCU\SOFTWARE\KanColleTool
HKCU\SOFTWARE\KID
HKCU\SOFTWARE\KISS
HKCU\SOFTWARE\Lagarith =>.Lagarith
HKCU\SOFTWARE\Liar
HKCU\SOFTWARE\light =>.Light
HKCU\SOFTWARE\Macromedia =>.Macromedia
HKCU\SOFTWARE\madshi =>.madshi.net
HKCU\SOFTWARE\Magnet =>.Magnet
HKCU\SOFTWARE\Malwarebytes Anti-Rootkit =>.Malwarebytes
HKCU\SOFTWARE\MCAFEE =>.McAfee Inc.
HKCU\SOFTWARE\MeCab
HKCU\SOFTWARE\MediaInfo =>.Jérôme Martinez
HKCU\SOFTWARE\Mozilla =>.Mozilla
HKCU\SOFTWARE\MozillaPlugins =>.MozillaPlugins
HKCU\SOFTWARE\Mumble =>.Mumble
HKCU\SOFTWARE\Nitroplus
HKCU\SOFTWARE\Piriform =>.Piriform
HKCU\SOFTWARE\puush
HKCU\SOFTWARE\Python =>.Python
HKCU\SOFTWARE\QtProject =>.QtProject
HKCU\SOFTWARE\Raptr =>.Raptr
HKCU\SOFTWARE\Resplendence Sp =>.Resplendence Software
HKCU\SOFTWARE\RightBrainGames
HKCU\SOFTWARE\Section Studios, Inc.
HKCU\SOFTWARE\SETTEC
HKCU\SOFTWARE\SimonTatham =>.Simon Tatham
HKCU\SOFTWARE\Skype =>.Skype
HKCU\SOFTWARE\SoftEther Project =>.SoftEther Project
HKCU\SOFTWARE\SpeedFan =>.Almico Software
HKCU\SOFTWARE\SplitmediaLabs =>.SplitMediaLabs
HKCU\SOFTWARE\sshelper6
HKCU\SOFTWARE\StepMania 5
HKCU\SOFTWARE\TeamPsykskallar =>.Team Psykskallar
HKCU\SOFTWARE\TeamSpeak 3 Client =>.TeamSpeak
HKCU\SOFTWARE\TesSafe
HKCU\SOFTWARE\Trolltech =>.Trolltech
HKCU\SOFTWARE\unicorn-a
HKCU\SOFTWARE\Unity =>.Unity
HKCU\SOFTWARE\University of Tsukuba =>.University of Tsukuba
HKCU\SOFTWARE\Valve =>.Valve
HKCU\SOFTWARE\Vebanaul
HKCU\SOFTWARE\WinRAR =>.WinRAR
HKCU\SOFTWARE\WinRAR SFX =>.RarLab
HKCU\SOFTWARE\Wintertree =>.Wintertree Software
HKCU\SOFTWARE\Wondershare =>.Wondershare
HKCU\SOFTWARE\WordPad+
HKCU\SOFTWARE\Wow6432Node =>.Microsoft Corporation
HKCU\SOFTWARE\WuJi
HKCU\SOFTWARE\YandereDev
HKCU\SOFTWARE\Yanderu Software
HKCU\SOFTWARE\ZebHelpProcess Helper =>.Nicolas Coolman
HKCU\SOFTWARE\Zemana =>.Zemana
HKCU\SOFTWARE\アトリエかぐや
HKCU\SOFTWARE\アプリケーション ウィザードで生成されたローカル アプリケーション
HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation
HKCU\SOFTWARE\AppDataLow\Software\JavaSoft =>.JavaSoft
HKCU\SOFTWARE\AppDataLow\Software\Unity =>.Unity

—\ Contents of the Common Files folders (338) - 51s
O43 - CFD: 16/11/2016 - D – C:\Program Files\AMD =>.AMD
O43 - CFD: 25/10/2014 - D – C:\Program Files\ATI =>.ATI
O43 - CFD: 20/12/2014 - D – C:\Program Files\ATI Technologies =>.ATI Technologies
O43 - CFD: 18/11/2016 - D – C:\Program Files\CCleaner =>.Piriform
O43 - CFD: 11/12/2016 - D – C:\Program Files\Common Files =>.Microsoft Corporation
O43 - CFD: 25/10/2014 - D – C:\Program Files\CPUID =>.CPUID Inc
O43 - CFD: 02/02/2013 - D – C:\Program Files\DVD Maker =>.Aone Software
O43 - CFD: 04/05/2016 - D – C:\Program Files\HitmanPro =>.EIDOS hitman Game
O43 - CFD: 13/01/2016 - D – C:\Program Files\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 19/11/2016 - D – C:\Program Files\Java =>.Oracle
O43 - CFD: 13/07/2009 - D – C:\Program Files\Microsoft Games =>.Microsoft Corporation
O43 - CFD: 10/12/2016 - D – C:\Program Files\Microsoft Security Client =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - D – C:\Program Files\MSBuild =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - D – C:\Program Files\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 26/07/2016 - D – C:\Program Files\SoftDenchi
O43 - CFD: 10/12/2016 - D – C:\Program Files\SoftEther VPN Client =>.SoftEther
O43 - CFD: 13/07/2009 - [0] HD – C:\Program Files\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 22/11/2014 - D – C:\Program Files\Unity =>.Unity
O43 - CFD: 07/11/2016 - D – C:\Program Files\Vuze =>.Vuze (P2P)
O43 - CFD: 16/07/2013 - D – C:\Program Files\Windows Defender =>.Microsoft Corporation
O43 - CFD: 11/05/2016 - D – C:\Program Files\Windows Journal =>.Microsoft Corporation
O43 - CFD: 02/02/2013 - D – C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 13/10/2016 - D – C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - D – C:\Program Files\Windows NT =>.Microsoft Corporation
O43 - CFD: 02/02/2013 - D – C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 02/02/2013 - D – C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 02/02/2013 - D – C:\Program Files\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 04/05/2016 - D – C:\Program Files\WinRAR =>.win.rar GmbHｮ
O43 - CFD: 26/05/2015 - D – C:\Program Files (x86)\7-Zip =>.Igor Pavlov
O43 - CFD: 11/12/2016 - D – C:\Program Files (x86)\Adware Removal Tool by TSA
O43 - CFD: 03/06/2014 - D – C:\Program Files (x86)\Aeria Games =>.Aeria Games and Entertainmentｮ
O43 - CFD: 16/11/2016 - D – C:\Program Files (x86)\AMD =>.AMD
O43 - CFD: 20/12/2014 - D – C:\Program Files (x86)\AMD AVT =>.Advanced Micro Devices Inc
O43 - CFD: 06/09/2008 - D – C:\Program Files (x86)\ATLAS V14 {22C4558DE9DE4208230E72015BE7086A}
O43 - CFD: 02/02/2015 - D – C:\Program Files (x86)\AutoHotkey =>.Chicony Multimedia
O43 - CFD: 25/07/2015 - D – C:\Program Files (x86)\BlueStacks =>.BlueStack Systems, Inc.
O43 - CFD: 11/12/2016 - D – C:\Program Files (x86)\Common Files =>.Microsoft Corporation
O43 - CFD: 08/05/2013 - D – C:\Program Files (x86)\DAEMON Tools Lite =>.DAEMON Tools
O43 - CFD: 02/02/2013 - D – C:\Program Files (x86)\Elaborate Bytes =>.Elaborate Bytes
O43 - CFD: 22/12/2013 - D – C:\Program Files (x86)\Enterbrain =>.Enterbrain
O43 - CFD: 25/10/2014 - D – C:\Program Files (x86)\Etron Technology =>.Etron Technology
O43 - CFD: 12/05/2013 - D – C:\Program Files (x86)\FAVORITE
O43 - CFD: 16/10/2015 - D – C:\Program Files (x86)\Google =>.Google Incｮ
O43 - CFD: 27/08/2016 - D – C:\Program Files (x86)\HxD
O43 - CFD: 26/07/2016 - HD – C:\Program Files (x86)\InstallShield Installation Information =>.InstallShield Software
O43 - CFD: 13/01/2016 - D – C:\Program Files (x86)\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 08/10/2013 - D – C:\Program Files (x86)\K-Lite Codec Pack =>.KLite Inc
O43 - CFD: 13/10/2016 - D – C:\Program Files (x86)\Liar
O43 - CFD: 05/12/2016 - D – C:\Program Files (x86)\light =>.Light
O43 - CFD: 04/05/2016 - D – C:\Program Files (x86)\LogMeIn Hamachi =>.LogMeIn Entreprise
O43 - CFD: 06/09/2015 - D – C:\Program Files (x86)\MeCab
O43 - CFD: 10/12/2016 - D – C:\Program Files (x86)\Microsoft Security Client =>.Microsoft Corporation
O43 - CFD: 21/03/2013 - D – C:\Program Files (x86)\Microsoft.NET =>.Microsoft Corporation
O43 - CFD: 30/11/2016 - D – C:\Program Files (x86)\Mozilla Firefox =>.Mozilla
O43 - CFD: 30/11/2016 - D – C:\Program Files (x86)\Mozilla Maintenance Service =>.Mozilla
O43 - CFD: 13/07/2009 - D – C:\Program Files (x86)\MSBuild =>.Microsoft Corporation
O43 - CFD: 10/12/2016 - D – C:\Program Files (x86)\Mudfish Cloud VPN
O43 - CFD: 26/07/2016 - D – C:\Program Files (x86)\Nitroplus
O43 - CFD: 29/11/2014 - D – C:\Program Files (x86)\puush =>.Dean Herbertｮ
O43 - CFD: 29/08/2014 - D – C:\Program Files (x86)\Realtek =>.Realtek
O43 - CFD: 13/07/2009 - D – C:\Program Files (x86)\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 11/05/2013 - D – C:\Program Files (x86)\SAGAPLANETS
O43 - CFD: 13/04/2016 - D – C:\Program Files (x86)\Screaming Bee =>.Screaming Bee
O43 - CFD: 09/05/2015 - D – C:\Program Files (x86)\SEGA {5F4DF13A2D7701135FA8FAB4934015A9} =>.SEGA
O43 - CFD: 03/08/2016 - RD – C:\Program Files (x86)\Skype =>.Skype
O43 - CFD: 26/07/2016 - D – C:\Program Files (x86)\SoftDenchi
O43 - CFD: 12/09/2016 - D – C:\Program Files (x86)\softhouse-seal
O43 - CFD: 09/12/2016 - D – C:\Program Files (x86)\SpeedFan =>.Almico Software
O43 - CFD: 17/08/2013 - D – C:\Program Files (x86)\SquareEnix =>.SQUARE ENIX CO., LTD.ｮ
O43 - CFD: 09/12/2016 - D – C:\Program Files (x86)\Steam =>.SteamApps
O43 - CFD: 23/02/2013 - [0] D – C:\Program Files (x86)\Temp =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [0] HD – C:\Program Files (x86)\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 13/08/2013 - D – C:\Program Files (x86)\VideoLAN =>.VideoLAN
O43 - CFD: 16/11/2016 - D – C:\Program Files (x86)\VulkanRT =>.LunarG, Inc
O43 - CFD: 16/07/2013 - D – C:\Program Files (x86)\Windows Defender =>.Microsoft Corporation
O43 - CFD: 02/02/2013 - D – C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 13/10/2016 - D – C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - D – C:\Program Files (x86)\Windows NT =>.Microsoft Corporation
O43 - CFD: 02/02/2013 - D – C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 02/02/2013 - D – C:\Program Files (x86)\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 02/02/2013 - D – C:\Program Files (x86)\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 27/08/2016 - D – C:\Program Files (x86)_inmm
O43 - CFD: 04/09/2015 - D – C:\Program Files (x86)\セイバーフィッシュ
O43 - CFD: 26/05/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip =>.Igor Pavlov
O43 - CFD: 30/01/2013 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 02/02/2013 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 03/06/2014 - [0] D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames =>.AeriaGames
O43 - CFD: 16/11/2016 - [0] D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings =>.Samsung Electronics
O43 - CFD: 06/09/2008 - [0] D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATLAS V14.0 Trial Version
O43 - CFD: 02/02/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey =>.Chicony Multimedia
O43 - CFD: 16/04/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks =>.BlueStack Systems, Inc.
O43 - CFD: 18/11/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner =>.Piriform
O43 - CFD: 25/10/2014 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID =>.CPUID Inc
O43 - CFD: 27/08/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cybertroopers Virtual-ON
O43 - CFD: 08/05/2013 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite =>.DAEMON Tools
O43 - CFD: 02/02/2013 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes =>.Elaborate Bytes
O43 - CFD: 31/07/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ever17
O43 - CFD: 12/05/2013 - [0] D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FAVORITE
O43 - CFD: 24/01/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps =>.Fraps Games
O43 - CFD: 05/12/2016 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games =>.Microsoft Corporation
O43 - CFD: 31/07/2014 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro =>.EIDOS hitman Game
O43 - CFD: 27/08/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor
O43 - CFD: 19/11/2016 - [0] D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java =>.Oracle
O43 - CFD: 08/10/2013 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack =>.KLite Inc
O43 - CFD: 09/12/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\light =>.Light
O43 - CFD: 06/04/2016 - [0] D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi =>.LogMeIn Entreprise
O43 - CFD: 13/07/2009 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 06/09/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MeCab
O43 - CFD: 13/04/2013 - [0] D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE =>.Microsoft Corporation
O43 - CFD: 14/04/2016 - [0] D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest =>.NCWest
O43 - CFD: 26/07/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitroplus
O43 - CFD: 28/07/2014 - [0] D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\onOne Software =>.onOne Software
O43 - CFD: 31/01/2013 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHANTASY STAR ONLINE 2
O43 - CFD: 29/11/2014 - [0] D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush
O43 - CFD: 27/12/2013 - [0] D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
O43 - CFD: 22/12/2013 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RGSS-RTP Standard
O43 - CFD: 30/01/2016 - [0] D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype =>.Skype
O43 - CFD: 09/01/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client =>.SoftEther
O43 - CFD: 25/10/2014 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan =>.Almico Software
O43 - CFD: 17/08/2013 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX =>.Square Enix
O43 - CFD: 04/05/2016 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 08/06/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam =>.SteamApps
O43 - CFD: 27/04/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StepMania 5
O43 - CFD: 13/07/2009 - [0] RHD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC =>.Wacom Technology
O43 - CFD: 13/08/2013 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN =>.VideoLAN
O43 - CFD: 05/04/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.1 =>.Kronos Group
O43 - CFD: 09/12/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed =>.Resplendence Software
O43 - CFD: 27/01/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
O43 - CFD: 20/07/2015 - [0] D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit =>.SplitMedia Labs
O43 - CFD: 30/05/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\セイバーフィッシュ
O43 - CFD: 31/03/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ソウルワーカー
O43 - CFD: 26/07/2016 - [0] D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ソフト電池
O43 - CFD: 25/04/2014 - D – C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 =>.GEAR Software, Inc.
O43 - CFD: 03/06/2014 - D – C:\ProgramData\Aeria Games =>.Aeria Games
O43 - CFD: 02/08/2015 - D – C:\ProgramData\AMD =>.AMD
O43 - CFD: 13/04/2016 - D – C:\ProgramData\Apple =>.Apple Inc.
O43 - CFD: 25/04/2014 - D – C:\ProgramData\Apple Computer =>.Apple Inc.
O43 - CFD: 13/07/2009 - [0] SHD – C:\ProgramData\Application Data =>.Microsoft Corporation
O43 - CFD: 11/11/2015 - D – C:\ProgramData\ASign
O43 - CFD: 11/12/2015 - D – C:\ProgramData\ATI =>.ATI
O43 - CFD: 16/04/2015 - D – C:\ProgramData\BlueStacks =>.BlueStack Systems, Inc.
O43 - CFD: 18/11/2016 - D – C:\ProgramData\BlueStacksSetup =>.BlueStack Systems, Inc.
O43 - CFD: 19/01/2016 - D – C:\ProgramData\boost_interprocess =>.boost.org
O43 - CFD: 02/10/2015 - D – C:\ProgramData\Damned
O43 - CFD: 13/07/2009 - [0] SHD – C:\ProgramData\Desktop =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [0] SHD – C:\ProgramData\Documents =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [0] SHD – C:\ProgramData\Favorites =>.Microsoft Corporation
O43 - CFD: 25/10/2014 - D – C:\ProgramData\FNET =>.FNet Corporation
O43 - CFD: 27/08/2013 - D – C:\ProgramData\Gibraltar
O43 - CFD: 21/11/2013 - D – C:\ProgramData\HitmanPro =>.EIDOS hitman Game
O43 - CFD: 02/10/2013 - D – C:\ProgramData\LogMeIn =>.LogMeIn
O43 - CFD: 11/12/2013 - D – C:\ProgramData\Malwarebytes =>.Malwarebytes
O43 - CFD: 25/10/2014 - D – C:\ProgramData\McAfee =>.McAfee
O43 - CFD: 03/12/2016 - SD – C:\ProgramData\Microsoft =>.Microsoft Corporation
O43 - CFD: 09/02/2013 - D – C:\ProgramData\Mozilla =>.Mozilla Corporation
O43 - CFD: 28/07/2014 - D – C:\ProgramData\onOne Software =>.onOne Software
O43 - CFD: 18/08/2014 - D – C:\ProgramData\ONScripter-EN
O43 - CFD: 26/07/2016 - D – C:\ProgramData\paltiosoft
O43 - CFD: 09/06/2014 - D – C:\ProgramData\Screaming Bee =>.Screaming Bee
O43 - CFD: 03/08/2016 - D – C:\ProgramData\Skype =>.Skype
O43 - CFD: 19/04/2015 - D – C:\ProgramData\SplitMediaLabs =>.SplitMediaLabs
O43 - CFD: 27/08/2013 - D – C:\ProgramData\Stardock =>.Stardock
O43 - CFD: 13/07/2009 - [0] SHD – C:\ProgramData\Start Menu =>.Microsoft Corporation
O43 - CFD: 19/09/2013 - D – C:\ProgramData\Steam =>.SteamApps
O43 - CFD: 13/07/2009 - [0] SHD – C:\ProgramData\Templates =>.Microsoft Corporation
O43 - CFD: 12/09/2015 - D – C:\ProgramData\Umineko4final
O43 - CFD: 01/04/2016 - D – C:\ProgramData\WindSolutions =>.WindSolutions
O43 - CFD: 01/04/2016 - D – C:\ProgramData\wondershare =>.Wondershare
O43 - CFD: 28/07/2014 - D – C:\Program Files (x86)\Common Files\Adobe =>.Adobe
O43 - CFD: 25/10/2014 - D – C:\Program Files (x86)\Common Files\ATI Technologies =>.ATI Technologies
O43 - CFD: 21/05/2013 - D – C:\Program Files (x86)\Common Files\Enterbrain =>.Enterbrain
O43 - CFD: 21/03/2013 - D – C:\Program Files (x86)\Common Files\microsoft shared =>.Microsoft Corporation
O43 - CFD: 09/06/2014 - D – C:\Program Files (x86)\Common Files\Screaming Bee =>.Screaming Bee
O43 - CFD: 13/07/2009 - D – C:\Program Files (x86)\Common Files\Services =>.Microsoft Corporation
O43 - CFD: 27/04/2016 - D – C:\Program Files (x86)\Common Files\Skype =>.Skype
O43 - CFD: 13/07/2009 - D – C:\Program Files (x86)\Common Files\SpeechEngines =>.Microsoft Corporation
O43 - CFD: 06/10/2016 - D – C:\Program Files (x86)\Common Files\Steam =>.SteamApps
O43 - CFD: 02/02/2013 - D – C:\Program Files (x86)\Common Files\System =>.Microsoft Corporation
O43 - CFD: 03/07/2014 - D – C:\Users\OWNER\AppData\Roaming\17173
O43 - CFD: 28/07/2014 - D – C:\Users\OWNER\AppData\Roaming\Adobe =>.Adobe
O43 - CFD: 16/04/2015 - D – C:\Users\OWNER\AppData\Roaming\AMD =>.AMD
O43 - CFD: 28/07/2016 - D – C:\Users\OWNER\AppData\Roaming\AnnkakeSpa
O43 - CFD: 19/05/2016 - D – C:\Users\OWNER\AppData\Roaming\Apowersoft =>.Apowersoft
O43 - CFD: 01/04/2016 - D – C:\Users\OWNER\AppData\Roaming\Apple Computer =>.Apple Inc.
O43 - CFD: 25/10/2014 - D – C:\Users\OWNER\AppData\Roaming\ATI =>.ATI
O43 - CFD: 23/12/2015 - D – C:\Users\OWNER\AppData\Roaming\Audacity =>.The Audacity Team
O43 - CFD: 09/11/2015 - D – C:\Users\OWNER\AppData\Roaming\Avnex
O43 - CFD: 01/12/2016 - D – C:\Users\OWNER\AppData\Roaming\Azureus =>.Azureus Software (P2P)
O43 - CFD: 15/10/2015 - D – C:\Users\OWNER\AppData\Roaming\BitComet =>.BitComet (P2P)
O43 - CFD: 11/12/2015 - D – C:\Users\OWNER\AppData\Roaming\CW
O43 - CFD: 11/12/2015 - D – C:\Users\OWNER\AppData\Roaming\CWPatcher
O43 - CFD: 18/11/2016 - D – C:\Users\OWNER\AppData\Roaming\DAEMON Tools Lite =>.DAEMON Tools
O43 - CFD: 25/10/2014 - D – C:\Users\OWNER\AppData\Roaming\Dropbox =>.Dropbox
O43 - CFD: 05/12/2016 - D – C:\Users\OWNER\AppData\Roaming\FALCOM
O43 - CFD: 10/05/2016 - D – C:\Users\OWNER\AppData\Roaming\Frontwing
O43 - CFD: 06/09/2008 - D – C:\Users\OWNER\AppData\Roaming\Fujitsu =>.Fujitsu
O43 - CFD: 14/11/2016 - D – C:\Users\OWNER\AppData\Roaming\grabacr.net
O43 - CFD: 30/01/2013 - D – C:\Users\OWNER\AppData\Roaming\Identities =>.Microsoft Corporation
O43 - CFD: 22/06/2014 - D – C:\Users\OWNER\AppData\Roaming\library_dir =>.library_dir
O43 - CFD: 13/10/2015 - D – C:\Users\OWNER\AppData\Roaming\light =>.Light
O43 - CFD: 30/01/2013 - D – C:\Users\OWNER\AppData\Roaming\Macromedia =>.Macromedia
O43 - CFD: 27/08/2016 - D – C:\Users\OWNER\AppData\Roaming\Mael
O43 - CFD: 13/07/2009 - [0] D – C:\Users\OWNER\AppData\Roaming\Media Center Programs =>.Microsoft Corporation
O43 - CFD: 12/08/2015 - SD – C:\Users\OWNER\AppData\Roaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 04/02/2013 - D – C:\Users\OWNER\AppData\Roaming\Mozilla =>.Mozilla Corporation
O43 - CFD: 20/09/2015 - D – C:\Users\OWNER\AppData\Roaming\Mumble =>.Mumble
O43 - CFD: 26/07/2016 - D – C:\Users\OWNER\AppData\Roaming\Nitroplus
O43 - CFD: 28/07/2014 - D – C:\Users\OWNER\AppData\Roaming\onOne Software =>.onOne Software
O43 - CFD: 18/04/2014 - D – C:\Users\OWNER\AppData\Roaming\ONScripter-EN
O43 - CFD: 27/04/2016 - D – C:\Users\OWNER\AppData\Roaming\puush
O43 - CFD: 23/02/2013 - D – C:\Users\OWNER\AppData\Roaming\RealReader
O43 - CFD: 10/01/2015 - D – C:\Users\OWNER\AppData\Roaming\REngLauncher
O43 - CFD: 11/06/2016 - D – C:\Users\OWNER\AppData\Roaming\savedata
O43 - CFD: 09/06/2014 - D – C:\Users\OWNER\AppData\Roaming\Screaming Bee =>.Screaming Bee
O43 - CFD: 30/01/2013 - D – C:\Users\OWNER\AppData\Roaming\SEGA =>.SEGA
O43 - CFD: 19/11/2016 - D – C:\Users\OWNER\AppData\Roaming\Sikuli
O43 - CFD: 13/10/2016 - D – C:\Users\OWNER\AppData\Roaming\Skype =>.Skype
O43 - CFD: 25/10/2014 - D – C:\Users\OWNER\AppData\Roaming\Skype_old
O43 - CFD: 14/11/2016 - D – C:\Users\OWNER\AppData\Roaming\Smooth and Flat
O43 - CFD: 19/04/2015 - D – C:\Users\OWNER\AppData\Roaming\SplitmediaLabs =>.SplitMediaLabs
O43 - CFD: 27/08/2013 - D – C:\Users\OWNER\AppData\Roaming\Stardock =>.Stardock
O43 - CFD: 16/07/2015 - D – C:\Users\OWNER\AppData\Roaming\Steam =>.SteamApps
O43 - CFD: 29/07/2015 - D – C:\Users\OWNER\AppData\Roaming\Tera_Awesomium
O43 - CFD: 12/11/2016 - D – C:\Users\OWNER\AppData\Roaming\TS3Client =>.TeamSpeak
O43 - CFD: 23/12/2013 - D – C:\Users\OWNER\AppData\Roaming\uMod
O43 - CFD: 22/08/2013 - D – C:\Users\OWNER\AppData\Roaming\Unity =>.Unity
O43 - CFD: 30/08/2016 - D – C:\Users\OWNER\AppData\Roaming\vlc =>.VideoLAN
O43 - CFD: 31/01/2013 - D – C:\Users\OWNER\AppData\Roaming\WinRAR =>.WinRAR
O43 - CFD: 11/12/2016 - D – C:\Users\OWNER\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 10/07/2014 - D – C:\Users\OWNER\AppData\Local\AAA_Internet_Publishi ng,_
O43 - CFD: 03/06/2014 - D – C:\Users\OWNER\AppData\Local\Aeria Games =>.Aeria Games
O43 - CFD: 16/11/2016 - D – C:\Users\OWNER\AppData\Local\AMD =>.AMD
O43 - CFD: 19/05/2016 - D – C:\Users\OWNER\AppData\Local\Apowersoft =>.Apowersoft
O43 - CFD: 25/04/2014 - D – C:\Users\OWNER\AppData\Local\Apple =>.Apple Inc.
O43 - CFD: 25/04/2014 - D – C:\Users\OWNER\AppData\Local\Apple Computer =>.Apple Inc.
O43 - CFD: 30/01/2013 - [0] SHD – C:\Users\OWNER\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 10/01/2015 - D – C:\Users\OWNER\AppData\Local\Apps =>.Microsoft Corporation
O43 - CFD: 26/05/2015 - D – C:\Users\OWNER\AppData\Local\AreaZero
O43 - CFD: 25/10/2014 - D – C:\Users\OWNER\AppData\Local\ATI =>.ATI
O43 - CFD: 10/12/2016 - D – C:\Users\OWNER\AppData\Local\Avg =>.AVG Software
O43 - CFD: 29/08/2016 - D – C:\Users\OWNER\AppData\Local\BANDAI NAMCO GAMES =>.BANDAI NAMCO Games
O43 - CFD: 06/12/2015 - D – C:\Users\OWNER\AppData\Local\BISHOP
O43 - CFD: 16/04/2015 - D – C:\Users\OWNER\AppData\Local\Bluestacks =>.BlueStack Systems, Inc.
O43 - CFD: 07/08/2015 - D – C:\Users\OWNER\AppData\Local\BNSUpdater
O43 - CFD: 23/07/2015 - D – C:\Users\OWNER\AppData\Local\CEF =>.CEF
O43 - CFD: 10/12/2016 - [0] D – C:\Users\OWNER\AppData\Local\Deployment =>.Microsoft Corporation
O43 - CFD: 24/07/2016 - [0] D – C:\Users\OWNER\AppData\Local\Diagnostics =>.Microsoft Corporation
O43 - CFD: 23/02/2013 - D – C:\Users\OWNER\AppData\Local\Digital_Distribution
O43 - CFD: 13/10/2016 - D – C:\Users\OWNER\AppData\Local\Discord =>.GitHub
O43 - CFD: 10/01/2015 - D – C:\Users\OWNER\AppData\Local\Downloaded Installations =>.Microsoft Corporation
O43 - CFD: 10/12/2016 - D – C:\Users\OWNER\AppData\Local\ElevatedDiagnostics =>.Microsoft Corporation
O43 - CFD: 23/02/2013 - D – C:\Users\OWNER\AppData\Local\FreeOCR
O43 - CFD: 06/09/2008 - D – C:\Users\OWNER\AppData\Local\Fujitsu =>.Fujitsu
O43 - CFD: 27/08/2013 - D – C:\Users\OWNER\AppData\Local\GameStop =>.GameStop
O43 - CFD: 30/10/2016 - D – C:\Users\OWNER\AppData\Local\Google =>.Google
O43 - CFD: 14/11/2016 - D – C:\Users\OWNER\AppData\Local\grabacr.net
O43 - CFD: 30/01/2013 - [0] SHD – C:\Users\OWNER\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 08/05/2013 - D – C:\Users\OWNER\AppData\Local\INISet
O43 - CFD: 23/02/2013 - D – C:\Users\OWNER\AppData\Local\IsolatedStorage =>.id Software
O43 - CFD: 14/11/2016 - D – C:\Users\OWNER\AppData\Local\KanColleTool
O43 - CFD: 02/10/2013 - D – C:\Users\OWNER\AppData\Local\LogMeIn =>.LogMeIn
O43 - CFD: 18/11/2016 - D – C:\Users\OWNER\AppData\Local\LogMeIn Hamachi =>.LogMeIn Entreprise
O43 - CFD: 04/02/2013 - D – C:\Users\OWNER\AppData\Local\Macromedia =>.Macromedia
O43 - CFD: 05/06/2016 - D – C:\Users\OWNER\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 16/07/2013 - D – C:\Users\OWNER\AppData\Local\Microsoft Games =>.Microsoft Corporation
O43 - CFD: 30/09/2013 - D – C:\Users\OWNER\AppData\Local\Mozilla =>.Mozilla Corporation
O43 - CFD: 18/03/2013 - D – C:\Users\OWNER\AppData\Local\Programs =>.Microsoft Corporation
O43 - CFD: 09/06/2014 - D – C:\Users\OWNER\AppData\Local\SkypeFx
O43 - CFD: 14/11/2016 - D – C:\Users\OWNER\AppData\Local\Smooth and Flat
O43 - CFD: 14/11/2016 - D – C:\Users\OWNER\AppData\Local\Smooth_and_Flat
O43 - CFD: 25/04/2015 - D – C:\Users\OWNER\AppData\Local\SplitMediaLabs =>.SplitMediaLabs
O43 - CFD: 11/01/2016 - D – C:\Users\OWNER\AppData\Local\SquirrelTemp =>.Squirrels
O43 - CFD: 20/02/2015 - D – C:\Users\OWNER\AppData\Local\Steam =>.SteamApps
O43 - CFD: 09/12/2016 - D – C:\Users\OWNER\AppData\Local\SWPatcher
O43 - CFD: 08/11/2014 - D – C:\Users\OWNER\AppData\Local\SyndicatedLife
O43 - CFD: 11/11/2016 - D – C:\Users\OWNER\AppData\Local\TeamSpeak 3 Client =>.TeamSpeak
O43 - CFD: 11/12/2016 - D – C:\Users\OWNER\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 30/01/2013 - [0] SHD – C:\Users\OWNER\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 21/12/2015 - D – C:\Users\OWNER\AppData\Local\UWKProcess
O43 - CFD: 15/10/2015 - D – C:\Users\OWNER\AppData\Local\Vebanaul
O43 - CFD: 03/07/2014 - D – C:\Users\OWNER\AppData\Local\VirtualStore =>.Microsoft Corporation
O43 - CFD: 10/05/2013 - D – C:\Users\OWNER\AppData\Local\WindomXP
O43 - CFD: 08/05/2013 - D – C:\Users\OWNER\AppData\Local\wxpfree
O43 - CFD: 11/12/2016 - D – C:\Users\OWNER\AppData\Local\Zemana =>.Zemana
O43 - CFD: 18/03/2013 - [0] D – C:\Users\OWNER\AppData\Local\Programs\Common =>.Microsoft Corporation
O43 - CFD: 19/09/2013 - RD – C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 14/10/2015 - RD – C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 12/10/2015 - [0] D – C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\AeriaGames =>.AeriaGames
O43 - CFD: 13/10/2016 - D – C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Chrome Apps
O43 - CFD: 01/10/2016 - [0] D – C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\CINEMATOGRAPH
O43 - CFD: 20/11/2016 - D – C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\CLIPCRAFT
O43 - CFD: 31/07/2016 - [0] D – C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Ever17
O43 - CFD: 01/10/2016 - [0] D – C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\frontwing
O43 - CFD: 31/08/2016 - D – C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Hammer & Chisel, Inc =>.Hammer & Chisel, Inc
O43 - CFD: 30/11/2016 - D – C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\JDownloader =>.JDownloader
O43 - CFD: 06/11/2015 - D – C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\KISS
O43 - CFD: 13/10/2016 - D – C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Liar
O43 - CFD: 13/07/2009 - RD – C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 07/12/2016 - D – C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\MiyuPatcher
O43 - CFD: 30/11/2016 - D – C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Mudfish Cloud VPN
O43 - CFD: 18/03/2015 - [0] D – C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Portion
O43 - CFD: 19/11/2016 - D – C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Python 2.7 =>.Python
O43 - CFD: 22/12/2013 - [0] D – C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\RGSS-RTP Standard
O43 - CFD: 09/06/2014 - [0] D – C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Screaming Bee =>.Screaming Bee
O43 - CFD: 25/10/2014 - [0] D – C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\SpeedFan =>.Almico Software
O43 - CFD: 11/12/2016 - RD – C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 05/12/2016 - D – C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Steam =>.SteamApps
O43 - CFD: 23/07/2013 - [0] D – C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\StepMania 5
O43 - CFD: 27/01/2016 - D – C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\WinRAR =>.WinRAR
O43 - CFD: 08/08/2016 - [0] D – C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\あざらしそふと
O43 - CFD: 01/05/2014 - D – C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\AtelierR
O43 - CFD: 04/03/2013 - D – C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\AtelierW
O43 - CFD: 28/02/2016 - D – C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\LTR
O43 - CFD: 13/07/2009 - [0] SHD – C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [0] SHD – C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - D – C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [0] D – C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [0] SHD – C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [0] SHD – C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [0] SHD – C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - D – C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [0] D – C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [0] SHD – C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 10/12/2016 - – C:\Windows\System32\Config\systemprofile\AppData\L ocal\Avg =>.AVG Software
O43 - CFD: 30/01/2013 - – C:\Windows\System32\Config\systemprofile\AppData\L ocal\Google =>.Google
O43 - CFD: 13/07/2009 - D – C:\Windows\System32\Config\systemprofile\AppData\L ocal\Microsoft =>.Microsoft Corporation
O43 - CFD: 25/04/2014 - D – C:\Windows\System32\Config\systemprofile\AppData\R oaming\Apple Computer =>.Apple Inc.
O43 - CFD: 17/04/2015 - SD – C:\Windows\System32\Config\systemprofile\AppData\R oaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 27/06/2014 - – C:\Windows\System32\Config\systemprofile\AppData\R oaming\NetworkTunnel
O43 - CFD: 16/04/2013 - – C:\Windows\System32\Config\systemprofile\AppData\R oaming\Paltiosoft

—\ ShellIconOverlayIdentifiers (SIOI) (2) - 0s
O106 - SIOI: Enhanced Storage Icon Overlay Handler Class [EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation - Windows Enhanced Storage Shell Extension DL.) – C:\Windows\System32\EhStorShell.dll =>.Microsoft Corporation
O106 - SIOI: Sharing Overlay (Private) [SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235}. (.Microsoft Corporation - Shell extensions for sharing.) – C:\Windows\System32\ntshrui.dll =>.Microsoft Corporation

—\ System Drivers List (65) - 61s
O58 - SDL:2009/07/13 17:52:21 A . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) – C:\Windows\System32\drivers\adp94xx.sys [324224] =>.Microsoft Windowsｮ
O58 - SDL:2009/07/13 17:52:21 A . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) – C:\Windows\System32\drivers\adpahci.sys [324224] =>.Microsoft Windowsｮ
O58 - SDL:2009/07/13 17:52:21 A . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) – C:\Windows\System32\drivers\adpu320.sys [324224] =>.Microsoft Windowsｮ
O58 - SDL:2009/07/13 17:52:21 A . (.Acer Laboratories Inc. - ALi mini IDE Driver.) – C:\Windows\System32\drivers\aliide.sys [324224] =>.Microsoft Windowsｮ
O58 - SDL:2016/09/16 11:40:04 A . (.Advanced Micro Devices - AMD ACP Binaries.) – C:\Windows\System32\drivers\amdacpksd.sys [324224] =>.Advanced Micro Devices, Inc.ｮ
O58 - SDL:2010/02/18 09:18:24 A . (.Advanced Micro Devices - AMD IO Driver.) – C:\Windows\System32\drivers\amdiox64.sys [324224] =>.Advanced Micro Devices, Inc.ｮ
O58 - SDL:2010/11/20 05:32:46 A . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) – C:\Windows\System32\drivers\amdsata.sys [324224] =>.Microsoft Windowsｮ
O58 - SDL:2009/07/13 17:52:20 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) – C:\Windows\System32\drivers\amdsbs.sys [324224] =>.Microsoft Windowsｮ
O58 - SDL:2010/11/20 05:32:47 A . (.Advanced Micro Devices - Storage Filter Driver.) – C:\Windows\System32\drivers\amdxata.sys [324224] =>.Microsoft Windowsｮ
O58 - SDL:2009/07/13 17:52:21 A . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) – C:\Windows\System32\drivers\arc.sys [324224] =>.Microsoft Windowsｮ
O58 - SDL:2009/07/13 17:52:21 A . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) – C:\Windows\System32\drivers\arcsas.sys [324224] =>.Microsoft Windowsｮ
O58 - SDL:2016/03/29 21:00:36 A . (.Advanced Micro Devices - AMD High Definition Audio Function Driver.) – C:\Windows\System32\drivers\AtihdW76.sys [324224] =>.Advanced Micro Devices
O58 - SDL:2016/09/16 11:37:36 A . (.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) – C:\Windows\System32\drivers\atikmdag.sys [324224] =>.Advanced Micro Devices, Inc.
O58 - SDL:2016/09/16 11:41:30 A . (.Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) – C:\Windows\System32\drivers\atikmpag.sys [324224] =>.Advanced Micro Devices, Inc.ｮ
O58 - SDL:2009/06/10 12:34:23 A . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x.) – C:\Windows\System32\drivers\b57nd60a.sys [324224] =>.Broadcom Corporation
O58 - SDL:2009/06/10 12:41:06 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower.) – C:\Windows\System32\drivers\BrFiltLo.sys [324224] =>.Brother Industries, Ltd.
O58 - SDL:2009/06/10 12:41:06 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper.) – C:\Windows\System32\drivers\BrFiltUp.sys [324224] =>.Brother Industries, Ltd.
O58 - SDL:2009/07/13 17:19:07 A . (.Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM).) – C:\Windows\System32\drivers\BrSerId.sys [324224] =>.Brother Industries Ltd.
O58 - SDL:2009/06/10 12:41:10 A . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) – C:\Windows\System32\drivers\BrSerWdm.sys [324224] =>.Brother Industries Ltd.
O58 - SDL:2009/06/10 12:41:10 A . (.Brother Industries Ltd. - Brother USB MDM Driver.) – C:\Windows\System32\drivers\BrUsbMdm.sys [324224] =>.Brother Industries Ltd.
O58 - SDL:2009/06/10 12:41:10 A . (.Brother Industries Ltd. - Brother USB Serial Driver.) – C:\Windows\System32\drivers\BrUsbSer.sys [324224] =>.Brother Industries Ltd.
O58 - SDL:2009/06/10 12:34:28 A . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) – C:\Windows\System32\drivers\bxvbda.sys [324224] =>.Broadcom Corporation
O58 - SDL:2009/07/13 17:52:31 A . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) – C:\Windows\System32\drivers\cmdide.sys [324224] =>.Microsoft Windowsｮ
O58 - SDL:2010/12/16 14:58:14 A . (.Elaborate Bytes AG - ElbyCD Windows x64 I/O driver.) – C:\Windows\System32\drivers\ElbyCDIO.sys [324224] =>.Elaborate Bytes AGｮ
O58 - SDL:2009/07/13 17:47:48 A . (.Emulex - Storport Miniport Driver for LightPulse HBA.) – C:\Windows\System32\drivers\elxstor.sys [324224] =>.Microsoft Windowsｮ
O58 - SDL:2011/07/29 10:40:56 A . (.Etron Technology Inc - Etron eXtensible Hub Driver..) – C:\Windows\System32\drivers\EtronHub3.sys [324224] =>.Etron Technology Inc
O58 - SDL:2011/07/29 10:40:58 A . (.Etron Technology Inc - Etron eXtensible Host Controller Driver..) – C:\Windows\System32\drivers\EtronXHCI.sys [324224] =>.Etron Technology Inc
O58 - SDL:2009/06/10 12:34:33 A . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) – C:\Windows\System32\drivers\evbda.sys [324224] =>.Broadcom Corporation
O58 - SDL:2009/03/18 15:35:42 AH . (.LogMeIn, Inc. - Hamachi Virtual Network Interface Driver.) – C:\Windows\System32\drivers\hamachi.sys [324224] =>.LogMeIn, Inc.ｮ
O58 - SDL:2009/06/10 12:31:59 A . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for.) – C:\Windows\System32\drivers\hcw85cir.sys [324224] =>.Hauppauge Computer Works, Inc.
O58 - SDL:2010/11/20 05:33:35 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) – C:\Windows\System32\drivers\HpSAMD.sys [324224] =>.Microsoft Windowsｮ
O58 - SDL:2010/11/20 05:33:38 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) – C:\Windows\System32\drivers\iaStorV.sys [324224] =>.Microsoft Windowsｮ
O58 - SDL:2009/07/13 17:48:04 A . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) – C:\Windows\System32\drivers\iirsp.sys [324224] =>.Microsoft Windowsｮ
O58 - SDL:2011/08/10 23:54:26 A . (.Atheros Communications, Inc. - Atheros Ar81xx series PCI-E Gigabit Etherne.) – C:\Windows\System32\drivers\L1C60x64.sys [324224] =>.Atheros Communications Inc.ｮ
O58 - SDL:2009/07/13 17:48:04 A . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) – C:\Windows\System32\drivers\lsi_fc.sys [324224] =>.Microsoft Windowsｮ
O58 - SDL:2009/07/13 17:48:04 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) – C:\Windows\System32\drivers\lsi_sas.sys [324224] =>.Microsoft Windowsｮ
O58 - SDL:2009/07/13 17:48:04 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) – C:\Windows\System32\drivers\lsi_sas2.sys [324224] =>.Microsoft Windowsｮ
O58 - SDL:2009/07/13 17:48:04 A . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) – C:\Windows\System32\drivers\lsi_scsi.sys [324224] =>.Microsoft Windowsｮ
O58 - SDL:2015/10/01 01:23:59 A . (.Malwarebytes Corporation - Malwarebytes Chameleon Protection Driver.) – C:\Windows\System32\drivers\mbamchameleon.sys [324224] =>.Malwarebytes Corporationｮ
O58 - SDL:2016/12/10 22:15:39 A . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) – C:\Windows\System32\drivers\MBAMSwissArmy.sys [324224] =>.Malwarebytes Corporationｮ
O58 - SDL:2009/07/13 17:48:04 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) – C:\Windows\System32\drivers\megasas.sys [324224] =>.Microsoft Windowsｮ
O58 - SDL:2009/07/13 17:48:04 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) – C:\Windows\System32\drivers\MegaSR.sys [324224] =>.Microsoft Windowsｮ
O58 - SDL:2015/01/09 01:08:32 A . (.SoftEther VPN Project at University of Tsukuba, Japan - SoftEther VPN.) – C:\Windows\System32\drivers\Neo_0038.sys [324224] =>.SoftEther K.K.ｮ
O58 - SDL:2009/07/13 17:48:26 A . (.IBM Corporation - IBM ServeRAID Controller Driver.) – C:\Windows\System32\drivers\nfrd960.sys [324224] =>.Microsoft Windowsｮ
O58 - SDL:2010/11/20 05:33:48 A . (.NVIDIA Corporation - NVIDIA® nForce™ RAID Driver.) – C:\Windows\System32\drivers\nvraid.sys [324224] =>.Microsoft Windowsｮ
O58 - SDL:2010/11/20 05:33:48 A . (.NVIDIA Corporation - NVIDIA® nForce™ Sata Performance Driver.) – C:\Windows\System32\drivers\nvstor.sys [324224] =>.Microsoft Windowsｮ
O58 - SDL:2009/07/13 17:45:46 A . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) – C:\Windows\System32\drivers\ql2300.sys [324224] =>.Microsoft Windowsｮ
O58 - SDL:2009/07/13 17:45:45 A . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) – C:\Windows\System32\drivers\ql40xx.sys [324224] =>.Microsoft Windowsｮ
O58 - SDL:2011/04/22 01:17:04 A . (.Realtek - Realtek 8136/8168/8169 NDIS 6.20 64-bit Dri.) – C:\Windows\System32\drivers\Rt64win7.sys [324224] =>.Realtek Semiconductor Corpｮ
O58 - SDL:2010/07/01 13:21:50 A . (.Screaming Bee LLC - Screaming Bee Audio Driver.) – C:\Windows\System32\drivers\ScreamingBAudio64.sys [324224] =>.Screaming Bee LLCｮ
O58 - SDL:2009/06/10 12:37:19 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) – C:\Windows\System32\drivers\secdrv.sys [324224] =>.Macrovision Corporation, Macrovision Europe Limited,
O58 - SDL:2009/07/13 17:45:45 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) – C:\Windows\System32\drivers\sisraid2.sys [324224] =>.Microsoft Windowsｮ
O58 - SDL:2009/07/13 17:45:46 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) – C:\Windows\System32\drivers\sisraid4.sys [324224] =>.Microsoft Windowsｮ
O58 - SDL:2013/05/08 21:33:40 A . (.Authors - .) – C:\Windows\System32\drivers\sptd.sys [324224]
O58 - SDL:2009/07/13 17:45:55 A . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) – C:\Windows\System32\drivers\stexstor.sys [324224] =>.Microsoft Windowsｮ
O58 - SDL:2013/09/23 14:39:28 A . (.The OpenVPN Project - TAP-Win32 Virtual Network Driver.) – C:\Windows\System32\drivers\tap0901.sys [324224] =>.The OpenVPN Project
O58 - SDL:2016/04/01 14:02:35 A . (.Apple, Inc. - Apple Mobile Device USB Driver.) – C:\Windows\System32\drivers\usbaapl64.sys [324224] =>.Apple, Inc.
O58 - SDL:2011/01/15 08:21:04 A . (.Elaborate Bytes AG - VirtualCloneCD Driver.) – C:\Windows\System32\drivers\VClone.sys [324224] =>.Elaborate Bytes AG
O58 - SDL:2009/07/13 17:45:55 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) – C:\Windows\System32\drivers\viaide.sys [324224] =>.Microsoft Windowsｮ
O58 - SDL:2013/04/18 14:34:22 A . (.Headsoft - VJoy Virtual Joystick Driver.) – C:\Windows\System32\drivers\vjoy.sys [324224] {11218A7D74F838907AA32D509C5D68E08411} =>.Headsoft
O58 - SDL:2009/07/13 17:45:55 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) – C:\Windows\System32\drivers\vsmraid.sys [324224] =>.Microsoft Windowsｮ
O58 - SDL:2014/07/02 19:49:08 A . (.SplitmediaLabs Limited - XSplit Stream Audio.) – C:\Windows\System32\drivers\xspltspk.sys [324224] =>.Splitmedialabs Limitedｮ
O58 - SDL:2016/12/11 01:47:41 A . (.Zemana Ltd. - ZAM.) – C:\Windows\System32\drivers\zam64.sys [324224] =>.Zemana Ltd.ｮ
O58 - SDL:2016/12/11 01:47:39 A . (.Zemana Ltd. - ZAM.) – C:\Windows\System32\drivers\zamguard64.sys [324224] =>.Zemana Ltd.ｮ
O58 - SDL:2016/04/05 15:18:28 AH . (.LogMeIn, Inc. - Hamachi Virtual Network Interface Driver.) – C:\Windows\System32\hamachi.sys [324224] =>.LogMeIn, Inc.ｮ

—\ Last modified or created user files (13) - 91s
O61 - LFC: 2016/12/11 00:13:04 A . (.Copyright © 2015.) – C:\Users\OWNER\Desktop\Adware Removal Tool by TSA.exe [752296] {317DD1C55F51AC2756D9C93C060C6FA5}
O61 - LFC: 2016/12/11 06:07:09 A . (..) – C:\Users\OWNER\Desktop\zoek.exe [1309184]
O61 - LFC: 2016/12/07 12:08:23 A . (.© Microsoft Corporation. All rights reserved..) – C:\Users\OWNER\Desktop\Launchers\SW\setup(1).exe [591240]
O61 - LFC: 2016/12/05 11:49:22 A . (.Java™ Native Access (JNA).) – C:\Users\OWNER\Desktop\Extra\DL Manager\tmp\jna\jna8308253101283634884.dll [198144]
O61 - LFC: 2016/12/05 11:49:29 A . (..) – C:\Users\OWNER\Desktop\Extra\DL Manager\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll [4078962]
O61 - LFC: 2016/12/05 11:49:29 A . (..) – C:\Users\OWNER\Desktop\Extra\DL Manager\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll [566439]
O61 - LFC: 2016/12/07 12:12:13 N . (.Dino Chiesa.) – C:\Users\OWNER\AppData\Local\Apps\2.0\1KJ40ETR.D9N \H889L8M7.9GB\swpa..tion_57a59494e3651860_0002.000 4_dc2358626ec28004\Ionic.Zip.Patched.dll [462848]
O61 - LFC: 2016/12/07 12:12:14 A . (.MadMilkman.) – C:\Users\OWNER\AppData\Local\Apps\2.0\1KJ40ETR.D9N \H889L8M7.9GB\swpa..tion_57a59494e3651860_0002.000 4_dc2358626ec28004\MadMilkman.Ini.dll [40960]
O61 - LFC: 2016/12/07 12:12:13 A . (..) – C:\Users\OWNER\AppData\Local\Apps\2.0\1KJ40ETR.D9N \H889L8M7.9GB\swpa..tion_57a59494e3651860_0002.000 4_dc2358626ec28004\patchw32.dll [252832] {78BB344EC2C9E38268CEEA6C93F9B725}
O61 - LFC: 2016/12/07 12:12:14 N . (.Copyright © 2016.) – C:\Users\OWNER\AppData\Local\Apps\2.0\1KJ40ETR.D9N \H889L8M7.9GB\swpa..tion_57a59494e3651860_0002.000 4_dc2358626ec28004\SWPatcher.exe [583048]
O61 - LFC: 2016/12/07 12:12:13 A . (..) – C:\Users\OWNER\AppData\Local\Apps\2.0\1KJ40ETR.D9N \H889L8M7.9GB\swpa…exe_57a59494e3651860_0002.0004_ en_b2b5d0881c8cd648\patchw32.dll [252832] {78BB344EC2C9E38268CEEA6C93F9B725}
O61 - LFC: 2016/12/07 12:12:14 A . (.MadMilkman.) – C:\Users\OWNER\AppData\Local\Apps\2.0\1KJ40ETR.D9N \H889L8M7.9GB\madm…ini_4e0b5157a7ffbb74_0001.0000_ none_a972c2f079e1e421\MadMilkman.Ini.dll [40960]
O61 - LFC: 2016/12/07 15:52:36 A . (..) – C:\Users\OWNER\AppData\Local\AMD\DxCache\23c63d5d8 344258f4b6f9c30f232a03e87378e3449650438..bin [4194304]

—\ File Associations Shell Spawning (11) - 0s
O67 - Shell Spawning: <.bat> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.cpl> [HKLM..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) – C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.com> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.evt> [HKLM..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) – C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.exe> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.html> [HKLM..\open\Command] (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporationｮ
O67 - Shell Spawning: <.js> [HKLM..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) – C:\Windows\System32\wscript.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.reg> [HKLM..\open\Command] (.Microsoft Corporation - Registry Editor.) – C:\Windows\regedit.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.scr> [HKLM..\open\Command] (…) – “%1” /S
O67 - Shell Spawning: <.html> [HKCU..\open\Command] (.Mozilla Corporation - Firefox.) – C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporationｮ

—\ Start Menu Internet (12) - 0s
O68 - StartMenuInternet: <FIREFOX.EXE> [HKLM..\Shell\open\Command] (.Mozilla Corporation - Firefox.) – C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporationｮ
O68 - StartMenuInternet: [HKLM..\Shell\open\Command] (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Incｮ
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporationｮ
O68 - StartMenuInternet: <FIREFOX.EXE> [HKLM..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) – C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: [HKLM..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <FIREFOX.EXE> [HKLM..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) – C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: [HKLM..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <FIREFOX.EXE> [HKLM..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) – C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: [HKLM..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation

—\ Search Browser Infection (10) - 11s
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - http://www.google.com/ =>.Google Inc.
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKCU] {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - (Google) - http://www.google.com/ =>.Google Inc.
O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKLM] {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - (Google) - http://www.google.com/ =>.Google Inc.
O69 - SBI: SearchScopes [HKLM] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com/ =>.Google Inc.
O69 - SBI: SearchScopes [HKUS.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKUS.DEFAULT] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com/ =>.Google Inc.
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com/ =>.Google Inc.

—\ Search Svchost Services (33) - 1s
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) – C:\Windows\System32\aelupsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\Windows\System32\certprop.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\Windows\System32\certprop.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) – C:\Windows\system32\srvsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) – C:\Windows\System32\gpsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) – C:\Windows\System32\ikeext.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) – C:\Windows\System32\Audiosrv.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) – C:\Windows\System32\rasauto.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) – C:\Windows\System32\rasmans.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) – C:\Windows\System32\mprdim.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) – C:\Windows\System32\Sens.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) – C:\Windows\System32\ipnathlp.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows™ Telephony Server.) – C:\Windows\System32\tapisrv.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Remote Desktop Session Host Server Remote C.) – C:\Windows\System32\termsrv.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) – C:\Windows\system32\wuaueng.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) – C:\Windows\System32\qmgr.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) – C:\Windows\System32\shsvcs.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) – C:\Windows\System32\iphlpsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) – C:\Windows\system32\seclogon.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) – C:\Windows\System32\appinfo.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) – C:\Windows\system32\iscsiexe.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) – C:\Windows\system32\mmcss.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) – C:\Windows\system32\wbem\WMIsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) – C:\Windows\System32\SessEnv.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) – C:\Windows\System32\browser.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) – C:\Windows\System32\eapsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) – C:\Windows\system32\schedsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) – C:\Windows\system32\kmsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) – C:\Windows\System32\wercplsupport.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) – C:\Windows\system32\profsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) – C:\Windows\system32\themeservice.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) – C:\Windows\System32\bdesvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) – C:\Windows\System32\appmgmts.dll [324224] =>.Microsoft Corporation

—\ Additional Scan (O88) (2) - 0s
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} =>.Superfluous.Orphan
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9} =>.Superfluous.Orphan

—\ Summary of the elements found (1) - 0s
https://www.nicolascoolman.com/fr/re...et_infections/ =>Hijacker.DNS.Hosts

~ End of the scan, 34545 items in 00h05mn26s (1091)