Solved Computer freezes up

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up
Status
Not open for further replies.

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
Welcome to PCHF :)


From Safe Mode With Networking please run this tool.


Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"



If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.


  1. Accept the default whitelist options,
  2. If the additions.txt options box is not checked please select it.
  3. Then select Scan



Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.



Please Copy and Paste the contents of these logs in your next post for review
 

Prinny

PCHF Member
PCHF Member
Dec 11, 2016
36
11
Maintenance Hell
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by OWNER (administrator) on OWNER-PC (10-12-2016 23:16:14)
Running from C:\Users\OWNER\Desktop
Loaded Profiles: OWNER (Available Profiles: OWNER)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\...\MountPoints2: {646cb0c1-6b01-11e2-8017-806e6f6e6963} - D:\Run.exe
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{26F54C70-E6A9-4026-AAE6-12027642A3E0}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2B0F3536-45DB-43BD-8D5D-6D24B03F4ECD}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ja-jp/?ocid=iehp
HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={E8FE87FC-B90F-4F8E-8E76-77F54D022E86}&mid=6950e4184e674fa896e387d2fbc29959-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2016-03-18 00:35:34&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={E8FE87FC-B90F-4F8E-8E76-77F54D022E86}&mid=6950e4184e674fa896e387d2fbc29959-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2016-03-18 00:35:34&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2016-11-19] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2016-11-19] (Oracle Corporation)
BHO-x32: ATLAS Toolbar -> {3C6301ED-0F78-4AF2-8150-D9C052361A8E} -> C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL [2007-10-04] (FUJITSU LIMITED)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
Toolbar: HKLM-x32 - ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL [2007-10-04] (FUJITSU LIMITED)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {F8160836-0C11-4CA4-AD87-944542C7BCBD} hxxp://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab

FireFox:
========
FF DefaultProfile: v88yth1x.default-1396169490810
FF ProfilePath: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 [2016-12-10]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 -> Google
FF Homepage: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 -> hxxps://www.google.com
FF NetworkProxy: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 -> ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 -> http_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 -> no_proxies_on", "localhost, 189.17.1.245"
FF NetworkProxy: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 -> socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 -> ssl_port", 3128
FF Extension: (AVG Web TuneUp) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810\Extensions\[email protected] [2016-04-27]
FF Extension: (Ghostery) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810\Extensions\[email protected] [2016-11-29]
FF Extension: (ExHentai Easy 2) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810\Extensions\[email protected] [2016-08-12]
FF Extension: (NoScript) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-11-28]
FF SearchPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810\searchplugins\yahoo_ff.xml [2014-05-16]
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\BetterSurf\ff => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-10] ()
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-11-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2016-11-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2014-11-11] (Unity Technologies ApS)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-10] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.9\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\\1.8.101.2154\npQQPhoneManagerExt.dll [2012-12-20] (腾讯公司)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.37\Bin\npSSOAxCtrlForPTLogin.dll [2013-12-30] (Tencent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: pmang.jp/pmangdiagnostic-1 -> C:\GameOn\Common files\nppmangdiagnostic_0.dll [No File]
FF Plugin HKU\S-1-5-21-2941685042-3306150061-3194319401-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\OWNER\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-09-03] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default [2016-12-10]
CHR Extension: (Sad Panda) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohapeiooecafommnlaiccilacgmkaoc [2016-08-25]
CHR Extension: (Adblock Plus) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27]
CHR Extension: (グランブルーファンタジー[ChromeApps版]) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\eablgejicbklomgaiclcolfilbkckngf [2016-11-06]
CHR Extension: (KanColle Command Center 改) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgmldnainaglpjngpajnnjfhpdjkohh [2016-12-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Chrome Media Router) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-09]
CHR Profile: C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-05-04]
CHR Profile: C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\System Profile [2016-05-04]
CHR HKLM-x32\...\Chrome\Extension: [cikkkfooompgefbcjlgdjejfdknkheaj] - C:\Program Files (x86)\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gpiifgmgnfdiblgpaepbmfdkcheicgof] - C:\Program Files (x86)\Common Files\Spigot\GC\nta_1.0_0.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\OWNER\AppData\Local\Slick Savings\coupons.crx [2014-05-16]
CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-10-12] (Advanced Micro Devices, Inc.)
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
S4 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-07-31] (SurfRight B.V.)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2016-04-05] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5449136 2016-05-16] (INCA Internet Co., Ltd.)
S4 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4374072 2015-01-09] (SoftEther VPN Project at University of Tsukuba, Japan.)
S4 Thorn; C:\Users\OWNER\AppData\Local\THORN\Thorn.exe [56824 2015-10-01] (GGS)
S4 UCManSvc; C:\Program Files (x86)\SoftDenchi\UCManSvc.exe [186512 2012-11-01] (Paltiosoft Inc.) [File not signed]
S4 vToolbarUpdater40.2.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\ToolbarUpdater.exe [1964616 2016-04-13] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S4 WtuSystemSupport; "C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
S3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [99440 2011-08-10] (Atheros Communications, Inc.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [89304 2015-10-01] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 Neo_JP; C:\Windows\System32\DRIVERS\Neo_0038.sys [28768 2015-01-09] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2013-05-08] () [File not signed]
S3 TesSafe; C:\Windows\system32\TesSafe.sys [910992 2015-01-10] (TENCENT)
S3 vhidmini; C:\Windows\System32\DRIVERS\vjoy.sys [15544 2013-04-18] (Headsoft)
S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
U3 a3fmwe7o; C:\Windows\System32\Drivers\a3fmwe7o.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S1 QMUdisk; \??\C:\Program Files\腾讯游戏\QQPCMgr\8.11.11347.801\QMUdisk64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\OWNER\Desktop\OpenHardwareMonitor\OpenHardwareMonitorLib.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-10 23:16 - 2016-12-10 23:17 - 00014625 _____ C:\Users\OWNER\Desktop\FRST.txt
2016-12-10 23:09 - 2016-12-10 23:16 - 00000000 ____D C:\FRST
2016-12-10 23:08 - 2016-12-10 23:08 - 02420224 _____ (Farbar) C:\Users\OWNER\Desktop\FRST64.exe
2016-12-10 20:52 - 2016-12-10 22:36 - 00193720 _____ C:\Windows\ntbtlog.txt
2016-12-10 20:43 - 2016-12-10 20:43 - 00003744 ____N C:\bootsqm.dat
2016-12-10 02:27 - 2016-12-10 02:27 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-12-10 02:27 - 2016-12-10 02:27 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-12-10 02:27 - 2016-12-10 02:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-12-10 01:16 - 2016-12-10 02:18 - 00000000 ____D C:\AVG_Remover
2016-12-09 19:28 - 2016-12-09 19:28 - 00001113 _____ C:\Users\OWNER\Desktop\WhoCrashed.lnk
2016-12-09 18:11 - 2016-12-09 23:27 - 00000000 ____D C:\Users\Default\Desktop\WhoCrashed
2016-12-09 18:11 - 2016-12-09 23:27 - 00000000 ____D C:\Users\Default User\Desktop\WhoCrashed
2016-12-09 18:11 - 2016-12-09 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
2016-12-09 18:09 - 2016-12-09 18:09 - 04958280 _____ (Resplendence Software Projects Sp. ) C:\Users\OWNER\Desktop\whocrashedSetup.exe
2016-12-09 17:12 - 2016-12-09 17:12 - 00514172 _____ C:\Users\OWNER\Desktop\openhardwaremonitor-v0.8.0-beta.zip
2016-12-07 12:12 - 2016-12-09 23:35 - 00000000 ____D C:\Users\OWNER\AppData\Local\SWPatcher
2016-12-07 12:12 - 2016-12-07 12:12 - 00000390 _____ C:\Users\OWNER\Desktop\Soulworker Patcher.appref-ms
2016-12-07 12:12 - 2016-12-07 12:12 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiyuPatcher
2016-12-06 23:33 - 2016-12-06 23:33 - 00000575 _____ C:\Users\OWNER\Desktop\バンダイナムコオンラインランチャー.lnk
2016-12-06 23:33 - 2016-12-06 23:33 - 00000000 ____D C:\Users\OWNER\Desktop\BNO
2016-12-06 16:29 - 2016-12-06 16:44 - 00000000 ____D C:\Users\OWNER\Desktop\Convenience
2016-12-06 16:26 - 2016-12-07 16:08 - 00000000 ____D C:\Users\OWNER\Desktop\Extra
2016-12-06 16:25 - 2016-12-06 23:32 - 00000000 ____D C:\Users\OWNER\Desktop\Launchers
2016-12-05 23:04 - 2016-12-05 23:04 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\FALCOM
2016-12-03 16:20 - 2016-05-16 04:25 - 05449136 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
2016-12-03 16:20 - 2005-01-02 04:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys
2016-12-03 16:20 - 2003-07-18 13:17 - 00005174 _____ C:\Windows\SysWOW64\nppt9x.vxd
2016-12-02 21:52 - 2016-11-02 07:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-12-02 21:52 - 2016-11-02 07:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-12-02 21:52 - 2016-11-02 07:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-12-02 21:52 - 2016-11-02 07:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-12-02 21:52 - 2016-11-02 07:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-12-02 21:52 - 2016-11-02 07:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-12-02 21:52 - 2016-11-02 07:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-12-02 21:52 - 2016-11-02 07:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-12-02 21:52 - 2016-11-02 07:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-12-02 21:52 - 2016-11-02 06:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-12-02 21:52 - 2016-10-25 07:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-12-02 21:52 - 2016-10-15 07:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-12-02 21:52 - 2016-10-15 07:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-12-02 21:52 - 2016-10-15 07:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-12-02 21:52 - 2016-10-15 07:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-12-02 21:52 - 2016-10-11 07:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-12-02 21:52 - 2016-10-11 07:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-12-02 21:52 - 2016-10-11 07:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-12-02 21:52 - 2016-10-11 07:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-12-02 21:52 - 2016-10-11 07:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-12-02 21:52 - 2016-10-11 07:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-12-02 21:52 - 2016-10-11 07:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-12-02 21:52 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-12-02 21:52 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-12-02 21:52 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-12-02 21:52 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-12-02 21:52 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-12-02 21:52 - 2016-10-11 07:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-12-02 21:52 - 2016-10-11 07:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-12-02 21:52 - 2016-10-11 07:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-12-02 21:52 - 2016-10-11 07:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-12-02 21:52 - 2016-10-11 07:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-12-02 21:52 - 2016-10-11 07:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-12-02 21:52 - 2016-10-11 07:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-12-02 21:52 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2016-12-02 21:52 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-12-02 21:52 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2016-12-02 21:52 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-12-02 21:52 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2016-12-02 21:52 - 2016-10-11 07:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-12-02 21:52 - 2016-10-11 05:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-12-02 21:52 - 2016-10-11 05:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-12-02 21:52 - 2016-10-10 07:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-12-02 21:52 - 2016-10-10 07:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-12-02 21:52 - 2016-10-10 07:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-12-02 21:52 - 2016-10-10 07:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-12-02 21:52 - 2016-10-10 07:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-12-02 21:52 - 2016-10-10 07:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-12-02 21:52 - 2016-10-10 07:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-12-02 21:52 - 2016-10-10 07:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-12-02 21:52 - 2016-10-10 07:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-12-02 21:52 - 2016-10-10 07:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-12-02 21:52 - 2016-10-10 07:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-12-02 21:52 - 2016-10-10 07:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-12-02 21:52 - 2016-10-10 07:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-12-02 21:52 - 2016-10-10 07:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-12-02 21:52 - 2016-10-10 07:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-12-02 21:52 - 2016-10-10 07:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-12-02 21:52 - 2016-10-10 07:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-12-02 21:52 - 2016-10-10 07:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-12-02 21:52 - 2016-10-10 07:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-12-02 21:52 - 2016-10-10 07:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-12-02 21:52 - 2016-10-10 07:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-12-02 21:52 - 2016-10-10 07:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-12-02 21:52 - 2016-10-10 07:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-12-02 21:52 - 2016-10-10 07:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-12-02 21:52 - 2016-10-10 07:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-12-02 21:52 - 2016-10-10 07:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-12-02 21:52 - 2016-10-10 07:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-12-02 21:52 - 2016-10-10 07:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-12-02 21:52 - 2016-10-10 07:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-12-02 21:52 - 2016-10-10 07:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-12-02 21:52 - 2016-10-10 07:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-12-02 21:52 - 2016-10-10 07:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-12-02 21:52 - 2016-10-10 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-12-02 21:52 - 2016-10-10 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-12-02 21:52 - 2016-10-10 07:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-12-02 21:52 - 2016-10-10 07:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-12-02 21:52 - 2016-10-10 06:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-12-02 21:52 - 2016-10-10 06:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-12-02 21:52 - 2016-10-10 06:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-12-02 21:52 - 2016-10-10 06:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-12-02 21:52 - 2016-10-10 06:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-12-02 21:52 - 2016-10-10 06:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-12-02 21:52 - 2016-10-07 07:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-12-02 21:52 - 2016-10-07 07:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-12-02 21:52 - 2016-10-07 07:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-12-02 21:52 - 2016-10-07 07:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-12-02 21:52 - 2016-10-07 07:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-12-02 21:52 - 2016-10-07 07:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 07:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-12-02 21:52 - 2016-10-07 07:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-12-02 21:52 - 2016-10-07 07:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-12-02 21:52 - 2016-10-07 07:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-12-02 21:52 - 2016-10-07 07:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-12-02 21:52 - 2016-10-07 06:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-12-02 21:52 - 2016-10-07 06:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-12-02 21:52 - 2016-10-07 06:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-12-02 21:52 - 2016-10-07 06:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-12-02 21:52 - 2016-10-07 06:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-12-02 21:52 - 2016-10-07 06:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 06:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 06:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-12-02 21:52 - 2016-10-07 06:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-12-02 21:52 - 2016-10-05 06:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-12-02 21:52 - 2016-09-15 06:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-12-02 21:52 - 2016-09-13 07:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-12-02 21:52 - 2016-09-13 07:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-12-02 21:52 - 2016-09-09 10:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-12-02 21:52 - 2016-09-09 10:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-12-02 21:52 - 2016-08-22 08:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-30 21:47 - 2016-11-30 21:47 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mudfish Cloud VPN
2016-11-30 21:43 - 2016-11-30 21:43 - 02015880 _____ C:\Users\OWNER\Downloads\mudfish-4.4.3-x86_64-win2k-setup.exe
2016-11-30 19:02 - 2016-11-30 19:02 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2016-11-30 18:41 - 2016-11-30 18:42 - 00076504 _____ (AppWork GmbH) C:\Users\OWNER\Downloads\WebInstaller.exe
2016-11-30 14:27 - 2016-11-30 21:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-20 03:34 - 2016-11-20 03:34 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CLIPCRAFT
2016-11-19 04:50 - 2016-11-19 04:51 - 00000000 ____D C:\Python27
2016-11-19 04:42 - 2016-11-19 04:42 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Sikuli
2016-11-19 04:29 - 2016-11-19 04:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-19 04:29 - 2016-11-19 04:28 - 00320424 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2016-11-19 04:29 - 2016-11-19 04:28 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2016-11-19 04:29 - 2016-11-19 04:28 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2016-11-19 04:29 - 2016-11-19 04:28 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-11-19 04:28 - 2016-11-19 04:28 - 00000000 ____D C:\Users\OWNER\AppData\LocalLow\Sun
2016-11-19 04:28 - 2016-11-19 04:28 - 00000000 ____D C:\Program Files\Java
2016-11-18 23:46 - 2016-11-18 23:46 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-11-18 23:46 - 2016-11-18 23:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-11-18 23:46 - 2016-11-18 23:46 - 00000000 ____D C:\Program Files\CCleaner
2016-11-17 21:29 - 2016-12-10 21:55 - 00000000 ____D C:\Users\OWNER\AppData\LocalLow\Mozilla
2016-11-16 20:21 - 2016-11-16 20:21 - 00000000 ____D C:\Users\OWNER\AppData\LocalLow\AMD
2016-11-16 15:30 - 2016-11-16 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2016-11-14 23:40 - 2016-11-14 23:40 - 00000000 ____D C:\Users\OWNER\AppData\Local\Smooth and Flat
2016-11-14 23:39 - 2016-11-14 23:39 - 00000000 ____D C:\Users\OWNER\Documents\KanColleViewer!
2016-11-14 23:34 - 2016-11-14 23:34 - 00000000 ____D C:\Users\OWNER\AppData\Local\Smooth_and_Flat
2016-11-14 23:33 - 2016-11-14 23:33 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Smooth and Flat
2016-11-14 22:53 - 2016-11-14 22:57 - 00000000 ____D C:\Users\OWNER\AppData\Local\grabacr.net
2016-11-14 22:53 - 2016-11-14 22:53 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\grabacr.net
2016-11-14 22:22 - 2016-11-14 22:22 - 00000000 ____D C:\Users\OWNER\AppData\Local\KanColleTool
2016-11-11 23:29 - 2016-11-11 23:29 - 00001169 _____ C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2016-11-11 23:28 - 2016-11-11 23:29 - 00000000 ____D C:\Users\OWNER\AppData\Local\TeamSpeak 3 Client
2016-11-11 23:27 - 2016-11-11 23:27 - 32019840 _____ (TeamSpeak Systems GmbH) C:\Users\OWNER\Downloads\TeamSpeak3-Client-win64-3.0.19.4.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-10 22:36 - 2013-12-11 21:34 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-12-10 22:25 - 2013-03-23 13:54 - 00000000 ____D C:\Users\OWNER\AppData\Local\ElevatedDiagnostics
2016-12-10 22:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-12-10 22:15 - 2013-12-11 21:34 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-10 21:42 - 2013-01-30 11:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-10 21:41 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-10 21:40 - 2016-08-08 11:27 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-12-10 21:40 - 2016-05-04 18:29 - 00000000 ____D C:\Windows\pss
2016-12-10 21:32 - 2009-07-13 20:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-10 21:32 - 2009-07-13 20:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-10 18:41 - 2013-11-19 18:28 - 00007601 _____ C:\Users\OWNER\AppData\Local\Resmon.ResmonCfg
2016-12-10 17:50 - 2015-12-13 15:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-10 17:29 - 2013-01-30 11:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-10 14:52 - 2015-01-09 01:04 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2016-12-10 14:50 - 2015-01-10 02:15 - 00000000 ____D C:\Users\OWNER\AppData\Local\Deployment
2016-12-10 14:29 - 2016-01-11 14:38 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\discord
2016-12-10 03:31 - 2016-04-14 00:57 - 00000000 ____D C:\Program Files (x86)\Mudfish Cloud VPN
2016-12-10 02:28 - 2013-01-29 20:53 - 00001945 _____ C:\Windows\epplauncher.mif
2016-12-10 02:18 - 2015-05-26 13:10 - 00000000 ____D C:\Users\OWNER\AppData\Local\Avg
2016-12-10 01:36 - 2015-06-12 12:40 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-09 20:07 - 2013-01-30 20:13 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-09 18:15 - 2010-01-31 14:00 - 00000000 ____D C:\Users\OWNER\Desktop\OpenHardwareMonitor
2016-12-09 18:01 - 2014-10-25 06:18 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2016-12-09 16:31 - 2016-09-20 01:49 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2016-12-09 10:02 - 2015-02-07 02:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\light
2016-12-09 09:53 - 2014-07-30 11:34 - 00000000 ____D C:\PSOT
2016-12-08 14:48 - 2013-02-27 18:56 - 00000000 ____D C:\AtelierW
2016-12-08 14:31 - 2013-05-09 15:11 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-06 23:33 - 2016-05-05 19:06 - 00000575 _____ C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\バンダイナムコオンラインランチャー.lnk
2016-12-06 16:26 - 2013-01-21 20:48 - 00000000 ____D C:\Users\OWNER\Downloads\G121028
2016-12-06 16:22 - 2013-11-29 21:39 - 00000000 ____D C:\Users\OWNER\Documents\BnS
2016-12-06 15:13 - 2013-01-29 19:45 - 00000000 ____D C:\Users\OWNER\Documents\SEGA
2016-12-05 23:10 - 2015-02-07 02:34 - 00000000 ____D C:\Program Files (x86)\light
2016-12-05 23:04 - 2009-07-13 21:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-12-05 23:02 - 2013-01-30 09:33 - 00000000 ____D C:\AMD
2016-12-05 23:00 - 2013-05-20 14:17 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-12-05 22:45 - 2013-02-02 17:03 - 00416826 _____ C:\Windows\system32\perfh011.dat
2016-12-05 22:45 - 2013-02-02 17:03 - 00122208 _____ C:\Windows\system32\perfc011.dat
2016-12-05 22:45 - 2009-07-13 21:13 - 01313166 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-05 22:42 - 2013-12-22 18:37 - 00000000 ____D C:\Users\OWNER\Downloads\aooni_en
2016-12-03 14:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-12-03 12:30 - 2013-01-30 09:27 - 00000000 ____D C:\Users\OWNER
2016-12-03 12:28 - 2009-07-13 20:45 - 00266824 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-02 19:07 - 2016-04-17 03:21 - 00000000 ____D C:\Users\OWNER\Downloads\Kancolle
2016-12-02 03:07 - 2013-08-14 00:55 - 00000000 ____D C:\Windows\system32\MRT
2016-12-02 03:00 - 2013-02-02 16:35 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-12-01 00:54 - 2013-10-08 18:50 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Media Player Classic
2016-12-01 00:54 - 2013-05-25 15:50 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\DAEMON Tools Pro
2016-12-01 00:54 - 2013-03-03 20:20 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Azureus
2016-11-30 21:49 - 2013-02-09 14:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-30 21:46 - 2016-05-30 02:29 - 00000000 ____D C:\Users\OWNER\Downloads\BBS
2016-11-27 23:34 - 2013-05-10 23:41 - 00000000 ____D C:\Users\OWNER\Downloads\SC
2016-11-24 05:50 - 2014-05-01 17:22 - 00000000 ____D C:\AtelierR
2016-11-21 19:33 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2016-11-21 12:54 - 2009-07-13 21:08 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-20 03:38 - 2013-05-11 12:13 - 00000000 ____D C:\Users\OWNER\Downloads\NHSC
2016-11-19 04:51 - 2014-06-20 16:04 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 2.7
2016-11-18 23:48 - 2014-06-16 10:20 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-11-18 23:48 - 2013-05-20 16:41 - 00000000 ____D C:\Users\OWNER\AppData\Local\LogMeIn Hamachi
2016-11-18 23:48 - 2013-05-08 21:33 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\DAEMON Tools Lite
2016-11-16 15:36 - 2013-01-30 11:11 - 00000000 ____D C:\Users\OWNER\AppData\Local\AMD
2016-11-16 15:31 - 2016-01-12 14:33 - 00004224 _____ C:\Windows\System32\Tasks\AMD Updater
2016-11-16 15:30 - 2016-04-05 12:57 - 00000000 ____D C:\Program Files (x86)\AMD
2016-11-16 15:25 - 2016-04-05 12:58 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-11-16 15:24 - 2013-01-30 09:34 - 00000000 ____D C:\Program Files\AMD
2016-11-14 23:30 - 2013-03-21 20:14 - 01297678 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-11-12 22:53 - 2013-11-03 19:15 - 00000000 ____D C:\Users\OWNER\AppData\Roaming\TS3Client

==================== Files in the root of some directories =======

2015-07-16 19:12 - 2015-10-07 23:26 - 68888507 _____ () C:\Users\OWNER\AppData\Roaming\chport.exe
2016-05-18 14:06 - 2016-05-18 14:15 - 0000558 _____ () C:\Users\OWNER\AppData\Roaming\odalaunch.ini
2015-07-16 19:12 - 2015-10-07 23:26 - 282715648 _____ () C:\Users\OWNER\AppData\Roaming\steam_api.dmc
2015-07-16 19:12 - 2015-10-07 23:25 - 0000009 _____ () C:\Users\OWNER\AppData\Roaming\update.dat
2014-06-27 21:32 - 2014-06-30 21:32 - 0000600 _____ () C:\Users\OWNER\AppData\Local\PUTTY.RND
2013-11-19 18:28 - 2016-12-10 18:41 - 0007601 _____ () C:\Users\OWNER\AppData\Local\Resmon.ResmonCfg
2013-12-18 20:42 - 2015-01-10 05:39 - 0000040 _____ () C:\ProgramData\DT0001.dat
2014-07-03 00:09 - 2015-01-10 05:39 - 0000040 _____ () C:\ProgramData\DT0006.dat
2013-12-06 16:09 - 2013-12-06 16:09 - 0000058 _____ () C:\ProgramData\Update.ini

Files to move or delete:
====================
C:\ProgramData\DT0001.dat
C:\ProgramData\DT0006.dat


Some files in TEMP:
====================
C:\Users\OWNER\AppData\Local\Temp\avguirn_081512697443.exe
C:\Users\OWNER\AppData\Local\Temp\avguirn_08226517269.exe
C:\Users\OWNER\AppData\Local\Temp\c20c448073abd1a0423d9c57b1875b06.dll
C:\Users\OWNER\AppData\Local\Temp\d2e1e3fedab3ed892a0df92c63e9a780.dll
C:\Users\OWNER\AppData\Local\Temp\JDSetup131250338117512660.exe
C:\Users\OWNER\AppData\Local\Temp\proxy_vole2461826566935967893.dll
C:\Users\OWNER\AppData\Local\Temp\proxy_vole3066871754856067764.dll
C:\Users\OWNER\AppData\Local\Temp\proxy_vole5324773033895722492.dll
C:\Users\OWNER\AppData\Local\Temp\sfamcc00001.dll
C:\Users\OWNER\AppData\Local\Temp\sfareca00001.dll
C:\Users\OWNER\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-04 20:22

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by OWNER (10-12-2016 23:18:17)
Running from C:\Users\OWNER\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2013-01-30 17:27:45)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2941685042-3306150061-3194319401-500 - Administrator - Disabled)
Guest (S-1-5-21-2941685042-3306150061-3194319401-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2941685042-3306150061-3194319401-1003 - Limited - Enabled)
OWNER (S-1-5-21-2941685042-3306150061-3194319401-1000 - Administrator - Enabled) => C:\Users\OWNER

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

_inmm.dll 2.38 (HKLM-x32\...\_inmm) (Version: - )
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Apowersoft Online Launcher version 1.4.4 (HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.4.4 - APOWERSOFT LIMITED)
Application Profiles (HKLM-x32\...\{77A795C8-E532-4B09-5C58-7FFFC3CC9171}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
ATLAS Translation Standard V14.0 Trial Version (HKLM-x32\...\{6652750B-AA69-49B7-9D09-C0A28B6FFC9F}) (Version: 14.00.0000 - FUJITSU LIMITED)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{4FCF716C-CEB4-499D-AFB8-A5375105EC2A}) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
Catalyst Control Center Next Localization BR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
ChuSingura46+1 S (HKLM\...\Steam App 464780) (Version: - インレ)
CPUID CPU-Z 1.71 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Creatures of Darkness (HKLM-x32\...\{573F9269-A022-4C6F-97BD-CF1316A76369}) (Version: 3.3.1 - Screaming Bee)
Cybertroopers Virtual-ON version PC (HKLM-x32\...\{379E152B-4215-44D7-ADBC-DC280791A042}_is1) (Version: PC - Installer by TheArcadeStriker - Game by SEGA)
Deep Space Voices (HKLM-x32\...\{67CEC218-B250-4B4C-B23F-A597EC8DB153}) (Version: 3.3.1 - Screaming Bee)
Dies irae -Amantes amentes- (HKLM-x32\...\InstallShield_{91F5A357-7173-408C-85B7-FAAC69B5AD22}) (Version: 1.00.0000 - 株式会社グリーンウッド)
Dies irae -Amantes amentes- (x32 Version: 1.00.0000 - 株式会社グリーンウッド) Hidden
Discord (HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.104 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.104 - Etron Technology) Hidden
Fantasy Voice Pack (HKLM-x32\...\{5F4C3E1F-87FC-41BD-B219-E4156BBD8AE5}) (Version: 1.3.2 - Screaming Bee)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Galactic Voices (HKLM-x32\...\{891D8FC9-726D-46F2-ADC0-E060A6EB1DC3}) (Version: 1.3.1 - Screaming Bee)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.21 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.212 - SurfRight B.V.)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Ma・ Hz)
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
K-Lite Mega Codec Pack 10.0.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.5 - )
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.422 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.422 - LogMeIn, Inc.) Hidden
Male Voice Pack (HKLM-x32\...\{71DD9C2C-3C7A-4B8D-AA36-C5C528A0CD69}) (Version: 1.3.2 - Screaming Bee)
MeCab 0.98 (HKLM-x32\...\MeCab_is1) (Version: 0.98 - Taku Kudo)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{A1C962E2-2426-49C6-A38B-9A07E40D607C}) (Version: 3.2.217.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MorphVOX Pro (HKLM-x32\...\{1DDBB040-3BEB-4057-90BB-B38B5E081D1B}) (Version: 4.3.21 - Screaming Bee)
Mozilla Firefox 50.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.2.6177 - Mozilla)
Mudfish Cloud VPN v4.4.3 (HKLM-x32\...\Mudfish Cloud VPN) (Version: 4.4.3 - Mudfish Networks)
Personality Voices (HKLM-x32\...\{4B886E97-AF5B-46F0-9F48-6BE03149D972}) (Version: 1.0.1 - Screaming Bee)
PHANTASY STAR ONLINE 2 (HKLM-x32\...\http://pso2.jp/appid/release_is1) (Version: - SEGA)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
RGSS-RTP 1.03 (HKLM-x32\...\RGSS-RTP) (Version: 1.03 - Enterbrain Inc.)
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
Sci-Fi Voice Pack (HKLM-x32\...\{BC038C91-D3C6-4E43-8439-B65976FE7937}) (Version: 1.3.1 - Screaming Bee)
sdrt(5.0, 64bit) (HKLM\...\{63A3DBCF-FB40-4398-9AE5-94EE6206CE12}) (Version: 5.0.3.0 - パルティオソフト株式会社)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.12.9514 - SoftEther VPN Project)
Soulworker Patcher (HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\...\4f8fec11a5e6e736) (Version: 2.4.1.2 - MiyuPatcher)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
Ultimate Knight ƒEƒBƒ“ƒ_ƒ€XP (HKLM-x32\...\{D5C424A1-5C0A-426C-BB0B-D75907243EC3}) (Version: - )
Unity Web Player (HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.0f2 - Unity Technologies ApS)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.)
WhoCrashed 5.53 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
WinRAR 5.31 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH)
XSplit Gamecaster (HKLM-x32\...\{4EDB1851-7427-4324-AAAA-9E3852C73DAE}) (Version: 2.2.1502.1741 - SplitmediaLabs)
いろとりどりのセカイ (HKLM-x32\...\{3DC8D5BA-E704-402F-88F0-E22BF4C41F6F}) (Version: 1.00.0000 - FAVORITE)
ソウルワーカー (HKLM-x32\...\ソウルワーカー) (Version: 1.0.0 - NHN PlayArt Corp.)
バンダイナムコオンラインランチャー (HKLM-x32\...\bno_starter) (Version: 1.0.3 - 株式会社バンダイナムコオンライン)
ユニオリズム・カルテット A3-DAYS (HKLM-x32\...\UQA3) (Version: 1.00 - CLIPCRAFT)
機動戦士ガンダムオンライン (HKLM-x32\...\Olive_is1) (Version: 1.0.0.4 - 株式会社バンダイナムコオンライン)
神咒神威神楽 曙之光 (HKLM-x32\...\InstallShield_{E836AF82-7D3E-415F-BB09-0A124EF73909}) (Version: 1.00.0000 - 株式会社グリーンウッド)
神咒神威神楽 曙之光 (x32 Version: 1.00.0000 - 株式会社グリーンウッド) Hidden
相州戦神館學園 八命陣 (x32 Version: 1.00.0000 - 株式会社グリーンウッド) Hidden
相州戦神館學園 万仙陣 (x32 Version: 1.00.0000 - 株式会社グリーンウッド) Hidden
大迷宮&大迷惑 (HKLM-x32\...\{12BB3C50-4D4F-4D1F-8217-527477FEC813}) (Version: 1.1.1 - (c)Liar-soft/HOBIBOX)
凍京NECRO (HKLM-x32\...\{96448B65-910B-41D9-8CC9-3E6BBC6B299D}) (Version: 1.00.000 - Nitroplus)
セイバーフィッシュ (HKLM-x32\...\JHPCIPOOIKKLILEOCNJDPHJGFPICMGJCIGIPGPICLFICPAILIBICNPICOJIDEJIDJDIDGJJCECCN) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D7DCF91-8711-45D3-851E-DBFBAD9B86C9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-08-10] (Adobe Systems Incorporated)
Task: {119B33B7-2A52-412F-968F-109066C199D0} - System32\Tasks\{155BAE76-F0D7-4B0B-8CA4-8169F3350BAD} => C:\Users\OWNER\Downloads\BlazBlue Continuum Shift\The.King.Of.Fighters.XIII.TaitoTypeX2 - Pimbax\game.exe
Task: {1BEBC858-0DD7-4C06-99CC-74402FFD4D02} - System32\Tasks\{798C79DE-8C69-49BE-BC05-9F1D0406861C} => C:\Users\OWNER\Downloads\BlazBlue Continuum Shift\The.King.Of.Fighters.XIII.TaitoTypeX2 - Pimbax\typex_loader.exe
Task: {4C7B474F-2044-479A-9012-C8B5F401E616} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {65D5F258-01B7-4F96-BFF2-41D77A1F0270} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {6802DDAE-8916-4EFF-98BD-A0E04D63120C} - System32\Tasks\{395B8B54-1DCC-4D89-B5C5-B83AA920524C} => C:\Games\Mangagamer\Kara no Shoujo\Kara no Shoujo.exe
Task: {6B51DEC8-0E54-43EB-887E-3D37F8E9D3B7} - System32\Tasks\{79417B52-B97C-4187-A43F-ED27EE3514F7} => C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe [2016-09-27] (SQUARE ENIX CO., LTD.)
Task: {8218B5A6-854D-477F-952C-3BD9EB65F334} - System32\Tasks\{33802990-D4AF-4FCD-B413-352904CD37E1} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-07-13] (Skype Technologies S.A.)
Task: {8444EB68-097D-42C9-9553-715691D0D02F} - System32\Tasks\GameNet => C:\Program Files (x86)\QGNA\qgna.exe
Task: {8AAA8B63-7E8A-4A08-88CD-BD473CFAFCF3} - System32\Tasks\Microsoft\Windows\MemDiag => C:\Windows\system32\mdres.exe [2009-07-13] (Microsoft Corporation)
Task: {913872D3-8E70-4710-910E-8EDE843EE95E} - System32\Tasks\0715avUpdateInfo => C:\ProgramData\Avg_Update_0715av\0715av_AVG-Secure-Search-Update.exe [2015-07-07] ()
Task: {A47CF2BC-B23D-43D5-96DA-8B3303A72483} - System32\Tasks\{0A419879-A9D4-4082-814A-F36FDE0CA71F} => pcalua.exe -a E:\INSTALL.EXE -d E:\
Task: {A78647C6-7CE7-49B6-A6F7-4E02D6642903} - System32\Tasks\{31789F64-6B41-4888-B118-06F62E982B47} => C:\Users\OWNER\Desktop\PSO2T\PSO2 Tweaker.exe
Task: {A9113257-1100-4C3F-A909-CFC6B1251201} - System32\Tasks\{4818B540-D086-4B0E-9692-4777D5FFB6E1} => C:\Users\OWNER\Desktop\PSO2T\PSO2 Tweaker.exe
Task: {C3360EFD-679C-4B7B-B0BC-6F4FFA9382BE} - System32\Tasks\{7DD725DA-3F70-4955-BC2C-5EFE6E6B081A} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {C4D56D25-3B3B-42D0-BC29-B6179C688653} - System32\Tasks\{87025ECC-BC61-4DE0-B1C6-EF8ADB1E4B54} => C:\Program Files (x86)\The King Of Fighters XIII\kofxiii.exe
Task: {C9726BA4-2F4C-4184-BE94-1258EEF480FA} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-09-16] (Advanced Micro Devices, Inc.)
Task: {CA6A7396-2C11-4062-9E95-6E6694466A50} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D44F974B-E561-41CD-A5C6-E19175E93F60} - System32\Tasks\{79D623CB-126D-446F-BC10-F0EAF1AFF3DE} => pcalua.exe -a C:\Windows\eiunin21.exe -c "C:\Program Files (x86)\Ultimate Knight WindomXP\INSTALL.DAT"
Task: {D4C9905F-E29B-45A8-B439-E3F754221E67} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
Task: {DC6B3D1A-C333-4155-AC48-28989B1B7B5A} - System32\Tasks\{91C7824F-6C42-4D5F-8E4A-8B6BB406F230} => pcalua.exe -a C:\Users\OWNER\Desktop\Saves\Bruteforce_Save_Data_installer.exe -d C:\Users\OWNER\Desktop\Saves
Task: {F3E33077-9794-4CFA-A437-949BDA420261} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\0715avUpdateInfo.job => C:\ProgramData\Avg_Update_0715av\0715av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\グランブルーファンタジー[ChromeApps版].lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=eablgejicbklomgaiclcolfilbkckngf
ShortcutWithArgument: C:\Users\OWNER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\...\aeriagames.com -> hxxp://aeriagames.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2015-05-24 13:44 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: AvgAMPS => 3
MSCONFIG\Services: AVGIDSAgent => 2
MSCONFIG\Services: avgsvc => 2
MSCONFIG\Services: avgwd => 2
MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 3
MSCONFIG\Services: BstHdUpdaterSvc => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: HitmanProScheduler => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nlsX86cc => 2
MSCONFIG\Services: SEVPNCLIENT => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Thorn => 2
MSCONFIG\Services: UCManSvc => 2
MSCONFIG\Services: vToolbarUpdater40.2.9 => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: WtuSystemSupport => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk => C:\Windows\pss\SoftEther VPN Client Manager Startup.lnk.CommonStartup
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\OWNER\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: AvgUi => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=av
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SoftEther VPN Client UI Helper => "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp
MSCONFIG\startupreg: StartCN => "C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A37007B0-C511-42A4-A80D-B2A493BC9E83}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4B13B2A3-EA31-4F0E-96E2-6FD62031BF17}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C8B9C95B-B5E3-4240-ACBD-612C067B00A1}] => C:\Program Files (x86)\Steam\SteamApps\common\amd driver updater, vista and 7, 64 bit\Setup.exe
FirewallRules: [{1FA1861D-4D74-4618-B835-1A3A6684ACC6}] => C:\Program Files (x86)\Steam\SteamApps\common\amd driver updater, vista and 7, 64 bit\Setup.exe
FirewallRules: [{ABFFC196-CA4F-4A20-B019-A357185C77F3}] => C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{BFC9AD65-AC9C-447A-96BC-E8360DC337D4}] => C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{C9B9F7A7-907D-439D-A726-22A63660B765}] => C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{5B2C43D3-DA7E-4656-8ED1-A154F0FA0EF2}] => C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{8E378657-2A7D-4A75-8ABC-EBAE4902AABC}] => C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{0F5A2F51-E385-4CC1-B0CC-543CB1BAAFC7}] => C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [TCP Query User{FEB00C31-D7CF-4271-95D0-4882A06CFB67}C:\program files (x86)\google\chrome\application\chrome.exe] => C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{B12D0D6E-C255-4A7F-B6B6-76D08D534BE6}C:\program files (x86)\google\chrome\application\chrome.exe] => C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{37E57F7F-DF88-4D00-A438-D533BA7BFB7F}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{43AA7642-E111-4A20-B575-9EE78F749727}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E1B6CC6A-64D9-44A3-90A9-B4BECAC6999E}] => C:\program files (x86)\common files\tencent\qqdownload\125\tencentdl.exe
FirewallRules: [TCP Query User{BA2C90A2-B943-47E1-AD45-B8E3E3A17DDB}C:\program files (x86)\mozilla firefox\plugin-container.exe] => C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{00755B10-986F-41C7-9E76-60746319748B}C:\program files (x86)\mozilla firefox\plugin-container.exe] => C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{5DBF9405-0686-431F-9B86-1310C5868BA6}] => C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{60579BDF-620B-45B1-809E-063F284F0492}] => C:\Program Files\Vuze\Azureus.exe
FirewallRules: [TCP Query User{C963F1FB-13FF-4D57-863F-8E26273565A7}C:\users\owner\appdata\local\akamai\netsession_win.exe] => C:\users\owner\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{44484DD1-FFBD-44AD-A349-34EB1570AF22}C:\users\owner\appdata\local\akamai\netsession_win.exe] => C:\users\owner\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{E4233B95-F006-4DE6-8999-60BF162911E7}C:\users\owner\appdata\local\akamai\netsession_win.exe] => C:\users\owner\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{7D8E96C0-39A8-4FFC-89BC-FDDDB97B98E8}C:\users\owner\appdata\local\akamai\netsession_win.exe] => C:\users\owner\appdata\local\akamai\netsession_win.exe
FirewallRules: [{E2D1A806-F7AE-4ABF-836A-5DD14BF9897D}] => C:\program files (x86)\common files\tencent\qqdownload\125\tencentdl.exe
FirewallRules: [{4B0E5EFF-2913-44E5-A4FF-6C9F8A18776F}] => C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{D4670DC2-BC2F-49B3-983B-103A1E6283BC}] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{2A27AB8F-BE2E-4DFC-ABF7-ED631EF71771}] => C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{102CEC09-496B-421C-A9ED-78A7C3DFB268}] => C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{559DC12D-42F7-4C90-BFF1-4E9E386CAE97}] => C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{E6E987D6-AB0B-4C4F-9CCC-63BB0DD69E28}] => C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{2F3C586F-B363-4BDB-8209-9FB3E381D857}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E781EB9F-1422-4650-BA97-0903725E9B9F}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{E7CC5CCE-6BFE-4120-9BF3-C8BBC72B3B6F}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{59830114-98A8-42CE-8E6E-D1CC8AE30296}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{A208AB74-B314-471D-9046-4A1320AA5686}C:\windows\syswow64\dpnsvr.exe] => C:\windows\syswow64\dpnsvr.exe
FirewallRules: [UDP Query User{B7D5BE9A-3434-4F5F-819D-2CDA0A3F13FF}C:\windows\syswow64\dpnsvr.exe] => C:\windows\syswow64\dpnsvr.exe
FirewallRules: [{7C2FE924-4D68-421D-B64E-86043E441E67}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AD7B88B2-43B1-40CE-A52F-6693D94EF5DD}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{70A82ED5-F834-4FEE-B683-7A956A754188}C:\hanpurple\soulworker\soulworker100.exe] => C:\hanpurple\soulworker\soulworker100.exe
FirewallRules: [UDP Query User{F22093BF-5E99-430E-B8F1-FE31BEB8F28F}C:\hanpurple\soulworker\soulworker100.exe] => C:\hanpurple\soulworker\soulworker100.exe
FirewallRules: [{DD908611-8699-4086-AC09-3B28E5E6CF3A}] => C:\hanpurple\soulworker\soulworker100.exe
FirewallRules: [{186CCE6A-FAC5-4362-B5D0-0527A8CF3843}] => C:\hanpurple\soulworker\soulworker100.exe
FirewallRules: [{9AC80891-4A11-4FB3-9C6D-552032A75752}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{93C52A69-01CD-40E0-B6F3-8AD6CCE79B2C}] => C:\Program Files (x86)\Steam\SteamApps\common\ChuSingura46+1\ChuSinGura46+1.exe
FirewallRules: [{C68F3345-6C37-4294-A8DD-4586924544FB}] => C:\Program Files (x86)\Steam\SteamApps\common\ChuSingura46+1\ChuSinGura46+1.exe
FirewallRules: [{65FEDDBC-A06F-4AE9-A8F0-87CCCE5C9EE4}] => C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{FDE4DD04-7B4C-4B29-A038-E4CD316286BE}] => C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{C2D5403A-8C86-49D9-8A7D-B3D80D5CEE84}] => C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{2F01BE73-EDFA-4820-B10F-6415E56CD0CE}] => C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{9918DDD5-624C-45E3-9FFD-ADC23A8973D9}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: VPN Client Adapter - JP
Description: VPN Client Adapter - JP
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SoftEther VPN Project
Service: Neo_JP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/10/2016 05:41:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 870

Start Time: 01d252cee2fa2701

Termination Time: 11

Application Path: C:\Windows\Explorer.EXE

Report Id: 66fd8912-bede-11e6-a80a-bc5ff48644ac

Error: (12/10/2016 02:29:58 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2941685042-3306150061-3194319401-1000.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {2e8ea6ea-3069-4236-8492-53faad90bc69}

Error: (12/10/2016 01:14:54 AM) (Source: MsiInstaller) (EventID: 11719) (User: OWNER-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (12/10/2016 12:53:07 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 4820. Message ID: [0x2509].

Error: (12/10/2016 12:51:07 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 2508. Message ID: [0x2509].

Error: (12/10/2016 12:50:33 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 4632. Message ID: [0x2509].

Error: (12/09/2016 11:18:22 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/09/2016 11:18:22 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/09/2016 11:18:22 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/09/2016 11:18:22 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (12/10/2016 11:18:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (12/10/2016 11:18:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (12/10/2016 11:18:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (12/10/2016 11:17:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (12/10/2016 11:17:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (12/10/2016 11:17:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (12/10/2016 11:17:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (12/10/2016 11:17:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (12/10/2016 11:17:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (12/10/2016 11:16:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.


CodeIntegrity:
===================================
Date: 2014-09-03 00:56:09.870
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\win32k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-03 00:56:09.761
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\win32k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 20%
Total physical RAM: 8149.64 MB
Available physical RAM: 6500.41 MB
Total Virtual: 16297.47 MB
Available Virtual: 14873.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:106.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F0B3B938)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
Adware Cleaner Scan. Run in Safe Mode With Networking

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


JRT Scan.Run in Safe Mode With Networking


Please download Junkware Removal Tool and save it on your desktop.



  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Adware Removal Tool Scan.Run in Safe Mode With Networking

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.



Hit Ok.



Hit next make sure to leave all items checked, for removal.



The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

Now place Process Close into your startup folder. Boot the machine into normal mode. Then use the built in browser within the Process Close tool to download and run a full scan with Zemana Antimalware.

You can simply place the Process Close program inside of your documents folder from within safemode, right click it and create a shortcut. Then drag that shortcut into the startup folder. To open the startup folder type shell:startup into the start search box. Click the folder to open it then drag the Process close shortcut into it. Then boot windows into normal mode, this program will start automatically before anything else. You can then use the built in browser from the process close tool to download and run a full scan with Zemana antimalware. You may need to use the Portable version of the Zemana tool. Found Here.


Zemana Deep Scan. If you are unable to perform the deep scan, then just run the standard scan, this will suffice for the time being.





    • Right click on Zemana and run as admin.
    • Click the Cog/Sproket Wheel, at the top right of Zemana
    • Select Advanced - I have read the warning and wish to proceed.
    • Place a tick next to Detect Suspicious (Root CA) Certificates.
    • Then click the house icon in Zemana.
    • Then hit your start button at the lower left hand corner of your desktop.
    • Then left click on Computer.
    • Drag Local Disk C: Into the area of Zemana that reads Drag and drop files here to scan them.
    • Once the scan has completed click graph icon on the top right of the programs User interface.
    • Double click to open the latest log-file.
    • Copy it to your clipboard.
    • Post the log here in your next reply.

 
Last edited:

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
FRST Fix.


Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

Prinny

PCHF Member
PCHF Member
Dec 11, 2016
36
11
Maintenance Hell
FRST Fix.


Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
After the above steps first, right?
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
Post the log that shows the items were removed. :) Also, if you do not know what those programs are with the Chinese writing, then I suggest that you remove them with Geek Uninstaller in normal mode, you should be able to work in normal mode with the Process Close Tool enabled in your startup.

いろとりどりのセカイ (HKLM-x32\...\{3DC8D5BA-E704-402F-88F0-E22BF4C41F6F}) (Version: 1.00.0000 - FAVORITE)
ソウルワーカー (HKLM-x32\...\ソウルワーカー) (Version: 1.0.0 - NHN PlayArt Corp.)
バンダイナムコオンラインランチャー (HKLM-x32\...\bno_starter) (Version: 1.0.3 - 株式会社バンダイナムコオンライン)
ユニオリズム・カルテット A3-DAYS (HKLM-x32\...\UQA3) (Version: 1.00 - CLIPCRAFT)
機動戦士ガンダムオンライン (HKLM-x32\...\Olive_is1) (Version: 1.0.0.4 - 株式会社バンダイナムコオンライン)
神咒神威神楽 曙之光 (HKLM-x32\...\InstallShield_{E836AF82-7D3E-415F-BB09-0A124EF73909}) (Version: 1.00.0000 - 株式会社グリーンウッド)
神咒神威神楽 曙之光 (x32 Version: 1.00.0000 - 株式会社グリーンウッド) Hidden
相州戦神館學園 八命陣 (x32 Version: 1.00.0000 - 株式会社グリーンウッド) Hidden
相州戦神館學園 万仙陣 (x32 Version: 1.00.0000 - 株式会社グリーンウッド) Hidden
大迷宮&大迷惑 (HKLM-x32\...\{12BB3C50-4D4F-4D1F-8217-527477FEC813}) (Version: 1.1.1 - (c)Liar-soft/HOBIBOX)
凍京NECRO (HKLM-x32\...\{96448B65-910B-41D9-8CC9-3E6BBC6B299D}) (Version: 1.00.000 - Nitroplus)
セイバーフィッシュ (HKLM-x32\...\JHPCIPOOIKKLILEOCNJDPHJGFPICMGJCIGIPGPICLFICPAILIBICNPICOJIDEJIDJDIDGJJCECCN) (Version: - )
 

Prinny

PCHF Member
PCHF Member
Dec 11, 2016
36
11
Maintenance Hell
I believe you are referring to this. If not, I'll put the other in my next post. Running the next step now.

# AdwCleaner v6.040 - Logfile created 11/12/2016 at 00:35:41
# Updated on 02/12/2016 by Malwarebytes
# Database : 2016-12-11.2 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : OWNER - OWNER-PC
# Running from : C:\Users\OWNER\Desktop\adwcleaner_6.040.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: vToolbarUpdater40.2.9
[-] Service deleted: QMUdisk
[-] Service deleted: WtuSystemSupport
[-] Service deleted: Thorn


***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\Avg_Update_0516tb
[-] Folder deleted: C:\ProgramData\Avg_Update_0715av
[-] Folder deleted: C:\ProgramData\MuaGGnniPuic
[-] Folder deleted: C:\Users\OWNER\AppData\Local\PackageAware
[-] Folder deleted: C:\Users\OWNER\AppData\Local\Slick Savings
[-] Folder deleted: C:\Users\OWNER\AppData\Local\SwvUpdater
[-] Folder deleted: C:\Users\OWNER\AppData\Local\avg web tuneup
[-] Folder deleted: C:\Users\OWNER\AppData\Local\VirtualStore\Program Files\腾讯游戏
[-] Folder deleted: C:\Users\OWNER\AppData\Roaming\chportu
[-] Folder deleted: C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯游戏
[-] Folder deleted: C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
[-] Folder deleted: C:\Program Files\Common Files\AVG Secure Search
[-] Folder deleted: C:\ProgramData\AVG Secure Search
[-] Folder deleted: C:\ProgramData\clsoft ltd
[-] Folder deleted: C:\ProgramData\Tarma Installer
[-] Folder deleted: C:\ProgramData\avg web tuneup
[#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG Secure Search
[#] Folder deleted on reboot: C:\ProgramData\Application Data\clsoft ltd
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Tarma Installer
[#] Folder deleted on reboot: C:\ProgramData\Application Data\avg web tuneup
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
[-] Folder deleted: C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder deleted: C:\Program Files (x86)\Common Files\Tencent
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater
[-] Folder deleted: C:\Users\OWNER\AppData\Roaming\taskmgr


***** [ Files ] *****

[-] File deleted: C:\Windows\SysNative\drivers\TFsFltX64.sys
[-] File deleted: C:\Windows\uninstaller.exe
[-] File deleted: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810\extensions\[email protected]
[-] File deleted: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810\searchplugins\yahoo_ff.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****

[-] Task deleted: GameNet


***** [ Registry ] *****

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\WtuSystemSupport
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Thorn
[-] Key deleted: HKLM\SOFTWARE\Classes\metnsd
[-] Key deleted: HKLM\SOFTWARE\Classes\QQAppIEAgentEx.AgentForAndroid
[-] Key deleted: HKLM\SOFTWARE\Classes\QQAppIEAgentEx.AgentForAndroid.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[-] Key deleted: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\metnsd
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QQAppIEAgentEx.AgentForAndroid
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QQAppIEAgentEx.AgentForAndroid.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{50F4150A-48B2-417A-BE4C-C83F580FB904}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{0113A098-06EA-4776-A011-D75590778F1E}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{6E1533F0-E0B5-465A-9F16-98FF0C76D493}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{8519F1E4-E25B-42B1-B361-0C643F45CF11}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C78C4E-5AE5-4762-9B7D-D2DE31B03B77}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C78C4E-5AE5-4762-9B7D-D2DE31B03B77}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{50F4150A-48B2-417A-BE4C-C83F580FB904}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{50F4150A-48B2-417A-BE4C-C83F580FB904}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{29B6CFD5-0064-411A-8C42-9890C83F9921}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\Software\PrivitizeVPNInstallDates
[-] Key deleted: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\Software\SocialBit
[-] Key deleted: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\Software\AppDataLow\Software\Search Settings
[#] Key deleted on reboot: HKCU\Software\PrivitizeVPNInstallDates
[#] Key deleted on reboot: HKCU\Software\SocialBit
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Updater By Sweetpacks
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Search Settings
[-] Key deleted: HKLM\SOFTWARE\BetterSurf
[-] Key deleted: HKLM\SOFTWARE\dt soft\daemon tools toolbar
[-] Key deleted: HKLM\SOFTWARE\AVG Tuneup
[#] Key deleted on reboot: [x64] HKCU\Software\PrivitizeVPNInstallDates
[#] Key deleted on reboot: [x64] HKCU\Software\SocialBit
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Search Settings
[-] Key deleted: [x64] HKLM\SOFTWARE\Tarma Installer
[-] Key deleted: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data restored: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\vProt
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@qq.com/npandroidassistant
[-] Value deleted: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
[#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
[#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\cikkkfooompgefbcjlgdjejfdknkheaj
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\gpiifgmgnfdiblgpaepbmfdkcheicgof
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp


***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "startpage.ntsearch_url" - "hxxp://search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=994519&p={searchTerms}"
[-] [C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: yahoo.com Search
[-] [C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: cikkkfooompgefbcjlgdjejfdknkheaj
[-] [C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: dedmngkbaffkenlfdcbganndoghblmap
[-] [C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: gpiifgmgnfdiblgpaepbmfdkcheicgof
[-] [C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: hbcennhacfaagdopikcegfcobcadeocj
[-] [C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: mhkaekfpcppmmioggniknbnbdbcigpkk
[-] [C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: pfndaklgolladniicklehhancnlgocpp


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [12351 Bytes] - [11/12/2016 00:35:41]
C:\AdwCleaner\AdwCleaner[S0].txt - [11732 Bytes] - [11/12/2016 00:16:49]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [12499 Bytes] ##########
 
  • Like
Reactions: Malnutrition

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
Yes that is the log I am looking for. :)

Forgot to mention that you can download the Portable Version of Zemana In Safe Mode With Networking.
Save it to your desktop.
Boot into Normal Mode.

Then run the Process Close Tool on startup, with the previous instructions.
Then Click Browse
1.PNG

Then click on the Users Folder
2.PNG

Then Go to Desktop
3.PNG


Run the Zemana Portable App from there, if the other method fails.
You can simply run the Standard Scan to get things going if needed.
 

Prinny

PCHF Member
PCHF Member
Dec 11, 2016
36
11
Maintenance Hell
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Ultimate x64
Ran by OWNER (Limited) on 2016/12/11 at 1:07:06.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 29

Successfully deleted: C:\ProgramData\DT0001.dat (File)
Successfully deleted: C:\ProgramData\DT0006.dat (File)
Successfully deleted: C:\Windows\system32\Tasks\0715avUpdateInfo (Task)
Successfully deleted: C:\Windows\Tasks\0715avUpdateInfo.job (Task)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\OWNER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\OWNER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UKZHO3F (Temporary Internet Files Folder)
Successfully deleted: C:\Users\OWNER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3R7FGBQO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\OWNER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\OWNER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7XHXZNJ6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\OWNER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C901234S (Temporary Internet Files Folder)
Successfully deleted: C:\Users\OWNER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\OWNER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\OWNER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PXGDB0L8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\OWNER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UK328Q8V (Temporary Internet Files Folder)
Successfully deleted: C:\Users\OWNER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VSLWO5BG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\OWNER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAXT1B3Z (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UKZHO3F (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3R7FGBQO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7XHXZNJ6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C901234S (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PXGDB0L8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UK328Q8V (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VSLWO5BG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAXT1B3Z (Temporary Internet Files Folder)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2016/12/11 at 1:08:30.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Prinny

PCHF Member
PCHF Member
Dec 11, 2016
36
11
Maintenance Hell
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool 5.1
Time: 2016_12_11_01_12_25
OS: Windows 7 Ultimate - x64 Bit
Account Name: OWNER
Adware Definition: 12012016
Elapsed time: 20:28
Repair Status:- Automatic Done
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\mozilla\Firefox\Extensions\ <RegValue:> {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} <RegData:> C:\Program Files\Updater By SweetPacks\Firefox : C:\Program Files\Updater By SweetPacks\Firefox

[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\mozilla\Firefox\Extensions\ <RegValue:> {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} <RegData:> C:\Program Files\Updater By SweetPacks\Firefox : C:\Program Files\Updater By SweetPacks\Firefox

[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\mozilla\Firefox\Extensions\ <RegValue:> {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} <RegData:> C:\Program Files\Updater By SweetPacks\Firefox : C:\Program Files\Updater By SweetPacks\Firefox

[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\mozilla\Firefox\Extensions\ <RegValue:> {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} <RegData:> C:\Program Files\Updater By SweetPacks\Firefox : C:\Program Files\Updater By SweetPacks\Firefox

[-] Repaired ->> File ->> C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Web Data

[-] Repaired ->> File ->> C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
Is it necessary that I run zemana from process close? I just started the deepscan on a normal boot up.

No, I made those instructions assuming that things were not working in normal mode. I suppose things are getting better if you are able to do it from normal mode now?




Correcting Errors.


Code:
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

  • Hit the start button.
  • Type Device Manager
  • Open device manager.
  • Click View -- Show hidden devices
  • Click Non Plug & Play Drivers.
  • Scroll to Security Processor Loader Driver
  • Right Click It -- Select Uninstall
  • Close Device Manager
  • Then reboot your machine.
  • This should be done from normal mode.

Zoek Scan

Note: Zoek Can take up to an hour to run, this is normal. Do not try and stop it even it if seems to be stalled. Let it run it's course!
----
Can be ran from normal mode or Safe Mode with networking.-----

Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (Xp Users double click)
Copy and paste the items in red below and paste them into Zoek.

createsrpoint;
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
ResetHosts;
autoclean;


Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.


Fresh FRST Logs.



Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt, and Addition.txt.
Please Copy & Paste them into your next reply

I am signing off for the night, I will check this thread in the morning. :)
 
Last edited:

Prinny

PCHF Member
PCHF Member
Dec 11, 2016
36
11
Maintenance Hell
Some stuff happened. First up, the Zemana scan. It toook roughly 3+ hours, everything went off without a hitch. It detected a few false positives which I ignored, some stuff from adwcleaner's virus vault, and a few other things. As it was getting to the actual cleaning/deleting part part though, I had a folder open and went into (backed up into, to be more specific) the C drive, which didn't load. The window froze up, was hoping it'd just keep going with the clean but I was greeted with the crash/freeze screen I usually only seen when gaming (covered in a bunch of reddit threads). It looks something like this.
http://i46.tinypic.com/346pzzc.jpg
Zemana still has the logs though, it took a while so I haven't had time to rerun in yet.

Fast forward to the FRST fix and deleting that security driver, both went through without a problem. I'll post the logs.

Then we have Zoek, it took a while to get running (tried running it multiple times). I'm not sure if it's done as it hasn't told me it finished and it didn't close, but the last thing it got to was this-
--- Firefox Extensions 6:31:26.65
I'm guessing those are the times they finished up to the right, so it's been a few hours since it stopped at that.
 

Prinny

PCHF Member
PCHF Member
Dec 11, 2016
36
11
Maintenance Hell
Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by OWNER (11-12-2016 05:44:49) Run:1
Running from C:\Users\OWNER\Desktop
Loaded Profiles: OWNER (Available Profiles: OWNER)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\...\MountPoints2: {646cb0c1-6b01-11e2-8017-806e6f6e6963} - D:\Run.exe
GroupPolicyScripts: Restriction <======= ATTENTION
HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ja-jp/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={E8FE87FC-B90F-4F8E-8E76-77F54D022E86}&mid=6950e4184e674fa896e387d2fbc29959-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2016-03-18 00:35:34&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={E8FE87FC-B90F-4F8E-8E76-77F54D022E86}&mid=6950e4184e674fa896e387d2fbc29959-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2016-03-18 00:35:34&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
Toolbar: HKLM-x32 - ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL [2007-10-04] (FUJITSU LIMITED)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2941685042-3306150061-3194319401-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {F8160836-0C11-4CA4-AD87-944542C7BCBD} hxxp://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
FF NetworkProxy: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 -> ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 -> http_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 -> no_proxies_on", "localhost, 189.17.1.245"
FF NetworkProxy: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 -> socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 -> ssl_port", 3128
FF SearchPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810\searchplugins\yahoo_ff.xml [2014-05-16]
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\BetterSurf\ff => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2014-11-11] (Unity Technologies ApS)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.9\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\\1.8.101.2154\npQQPhoneManagerExt.dll [2012-12-20] (????)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.37\Bin\npSSOAxCtrlForPTLogin.dll [2013-12-30] (Tencent)
C:\Program Files (x86)\Common Files\Tencent
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: pmang.jp/pmangdiagnostic-1 -> C:\GameOn\Common files\nppmangdiagnostic_0.dll [No File]
CHR Extension: (????????????[ChromeApps?]) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\eablgejicbklomgaiclcolfilbkckngf [2016-11-06]
CHR Extension: (KanColle Command Center ?) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgmldnainaglpjngpajnnjfhpdjkohh [2016-12-10]
CHR HKLM-x32\...\Chrome\Extension: [cikkkfooompgefbcjlgdjejfdknkheaj] - C:\Program Files (x86)\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gpiifgmgnfdiblgpaepbmfdkcheicgof] - C:\Program Files (x86)\Common Files\Spigot\GC\nta_1.0_0.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\OWNER\AppData\Local\Slick Savings\coupons.crx [2014-05-16]
CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx <not found>
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\BetterSurf
S4 Thorn; C:\Users\OWNER\AppData\Local\THORN\Thorn.exe [56824 2015-10-01] (GGS)
S4 UCManSvc; C:\Program Files (x86)\SoftDenchi\UCManSvc.exe [186512 2012-11-01] (Paltiosoft Inc.) [File not signed]
S4 vToolbarUpdater40.2.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\ToolbarUpdater.exe [1964616 2016-04-13] (AVG Secure Search)
C:\Users\OWNER\AppData\Local\THORN
C:\Program Files (x86)\Common Files\AVG Secure Search
S4 WtuSystemSupport; "C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe" [X]
C:\Program Files (x86)\AVG Web TuneUp
S3 TesSafe; C:\Windows\system32\TesSafe.sys [910992 2015-01-10] (TENCENT)
C:\Windows\system32\TesSafe.sys
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S1 QMUdisk; \??\C:\Program Files\????\QQPCMgr\8.11.11347.801\QMUdisk64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\OWNER\Desktop\OpenHardwareMonitor\OpenHardwareMonitorLib.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
2016-12-06 23:33 - 2016-12-06 23:33 - 00000575 _____ C:\Users\OWNER\Desktop\?????????????????.lnk
C:\Windows\System32\Tasks\AVG EUpdate Task
C:\ProgramData\DT0001.dat
C:\ProgramData\DT0006.dat
C:\Users\OWNER\AppData\Local\Temp\avguirn_081512697443.exe
C:\Users\OWNER\AppData\Local\Temp\avguirn_08226517269.exe
C:\Users\OWNER\AppData\Local\Temp\c20c448073abd1a0423d9c57b1875b06.dll
C:\Users\OWNER\AppData\Local\Temp\d2e1e3fedab3ed892a0df92c63e9a780.dll
C:\Users\OWNER\AppData\Local\Temp\JDSetup131250338117512660.exe
C:\Users\OWNER\AppData\Local\Temp\proxy_vole2461826566935967893.dll
C:\Users\OWNER\AppData\Local\Temp\proxy_vole3066871754856067764.dll
C:\Users\OWNER\AppData\Local\Temp\proxy_vole5324773033895722492.dll
C:\Users\OWNER\AppData\Local\Temp\sfamcc00001.dll
C:\Users\OWNER\AppData\Local\Temp\sfareca00001.dll
C:\Users\OWNER\AppData\Local\Temp\SkypeSetup.exe
Task: {65D5F258-01B7-4F96-BFF2-41D77A1F0270} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {8444EB68-097D-42C9-9553-715691D0D02F} - System32\Tasks\GameNet => C:\Program Files (x86)\QGNA\qgna.exe
C:\Program Files (x86)\QGNA\qgna.exe
Task: C:\Windows\Tasks\0715avUpdateInfo.job => C:\ProgramData\Avg_Update_0715av\0715av_AVG-Secure-Search-Update.exe
C:\ProgramData\Avg_Update_0715av
ShortcutWithArgument: C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\????????????[ChromeApps?].lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=eablgejicbklomgaiclcolfilbkckngf
ShortcutWithArgument: C:\Users\OWNER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default
AlternateDataStreams: C:\Windows:nlsPreferences [386]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
reboot:
end
*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{646cb0c1-6b01-11e2-8017-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{646cb0c1-6b01-11e2-8017-806e6f6e6963} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully
HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{3C6301ED-0F78-4AF2-8150-D9C052361A8E} => value removed successfully
"HKCR\Wow6432Node\CLSID\{3C6301ED-0F78-4AF2-8150-D9C052361A8E}" => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{F8160836-0C11-4CA4-AD87-944542C7BCBD}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{F8160836-0C11-4CA4-AD87-944542C7BCBD}" => key removed successfully
Firefox Proxy settings were reset.
FF NetworkProxy: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 -> http_port", 3128 => not found
FF NetworkProxy: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 -> no_proxies_on", "localhost, 189.17.1.245" => not found
FF NetworkProxy: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 -> socks_port", 3128 => not found
FF NetworkProxy: Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 -> ssl_port", 3128 => not found
"C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810\searchplugins\yahoo_ff.xml" => not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => value not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer64,version=1.0" => key removed successfully
C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll => moved successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/npAndroidAssistant => key not found.
C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\\1.8.101.2154\npQQPhoneManagerExt.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/TXSSO => key not found.
C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.37\Bin\npSSOAxCtrlForPTLogin.dll => not found.
"C:\Program Files (x86)\Common Files\Tencent" => not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll => not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\pmang.jp/pmangdiagnostic-1" => key removed successfully
C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\eablgejicbklomgaiclcolfilbkckngf => moved successfully
C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgmldnainaglpjngpajnnjfhpdjkohh => moved successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cikkkfooompgefbcjlgdjejfdknkheaj => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gpiifgmgnfdiblgpaepbmfdkcheicgof => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk => key not found.
"C:\Users\OWNER\AppData\Local\Slick Savings\coupons.crx" => not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp => key not found.
"C:\Program Files (x86)\Common Files\Spigot" => not found.
"C:\Program Files (x86)\BetterSurf" => not found.
Thorn => service not found.
UCManSvc => service removed successfully
vToolbarUpdater40.2.9 => service not found.
C:\Users\OWNER\AppData\Local\THORN => moved successfully
"C:\Program Files (x86)\Common Files\AVG Secure Search" => not found.
WtuSystemSupport => service not found.
"C:\Program Files (x86)\AVG Web TuneUp" => not found.
TesSafe => service removed successfully
C:\Windows\system32\TesSafe.sys => moved successfully
EagleX64 => service removed successfully
hxsyol => service removed successfully
QMUdisk => service not found.
WinRing0_1_2_0 => service removed successfully
xhunter1 => service removed successfully
"C:\Users\OWNER\Desktop\?????????????????.lnk" => not found.
C:\Windows\System32\Tasks\AVG EUpdate Task => moved successfully
"C:\ProgramData\DT0001.dat" => not found.
"C:\ProgramData\DT0006.dat" => not found.
C:\Users\OWNER\AppData\Local\Temp\avguirn_081512697443.exe => moved successfully
C:\Users\OWNER\AppData\Local\Temp\avguirn_08226517269.exe => moved successfully
C:\Users\OWNER\AppData\Local\Temp\c20c448073abd1a0423d9c57b1875b06.dll => moved successfully
C:\Users\OWNER\AppData\Local\Temp\d2e1e3fedab3ed892a0df92c63e9a780.dll => moved successfully
C:\Users\OWNER\AppData\Local\Temp\JDSetup131250338117512660.exe => moved successfully
C:\Users\OWNER\AppData\Local\Temp\proxy_vole2461826566935967893.dll => moved successfully
C:\Users\OWNER\AppData\Local\Temp\proxy_vole3066871754856067764.dll => moved successfully
C:\Users\OWNER\AppData\Local\Temp\proxy_vole5324773033895722492.dll => moved successfully
C:\Users\OWNER\AppData\Local\Temp\sfamcc00001.dll => moved successfully
C:\Users\OWNER\AppData\Local\Temp\sfareca00001.dll => moved successfully
C:\Users\OWNER\AppData\Local\Temp\SkypeSetup.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{65D5F258-01B7-4F96-BFF2-41D77A1F0270}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65D5F258-01B7-4F96-BFF2-41D77A1F0270}" => key removed successfully
C:\Windows\System32\Tasks\AVG EUpdate Task => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG EUpdate Task" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8444EB68-097D-42C9-9553-715691D0D02F} => key not found.
C:\Windows\System32\Tasks\GameNet => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GameNet => key not found.
"C:\Program Files (x86)\QGNA\qgna.exe" => not found.
C:\Windows\Tasks\0715avUpdateInfo.job => not found.
"C:\ProgramData\Avg_Update_0715av" => not found.
C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\????????????[ChromeApps?].lnk => Could not remove or repair shortcut argument. The shortcut could be damaged.
C:\Users\OWNER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Windows => ":nlsPreferences" ADS removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => key not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => key not found.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2941685042-3306150061-3194319401-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset c:\resetlog.txt =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Reseting Subinterface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= ipconfig /release =========


Windows IP Configuration

No operation can be performed on Local Area Connection 3 while it has its media disconnected.

Ethernet adapter Local Area Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2602:306:cd48:4e40:a141:7c2a:3092:8fbb
Temporary IPv6 Address. . . . . . : 2602:306:cd48:4e40:903:ea85:8b5d:e57e
Link-local IPv6 Address . . . . . : fe80::a141:7c2a:3092:8fbb%14
Default Gateway . . . . . . . . . : fe80::3a3b:c8ff:feec:1381%14

Ethernet adapter Hamachi:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2620:9b::198a:78bb
Link-local IPv6 Address . . . . . : fe80::a08f:463f:15b:4d4c%13
Default Gateway . . . . . . . . . : 2620:9b::1900:1
25.0.0.1

Tunnel adapter isatap.{E5C93915-BB53-4393-BF75-339C19EBDF90}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter isatap.{1E6DD484-184B-45CA-AB20-507D76352621}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter isatap.attlocal.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

========= End of CMD: =========


========= ipconfig /renew =========


Windows IP Configuration

No operation can be performed on Local Area Connection 3 while it has its media disconnected.

Ethernet adapter Local Area Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . : attlocal.net
IPv6 Address. . . . . . . . . . . : 2602:306:cd48:4e40:a141:7c2a:3092:8fbb
Temporary IPv6 Address. . . . . . : 2602:306:cd48:4e40:903:ea85:8b5d:e57e
Link-local IPv6 Address . . . . . : fe80::a141:7c2a:3092:8fbb%14
IPv4 Address. . . . . . . . . . . : 192.168.1.81
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::3a3b:c8ff:feec:1381%14
192.168.1.254

Ethernet adapter Hamachi:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2620:9b::198a:78bb
Link-local IPv6 Address . . . . . : fe80::a08f:463f:15b:4d4c%13
IPv4 Address. . . . . . . . . . . : 25.138.120.187
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . : 2620:9b::1900:1
25.0.0.1

Tunnel adapter isatap.{E5C93915-BB53-4393-BF75-339C19EBDF90}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter isatap.{1E6DD484-184B-45CA-AB20-507D76352621}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter isatap.attlocal.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

========= End of CMD: =========


========= netsh int ipv4 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12595912 B
Java, Flash, Steam htmlcache => 365299460 B
Windows/system/drivers => 17763860 B
Edge => 0 B
Chrome => 527316625 B
Firefox => 9526513 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42319841 B
systemprofile32 => 66088 B
LocalService => 66228 B
NetworkService => 78084 B
OWNER => 44319396 B
TEMP => 0 B

RecycleBin => 0 B
EmptyTemp: => 980.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 05:46:04 ====
 

Prinny

PCHF Member
PCHF Member
Dec 11, 2016
36
11
Maintenance Hell
Zoek had this, I'll be closing it now as I have to go out for the day, will be back later.

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by OWNER on 2016/12/11 at 6:07:51.80.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\OWNER\Desktop\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 6:11:00.38 =====

--- Create Environment Variables 6:11:01.35
--- Create System Restore Point 6:11:06.48
--- Checking Input 6:11:43.04
--- Reset Hosts File 6:12:08.67
--- AU AppData Check 6:12:09.27
--- Remove From Windows Installer 6:12:11.85
--- Empty Folders Check 6:13:32.81
--- Registry HKLM Software Check 6:13:33.37
--- Quick Launch Shortcut Check 6:13:50.88
--- IE Startpage Check 6:13:58.22
--- Program Files DB Check 6:14:14.91
--- C:\Users\Default\AppData\Roaming DB Check 6:14:52.75
--- C:\Users\Default User\AppData\Roaming DB Check 6:14:52.75
--- C:\Users\OWNER\AppData\Roaming DB Check 6:14:52.75
--- C:\Users\TEMP\AppData\Roaming DB Check 6:14:52.75
--- C:\Windows\SysNative\config\systemprofile\AppData\Roaming DB Check 6:14:52.75
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check 6:14:52.75
--- C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check 6:14:52.75
--- C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check 6:14:52.75
--- C:\Users\OWNER DB Check 6:17:05.50
--- C:\PROGRA~3 DB Check 6:17:20.96
--- C:\Users\Default\AppData\Local DB Check 6:17:39.13
--- C:\Users\Default User\AppData\Local DB Check 6:17:39.13
--- C:\Users\OWNER\AppData\Local DB Check 6:17:39.13
--- C:\Users\TEMP\AppData\Local DB Check 6:17:39.13
--- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 6:17:39.13
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 6:17:39.13
--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 6:17:39.13
--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 6:17:39.13
--- DB Check 6:19:30.25
--- C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 6:26:31.36
--- Tasks DB Check 6:26:36.83
--- Downloads DB Check 6:26:40.46
--- C:\Users\OWNER\AppData\LocalLow DB Check 6:26:43.72
--- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 6:26:43.72
--- C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 6:26:43.72
--- C:\Windows\serviceprofiles\networkservice\AppData\LocalLow DB Check 6:26:43.72
--- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 6:26:43.72
--- Tasks2 DB Check 6:27:22.32
--- Documents DB Check 6:27:49.42
--- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\v88yth1x.default-1396169490810 DB Check 6:27:56.50
--- C:\Users\Public\Desktop DB Check 6:27:58.55
--- C:\Users\OWNER\Desktop DB Check 6:28:03.77
--- Services DB Check 6:28:12.65
--- FF prefs.js DB Check 6:28:34.39
--- Emptyclsid 6:29:07.76
--- Del by CLSID 6:29:08.86
--- Delete Services 6:30:11.61
--- Firefox Fix 6:30:14.49
--- Batch Commands 6:30:16.60
--- Delete files\folders 6:30:16.72
--- Create Backups 6:30:17.00
--- Firefox Extensions 6:31:26.65
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
Sometime Zemana will not run, it is what it is. But it may help if you run it Via the Process Close App or in Safe Mode with networking. You could also run Zemana Again this time a quick regular scan.

ZHP Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.

2. Once you have started the program, you will need to click the scanner button.



The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.



At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.
Copy and paste the report here in your next reply.

Security Check Scan.


  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.



Fresh FRST Logs.


Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt, and Addition.txt.
Please Copy & Paste them into your next reply

ZHP Diag.


Download ZHP Diag to your desktop.


1. Right Click Run as Admin.
2. Click the Scanner button.



When complete please push the report button.
A notepad will open... copy and paste the report in your next reply.
 
Status
Not open for further replies.