Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SVChost.exe 100% cpu usage


  • Please log in to reply
13 replies to this topic

#1 averagejohndoe

averagejohndoe

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 07 June 2015 - 02:11 PM

Hello. This is my first time posting here. I'm having a problem with high cpu usage. Upon checking it, there seems to be a bitcoin miner trojan that has taken up residence in my Windows\Temp folder. Deleting it simply causes it to reinstall itself on reboot. I'm using Windows 7 Ultimate 64 SP1. Will post more details if needed.

 

 



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 PM

Posted 07 June 2015 - 03:51 PM

Download Malwrebytes from the link below.
https://www.malwarebytes.org/
Select update.
jBVKBI0.png
Then Select Scan Now.
js1M2HF.png
Once the scan is completed.
Remove anything found.
Then go to the History tab.
Then go to the application logs.
Then go to scan log.
Export.
Copy to clipboard.
Post it here in your next reply.

 

 

9-Lab Scan
 
Download 9-Lab Removal Tool. from one of the links below.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
 

http://9-lab.com/download/

Install the program onto your computer, then right click the icon RRXH2ZG.jpg run as administrator.

Go to the Update tab and update the program.

ZT1y9rP.png

Now go to the scanner tab and select Full Scan.

k68m97f.png

Upon Scan Completion Click Show Results.

FihDIFx.png

Now click the Clean button.

eCCJKcA.png

Once done cleaning you can go to the logs tab double click it and copy paste in your next reply.

 

 

Download Malwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract make sure it is on the desktop.
  • Malwarebytes Anti-Rootkit needs to be run from an account with admin rights.
  • Click next to continue.
  • Then Click Update
  • Once the update is Finished select Next then Scan.
  • If no malware has been found, at the end of scan select Exit
  • If an infection was found, make sure to select all items and click Cleanup.
  • Reboot your machine.
  • Open the MBAR folder and paste the content of the following into your next reply:
  • mbar-log-{date} (xx-xx-xx).txt
  • system-log.txt


#3 averagejohndoe

averagejohndoe
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 09 June 2015 - 08:00 AM

A friend of mine came over and told me he'll do what he could about the trojan. Here are the log details as requested after he was done with my PC.

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/9/2015
Scan Time: 5:19:39 PM
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.09.01
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Silver_King

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 452680
Time Elapsed: 50 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

9-lab Removal Tool 1.0.0.35 BETA
9-lab.com

Database version: 105.31754

Windows 7 Service Pack 1 (Version 6.1, Build 7601, 64-bit Edition)
Internet Explorer 9.11.9600.17801
Silver_King :: PROTO-ALICE

6/9/2015 6:30:09 PM
9lab-log-2015-06-09 (18-30-09).txt

Scan type: Full
Objects scanned: 15855
Time Elapsed: 4 m 47 s

Registry Keys detected: 18
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
PUP.RPL.Toolbar.vb [HKEY_CURRENT_USER\Software\YahooPartnerToolbar]
PUP.RPL.Gen.vb [HKEY_CURRENT_USER\Software\Distromatic]
PUP.RPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\YourFileDownloader]
PUP.RMPL.Toolbar.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32]
PUP.RMPL.Toolbar.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS]
PUP.RMPL.Gen.vb [HKEY_CURRENT_USER\Software\BlabbersToolbar]
Adware.RPL.Toolbar.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Babylon]
Adware.RPL.Toolbar.vb [HKEY_CURRENT_USER\Software\Zugo]
Adware.RPL.MultiPlug.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}]
Adware.RPL.MultiPlug.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}]
Adware.RPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escort.DLL]
Adware.RPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]
Adware.RPL.Gen.vb [HKEY_CURRENT_USER\Software\Conduit]
Adware.RPL.Gen.vb [HKEY_CURRENT_USER\Software\BrowserCompanion]
Adware.RPL.Gen.vb [HKEY_CURRENT_USER\Software\AppDataLow\Software\Smartbar]
Adware.RPL.Babylon.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Prod.cap]
Adware.RPL.Babylon.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}]


Registry Values detected: 1
Hijack.EnableLUA [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System EnableLUA]


Files detected: 4
[8EF969E845D8C93FB608D5E7BE166D6A] Adware.FPL.Gen.vb [c:\users\others\appdata\local\Linkury\Linkury.exe_StrongName_vuedtbpoockmp1sq45awfxuouevabx0i\1.2.0.0\user.config]
[33427064FBEDF81A7B699EFE50ED12CA] Adware.FMPL.Gen.vb [c:\users\others\appdata\roaming\Babylon\log_file.txt]
[927EE17247CBF1CD7BC6D03F4D43D15F] Adware.PL.VGen.vb [c:\user.js]
[D41D8CD98F00B204E9800998ECF8427E] Adware.PL.Gen.vb [c:\END]

 

 

 

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.06.09.02
  rootkit: v2015.06.02.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17801
Silver_King :: PROTO-ALICE [administrator]

6/9/2015 7:48:51 PM
mbar-log-2015-06-09 (19-48-51).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 454052
Time elapsed: 53 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17801

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.199000 GHz
Memory total: 4293386240, free: 2044305408

Downloaded database version: v2015.06.07.05
Downloaded database version: v2015.06.02.01
Downloaded database version: v2015.05.13.01
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17801

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.199000 GHz
Memory total: 4293386240, free: 2579333120

Downloaded database version: v2015.06.08.01
Downloaded database version: v2015.06.08.02
Downloaded database version: v2015.06.08.03
Downloaded database version: v2015.06.08.04
Downloaded database version: v2015.06.08.05
Downloaded database version: v2015.06.09.01
Downloaded database version: v2015.06.09.02
Initializing...
======================
------------ Kernel report ------------
     06/09/2015 19:48:23
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\spmm.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\cmdguard.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\cmdhlp.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\inspect.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Windows\system32\drivers\rsdrvx64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\AppleCharger.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\drivers\usbuhci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\Neo_0080.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\dtscsibus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\wdcsam64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\LUsbFilt.Sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\Drivers\adfs.SYS
\SystemRoot\system32\DRIVERS\atksgt.sys
\??\C:\Windows\system32\drivers\cpuz132_x64.sys
\??\C:\Windows\system32\drivers\cpuz134_x64.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\gdrv.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\advapi32.dll
\Windows\System32\urlmon.dll
\Windows\System32\imm32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\psapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\oleaut32.dll
\Windows\System32\setupapi.dll
\Windows\System32\msctf.dll
\Windows\System32\ole32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\normaliz.dll
\Windows\System32\shell32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\difxapi.dll
\Windows\System32\wininet.dll
\Windows\System32\user32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\iertutil.dll
\Windows\System32\shlwapi.dll
\Windows\System32\usp10.dll
\Windows\System32\gdi32.dll
\Windows\System32\nsi.dll
\Windows\System32\sechost.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\lpk.dll
\Windows\System32\kernel32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\devobj.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
IRP handler 0 of \Driver\USBSTOR points to an unknown module
Unhooking enabled.

Scan started
Database versions:
  main:    v2015.06.09.02
  rootkit: v2015.06.02.01

<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa8004b32060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008b\
Lower Device Object: 0xfffffa8005653b60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8004b21060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000089\
Lower Device Object: 0xfffffa8005645b60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8004afd060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000088\
Lower Device Object: 0xfffffa8005647b60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8004b00060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000087\
Lower Device Object: 0xfffffa8005639b60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8004b01060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000086\
Lower Device Object: 0xfffffa800563eb60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80049b55c0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T1L0-3\
Lower Device Object: 0xfffffa800481c060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80049b55c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80049b6040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80049b55c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800481b520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800481c060, DeviceName: \Device\Ide\IdeDeviceP1T1L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00606a150, 0xfffffa80049b55c0, 0xfffffa8004a0d790
Lower DeviceData: 0xfffff8a017eda590, 0xfffffa800481c060, 0xfffffa800495c7e0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 58BACA3D

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 312371200

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8004b01060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004b01b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004b01060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800563eb60, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8004b00060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004b00b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004b00060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005639b60, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8004afd060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004afdb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004afd060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005647b60, DeviceName: \Device\00000088\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8004b21060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004b21b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004b21060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005645b60, DeviceName: \Device\00000089\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 512
Drive: 5, DevicePointer: 0xfffffa8004b32060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004b32b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004b32060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005653b60, DeviceName: \Device\0000008b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a01263d620, 0xfffffa8004b32060, 0xfffffa80045c2790
Lower DeviceData: 0xfffff8a01088d880, 0xfffffa8005653b60, 0xfffffa8004703190
Drive 5
Scanning MBR on drive 5...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 150B17

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 1952151488

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 999501594624 bytes
Sector size: 512 bytes

Done!
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-F2B4A565D1A32BC818D86A5A387293CB5BFC4185.bin.VE1" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-F2B4A565D1A32BC818D86A5A387293CB5BFC4185.bin.VF" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-5-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-5-r.mbam...
Removal finished
 



#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 PM

Posted 09 June 2015 - 05:21 PM

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.

Note: Reboot after you remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

Note: Reboot after you remove infections.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#5 averagejohndoe

averagejohndoe
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 10 June 2015 - 04:53 PM

Here are the logs.

 

 

 

11 Jun 2015 03:41:09 [1308] - **********************************************************
11 Jun 2015 03:41:09 [1308] - MWAV - eScanAV AntiVirus Toolkit.
11 Jun 2015 03:41:09 [1308] - Copyright ゥ MicroWorld Technologies
11 Jun 2015 03:41:09 [1308] -
11 Jun 2015 03:41:09 [1308] - Support: support@escanav.com
11 Jun 2015 03:41:09 [1308] - Web: http://www.escanav.com
11 Jun 2015 03:41:09 [1308] - **********************************************************
11 Jun 2015 03:41:09 [1308] - Version 14.0.188[DB] (C:\USERS\SILVER_KING\APPDATA\LOCAL\TEMP\MWAVSCAN.EXE)
11 Jun 2015 03:41:09 [1308] - Log File: C:\Users\Silver_King\AppData\Local\Temp\LOG\MWAV.LOG
11 Jun 2015 03:41:09 [1308] - User Account: Silver_King (Administrator Mode)
11 Jun 2015 03:41:09 [1308] - Parent Process Name : c:\Windows\explorer.exe
11 Jun 2015 03:41:09 [1308] - Windows Root  Folder: C:\Windows
11 Jun 2015 03:41:09 [1308] - Windows Sys32 Folder: C:\Windows\system32
11 Jun 2015 03:41:09 [1308] - OS: Windows 7 64-Bit [OS Install Date: 13 Feb 2010 16:00:12]
11 Jun 2015 03:41:09 [1308] - Ver: Professional Service Pack 1 (Build 7601)
11 Jun 2015 03:41:09 [1308] - Latest Date of files inside MWAV: Wed Jun 10 19:46:26 2015.
11 Jun 2015 03:41:09 [1308] - Priority: NORMAL
 
11 Jun 2015 03:41:09 [09dc] - Options Selected by User:
11 Jun 2015 03:41:09 [09dc] - Memory Check: Enabled
11 Jun 2015 03:41:09 [09dc] - Registry Check: Enabled
11 Jun 2015 03:41:09 [09dc] - StartUp Folder Check: Enabled
11 Jun 2015 03:41:09 [09dc] - System Folder Check: Enabled
11 Jun 2015 03:41:09 [09dc] - Services Check: Enabled
11 Jun 2015 03:41:09 [09dc] - Scan Spyware: Enabled
11 Jun 2015 03:41:09 [09dc] - Scan Archives: Disabled
11 Jun 2015 03:41:09 [09dc] - Drive Check: Enabled
11 Jun 2015 03:41:09 [09dc] - All Drive Check :Disabled
11 Jun 2015 03:41:09 [09dc] - Drive Selected = C:\
11 Jun 2015 03:41:09 [09dc] - Folder Check: Disabled
11 Jun 2015 03:41:09 [09dc] - SCAN: All_Files [UNICODE]
11 Jun 2015 03:41:09 [09dc] - MWAV Mode( B): Scan and Clean files (for viruses, adware and spyware)
 
11 Jun 2015 03:41:09 [09dc] - Scanning DNS Records...
11 Jun 2015 03:41:09 [09dc] - Scanning Master Boot Record (User)...
11 Jun 2015 03:41:09 [09dc] - Scanning Logical Boot Records...
11 Jun 2015 03:41:10 [09dc] - ***** Scanning For Hidden Rootkit Processes *****
11 Jun 2015 03:41:10 [09dc] - ***** Scanning For Hidden Rootkit Services *****
 
11 Jun 2015 03:41:22 [09dc] - ***** Scanning Memory Files *****
 
11 Jun 2015 03:41:34 [09dc] - ***** Scanning Registry Files *****
 
11 Jun 2015 03:41:41 [09dc] - ***** Scanning StartUp Folders *****
11 Jun 2015 03:43:30 [05e0] - ScanFile (C:\ProgramData\Apple Computer\Installer Cache\QuickTime 7.76.80.95\QuickTime.msi) took 5211 ms
11 Jun 2015 03:48:23 [05e0] - ScanFile (C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\amd64\server\nvstreamsvc.exe) took 20842 ms
11 Jun 2015 03:48:23 [05e0] - Scanning of C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\amd64\server\nvstreamsvc.exe Timed out!!!
 
11 Jun 2015 03:48:37 [09dc] - ***** Scanning Service Files *****
11 Jun 2015 03:48:37 [0a64] - C:\ProgramData\..\settings.ini.mwt File already Scanned once... not able to clean.
11 Jun 2015 03:49:08 [09dc] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\sptd\Cfg].
11 Jun 2015 03:49:09 [09dc] - Giving rights© to [HKLM64\SYSTEM\CurrentControlSet\Services\sptd\Cfg].
 
11 Jun 2015 03:49:21 [09dc] - ***** Scanning Registry and File system for Adware/Spyware *****
11 Jun 2015 03:49:22 [09dc] - Loading Spyware Signatures from new External Database [Name: C:\Users\SILVER~1\AppData\Local\Temp\spydb.avs, Size: 464724]...
11 Jun 2015 03:49:22 [09dc] - Indexed Spyware Databases Successfully Created...
 
 
11 Jun 2015 03:49:33 [09dc] - ***** Scanning Registry Files *****
 
11 Jun 2015 03:49:34 [09dc] - ***** Scanning System32 Folders *****
11 Jun 2015 03:50:01 [0404] - ScanFile (C:\Windows\SysWOW64\GameMon.des) took 5351 ms
11 Jun 2015 03:50:15 [0404] - ScanFile (C:\Windows\SysWOW64\mfc100u.dll) took 5304 ms
 
11 Jun 2015 03:52:07 [0d64] - ScanFile (C:\Users\Silver_King\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\9e53cac1f699e676ccc302d9cb5a5f_fce8395c8fd8a86e_6229ccd76215aea1_0_0.toc) took 9282 ms
11 Jun 2015 03:52:09 [0a64] - ScanFile (C:\Users\Silver_King\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\9e53cac1f699e676ccc302d9cb5a5f_fce8395c8fd8a86e_6229ccd76215aea1_0_0.bin) took 11637 ms
 
11 Jun 2015 03:53:45 [09dc] - ***** Scanning Drive C:\ *****
11 Jun 2015 03:53:51 [05e0] - Scanning File C:\Intel\ExtremeGraphics\CUI\Resource\IntelR HD Graphics.lnk
11 Jun 2015 03:53:56 [0a64] - ScanFile (C:\Games\Ys.Origin-KaOs\Extras\vcredist_x86.exe) took 7535 ms
11 Jun 2015 03:54:24 [0d64] - ScanFile (C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\AdobePDFL.dll) took 13963 ms
11 Jun 2015 03:55:01 [0d64] - ScanFile (C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\AdobePDFL.dll) took 15803 ms
11 Jun 2015 03:55:26 [0a64] - ScanFile (C:\Program Files\Bonjour\dns_sd.jar) took 5600 ms
11 Jun 2015 04:06:46 [05e0] - ScanFile (C:\Program Files\Microsoft Office\Office15\lync.exe) took 5007 ms
11 Jun 2015 04:09:31 [0d64] - ScanFile (C:\Program Files\Microsoft Office\Office15\MSPUB.EXE) took 15273 ms
11 Jun 2015 04:09:36 [0404] - ScanFile (C:\Program Files\Microsoft Office\Office15\MSACCESS.EXE) took 24461 ms
11 Jun 2015 04:09:36 [0404] - Scanning of C:\Program Files\Microsoft Office\Office15\MSACCESS.EXE Timed out!!!
11 Jun 2015 04:09:50 [0a64] - ScanFile (C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE) took 24320 ms
11 Jun 2015 04:09:50 [0a64] - Scanning of C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE Timed out!!!
11 Jun 2015 04:11:34 [0a64] - ScanFile (C:\Program Files\Microsoft SQL Server\100\Shared\VS2008\1033\rdbgsetup.exe) took 6068 ms
11 Jun 2015 04:11:57 [0a64] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{2BE1A6A1-F079-4F3B-A8D6-7939F2B6404C}\nvd3dum.dl_) took 7145 ms
11 Jun 2015 04:11:58 [05e0] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{2BE1A6A1-F079-4F3B-A8D6-7939F2B6404C}\nvd3dumx.dl_) took 7254 ms
11 Jun 2015 04:11:59 [0d64] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{2BE1A6A1-F079-4F3B-A8D6-7939F2B6404C}\nvlddmkm.sy_) took 5133 ms
11 Jun 2015 04:12:03 [0a64] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{2BE1A6A1-F079-4F3B-A8D6-7939F2B6404C}\nvoglv64.dl_) took 5866 ms
11 Jun 2015 04:12:10 [0d64] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{4B31DAA6-27B8-4CE0-84FD-E42F234F2969}\nvcompiler.dl_) took 5429 ms
11 Jun 2015 04:12:20 [05e0] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{4B31DAA6-27B8-4CE0-84FD-E42F234F2969}\nvopencl32.dl_) took 5273 ms
11 Jun 2015 04:12:20 [0404] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{4B31DAA6-27B8-4CE0-84FD-E42F234F2969}\nvoglv64.dl_) took 6022 ms
11 Jun 2015 04:12:26 [0d64] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{4B31DAA6-27B8-4CE0-84FD-E42F234F2969}\nvsetup.exe) took 11263 ms
11 Jun 2015 04:12:28 [0a64] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{4B31DAA6-27B8-4CE0-84FD-E42F234F2969}\nvwgf2um.dl_) took 8471 ms
11 Jun 2015 04:12:29 [0404] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{4B31DAA6-27B8-4CE0-84FD-E42F234F2969}\nvwgf2umx.dl_) took 9391 ms
11 Jun 2015 04:12:33 [05e0] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{4EE305BE-FA54-47A8-8E28-D1C4AC7B705B}\nvcompiler.dl_) took 5211 ms
11 Jun 2015 04:12:38 [0d64] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{4EE305BE-FA54-47A8-8E28-D1C4AC7B705B}\nvd3dumx.dl_) took 5523 ms
11 Jun 2015 04:12:42 [0a64] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{4EE305BE-FA54-47A8-8E28-D1C4AC7B705B}\nvoglv32.dl_) took 5632 ms
11 Jun 2015 04:12:43 [0404] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{4EE305BE-FA54-47A8-8E28-D1C4AC7B705B}\nvoglv64.dl_) took 6723 ms
11 Jun 2015 04:12:59 [0d64] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{7422A0A4-5DAB-41A1-930E-A3ACA8A0CA31}\nvoglv32.dl_) took 7223 ms
11 Jun 2015 04:13:02 [0404] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{7422A0A4-5DAB-41A1-930E-A3ACA8A0CA31}\nvoglv64.dl_) took 9547 ms
11 Jun 2015 04:13:05 [0a64] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{7422A0A4-5DAB-41A1-930E-A3ACA8A0CA31}\nvwgf2umx.dl_) took 5350 ms
11 Jun 2015 04:13:12 [0404] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{7F6E72EB-A381-44E4-AE90-3F56FCF76F67}\nvd3dumx.dl_) took 5882 ms
11 Jun 2015 04:13:17 [0404] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{7F6E72EB-A381-44E4-AE90-3F56FCF76F67}\nvopencl.dl_) took 5133 ms
11 Jun 2015 04:13:18 [0a64] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{7F6E72EB-A381-44E4-AE90-3F56FCF76F67}\nvoglv32.dl_) took 8049 ms
11 Jun 2015 04:13:22 [05e0] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{7F6E72EB-A381-44E4-AE90-3F56FCF76F67}\nvoglv64.dl_) took 12028 ms
11 Jun 2015 04:13:24 [0a64] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{7F6E72EB-A381-44E4-AE90-3F56FCF76F67}\nvwgf2um.dl_) took 6099 ms
11 Jun 2015 04:13:25 [0d64] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{7F6E72EB-A381-44E4-AE90-3F56FCF76F67}\nvwgf2umx.dl_) took 7426 ms
11 Jun 2015 04:13:31 [0a64] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C5E2E525-9CD4-4AF9-915D-99660BC939D5}\nvcuda32.dl_) took 5304 ms
11 Jun 2015 04:13:31 [0d64] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C5E2E525-9CD4-4AF9-915D-99660BC939D5}\nvcuda64.dl_) took 5709 ms
11 Jun 2015 04:13:32 [0404] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C5E2E525-9CD4-4AF9-915D-99660BC939D5}\nvcompiler32.dl_) took 8830 ms
11 Jun 2015 04:13:33 [05e0] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C5E2E525-9CD4-4AF9-915D-99660BC939D5}\nvcompiler.dl_) took 10046 ms
11 Jun 2015 04:13:37 [0a64] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C5E2E525-9CD4-4AF9-915D-99660BC939D5}\nvd3dum.dl_) took 5086 ms
11 Jun 2015 04:13:38 [0d64] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C5E2E525-9CD4-4AF9-915D-99660BC939D5}\nvd3dumx.dl_) took 5600 ms
11 Jun 2015 04:13:43 [0404] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C5E2E525-9CD4-4AF9-915D-99660BC939D5}\nvoglv32.dl_) took 5897 ms
11 Jun 2015 04:13:44 [05e0] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C5E2E525-9CD4-4AF9-915D-99660BC939D5}\nvopencl64.dl_) took 5647 ms
11 Jun 2015 04:13:51 [0a64] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C5E2E525-9CD4-4AF9-915D-99660BC939D5}\nvoglv64.dl_) took 13229 ms
11 Jun 2015 04:13:51 [0404] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C5E2E525-9CD4-4AF9-915D-99660BC939D5}\nvwgf2um.dl_) took 7254 ms
11 Jun 2015 04:13:52 [05e0] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C5E2E525-9CD4-4AF9-915D-99660BC939D5}\nvwgf2umx.dl_) took 7738 ms
11 Jun 2015 04:13:56 [0a64] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{CA22B14A-3EC9-470D-B15B-5F95F01A8F20}\nvcompiler32.dl_) took 5023 ms
11 Jun 2015 04:13:56 [0d64] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{CA22B14A-3EC9-470D-B15B-5F95F01A8F20}\nvcompiler.dl_) took 6177 ms
11 Jun 2015 04:14:01 [05e0] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{CA22B14A-3EC9-470D-B15B-5F95F01A8F20}\nvd3dum.dl_) took 5179 ms
11 Jun 2015 04:14:13 [0d64] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{E954F125-4998-45F3-B663-E721FA4D1F89}\nvcompiler32.dl_) took 6287 ms
11 Jun 2015 04:14:14 [0a64] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{E954F125-4998-45F3-B663-E721FA4D1F89}\nvcompiler64.dl_) took 7254 ms
11 Jun 2015 04:14:23 [0404] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{E954F125-4998-45F3-B663-E721FA4D1F89}\nvoglv32.dl_) took 5896 ms
11 Jun 2015 04:14:24 [05e0] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{E954F125-4998-45F3-B663-E721FA4D1F89}\nvoglv64.dl_) took 6771 ms
11 Jun 2015 04:14:31 [0d64] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{E954F125-4998-45F3-B663-E721FA4D1F89}\nvwgf2um.dl_) took 7067 ms
11 Jun 2015 04:14:33 [0404] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{E954F125-4998-45F3-B663-E721FA4D1F89}\nvwgf2umx.dl_) took 9204 ms
11 Jun 2015 04:14:38 [05e0] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.GFExperience.{18E2D77E-E349-414E-8C93-C1149404FA4C}\GFExperience.exe) took 7348 ms
11 Jun 2015 04:15:47 [05e0] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\ShadowPlay.{662F8EBE-BC85-407F-8227-575E6CC0E5D0}\gamecaster32.dll) took 8050 ms
11 Jun 2015 04:15:47 [0a64] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\ShadowPlay.{662F8EBE-BC85-407F-8227-575E6CC0E5D0}\twitchsdk32.dll) took 5897 ms
11 Jun 2015 04:16:03 [0404] - ScanFile (C:\Program Files\Recuva\Recuva.exe) took 6692 ms
11 Jun 2015 04:21:16 [05e0] - ScanFile (C:\Program Files (x86)\Cheat Engine 6.4\cheatengine-i386.exe) took 5850 ms
11 Jun 2015 04:24:15 [0a64] - ScanFile (C:\Program Files (x86)\Electronic Arts\Command & Conquer 3\Extras\ComradeSetup1.1.4.143_cc3.exe) took 6646 ms
11 Jun 2015 04:24:21 [0d64] - ScanFile (C:\Program Files (x86)\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat) took 8221 ms
11 Jun 2015 04:24:22 [0404] - ScanFile (C:\Program Files (x86)\Electronic Arts\Command & Conquer 3\RetailExe\1.1\cnc3game.dat) took 7941 ms
11 Jun 2015 04:24:24 [0a64] - ScanFile (C:\Program Files (x86)\Electronic Arts\Command & Conquer 3\RetailExe\1.2\cnc3game.dat) took 8034 ms
11 Jun 2015 04:24:28 [05e0] - ScanFile (C:\Program Files (x86)\Electronic Arts\Command & Conquer 3\RetailExe\1.3\cnc3game.dat) took 8065 ms
11 Jun 2015 04:24:30 [0d64] - ScanFile (C:\Program Files (x86)\Electronic Arts\Command & Conquer 3\RetailExe\1.4\cnc3game.dat) took 6801 ms
11 Jun 2015 04:24:32 [0404] - ScanFile (C:\Program Files (x86)\Electronic Arts\Command & Conquer 3\RetailExe\1.5\cnc3game.dat) took 7581 ms
11 Jun 2015 04:24:34 [0a64] - ScanFile (C:\Program Files (x86)\Electronic Arts\Command & Conquer 3\RetailExe\1.6\cnc3game.dat) took 6755 ms
11 Jun 2015 04:24:38 [05e0] - ScanFile (C:\Program Files (x86)\Electronic Arts\Command & Conquer 3\RetailExe\1.7\cnc3game.dat) took 8174 ms
11 Jun 2015 04:24:42 [0d64] - ScanFile (C:\Program Files (x86)\Electronic Arts\Command & Conquer 3\RetailExe\1.8\cnc3game.dat) took 9579 ms
11 Jun 2015 04:24:51 [0d64] - ScanFile (C:\Program Files (x86)\Electronic Arts\Command & Conquer 3 Kane's Wrath\RetailExe\1.2\cnc3ep1.dat) took 5226 ms
11 Jun 2015 04:24:54 [0404] - ScanFile (C:\Program Files (x86)\Electronic Arts\Command & Conquer 3 Kane's Wrath\RetailExe\1.1\cnc3ep1.dat) took 9688 ms
11 Jun 2015 04:25:52 [0404] - ScanFile (C:\Program Files (x86)\Eushully\神採りアルケミーマイスター\Kamidori English 1_0.exe) took 23307 ms
11 Jun 2015 04:25:52 [0404] - Scanning of C:\Program Files (x86)\Eushully\神採りアルケミーマイスター\Kamidori English 1_0.exe Timed out!!!
11 Jun 2015 04:26:07 [05e0] - C:\Program Files (x86)\Garena Plus\Apps\BlackShot\BlackShot\AutoUpdate\Skin\Skin.ggz not Scanned. Possibly password protected...
11 Jun 2015 04:29:02 [05e0] - ScanFile (C:\Program Files (x86)\Garena Plus\dependent\im_installer.exe) took 5273 ms
11 Jun 2015 04:29:04 [0a64] - ScanFile (C:\Program Files (x86)\Garena Plus\dependent\vcredist_x86.exe) took 6771 ms
11 Jun 2015 04:29:09 [0404] - C:\Program Files (x86)\Garena Plus\Room\AutoUpdate\Skin\Skin.ggz not Scanned. Possibly password protected...
11 Jun 2015 04:29:18 [0404] - ScanFile (C:\Program Files (x86)\Garena Plus\Room\garena_room.exe) took 7114 ms
11 Jun 2015 04:29:25 [05e0] - ScanFile (C:\Program Files (x86)\Gigabyte\ET6\bg.dll) took 5366 ms
11 Jun 2015 04:30:14 [0d64] - ScanFile (C:\Program Files (x86)\KOEI\Dynasty Warriors 4 Hyper\Dynasty Warriors 4 Hyper..exe) took 5350 ms
11 Jun 2015 04:36:08 [09dc] - INVALID ATTRIBUTES FOR FOLDER [C:\Program Files (x86)\Neone SystemsR]: LastErr: 2. IGNORING.
11 Jun 2015 04:36:16 [0d64] - ScanFile (C:\Program Files (x86)\MSI Afterburner\Redist\RTSSSetup.exe) took 11014 ms
11 Jun 2015 04:38:27 [0404] - ScanFile (C:\Program Files (x86)\qBittorrent\qbittorrent.exe) took 6084 ms
11 Jun 2015 04:39:45 [0404] - ScanFile (C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe) took 5132 ms
11 Jun 2015 04:39:58 [0a64] - ScanFile (C:\Program Files (x86)\Samsung\Kies3\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe) took 7660 ms
11 Jun 2015 04:42:14 [05e0] - ScanFile (C:\Program Files (x86)\領域ZERO\東方スカイアリーナ\Resource\Data\Objects.gpk) took 17971 ms
11 Jun 2015 04:43:23 [0a64] - C:\settings.ini.mwt File already Scanned once... not able to clean.
11 Jun 2015 04:43:24 [0a64] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
11 Jun 2015 04:43:24 [0404] - Scanning File ...\{c91128c0-0f4c-11e5-9869-00ac48e4e149}{3808876b-c176-4e48-b7ae...
11 Jun 2015 04:43:24 [05e0] - Scanning File ...\{f992063d-0e9b-11e5-83fe-00ac48e4e149}{3808876b-c176-4e48-b7ae...
11 Jun 2015 04:43:24 [0d64] - Scanning File ...\{f992066c-0e9b-11e5-83fe-00ac48e4e149}{3808876b-c176-4e48-b7ae...
11 Jun 2015 04:46:05 [0a64] - ScanFile (C:\Users\Others\AppData\Local\Temp\NVIDIA\DisplayDriver\GeForceGameReadyDriver\Display.Driver\nvcuda32.dl_) took 6879 ms
11 Jun 2015 04:46:10 [0404] - ScanFile (C:\Users\Others\AppData\Local\Temp\NVIDIA\DisplayDriver\GeForceGameReadyDriver\Display.Driver\nvcuda64.dl_) took 10873 ms
11 Jun 2015 04:46:20 [0a64] - ScanFile (C:\Users\Others\AppData\Local\Temp\NVIDIA\DisplayDriver\GeForceGameReadyDriver\Display.Driver\nvd3dum.dl_) took 10842 ms
11 Jun 2015 04:46:24 [0404] - ScanFile (C:\Users\Others\AppData\Local\Temp\NVIDIA\DisplayDriver\GeForceGameReadyDriver\Display.Driver\nvd3dumx.dl_) took 13884 ms
11 Jun 2015 04:46:28 [0d64] - ScanFile (C:\Users\Others\AppData\Local\Temp\NVIDIA\DisplayDriver\GeForceGameReadyDriver\Display.Driver\nvcompiler32.dl_) took 29936 ms
11 Jun 2015 04:46:28 [0d64] - Scanning of C:\Users\Others\AppData\Local\Temp\NVIDIA\DisplayDriver\GeForceGameReadyDriver\Display.Driver\nvcompiler32.dl_ Timed out!!!
11 Jun 2015 04:46:30 [05e0] - ScanFile (C:\Users\Others\AppData\Local\Temp\NVIDIA\DisplayDriver\GeForceGameReadyDriver\Display.Driver\nvcompiler64.dl_) took 32385 ms
11 Jun 2015 04:46:30 [05e0] - Scanning of C:\Users\Others\AppData\Local\Temp\NVIDIA\DisplayDriver\GeForceGameReadyDriver\Display.Driver\nvcompiler64.dl_ Timed out!!!
11 Jun 2015 04:46:41 [0404] - ScanFile (C:\Users\Others\AppData\Local\Temp\NVIDIA\DisplayDriver\GeForceGameReadyDriver\Display.Driver\nvopencl32.dl_) took 11138 ms
11 Jun 2015 04:46:42 [0d64] - ScanFile (C:\Users\Others\AppData\Local\Temp\NVIDIA\DisplayDriver\GeForceGameReadyDriver\Display.Driver\nvoglv32.dl_) took 14320 ms
11 Jun 2015 04:46:43 [05e0] - ScanFile (C:\Users\Others\AppData\Local\Temp\NVIDIA\DisplayDriver\GeForceGameReadyDriver\Display.Driver\nvopencl64.dl_) took 12308 ms
11 Jun 2015 04:46:44 [0a64] - ScanFile (C:\Users\Others\AppData\Local\Temp\NVIDIA\DisplayDriver\GeForceGameReadyDriver\Display.Driver\nvoglv64.dl_) took 15912 ms
11 Jun 2015 04:46:54 [0d64] - ScanFile (C:\Users\Others\AppData\Local\Temp\NVIDIA\DisplayDriver\GeForceGameReadyDriver\Display.Driver\nvwgf2um.dl_) took 11872 ms
11 Jun 2015 04:46:55 [05e0] - ScanFile (C:\Users\Others\AppData\Local\Temp\NVIDIA\DisplayDriver\GeForceGameReadyDriver\Display.Driver\nvwgf2umx.dl_) took 12106 ms
11 Jun 2015 04:47:49 [0a64] - Scanning File ...\Armin van Buuren vs Above & Beyond - Orbion Sweetest Heart (Je...
11 Jun 2015 04:50:02 [0404] - ScanFile (C:\Users\Silver_King\Documents\System Related Software\CopyTransContacts.exe) took 9438 ms
11 Jun 2015 04:55:20 [0a64] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4569\LYNC.LYNC.EXE) took 14539 ms
11 Jun 2015 04:55:21 [0d64] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4569\MSPUB.EXE) took 5382 ms
11 Jun 2015 04:55:24 [05e0] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4569\MSACCESS.EXE) took 11622 ms
11 Jun 2015 04:55:46 [0404] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4569\OUTLOOK.EXE) took 24056 ms
11 Jun 2015 04:55:46 [0404] - Scanning of C:\Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4569\OUTLOOK.EXE Timed out!!!
11 Jun 2015 04:57:28 [0a64] - ScanFile (C:\Windows\Installer\13b6e19.msp) took 6225 ms
11 Jun 2015 04:57:30 [0d64] - ScanFile (C:\Windows\Installer\1537aab.msp) took 5928 ms
11 Jun 2015 04:57:30 [0404] - ScanFile (C:\Windows\Installer\13b6fc7.msp) took 7940 ms
11 Jun 2015 04:57:36 [0d64] - ScanFile (C:\Windows\Installer\1537d85.msp) took 6240 ms
11 Jun 2015 04:57:39 [0404] - ScanFile (C:\Windows\Installer\19d8eec.msi) took 5631 ms
11 Jun 2015 04:57:42 [0a64] - ScanFile (C:\Windows\Installer\1537d5b.msp) took 13978 ms
11 Jun 2015 04:58:09 [0a64] - ScanFile (C:\Windows\Installer\323bc05.msp) took 5023 ms
11 Jun 2015 04:58:12 [05e0] - ScanFile (C:\Windows\Installer\338585a.msp) took 5741 ms
11 Jun 2015 04:59:08 [0404] - ScanFile (C:\Windows\Installer\7c78330.msp) took 8362 ms
11 Jun 2015 04:59:13 [0a64] - ScanFile (C:\Windows\Installer\7d4c66b.msp) took 12667 ms
11 Jun 2015 04:59:15 [05e0] - ScanFile (C:\Windows\Installer\7fd8467.msp) took 12574 ms
11 Jun 2015 05:06:48 [0404] - ScanFile (C:\Windows\System32\GameMon.des) took 5117 ms
11 Jun 2015 05:13:26 [0404] - ScanFile (C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18044_none_ca35d705cadb185a\ntoskrnl.exe) took 5788 ms
11 Jun 2015 05:22:01 [05e0] - ScanFile (C:\Windows\winsxs\wow64_ehome-bdatunepia_31bf3856ad364e35_6.1.7601.17514_none_5621eb4f9854b9af\BDATunePIA.dll) took 5039 ms
11 Jun 2015 05:22:18 [0a64] - ScanFile (C:\Windows\winsxs\wow64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.18846_none_18d482cda1586bfb\GWX.exe) took 10624 ms
 
11 Jun 2015 05:27:41 [09dc] - ***** Checking for specific ITW Viruses *****
 
11 Jun 2015 05:27:41 [09dc] - ***** Scanning complete. *****
 
11 Jun 2015 05:27:41 [09dc] - Total Objects Scanned: 366321
11 Jun 2015 05:27:41 [09dc] - Total Critical Objects: 0
11 Jun 2015 05:27:41 [09dc] - Total Disinfected Objects: 0
11 Jun 2015 05:27:41 [09dc] - Total Objects Renamed: 0
11 Jun 2015 05:27:41 [09dc] - Total Deleted Objects: 0
11 Jun 2015 05:27:41 [09dc] - Total Errors: 0
11 Jun 2015 05:27:41 [09dc] - Time Elapsed: 01:36:14
11 Jun 2015 05:27:41 [09dc] - Virus Database Date: 11 Jun 2015
11 Jun 2015 05:27:41 [09dc] - Virus Database Count: 5744596
11 Jun 2015 05:27:41 [09dc] - Sign Version: 7.60994 [519746]
 
11 Jun 2015 05:27:41 [09dc] - Scan Completed.
 

 

 

 

Zemana AntiMalware 2.15.2.721 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2015/6/11
Operating System       : Windows 7 64-bit
Processor              : 2X Intel® Pentium® Dual CPU E2200 @ 2.20GHz
BIOS Mode              : Legacy
CUID                   : 00AD2DE92D610D495D4744
Scan Type              : Deep Scan
Duration               : 66m 4s
Scanned Objects        : 289980
Detected Objects       : 6
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : No
Include All Extensions : No
Scan Documents         : Yes
Domain Info            : WORKGROUP,1,2
Detected Objects
-------------------------------------------------------

Generic Root Trust CA
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CE1A3553BA6155DA5160097B4B1EA1FF4CBA7195\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Traces             :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CE1A3553BA6155DA5160097B4B1EA1FF4CBA7195\Blob = 5C000000010000000400000000100000190000000100000010000000C3C6FF7213FE624BAE4831301BA17D090F0000000100000014000000AC596AC410AD9E88C97A631F2030F3D90D3C1A65030000000100000014000000CE1A3553BA6155DA5160097B4B1EA1FF4CBA71950B000000010000002C000000470065006E006500720069006300200052006F006F0074002000540072007500730074002000430041000000140000000100000014000000CE5FBC70E3290C4537046BC28AEAB9783D4E602D04000000010000001000000010FD129C4DE26F6B67B096D644CBEBC720000000010000005F0500003082055B30820347A00302010202100886B0C22AD1139740DCD1C5783A43BE300906052B0E03021D05003020311E301C0603550403131547656E6572696320526F6F74205472757374204341301E170D3034303632373231303030305A170D3339313233313233353935395A3020311E301C0603550403131547656E6572696320526F6F7420547275737420434130820222300D06092A864886F70D01010105000382020F003082020A0282020100E3F7A3A92E8A1E450184F610ED122E2E95F8EEBEF310D633B33FB5B74BFB539EFB02511F2891D0CCCDE451EB360F00F93BD1C48C552899EA1B5FB973A6020F9B01871C0582810180EADD97FAC039B9F10265CA11BEC2BA9FEF5ED5530D0FF52FEF0E3EFA2A57CD716C588B379D5D836B7739A555F7FD035B04603CFA8767E2A4EDEF7BD8476C7E2D7F8856BD85B64B06489F0471EB45495FCC31E8197156009743BE16AE92FE2BF05B655856AF13B6EA148D4AAAECCD264CE8384FCFA0F814FB079395A129514DA2840EB2D6EEA591CE52DA683B484876437D54166FE8BCB77197589E328227D74F2766D137E1FEB53E6C7BA0DD6967C8B1B1D2486FFFC5346227335F938D023A9D3526BD7F956347D615685806E1B9331BD471C66A5BA65E0BE19DE81A32BA1E462B3E54B903D33EF4FC6B1FA54412201E485A3FBFD2E150043100860471C17CE2E769627C15A99910945502FEC75CC8C96C0744D86EF3237F49182760F5ࡎ ຃ƛ�ƟࡎðInternet Explorer Homepage
Status             : Scanned
Object             : http://www.internetexplorertan.com/home/
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Traces             :
                Browser Setting - Internet Explorer Homepage

GTA-SA Crazy Trainer.exe
Status             : Scanned
Object             : %programfiles%\rockstar games\gta san andreas\gta-sa crazy trainer.exe
MD5                : BBF5D286E762F2E4F7266EFC5DD49BEF
Publisher          : -
Size               : 346623
Version            : 2.0.0.0
Detection          : Malware:Win32/Generic!Maer
Cleaning Action    : Quarantine
Traces             :
                File - %programfiles%\rockstar games\gta san andreas\gta-sa crazy trainer.exe

SILENT HILL 3 v1.0.0.1 + 8 Trainer.exe
Status             : Scanned
Object             : %programfiles%\konami\silent hill 3\silent hill 3 v1.0.0.1 + 8 trainer.exe
MD5                : 8F0B835B3FC4BEA1F94B9D82EF51D754
Publisher          : -
Size               : 1526371
Version            : 2.3.1.563
Detection          : PUA:Win32/HackTool.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %programfiles%\konami\silent hill 3\silent hill 3 v1.0.0.1 + 8 trainer.exe

RE3 V1.0.exe
Status             : Scanned
Object             : %programfiles%\capcom\residentevil3\re3 v1.0.exe
MD5                : CAF1173C8E024D4391E81EC04CDFD01E
Publisher          : -
Size               : 581345
Version            : 1.7.0.0
Detection          : PUA:Win32/HackTool.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %programfiles%\capcom\residentevil3\re3 v1.0.exe

ipscan.exe
Status             : Scanned
Object             : %programfiles%\bluetack\blocklist manager\tools\ipscan.exe
MD5                : 6C1BCF0B1297689C8C4C12CC70996A75
Publisher          : -
Size               : 111104
Version            : 0.0.0.0
Detection          : Malware:Win32/Nevoros.B!Ecrt
Cleaning Action    : Quarantine
Traces             :
                File - %programfiles%\bluetack\blocklist manager\tools\ipscan.exe

Cleaning Result
-------------------------------------------------------
Cleaned               : 6
Reported as safe      : 0
Failed                : 0

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.1 (06.08.2015:1)
OS: Windows 7 Ultimate x64
Ran by Silver_King on 06/11/2015 Thu at  1:36:59.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\Driver Booster SkipUAC (Silver_King)



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\wininit.ini



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec
Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\Windows\freecorder



~~~ FireFox




~~~ Chrome


[C:\Users\Silver_King\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Silver_King\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Silver_King\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Silver_King\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06/11/2015 Thu at  2:16:24.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

# AdwCleaner v4.206 - Logfile created 11/06/2015 at 02:48:19
# Updated 01/06/2015 by Xplode
# Database : 2015-06-09.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Silver_King - PROTO-ALICE
# Running from : C:\Users\Silver_King\Downloads\adwcleaner_4.206.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Silver_King\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
File Deleted : C:\Users\Others\AppData\Roaming\Mozilla\Firefox\Profiles\k94pjv7h.default\invalidprefs.js
File Deleted : C:\Users\Others\AppData\Roaming\Mozilla\Firefox\Profiles\k94pjv7h.default\searchplugins\ask-search.xml
File Deleted : C:\Users\Others\AppData\Roaming\Mozilla\Firefox\Profiles\k94pjv7h.default\searchplugins\bingp.xml
File Deleted : C:\Users\Others\AppData\Roaming\Mozilla\Firefox\Profiles\k94pjv7h.default\searchplugins\Messenger Plus Smartbar Search.xml
File Deleted : C:\Users\Others\AppData\Roaming\Mozilla\Firefox\Profiles\k94pjv7h.default\searchplugins\Plusnetwork.xml
File Deleted : C:\Users\Others\AppData\Roaming\Mozilla\Firefox\Profiles\k94pjv7h.default\user.js

***** [ Scheduled tasks ] *****

Task Deleted : YourFile DownloaderUpdate
Task Deleted : amiupdaterExd
Task Deleted : amiupdaterExi

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKLM\SOFTWARE\Cheat Engine\OpenCandy
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.5 (x86 en-US)

[k94pjv7h.default\prefs.js] - Line Deleted : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]

-\\ Google Chrome v43.0.2357.124

[C:\Users\Others\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
[C:\Users\Others\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Homepage] : hxxp://www.plusnetwork.com/?sp=hp/

*************************

AdwCleaner[R0].txt - [3884 bytes] - [11/06/2015 02:29:04]
AdwCleaner[S0].txt - [3739 bytes] - [11/06/2015 02:48:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3798  bytes] ##########
 

 

 

 

Regarding the clean-up softwares, I was able to install and run System Ninja and CCleaner with no problems. However, when trying to run Wipe (https://privacyroot.com/software/www/en/wipe.php), it always shows an unhandled exception error about 3/4 of the way through it's "Detecting Installation" phase. Tried running it as Admin with no luck. Below is the error message that appears when I click on the detail button.

 

 

 

See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.ArgumentException: Argument 'Length' must be greater or equal to zero.
   at Microsoft.VisualBasic.Strings.Mid(String str, Int32 Start, Int32 Length)
   at Wipe.WIPE.getInstallationFolder(String pluginShortName)
   at Wipe.WIPE.isSoftInstalled(String pluginShortName)
   at Wipe.WIPE.analyze_installed_progs(Boolean rememberNewAndOld, Label objectLabel4progress, ProgressBar progress4progress)
   at Wipe.WIPE_PROGRAM.is_there_new_or_removed_programs()
   at Wipe.WIPE_PROGRAM.programStartup_Tick(Object sender, EventArgs e)
   at System.Windows.Forms.Timer.OnTick(EventArgs e)
   at System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message& m)
   at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)


************** Loaded Assemblies **************
mscorlib
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.5485 (Win7SP1GDR.050727-5400)
    CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v2.0.50727/mscorlib.dll
----------------------------------------
Wipe
    Assembly Version: 2015.5.0.0
    Win32 Version: 2015.05.0.0
    CodeBase: file:///C:/Program%20Files/Wipe/Wipe.exe
----------------------------------------
Microsoft.VisualBasic
    Assembly Version: 8.0.0.0
    Win32 Version: 8.0.50727.5483 (Win7SP1GDR.050727-5400)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualBasic/8.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualBasic.dll
----------------------------------------
System.Windows.Forms
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.5491 (Win7SP1GDR.050727-5400)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.5485 (Win7SP1GDR.050727-5400)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Drawing
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.5491 (Win7SP1GDR.050727-5400)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System.Configuration
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.5483 (Win7SP1GDR.050727-5400)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
System.Xml
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.5485 (Win7SP1GDR.050727-5400)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
System.Runtime.Remoting
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.5488 (Win7SP1GDR.050727-5400)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Runtime.Remoting/2.0.0.0__b77a5c561934e089/System.Runtime.Remoting.dll
----------------------------------------
System.Management
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.5483 (Win7SP1GDR.050727-5400)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Management/2.0.0.0__b03f5f7f11d50a3a/System.Management.dll
----------------------------------------
System.Core
    Assembly Version: 3.5.0.0
    Win32 Version: 3.5.30729.5420 built by: Win7SP1
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Core/3.5.0.0__b77a5c561934e089/System.Core.dll
----------------------------------------

************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:

<configuration>
    <system.windows.forms jitDebugging="true" />
</configuration>

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.



#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 PM

Posted 10 June 2015 - 09:23 PM

Skip the running of Wipe, Run Privazer instead to clean out useless files on your machine.

http://privazer.com/

 

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

Source: http://www.techsupportall.com/adware-removal-tool/

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan

http://www.eset.com/us/online-scanner/
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#7 averagejohndoe

averagejohndoe
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 12 June 2015 - 06:49 AM

Here are the logs

 

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool v3.9
Time: 2015_06_12_00_40_03
OS: Windows 7 - 64 Bit
OS FulName:  Microsoft Windows 7 Ultimate  - 64 Bit
OS System: Microsoft Windows NT 6.1.7601 Service Pack 1 - 64 Bit
Account Name: Silver_King
U0L0S29

\\\\\\\\\\\\\\\\\\\\\\\ Scan Logs \\\\\\\\\\\\\\\\\\\\\\

Found - File - C:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
Found - File - C:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.ini
Found - Folder - C:\program files (x86)\Common Files\Wondershare
Found - Folder - C:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact
Found - Folder - C:\Users\Silver_King\Appdata\Local\Wondershare
Found - Folder - C:\Users\Silver_King\Appdata\Local\Wondershare\WSHelper
Found - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE : Wondershare
Found - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node : Wondershare
Found - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility : {2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Found - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility : {2EECD738-5844-4A99-B4B6-146BF802613B}
Found - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility : {472734EA-242A-422B-ADF8-83D1E48CC825}
Found - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility : {97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Found - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility : {98889811-442D-49DD-99D7-DC866BE87DBC}
Found - Registry-Value-Data - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdAgent\CisConfigs\0\Settings :: TaskbarPositions ::: twGenScan|1||

lnkCompUpdate|2||lnkRunVirtualKiosk|3||lnkCompQuarantine|4||twGetLiveSupport|5
Found - Registry-Value-Data - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdAgent\CisConfigs\1\Settings :: TaskbarPositions ::: twGenScan|1||

lnkCompUpdate|2||lnkRunVirtualKiosk|3||lnkCompQuarantine|4||twGetLiveSupport|5
Found - Registry-Value-Data - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdAgent\CisConfigs\2\Firewall\Policy\70 :: Filename ::: C:\Program Files

(x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
Found - Registry-Value-Data - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdAgent\CisConfigs\2\Firewall\Policy\70 :: DeviceName ::: C:\Program

Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
Found - Registry-Value-Data - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdAgent\CisConfigs\2\Settings :: TaskbarPositions ::: twGetLiveSupport|

5||lnkCompQuarantine|4||lnkCompUpdate|2||lnkRunVirtualKiosk|3||twGenScan|1
Found - Registry-Value-Data - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdAgent\Mode\Configurations\0\Settings :: TaskbarPositions :::

twGenScan|1||lnkCompUpdate|2||lnkRunVirtualKiosk|3||lnkCompQuarantine|4||twGetLiveSupport|5
Found - Registry-Value-Data - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdAgent\Mode\Configurations\1\Settings :: TaskbarPositions :::

twGenScan|1||lnkCompUpdate|2||lnkRunVirtualKiosk|3||lnkCompQuarantine|4||twGetLiveSupport|5
Found - Registry-Value-Data - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdAgent\Mode\Configurations\2\Firewall\Policy\70 :: Filename ::: C:

\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
Found - Registry-Value-Data - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdAgent\Mode\Configurations\2\Firewall\Policy\70 :: DeviceName ::: C:

\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
Found - Registry-Value-Data - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdAgent\Mode\Configurations\2\Settings :: TaskbarPositions :::

twGetLiveSupport|5||lnkCompQuarantine|4||lnkCompUpdate|2||lnkRunVirtualKiosk|3||twGenScan|1
Found - Registry-Value-Data - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7} ::

DllName ::: PCTBrowserDefender.dll
Found - Registry-Value-Data - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7} ::

MasterCLSID ::: {472734EA-242A-422B-ADF8-83D1E48CC825}
Found - Registry-Value-Data - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} ::

DllName ::: BabylonToolbar.dll
Found - Registry-Value-Data - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825} ::

DllName ::: PCTBrowserDefender.dll
Found - Registry-Value-Data - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} ::

DllName ::: BabylonToolbar.dll
Found - Registry-Value-Data - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} ::

DllName ::: BabylonToolbarTlbr.dll

// Finished


























\\\\\\\\\\\\\\\\\\\\\\\ Start-Up \\\\\\\\\\\\\\\\\\\\


\\\\\\\\\\\\\\\\\\\\\\\ Installed Programs \\\\\\\\\\\\\\\\\\\\

 - 9-lab Removal Tool -  -  : 9-lab Removal Tool
 - Adobe AIR - Adobe Systems Incorporated -  : Adobe AIR
 - Adobe Flash Player 17 ActiveX - Adobe Systems Incorporated -  : Adobe Flash Player ActiveX
 - Adobe Flash Player 17 NPAPI - Adobe Systems Incorporated -  : Adobe Flash Player NPAPI
 - Adobe Shockwave Player 12.1 - Adobe Systems, Inc. -  : Adobe Shockwave Player
 - MSI Afterburner 4.0.0 - MSI Co., LTD -  : Afterburner
 - Audacity 2.0.5 - Audacity Team - 20140708 : Audacity_is1
 - Garena - BlackShot - Garena Online Pte Ltd. -  : BlackShot
 - Cheat Engine 6.4 - Cheat Engine - 20140811 : Cheat Engine 6.4_is1
 - Combined Community Codec Pack 2014-07-13 - CCCP Project - 20150120 : Combined Community Codec Pack_is1
 - DAEMON Tools Pro - Disc Soft Ltd -  : DAEMON Tools Pro
 - Duplicate Cleaner 1.4.7c - DigitalVolcano -  : Duplicate Cleaner
 - FastStone Image Viewer 4.8 - FastStone Soft -  : FastStone Image Viewer
 - FeedDemon - NewsGator Technologies, Inc. - 20101217 : FeedDemon_is1
 - FFmpeg v0.6.2 for Audacity -  - 20140708 : FFmpeg for Audacity_is1
 - FLAC 1.2.1b (remove only) - Xiph.org -  : FLAC
 - foobar2000 v1.1.8 - Peter Pawlowski -  : foobar2000
 - Google Chrome - Google Inc. - 20150525 : Google Chrome
 - HashCheck Shell Extension (x86-32) - Kai Liu -  : HashCheck Shell Extension
 - NSIS Hisoutensoku English -  -  : Hisoutensoku English
 - HxD Hex Editor version 1.7.7.0 - Ma・ Hz - 20130509 : HxD Hex Editor_is1
 - VIA プラットフォーム・デバイス・マネージャ - VIA Technologies, Inc. - 20101114 : InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}
 - Easy Tune 6 B12.1121.1 - GIGABYTE - 20150226 : InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}
 - Samsung Kies3 - Samsung Electronics Co., Ltd. - 20141013 : InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}
 - Vampire - The Masquerade Bloodlines - Activision - 20141231 : InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}
 - OpenMG Secure Module 4.7.00 - Sony Corporation - 20111110 : InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}
 - KDiff3 (remove only) -  -  : KDiff3
 - LAME v3.99.3 (for Windows) -  - 20140708 : LAME_is1
 - Malwarebytes Anti-Malware version 2.1.6.1022 - Malwarebytes Corporation - 20150608 : Malwarebytes Anti-Malware_is1
 - Mental Omega APYR - Mentalmeisters -  : Mental Omega APYR3.0
 - Microsoft Visual Studio 2010 Service Pack 1 - Microsoft Corporation -  : Microsoft Visual Studio 2010 Service Pack 1
 - Microsoft Visual Studio 2010 Ultimate - ENU - Microsoft Corporation -  : Microsoft Visual Studio 2010 Ultimate - ENU
 - Microsoft Visual Studio Macro Tools - Microsoft Corporation -  : Microsoft Visual Studio Macro Tools
 - Mozilla Firefox 38.0.5 (x86 en-US) - Mozilla -  : Mozilla Firefox 38.0.5 (x86 en-US)
 - Mozilla Maintenance Service - Mozilla -  : MozillaMaintenanceService
 - NirSoft BlueScreenView -  -  : NirSoft BlueScreenView
 - Notepad++ - Notepad++ Team -  : Notepad++
 - NVIDIA Stereoscopic 3D Driver - NVIDIA Corporation -  : NVIDIAStereo
 - OpenAL -  -  : OpenAL
 - OpenMG Limited Patch 4.7-07-14-05-01 -  -  : OpenMG HotFix4.7-07-13-22-01
 - Portforward Static IP Address 1.0.47 - Portforward.com -  : Portforward Static IP Address
 - PrivaZer - Goversoft LLC -  : PrivaZer
 - qBittorrent 3.2.0 - The qBittorrent project -  : qBittorrent
 - Command & Conquer Red Alert 2 -  -  : Red Alert 2
 - ReNamer - [den4b] Denis Kozlov - 20100508 : ReNamer_is1
 - Revo Uninstaller 1.95 - VS Revo Group -  : Revo Uninstaller
 - RGSS-RTP 1.03 - Enterbrain Inc. -  : RGSS-RTP
 - RPG Maker 2000 -  VHゲーム01_110820 -  -  : RPG Maker 2000  VH_110820_rogue patch1
 - RPG Maker VX RTP - Enterbrain - 20130707 : RPG Maker VX RTP_is1
 - RPG MAKER VX Ace RTP - Enterbrain - 20140909 : RPGVXAce_RTP_is1
 - RivaTuner Statistics Server 6.2.0 - Unwinder -  : RTSS
 - Simple Sticky Notes 2.5.1 - Simnet Ltd. - 20150129 : Simple Sticky Notes_is1
 - NSIS SWR English -  -  : SWR English
 - Uplay - Ubisoft -  : Uplay
 - Vensim PLE -  -  : Vensim PLE
 - VisiPics V1.30 - Ozone - 20101025 : VisiPics_is1
 - Warcraft III -  -  : Warcraft III
 - Warzone 2100-3.1.1 - Warzone 2100 Project -  : Warzone 2100-3.1.1
 - Windows Live OneCare safety scanner - Microsoft Corporation -  : Windows Live OneCare safety scanner
 - Windows Live Essentials - Microsoft Corporation -  : WinLiveSuite
 - WinMerge 2.14.0 - Thingamahoochie Software - 20140220 : WinMerge_is1
 - Westwood Shared Internet Components -  -  : WOLAPI
 - XCC Utilities 1.46 -  -  : XCC Utilities
 - Command && Conquer Red Alert 2 - Yuri's Revenge -  -  : Yuri's Revenge
 - _inmm.dll 2.38 -  -  : _inmm
 - Microsoft_VC90_ATL_x86 - Adobe - 20101005 : {033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
 - TuxGuitar - Herac - 20110302 : {03534DA5-2F88-4B8E-A978-849B979E1B8F}
 - Steam - Valve Corporation - 20110308 : {048298C9-A4D3-490B-9FF9-AB023A9238F3}
 - Microsoft Silverlight 4 SDK - Microsoft Corporation - 20150206 : {05855322-BE43-41FE-B583-D3AE0C326D58}
 - EasySaver B9.0904.1  - Gigabyte - 20121201 : {07300F01-89CA-4CF8-92BD-2A605EB83C95}
 - Microsoft_VC90_CRT_x86 - Adobe - 20130127 : {08D2E121-7F6A-43EB-97FD-629B44903403}
 - Vampire - The Masquerade Bloodlines - Activision - 20141231 : {08F8FD7C-44A5-4423-B87C-EBD3D94C9F87}
 - Microsoft SQL Server 2008 R2 Transact-SQL Language Service - Microsoft Corporation - 20150206 : {09C52940-A4D1-4409-A7CC-1AAE630CF578}
 - Windows Live Installer - Microsoft Corporation - 20120415 : {0B0F231F-CE6A-483D-AA23-77B364F75917}
 - Microsoft Visual Studio 2010 SharePoint Developer Tools - Microsoft Corporation - 20150206 : {0BE273CD-AAB9-361B-8C32-D955EAC929E3}
 - Microsoft Sync Framework SDK v1.0 SP1 - Microsoft Corporation - 20150206 : {0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}
 - Microsoft_VC80_ATL_x86 - Adobe - 20101005 : {0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
 - Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU - Microsoft Corporation - 20150206 : {112C23F2-C036-4D40-BED4-0CB47BF5555C}
 - Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 - Microsoft Corporation - 20140206 : {13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
 - SdRt4200 - パルティオソフト株式会社 - 20110922 : {140347A0-4A0C-44FC-9CA1-C8A3471899B7}
 - Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools - Microsoft Corporation - 20150206 : {14DD7530-CCD2-3798-B37D-3839ED6A441C}
 - AdobeColorCommonSetRGB - Adobe Systems Incorporated - 20100214 : {16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
 - Dotfuscator Software Services - Community Edition - PreEmptive Solutions - 20150206 : {1AA5BD63-6614-44B2-88A7-605191EDB835}
 - Hotfix for Microsoft Team Foundation Server 2010 Object Model - ENU (KB2890573) - Microsoft Corporation -  : {1AB7EDC5-D891-34C5-9FF1-

BE6A85ACC44B}.KB2890573
 - Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - Microsoft Corporation - 20110926 : {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
 - Windows Live SOXE Definitions - Microsoft Corporation - 20101020 : {200FEC62-3C34-4D60-9CE8-EC372E01C08F}
 - Microsoft Silverlight 3 SDK - Microsoft Corporation - 20150206 : {2012098D-EEE9-4769-8DD3-B038050854D4}
 - Platform - VIA Technologies, Inc. - 20101114 : {20D4A895-748C-4D88-871C-FDB1695B0169}
 - Java 8 Update 45 - Oracle Corporation - 20150429 : {26A24AE4-039D-4CA4-87B4-2F83218045F0}
 - Windows Live Messenger - Microsoft Corporation - 20120415 : {2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}
 - Microsoft Visual C++  Compilers 2010 Standard - enu - x86 - Microsoft Corporation - 20150206 : {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}
 - Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741) - Microsoft Corporation -  : {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}.KB2280741
 - Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668) - Microsoft Corporation -  : {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}.KB2284668
 - Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689) - Microsoft Corporation -  : {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}.KB2295689
 - Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513) - Microsoft Corporation -  : {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}.KB2420513
 - Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649) - Microsoft Corporation -  : {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}.KB2452649
 - Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033) - Microsoft Corporation -  : {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}.KB2455033
 - Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545) - Microsoft Corporation -  : {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}.KB2485545
 - Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517) - Microsoft Corporation -  : {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}.KB982517
 - Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721) - Microsoft Corporation -  : {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}.KB982721
 - Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233) - Microsoft Corporation -  : {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}.KB983233
 - Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver - Atheros Communications Inc. - 20121201 : {3108C217-BE83-42E4-AE9E-A56A2A92E549}
 - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 - Microsoft Corporation -  : {33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
 - RPGツクール2000 ランタイムパッケージ -  -  : {33F7A957-A66D-45A1-BADF-6576083B14E2}
 - Adobe AIR - Adobe Systems Incorporated - 20150329 : {34927EBC-98D4-4D53-98BE-510DF5999F50}
 - Microsoft SQL Server Compact 3.5 SP2 ENU - Microsoft Corporation - 20150206 : {3A9FC03D-C685-4831-94CF-4EDFD3749497}
 - QuickTime 7 - Apple Inc. - 20150525 : {3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}
 - ON_OFF Charge B11.0110.1 - GIGABYTE - 20121201 : {3DECD372-76A1-4483-BF10-B547790A3261}
 - Microsoft ASP.NET MVC 4 Runtime - Microsoft Corporation - 20141108 : {3FE312D5-B862-40CE-8E4E-A6D8ABF62736}
 - Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - Microsoft Corporation - 20150206 : {40416836-56CC-4C0E-A6AF-5C34BADCE483}
 - Easy Tune 6 B12.1121.1 - GIGABYTE - 20150226 : {457D7505-D665-4F95-91C3-ECB8C56E9ACA}
 - ActiveState ActivePython 2.7.2.5 (32-bit) - ActiveState Software Inc. - 20120914 : {49351FE8-DB8F-4C56-9DA6-B2D6CE3F7BF8}
 - Java Auto Updater - Oracle Corporation - 20150429 : {4A03706F-666A-4037-7777-5F2748764D10}
 - Microsoft Games for Windows Marketplace - Microsoft Corporation - 20110506 : {4CB0307C-565E-4441-86BE-0DF2E4FB828C}
 - Command & Conquer Tiberian Sun - Command & Conquer Communications Center - 20150609 : {52F25D7D-DEE1-42E7-AB48-D0F014E1F795}_is1
 - OpenOffice 4.0.0 - Apache Software Foundation - 20130816 : {55E61709-D7D4-43C0-B45D-BFAF5C09A02D}
 - Windows Live UX Platform Language Pack - Microsoft Corporation - 20120415 : {579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
 - Microsoft Visual Studio 2010 Service Pack 1 - Microsoft Corporation - 20150206 : {5AB7D739-1735-3A9E-BE73-C43507CB4E6F}
 - Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 - Microsoft Corporation - 20150206 : {5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}
 - Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 - Microsoft Corporation - 20120731 : {5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}
 - Google Update Helper - Google Inc. - 20150525 : {60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
 - swMSM - Adobe Systems, Inc - 20130521 : {612C34C7-5E90-47D8-9B5C-0F717DD82726}
 - Microsoft_VC90_MFC_x86 - Adobe - 20101005 : {635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
 - System Requirements Lab for Intel - Husdawg, LLC - 20121201 : {63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}
 - Adobe Color Video Profiles CS CS4 - Adobe Systems Incorporated - 20100214 : {63C24A08-70F3-4C8E-B9FB-9F21A903801D}
 - ATLAS Translation Standard V14.0 Trial Version - FUJITSU LIMITED - 20150326 : {6652750B-AA69-49B7-9D09-C0A28B6FFC9F}
 - Windows Live SOXE - Microsoft Corporation - 20120415 : {682B3E4F-696A-42DE-A41C-4C07EA1678B4}
 - Windows Media Player Firefox Plugin - Microsoft Corp - 20120808 : {69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
 - ATLAS V14.0 L10 Update Pack U004 - FUJITSU LIMITED - 20150326 : {6A72EDA1-B12B-4940-8DE1-EDCD489659ED}
 - Microsoft Visual Studio Macro Tools - Microsoft Corporation - 20150206 : {6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}
 - Security Update for Microsoft Visual Studio Macro Tools (KB2669970) - Microsoft Corporation -  : {6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}.KB2669970
 - System Ninja version 3.0.6 - SingularLabs - 20150610 : {6E67710E-206D-43AB-BF21-E7CD63056C55}_is1
 - Microsoft Visual C++ 2005 Redistributable - Microsoft Corporation - 20110926 : {710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
 - Auslogics BoostSpeed - Auslogics Software Pty Ltd - 20121222 : {7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1
 - Easy MSI Editor - Neone Systems® - 20130803 : {746104AD-F13F-4A32-8A03-2F6506C2E58E}
 - Adobe Photoshop CS6 - Adobe Systems Incorporated -  : {74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}
 - 東方深秘録 Ver1.02b - 黄昏フロンティア - 20150521 : {760D8976-9ACD-40F1-A00B-52B784A7F0B8}_is1
 - Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - Microsoft Corporation - 20120124 : {770657D0-A123-3C07-8E44-1C83EC895118}
 - Microsoft SQL Server 2008 R2 Management Objects - Microsoft Corporation - 20150206 : {77F1F8AD-51B8-4490-AEEC-BF480073E0FC}
 - Apple Software Update - Apple Inc. - 20110729 : {789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
 - Microsoft SQL Server 2008 R2 Data-Tier Application Project - Microsoft Corporation - 20150206 : {7A56D81D-6406-40E7-9184-8AC1769C4D69}
 - Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 - Microsoft Corporation -  : {7f51bdb9-ee21-49ee-94d6-90afc321780e}
 - Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741) - Microsoft Corporation -  : {81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}.KB2280741
 - Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668) - Microsoft Corporation -  : {81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}.KB2284668
 - Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689) - Microsoft Corporation -  : {81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}.KB2295689
 - Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513) - Microsoft Corporation -  : {81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}.KB2420513
 - Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649) - Microsoft Corporation -  : {81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}.KB2452649
 - Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033) - Microsoft Corporation -  : {81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}.KB2455033
 - Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545) - Microsoft Corporation -  : {81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}.KB2485545
 - Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517) - Microsoft Corporation -  : {81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}.KB982517
 - Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721) - Microsoft Corporation -  : {81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}.KB982721
 - Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233) - Microsoft Corporation -  : {81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}.KB983233
 - Windows Live PIMT Platform - Microsoft Corporation - 20120415 : {83C292B7-38A5-440B-A731-07070E81A64F}
 - Microsoft Visual F# 2.0 Runtime - Microsoft Corporation - 20150206 : {85467CBC-7A39-33C9-8940-D72D9269B84F}
 - Command & Conquer 3 Tiberium Wars™ MOD SDK - Electronic Arts, Los Angeles - 20111016 : {86C7336D-0E3A-4953-ADF4-F4B5E0096278}
 - Microsoft SQL Server System CLR Types - Microsoft Corporation - 20150206 : {877B76B2-F83F-4F5A-B28D-3F398641ADB6}
 - Samsung Kies3 - Samsung Electronics Co., Ltd. - 20141013 : {88547073-C566-4895-9005-EBE98EA3F7C7}
 - MSVCRT - Microsoft - 20101020 : {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
 - 東方非想天則 Ver1.10aアップデート - 黄昏フロンティア - 20130823 : {8E5CFA2B-8CC5-4C8D-88CB-C4A1D4AD9790}_is1
 - Zemana AntiMalware - Zemana Ltd. - 20150610 : {8F0CD7D1-42F3-4195-95CD-833578D45057}_is1
 - Microsoft_VC80_CRT_x86 - Adobe - 20130127 : {92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
 - Command & Conquer Windows 95 Edition Stand Alone v1.06b r2 - Westwood Studios - 20101114 : {931CFA8E-3CE1-4A96-97D7-32B21A7A8DAA}_is1
 - Microsoft Application Error Reporting - Microsoft Corporation - 20150206 : {95120000-00B9-0409-0000-0000000FF1CE}
 - Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - Microsoft Corporation - 20110926 : {9A25302D-30C0-39D9-BD6F-21E6EC160475}
 - Watson - Windows Live Safety Center - 20100530 : {9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}
 - Red Alert 3.03p-Iran - FunkyFr3sh - 20150609 : {9BCC0F2C-63C1-4569-BEE6-E3A3A377C0F8}_is1
 - Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 - Microsoft Corporation - 20110926 : {9BE518E6-ECC6-35A9-88E4-87755C07200F}
 - SonicStage 4.3 - Sony Corporation - 20111110 : {A0EB195B-5876-48E6-879D-33D4B2102610}
 - Google Update Helper - Google Inc. - 20141114 : {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
 - Windows Live Photo Common - Microsoft Corporation - 20120415 : {A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
 - Crystal Reports for Visual Studio - SAP - 20150206 : {AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}
 - Adobe Refresh Manager - Adobe Systems Incorporated - 20141225 : {AC76BA86-0804-1033-1959-001802114130}
 - Adobe Acrobat Reader DC - Adobe Systems Incorporated - 20150525 : {AC76BA86-7AD7-1033-7B44-AC0F074E4100}
 - Extended Asian Language font pack for Adobe Reader XI - Adobe Systems Incorporated - 20130521 : {AC76BA86-7AD7-2530-0000-A00000000004}
 - Microsoft SQL Server Database Publishing Wizard 1.4 - Microsoft Corporation - 20150206 : {ACE28263-76A4-4BF5-B6F4-8BD719595969}
 - Apple Application Support (32-bit) - Apple Inc. - 20150525 : {AFA1153A-F547-409B-B837-3A0D6C5A3FEC}
 - Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 - Microsoft Corporation - 20140627 : {B175520C-86A2-35A7-8619-86DC379688B9}
 - @BIOS - GIGABYTE - 20150508 : {B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}
 - 東方心綺楼 Ver1.34b - 黄昏フロンティア - 20150511 : {B641E348-377C-4819-B92F-03F1D35A7EE3}_is1
 - ALiBAT Ver1.5 - PROJECT YNP - 20101109 : {B7D88A69-EB5C-4780-AA43-47A64CF84E29}
 - Facebook Video Calling 1.2.0.287 - Skype Limited - 20121025 : {B92C5909-1D37-4C51-8397-A28BB28E5DC3}
 - Medieval CUE Splitter - Medieval Software - 20101029 : {B96D2269-568B-4CBF-9332-12FAE8B158F7}
 - Microsoft Visual Studio 2010 Ultimate - ENU - Microsoft Corporation - 20150206 : {BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}
 - Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2529927) - Microsoft Corporation -  : {BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}.KB2529927
 - Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2542054) - Microsoft Corporation -  : {BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}.KB2542054
 - Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2548139) - Microsoft Corporation -  : {BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}.KB2548139
 - Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2549864) - Microsoft Corporation -  : {BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}.KB2549864
 - Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2635973) - Microsoft Corporation -  : {BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}.KB2635973
 - Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2644980) - Microsoft Corporation -  : {BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}.KB2644980
 - Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2645410) - Microsoft Corporation -  : {BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}.KB2645410
 - Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2890573) - Microsoft Corporation -  : {BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}.KB2890573
 - Critical Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2938807) - Microsoft Corporation -  : {BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}.KB2938807
 - Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB3002340) - Microsoft Corporation -  : {BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}.KB3002340
 - Microsoft SQL Server 2008 R2 Data-Tier Application Framework - Microsoft Corporation - 20150206 : {BC537AE0-88AF-47ED-B762-33B0D62B5188}
 - Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 - Microsoft Corporation - 20140627 : {BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
 - PDF Settings CS6 - Adobe Systems Incorporated - 20130127 : {BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}
 - iPhoneBrowser - Cranium Consulting and Custom Software - 20121006 : {C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}
 - Vampire - The Masquerade Bloodlines - Activision - 20141231 : {C4E2A4A7-B623-40CB-8EEA-72F577E49D56}
 - Microsoft SQL Server 2008 Browser - Microsoft Corporation - 20150206 : {C688457E-03FD-4941-923B-A27F4D42A7DD}
 - Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 - Microsoft Corporation -  : {ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
 - Command & Conquer・3: Kane's Wrath - Electronic Arts Inc. - 20100903 : {CC2422C9-F7B5-4175-B295-5EC2283AA674}
 - OpenMG Secure Module 4.7.00 - Sony Corporation - 20111110 : {CCD663AE-610D-4BDF-AAB0-E914B044527D}
 - Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 - Microsoft Corporation -  : {ce085a78-074e-4823-8dc1-8a721b94b76d}
 - Windows Live UX Platform - Microsoft Corporation - 20120415 : {CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
 - Microsoft .NET Framework 4 Multi-Targeting Pack - Microsoft Corporation - 20150206 : {CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}
 - Microsoft_VC80_MFC_x86 - Adobe - 20101005 : {D1A19B02-817E-4296-A45B-07853FD74D57}
 - GTA San Andreas - Rockstar Games - 20110417 : {D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}
 - Windows Live Photo Common - Microsoft Corporation - 20120415 : {D436F577-1695-4D2F-8B44-AC76C99E0002}
 - Windows Live Communications Platform - Microsoft Corporation - 20120415 : {D45240D3-B6B3-4FF9-B243-54ECE3E10066}
 - Auslogics Registry Defrag - Auslogics Labs Pty Ltd - 20150523 : {D627784F-B3EE-44E8-96B1-9509B991EA34}_is1
 - Microsoft_VC80_MFCLOC_x86 - Adobe - 20101005 : {D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
 - WCF RIA Services V1.0 SP1 - Microsoft Corporation - 20150206 : {D9E6001A-5DC3-4620-AF7A-80B6CD48645D}
 - Microsoft ASP.NET MVC 2 - Microsoft Corporation - 20150206 : {DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}
 - Command & Conquer 3 - Electronic Arts Inc. - 20111023 : {DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}
 - ResidentEvil3 -  -  : {DE15F0C0-108D-11D4-AF73-0000E21444C5}
 - Auslogics DiskDefrag - Auslogics Labs Pty Ltd - 20150523 : {DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1
 - D3DX10 - Microsoft - 20101020 : {E09C4DB7-630C-4F06-A631-8EA7239923AF}
 - Windows Live Messenger - Microsoft Corporation - 20120415 : {E5B21F11-6933-4E0B-A25C-7963E3C07D11}
 - CM Installer - Cyanogen Inc. - 20140413 : {E8F42777-958D-4C14-9A42-8DCA1929FD26}
 - Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 - Microsoft Corporation - 20150228 : {F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
 - Intel® Graphics Media Accelerator Driver - Intel Corporation -  : {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}
 - Realtek High Definition Audio Driver - Realtek Semiconductor Corp. - 20121201 : {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
 - 黄金夢想曲 - 竜騎士07/07th Expansion - 20130630 : {F139C955-376C-45CA-9C34-C77000AB73BC}
 - Microsoft Games for Windows - LIVE Redistributable - Microsoft Corporation - 20110506 : {F2508213-9989-4E85-A078-72BE483917EF}
 - Intel® Control Center - Intel Corporation -  : {F8A9085D-4C7A-41a9-8A77-C8998A96C421}
 - Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 - Microsoft Corporation - 20140206 : {F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}
 - 東方緋想天 Ver1.06a - 黄昏フロンティア - 20130823 : {F9942587-59C1-43CC-8B6A-A5DB09CBA735}_is1
 - Windows Live Essentials - Microsoft Corporation - 20120415 : {FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
 - Windows Live OneCare safety scanner - Microsoft Corporation - 20100824 : {FE0646A7-19D0-41B4-A2BB-2C35D644270D}
 - Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 - Microsoft Corporation - 20130927 : {FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
 - 東方スカイアリーナ・幻想郷空戦姫 -  - 3/3/2013 : 東方スカイアリーナ・幻想郷空戦姫
 - 東方スカイアリーナ・幻想郷空戦姫-KURENAI- -  - 3/3/2013 : 東方スカイアリーナ・幻想郷空戦姫-KURENAI-

\\ Finished
b1:- 135
b2:- 151
b3:- 140
b4:- 20
b5:- 145
b6:- 141
b7:- 136
b8:- 141
 

 

 

~ ZHPCleaner v2015.6.11.274 by Nicolas Coolman (2015\06\11)
~ Run by Silver_King (Administrator)  (12/06/2015 01:55:55)
~ Site : http://nicolascoolman.com/fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Silver_King\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Silver_King\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious items found.


---\\  Browser internet (0)
~ No malicious items found.


---\\  Hosts file (0)
~ No malicious items found.


---\\  Scheduled automatic tasks. (0)
~ No malicious items found.


---\\  Explorer ( File, Folder) (17)
MOVED file: C:\Windows\AutoKMS\AutoKMS.exe [CODYQX4 - AutoKMS] (HackTool.AutoKMS)
MOVED folder*: C:\Program Files\KMSpico (PUA.KMSpico)
MOVED folder*: C:\ProgramData\InstallMate (PUP.Tarma)
MOVED folder*: C:\Windows\AutoKMS (HackTool.AutoKMS)
MOVED folder*: C:\Windows\Installer\MSI2986.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI33AA.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI684A.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI6B30.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI75EB.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSI92EF.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIA569.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIAB35.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIB85E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIC1E9.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSICC5E.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSID4C.tmp- (Empty)
MOVED folder*: C:\Windows\Installer\MSIED35.tmp- (Empty)


---\\  Registry ( Key, Value, Data) (7)
DELETED data: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{07359432-1B1D-43A0-980B-183D1A7AFEB5}\\NameServer [Bad : 202.156.1.16,218.186.2.16]  (Hijacker.Browser)
DELETED key*: HKEY_USERS\S-1-5-21-2128271574-2419599271-1788958235-1001\Software\ApplianTechnologies [] (PUP.ApplianTechnologies)
DELETED key: HKCU\Software\ApplianTechnologies [] (PUP.ApplianTechnologies)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\AppID\SECMAN.DLL [] (Trojan.Camec)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1 [KMSpico] (PUA.KMSpico)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Applian Technologies [] (PUP.ApplianTechnologies)
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\SECMAN.DLL [] (Trojan.Camec)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 954
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 24


End of clean at 01:56:54
===================
ZHPCleaner-[R]-12062015-01_56_54.txt
ZHPCleaner-[S]-12062015-01_44_38.txt
 

 

 

 Results of screen317's Security Check version 1.003  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Zemana AntiMalware    
 Duplicate Cleaner 1.4.7c   
 Java 8 Update 45  
 Adobe Flash Player 17.0.0.188  
 Adobe Reader XI  
 Mozilla Firefox (38.0.5)
 Google Chrome (43.0.2357.124)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Comodo Firewall cmdagent.exe
 Zemana AntiMalware ZAM.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

 

 

MiniToolBox by Farbar  Version: 11-05-2015 01
Ran by Silver_King (administrator) on 12-06-2015 at 03:22:39
Running from "C:\Users\Silver_King\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Model: G41M-Combo Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection 4 (Connected)
VPN Client Adapter - VPN = VPN - VPN Client (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="VPN - VPN Client" forwarding=disabled advertise=disabled metric=1 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : PROTO-ALICE
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 4:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : 90-2B-34-E3-45-F5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::7dd8:624d:9a74:f29f%15(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.13(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, June 12, 2015 2:55:20 AM
   Lease Expires . . . . . . . . . . : Friday, June 12, 2015 3:55:20 AM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 378546996
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-08-F4-6A-00-25-11-25-55-AD
   DNS Servers . . . . . . . . . . . : 2404:e800:3::16
                                       2404:e800:103::16
                                       2404:e800:103::6
                                       202.156.1.16
                                       218.186.2.16
                                       218.186.2.6
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VPN - VPN Client:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VPN Client Adapter - VPN
   Physical Address. . . . . . . . . : 00-AC-48-E4-E1-49
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{37A0B8A8-F289-4E56-AD11-725B01FD238B}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{07359432-1B1D-43A0-980B-183D1A7AFEB5}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  2404:e800:3::16


Pinging google.com [203.116.165.158] with 32 bytes of data:
Reply from 203.116.165.158: bytes=32 time=20ms TTL=57
Reply from 203.116.165.158: bytes=32 time=75ms TTL=57

Ping statistics for 203.116.165.158:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 20ms, Maximum = 75ms, Average = 47ms
Server:  UnKnown
Address:  2404:e800:3::16


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=220ms TTL=50
Reply from 206.190.36.45: bytes=32 time=227ms TTL=50

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 220ms, Maximum = 227ms, Average = 223ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 15...90 2b 34 e3 45 f5 ......Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
 16...00 ac 48 e4 e1 49 ......VPN Client Adapter - VPN
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.13     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link      192.168.0.13    266
     192.168.0.13  255.255.255.255         On-link      192.168.0.13    266
    192.168.0.255  255.255.255.255         On-link      192.168.0.13    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.13    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.13    266
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 15    266 fe80::/64                On-link
 15    266 fe80::7dd8:624d:9a74:f29f/128
                                    On-link
  1    306 ff00::/8                 On-link
 15    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/12/2015 02:47:02 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000005130fd8
Faulting process id: 0x8d0
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (06/12/2015 02:22:44 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcSSAU restarted too many times in a short period. Aborting. [0]

Error: (06/12/2015 02:14:39 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcSSAU restarted too many times in a short period. Aborting. [0]

Error: (06/12/2015 01:30:47 AM) (Source: Application Error) (User: )
Description: Faulting application name: Game.exe, version: 1.0.0.1, time stamp: 0x393c1b12
Faulting module name: Game.exe, version: 1.0.0.1, time stamp: 0x393c1b12
Exception code: 0xc0000005
Fault offset: 0x001ff7d0
Faulting process id: 0x168
Faulting application start time: 0xGame.exe0
Faulting application path: Game.exe1
Faulting module path: Game.exe2
Report Id: Game.exe3

Error: (06/12/2015 00:19:32 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcSSAU restarted too many times in a short period. Aborting. [0]


System errors:
=============
Error: (06/12/2015 03:05:59 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (06/12/2015 03:05:55 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (06/12/2015 02:58:52 AM) (Source: Microsoft-Windows-Eventlog) (User: NT AUTHORITY)
Description: The event logging service encountered an error (res=23) while initializing logging resources for channel Microsoft-Windows-WindowsUpdateClient/Operational.

Error: (06/12/2015 02:58:52 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (06/12/2015 02:58:47 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (06/12/2015 02:58:43 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (06/12/2015 02:58:38 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (06/12/2015 02:58:34 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (06/12/2015 02:57:48 AM) (Source: Service Control Manager) (User: )
Description: The Razer Wizard Service service failed to start due to the following error:
%%1053

Error: (06/12/2015 02:57:48 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Razer Wizard Service service to connect.


Microsoft Office Sessions:
=========================
Error: (06/12/2015 02:47:02 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c00000050000000005130fd88d001d0a473f456c421C:\Windows\Explorer.EXEunknown3f300733-106a-11e5-847e-00ac48e4e149

Error: (06/12/2015 02:22:44 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcSSAU restarted too many times in a short period. Aborting. [0]

Error: (06/12/2015 02:14:39 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcSSAU restarted too many times in a short period. Aborting. [0]

Error: (06/12/2015 01:30:47 AM) (Source: Application Error)(User: )
Description: Game.exe1.0.0.1393c1b12Game.exe1.0.0.1393c1b12c0000005001ff7d016801d0a46b88cffbdbC:\Westwood\SUN\Game.exeC:\Westwood\SUN\Game.exe981586ae-105f-11e5-802d-00ac48e4e149

Error: (06/12/2015 00:19:32 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcSSAU restarted too many times in a short period. Aborting. [0]


=========================== Installed Programs ============================

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.34 - GIGABYTE)
_inmm.dll 2.38 (HKLM-x32\...\_inmm) (Version:  - )
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
9-lab Removal Tool (HKLM-x32\...\9-lab Removal Tool) (Version:  - )
ActiveState ActivePython 2.7.2.5 (32-bit) (HKLM-x32\...\{49351FE8-DB8F-4C56-9DA6-B2D6CE3F7BF8}) (Version: 2.7.5 - ActiveState Software Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
ALiBAT Ver1.5 (HKLM-x32\...\{B7D88A69-EB5C-4780-AA43-47A64CF84E29}) (Version: 1.50.0000 - PROJECT YNP)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Atheros Communications Inc.)
ATLAS Translation Standard V14.0 Trial Version (HKLM-x32\...\{6652750B-AA69-49B7-9D09-C0A28B6FFC9F}) (Version: 14.00.2000 - FUJITSU LIMITED)
ATLAS V14.0 L10 Update Pack U004 (HKLM-x32\...\{6A72EDA1-B12B-4940-8DE1-EDCD489659ED}) (Version: 14.04.0000 - FUJITSU LIMITED) Hidden
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Auslogics BoostSpeed (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 5.5 - Auslogics Software Pty Ltd)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.4.0.0 - Auslogics Labs Pty Ltd)
Auslogics Registry Defrag (HKLM-x32\...\{D627784F-B3EE-44E8-96B1-9509B991EA34}_is1) (Version: 8.4.0.0 - Auslogics Labs Pty Ltd)
AutoFrequency (HKLM\...\{F9E65352-5669-47C0-A830-CFB5F168887A}_is1) (Version: 1.3.2.326 - Team AutoFrequency)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
CM Installer (HKLM-x32\...\{E8F42777-958D-4C14-9A42-8DCA1929FD26}) (Version: 1.0.0.0 - Cyanogen Inc.)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
Command & Conquer 3 (HKLM-x32\...\{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}) (Version: 1.00.0000 - Electronic Arts Inc.)
Command & Conquer 3 Tiberium Wars™ MOD SDK (HKLM-x32\...\{86C7336D-0E3A-4953-ADF4-F4B5E0096278}) (Version: 1.00.0000 - Electronic Arts, Los Angeles)
Command & Conquer Red Alert 2 (HKLM-x32\...\Red Alert 2) (Version:  - )
Command & Conquer Tiberian Sun (HKLM-x32\...\{52F25D7D-DEE1-42E7-AB48-D0F014E1F795}_is1) (Version:  - Command & Conquer Communications Center)
Command & Conquer Windows 95 Edition Stand Alone v1.06b r2 (HKLM-x32\...\{931CFA8E-3CE1-4A96-97D7-32B21A7A8DAA}_is1) (Version:  - Westwood Studios)
Command & Conquer・3: Kane's Wrath (HKLM-x32\...\{CC2422C9-F7B5-4175-B295-5EC2283AA674}) (Version: 1.00.0000 - Electronic Arts Inc.)
Command && Conquer Red Alert 2 - Yuri's Revenge (HKLM-x32\...\Yuri's Revenge) (Version:  - )
COMODO Internet Security (HKLM\...\{CC6B1BB4-4E06-4A5B-A166-B371B551324B}) (Version: 4.1.19277.920 - COMODO Group Inc.)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.17 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Crystal Reports for Visual Studio (HKLM-x32\...\{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}) (Version: 12.51.0.240 - SAP) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 6.0.0.0444 - Disc Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
Duplicate Cleaner 1.4.7c (HKLM-x32\...\Duplicate Cleaner) (Version: 1.4.7c - DigitalVolcano)
Dynasty Warriors 4 Hyper (HKCU\...\{DBFF7A38-F460-419A-A2E7-2D55BD2D9AD4}) (Version:  - )
Easy MSI Editor (HKLM-x32\...\{746104AD-F13F-4A32-8A03-2F6506C2E58E}) (Version: 0.1.0 - Neone Systems®)
Easy Tune 6 B12.1121.1 (HKLM-x32\...\{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE) Hidden
Easy Tune 6 B12.1121.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
EasySaver B9.0904.1  (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
FastStone Image Viewer 4.8 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.8 - FastStone Soft)
FeedDemon (HKLM-x32\...\FeedDemon_is1) (Version: 4.0.0.22 - NewsGator Technologies, Inc.)
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version:  - )
FLAC 1.2.1b (remove only) (HKLM-x32\...\FLAC) (Version: 1.2.1b - Xiph.org)
foobar2000 v1.1.8 (HKLM-x32\...\foobar2000) (Version: 1.1.8 - Peter Pawlowski)
Garena - BlackShot (HKLM-x32\...\BlackShot) (Version: 2.229 - Garena Online Pte Ltd.)
GDR 5520 for SQL Server 2008 (KB2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
HashCheck Shell Extension (x86-32) (HKLM-x32\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
HashCheck Shell Extension (x86-64) (HKLM\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
HWiNFO64 Version 4.50 (HKLM\...\HWiNFO64_is1) (Version: 4.50 - Martin Mal勛 - REALiX)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Ma・ Hz)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
iPhoneBrowser (HKLM-x32\...\{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}) (Version: 1.9.3 - Cranium Consulting and Custom Software)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
KDiff3 (remove only) (HKLM-x32\...\KDiff3) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Mental Omega APYR (HKLM-x32\...\Mental Omega APYR3.0) (Version: 3.0 - Mentalmeisters)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{393CA5BF-0362-42FD-ABC2-BA9D22EF925E}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{88BAE373-00F4-3E33-828F-96E89E5E0CB9}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Ultimate - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Ultimate - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
NSIS Hisoutensoku English (HKLM-x32\...\Hisoutensoku English) (Version:  - )
NSIS SWR English (HKLM-x32\...\SWR English) (Version:  - )
NVIDIA 3D Vision Controller Driver 349.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 349.95 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.3.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.3.31 - NVIDIA Corporation)
NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenMG Limited Patch 4.7-07-14-05-01 (HKLM-x32\...\OpenMG HotFix4.7-07-13-22-01) (Version:  - )
OpenMG Secure Module 4.7.00 (HKLM-x32\...\{CCD663AE-610D-4BDF-AAB0-E914B044527D}) (Version: 4.7.00.12140 - Sony Corporation) Hidden
OpenMG Secure Module 4.7.00 (HKLM-x32\...\InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}) (Version: 4.7.00.12140 - Sony Corporation)
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) Hidden
Portforward Static IP Address 1.0.47 (HKLM-x32\...\Portforward Static IP Address) (Version: 1.0.47 - Portforward.com)
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 2.32.0.0 - Goversoft LLC)
qBittorrent 3.2.0 (HKLM-x32\...\qBittorrent) (Version: 3.2.0 - The qBittorrent project)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Red Alert 3.03p-Iran (HKLM-x32\...\{9BCC0F2C-63C1-4569-BEE6-E3A3A377C0F8}_is1) (Version: 3.03p-Iran - FunkyFr3sh)
ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 5.50 - [den4b] Denis Kozlov)
ResidentEvil3 (HKLM-x32\...\{DE15F0C0-108D-11D4-AF73-0000E21444C5}) (Version:  - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RGSS-RTP 1.03 (HKLM-x32\...\RGSS-RTP) (Version: 1.03 - Enterbrain Inc.)
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
RPG Maker 2000 -  VHゲーム01_110820 (HKLM-x32\...\RPG Maker 2000  VH_110820_rogue patch1) (Version:  - )
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
RPGツクール2000 ランタイムパッケージ (HKLM-x32\...\{33F7A957-A66D-45A1-BADF-6576083B14E2}) (Version:  - )
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.)
SdRt4200 (HKLM-x32\...\{140347A0-4A0C-44FC-9CA1-C8A3471899B7}) (Version: 4.2.8.0 - パルティオソフト株式会社)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{F0C12872-B60D-4E37-A2F9-20C46A5E1F1A}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0054-0409-1000-0000000FF1CE}_Office15.VISPRO_{5B661D9F-1BC2-42D0-AC22-8231AA3BF72D}) (Version:  - Microsoft) Hidden
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.4.3.31 - NVIDIA Corporation) Hidden
Simple Sticky Notes 2.5.1 (HKLM-x32\...\Simple Sticky Notes_is1) (Version:  - Simnet Ltd.)
SonicStage 4.3 (HKLM-x32\...\{A0EB195B-5876-48E6-879D-33D4B2102610}) (Version: 4.3 - Sony Corporation)
Speccy (HKLM\...\Speccy) (Version: 1.11 - Piriform)
Sql Server Customer Experience Improvement Program (HKLM\...\{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}) (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Ninja version 3.0.6 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.0.6 - SingularLabs)
System Requirements Lab for Intel (HKLM-x32\...\{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}) (Version: 4.5.11.0 - Husdawg, LLC)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
TuxGuitar (HKLM-x32\...\{03534DA5-2F88-4B8E-A978-849B979E1B8F}) (Version: 1.2 - Herac)
Umineko no Naku Koro ni English v4.3.1 (HKCU\...\Umineko no Naku Koro ni English) (Version:  - )
Unlocker 1.9.0-x64 (HKLM\...\Unlocker) (Version: 1.9.0-x64 - Cedrick Collomb)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.VISPRO_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Vampire - The Masquerade Bloodlines (HKLM-x32\...\{08F8FD7C-44A5-4423-B87C-EBD3D94C9F87}) (Version: 1.2 - Activision) Hidden
Vampire - The Masquerade Bloodlines (HKLM-x32\...\{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}) (Version: 1.00.0000 - Activision) Hidden
Vampire - The Masquerade Bloodlines (HKLM-x32\...\InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}) (Version: 1.00.0000 - Activision)
Vensim PLE (HKLM-x32\...\Vensim PLE) (Version:  - )
VIA プラットフォーム・デバイス・マネージャ (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VisiPics V1.30 (HKLM-x32\...\VisiPics_is1) (Version:  - Ozone)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKCU\...\Warcraft III) (Version:  - )
Warzone 2100-3.1.1 (HKLM-x32\...\Warzone 2100-3.1.1) (Version: 3.1.1 - Warzone 2100 Project)
Watson (HKLM-x32\...\{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}) (Version: 1.0.0 - Windows Live Safety Center)
WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Westwood Shared Internet Components (HKLM-x32\...\WOLAPI) (Version:  - )
WhoCrashed 3.01 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live OneCare safety scanner (HKLM-x32\...\Windows Live OneCare safety scanner) (Version:  - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
XCC Utilities 1.46 (HKLM-x32\...\XCC Utilities) (Version:  - )
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.15.721 - Zemana Ltd.)
東方スカイアリーナ・幻想郷空戦姫 (HKLM-x32\...\東方スカイアリーナ・幻想郷空戦姫) (Version:  - )
東方スカイアリーナ・幻想郷空戦姫-KURENAI- (HKLM-x32\...\東方スカイアリーナ・幻想郷空戦姫-KURENAI-) (Version:  - )
東方心綺楼 Ver1.34b (HKLM-x32\...\{B641E348-377C-4819-B92F-03F1D35A7EE3}_is1) (Version:  - 黄昏フロンティア)
東方深秘録 Ver1.02b (HKLM-x32\...\{760D8976-9ACD-40F1-A00B-52B784A7F0B8}_is1) (Version:  - 黄昏フロンティア)
東方緋想天 Ver1.06a (HKLM-x32\...\{F9942587-59C1-43CC-8B6A-A5DB09CBA735}_is1) (Version:  - 黄昏フロンティア)
東方非想天則 Ver1.10aアップデート (HKLM-x32\...\{8E5CFA2B-8CC5-4C8D-88CB-C4A1D4AD9790}_is1) (Version:  - 黄昏フロンティア)
真剣で私に恋しなさい! (HKCU\...\majikoi) (Version:  - みなとそふと)
真剣で私に恋しなさい!S (HKCU\...\Majikoi_S) (Version:  - みなとそふと)
黄金夢想曲 (HKLM-x32\...\{F139C955-376C-45CA-9C34-C77000AB73BC}) (Version: 1.10.0000 - 竜騎士07/07th Expansion)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 4094.49 MB
Available physical RAM: 2517.15 MB
Total Pagefile: 8187.19 MB
Available Pagefile: 6376.8 MB
Total Virtual: 4095.88 MB
Available Virtual: 3982.46 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:148.95 GB) (Free:8.54 GB) NTFS
3 Drive e: (Asmodeus) (Fixed) (Total:930.86 GB) (Free:198.53 GB) NTFS

========================= Users: ========================================

User accounts for \\PROTO-ALICE

Administrator            Guest                    Others                   
Silver_King              


**** End of log ****
 

 

 

C:\Program Files\Adware-Removal-Tool\ARTP3.exe    MSIL/FakeTool.PS trojan    cleaned by deleting - quarantined
C:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application    cleaned by deleting - quarantined
C:\Users\Silver_King\Downloads\ccsetup506.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined

 



#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 PM

Posted 12 June 2015 - 05:55 PM

You know what all this is? How is your machine running?

 

東方スカイアリーナ・幻想郷空戦姫 (HKLM-x32\...\東方スカイアリーナ・幻想郷空戦姫) (Version:  - )
東方スカイアリーナ・幻想郷空戦姫-KURENAI- (HKLM-x32\...\東方スカイアリーナ・幻想郷空戦姫-KURENAI-) (Version:  - )
東方心綺楼 Ver1.34b (HKLM-x32\...\{B641E348-377C-4819-B92F-03F1D35A7EE3}_is1) (Version:  - 黄昏フロンティア)
東方深秘録 Ver1.02b (HKLM-x32\...\{760D8976-9ACD-40F1-A00B-52B784A7F0B8}_is1) (Version:  - 黄昏フロンティア)
東方緋想天 Ver1.06a (HKLM-x32\...\{F9942587-59C1-43CC-8B6A-A5DB09CBA735}_is1) (Version:  - 黄昏フロンティア)
東方非想天則 Ver1.10aアップデート (HKLM-x32\...\{8E5CFA2B-8CC5-4C8D-88CB-C4A1D4AD9790}_is1) (Version:  - 黄昏フロンティア)
真剣で私に恋しなさい! (HKCU\...\majikoi) (Version:  - みなとそふと)
真剣で私に恋しなさい!S (HKCU\...\Majikoi_S) (Version:  - みなとそふと)
黄金夢想曲 (HKLM-x32\...\{F139C955-376C-45CA-9C34-C77000AB73BC}) (Version: 1.10.0000 - 竜騎士07/07th Expansion)



#9 averagejohndoe

averagejohndoe
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 13 June 2015 - 01:43 AM

You know what all this is? How is your machine running?

 

東方スカイアリーナ・幻想郷空戦姫 (HKLM-x32\...\東方スカイアリーナ・幻想郷空戦姫) (Version:  - )
東方スカイアリーナ・幻想郷空戦姫-KURENAI- (HKLM-x32\...\東方スカイアリーナ・幻想郷空戦姫-KURENAI-) (Version:  - )
東方心綺楼 Ver1.34b (HKLM-x32\...\{B641E348-377C-4819-B92F-03F1D35A7EE3}_is1) (Version:  - 黄昏フロンティア)
東方深秘録 Ver1.02b (HKLM-x32\...\{760D8976-9ACD-40F1-A00B-52B784A7F0B8}_is1) (Version:  - 黄昏フロンティア)
東方緋想天 Ver1.06a (HKLM-x32\...\{F9942587-59C1-43CC-8B6A-A5DB09CBA735}_is1) (Version:  - 黄昏フロンティア)
東方非想天則 Ver1.10aアップデート (HKLM-x32\...\{8E5CFA2B-8CC5-4C8D-88CB-C4A1D4AD9790}_is1) (Version:  - 黄昏フロンティア)
真剣で私に恋しなさい! (HKCU\...\majikoi) (Version:  - みなとそふと)
真剣で私に恋しなさい!S (HKCU\...\Majikoi_S) (Version:  - みなとそふと)
黄金夢想曲 (HKLM-x32\...\{F139C955-376C-45CA-9C34-C77000AB73BC}) (Version: 1.10.0000 - 竜騎士07/07th Expansion)

 

 

Those are video games. I installed them a few years back, and can verify that they're legit with no viruses/malware. My machine's running fine so far, no problems whatsoever, and it seems to be faster than from before I did all the scans and cleaning.



#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 PM

Posted 13 June 2015 - 03:20 PM

I suggest to install Crystal Security , a free antivirus companion that will help you stay protected. You can safely run this with your current antivirus for extra protection, make sure realtime protection is enables and run an advanced scan.

 

Some Suggested Software To Keep You Safe On The Internet.

Click Me To Update Software. Update Software.

Qualys BrowserCheck To update plugins.

Web Of Trust  To Avoid  Shady Websites.

Unchecky To Avoid Bundled Software.

AdBlock Plus To Browse The Web Ad Free.

Malwarebytes Anti Exploit To Block Zero Day Attacks.

 Malwarebytes Startup Lite To Disable Useless Items Starting With Your Computer.

 FanBoys Ultimate list.  Add The Ultimate List.

ToolWhiz Smart Defrag  Defrag Your Machine With Speed.

For Chrome Adguard

For FireFox Adguard

 

Now Lets Clean up the tools we used and remove old restore points.

 

Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt



#11 averagejohndoe

averagejohndoe
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 17 June 2015 - 12:17 PM

I suggest to install Crystal Security , a free antivirus companion that will help you stay protected. You can safely run this with your current antivirus for extra protection, make sure realtime protection is enables and run an advanced scan.

 

Some Suggested Software To Keep You Safe On The Internet.

Click Me To Update Software. Update Software.

Qualys BrowserCheck To update plugins.

Web Of Trust  To Avoid  Shady Websites.

Unchecky To Avoid Bundled Software.

AdBlock Plus To Browse The Web Ad Free.

Malwarebytes Anti Exploit To Block Zero Day Attacks.

 Malwarebytes Startup Lite To Disable Useless Items Starting With Your Computer.

 FanBoys Ultimate list.  Add The Ultimate List.

ToolWhiz Smart Defrag  Defrag Your Machine With Speed.

For Chrome Adguard

For FireFox Adguard

 

Now Lets Clean up the tools we used and remove old restore points.

 

Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt

 

I've installed the softwares you suggested and ran DelFix as well. Thank you very much for all your help. Is there anything else I should do now?



#12 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 PM

Posted 17 June 2015 - 08:39 PM

Any issues with your machine? If not then you are good to go. :guitar:



#13 averagejohndoe

averagejohndoe
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 18 June 2015 - 12:17 PM

Crystal Security interfered with my Task Manager. I couldn't end processes, and closing task manager causes this error to pop up.

 

 

Faulting application name: taskmgr.exe, version: 6.1.7601.17514, time stamp: 0x4ce79737
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
Exception code: 0x80000003
Fault offset: 0x00000000000099e2
Faulting process id: 0x10d4
Faulting application start time: 0x01d0a96b19f34399
Faulting application path: C:\Windows\system32\taskmgr.exe
Faulting module path: C:\Windows\system32\msvcrt.dll
Report Id: 93668fd4-155e-11e5-93c7-00ac48e4e149

 

 

Tried reinstalling Visual C++ redistributables with no luck. Uninstalling Crystal Security fixed it. Is there any other software you'd recommend?



#14 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 PM

Posted 18 June 2015 - 12:50 PM

Reason Core Security will give you added protection, you will get realtime protection for a month, but then you can keep it as an on demand scanner, real good at removing adware infections..https://www.reasoncoresecurity.com/download-free.aspx






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users