Solved Accidentally installed a program in my computer and now i can't remove it

[Konishi]

Basicaly I installed a game who installed this another program in my computer and I can't remove it normally.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2016
Ran by Konishi (administrator) on KONISHI-PC (04-06-2016 18:35:09)
Running from C:\Users\Konishi\Desktop
Loaded Profiles: Konishi (Available Profiles: Konishi)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Tencent) C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\QQPCRTP.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sunbelt Software) C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
() C:\GIGABYTE FORCE\GIGABYTE FORCE.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tencent) C:\Program Files\TencentGame\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sunbelt Software) C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe
(Sunbelt Software) C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SBRegRebootCleaner] => C:\Program Files (x86)\Sunbelt Software\VIPRE\SBRC.exe [197968 2011-05-11] (Sunbelt Software)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [847160 2015-02-13] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe [1353040 2011-05-11] (Sunbelt Software)
HKLM-x32\...\Run: [GMouse] => C:\GIGABYTE FORCE\GIGABYTE FORCE.EXE [1253376 2012-10-04] ()
HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\QQPCTray.exe [362304 2016-06-03] (Tencent)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil)
HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\...\Run: [TQOS_REPORT] => c:\program files\tencentgame\monster hunter online\bin\client\tools\tqos_reporter.exe [440832 2015-10-27] ()
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1945472 2015-10-20] (Banco do Brasil)
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\QMGCShellExt64.dll [2016-06-03] (Tencent)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{363960C9-CA6B-4BB1-8E41-AFFABA666BE0}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{B56C9954-5873-414B-B39F-267B05C3B6F0}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://df.nexon.com
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\TSWebMon64.dat [2016-06-03] (Tencent)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil)

FireFox:
========
FF ProfilePath: C:\Users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\s1rehta2.default-1442513781816
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-30] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-30] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\npQMExtensionsMozilla.dll [2016-06-03] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1519485860-2903035351-2837986310-1000: @neople.co.kr/NeopleGameInstaller -> C:\ProgramData\NeoplePlugin\npNeopleGameInstaller.dll [2014-08-16] ( )
FF Plugin HKU\S-1-5-21-1519485860-2903035351-2837986310-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Konishi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
FF Extension: Adblock Plus - C:\Users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\s1rehta2.default-1442513781816\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-29]
FF HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Konishi\AppData\Local\GAS Tecnologia\GBBD\bb\xpi => not found

Chrome:
=======
CHR Profile: C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-26]
CHR Extension: (BetterTTV) - C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-06-03]
CHR Extension: (Google Docs) - C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-13]
CHR Extension: (Google Drive) - C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Planilhas do Google) - C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-26]
CHR Extension: (Documentos Google off-line) - C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (AdBlock) - C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-01]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Gmail) - C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-28]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2016-01-24] (Echobit LLC)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [593120 2015-09-22] (GAS Tecnologia)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3310176 2014-05-13] (INCA Internet Co., Ltd.)
R2 QQPCRTP; C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\QQPCRTP.exe [313936 2016-06-03] (Tencent)
U2 QQRepair11f9; C:\Program Files (x86)\Tencent\QQPCMGR\QQRepair11f9 [147176 2016-06-04] ()
S2 QQRepairFixSVC; C:\Program Files (x86)\Tencent\QQPCMGR\QQRepairFixSVC [147176 2016-06-04] ()
R2 SBAMSvc; C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2804280 2011-05-11] (Sunbelt Software)
R2 SBPIMSvc; C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [181584 2011-05-11] (Sunbelt Software)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [814064 2015-12-22] (Tunngle.net GmbH)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [847160 2015-02-13] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-25] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-07-27] (Echobit, LLC)
R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2016-06-04] (GAS Tecnologia)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-11-25] (GAS Tecnologia)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0036.sys [40704 2015-07-18] (SoftEther Corporation)
R1 QMUdisk; C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\QMUdisk64.sys [184952 2016-05-18] (Tencent)
R2 QQSysMonX64; C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\QQSysMonX64.sys [154744 2016-06-03] (电脑管家)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [72280 2011-05-11] (Sunbelt Software)
R1 SbFw; C:\Windows\System32\drivers\SbFw.sys [253528 2011-04-05] (Sunbelt Software, Inc.)
S3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
R3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [60504 2011-04-05] (Sunbelt Software, Inc.)
R1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [55384 2011-04-29] (Sunbelt Software)
R1 SBRE; C:\Windows\SysWOW64\drivers\SBREdrv.sys [101720 2011-04-29] (Sunbelt Software)
R1 SbTis; C:\Windows\System32\drivers\sbtis.sys [94296 2011-04-05] (Sunbelt Software, Inc.)
R1 softaal; C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\softaal64.sys [44664 2016-06-03] (Tencent)
R1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\SRepairDrv [179320 2016-06-04] ()
R3 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [99480 2016-06-03] (Tencent)
R1 TAOKernelDriver; C:\Windows\system32\Drivers\TAOKernel64.sys [147576 2016-06-03] (Tencent Technology(Shenzhen) Company Limited)
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [47736 2015-12-21] (Tunngle.net)
R3 TesMon; C:\Windows\system32\TesMon.sys [71976 2016-06-04] (Tencent)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [1101024 2016-06-04] (TENCENT)
R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [97400 2016-06-03] (电脑管家)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-02-25] ()
R3 TS888x64; C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\TS888x64.sys [38520 2016-06-04] (Tencent)
R1 TSDefenseBt; C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\TSDefenseBT64.sys [28984 2016-06-03] (Tencent)
R2 tsnethlpx64; C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\TsNetHlpX64.sys [57976 2016-06-03] ()
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [54904 2016-06-03] (电脑管家)
R1 TSSysKit; C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\TSSysKit64.sys [96888 2016-06-03] (电脑管家)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-11-25] (GAS Tecnologia LTDA)
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-04 18:35 - 2016-06-04 18:36 - 00014882 _____ C:\Users\Konishi\Desktop\FRST.txt
2016-06-04 18:34 - 2016-06-04 18:35 - 00000000 ____D C:\FRST
2016-06-04 18:29 - 2016-06-04 18:29 - 02384384 _____ (Farbar) C:\Users\Konishi\Desktop\FRST64.exe
2016-06-04 18:17 - 2016-06-04 18:23 - 00038520 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2016-06-04 18:17 - 2016-06-04 18:17 - 00000000 ____D C:\Program Files (x86)\Tencent
2016-06-04 18:01 - 2016-06-04 18:19 - 00000000 ____D C:\ProgramData\TXQMPC
2016-06-04 18:01 - 2016-06-04 18:01 - 00112868 ____H C:\Windows\SysWOW64\mlfcache.dat
2016-06-04 18:01 - 2016-06-04 18:01 - 00000000 ____D C:\Program Files\Common Files\Tencent
2016-06-04 18:01 - 2016-06-03 20:20 - 00147576 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2016-06-04 18:01 - 2016-06-03 20:20 - 00099480 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2016-06-04 17:59 - 2016-06-04 18:25 - 00000000 ____D C:\Users\Konishi\Documents\MonsterHunterOnline
2016-06-04 17:56 - 2016-06-03 20:20 - 00054904 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2016-06-04 17:55 - 2016-06-04 17:55 - 00000000 ____D C:\Users\Konishi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2016-06-04 17:55 - 2016-06-03 20:20 - 00097400 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2016-06-04 17:10 - 2016-06-04 17:10 - 00000030 _____ C:\Users\Konishi\Downloads\QQ_2847212273.txt
2016-06-04 15:22 - 2016-06-04 15:22 - 38097007 _____ C:\Users\Konishi\Downloads\(3DBooruDump) Ushijima Iiniku.rar
2016-06-04 15:10 - 2016-06-04 15:10 - 00013932 _____ C:\Users\Konishi\Downloads\ushijimaiinikudouga2.torrent
2016-06-04 13:13 - 2016-06-04 13:15 - 57770378 _____ (NT Company) C:\Users\Konishi\Downloads\SetupNoPing_v11.exe
2016-06-03 21:08 - 2016-06-03 21:09 - 55939211 _____ ( ) C:\Users\Konishi\Downloads\Team HD - English Patch v1.1.1.exe
2016-06-03 21:07 - 2016-06-03 21:07 - 00000000 ____D C:\Program Files (x86)\TencentGame
2016-06-03 21:03 - 2016-06-03 21:10 - 00000000 ____D C:\Users\Konishi\AppData\Local\TeamHD
2016-06-03 21:02 - 2016-06-03 21:02 - 00768363 _____ C:\Users\Konishi\Downloads\Team HD - English Patch Updater.rar
2016-06-03 20:36 - 2016-06-04 18:23 - 00071976 _____ (Tencent) C:\Windows\system32\TesMon.sys
2016-06-03 20:19 - 2016-06-04 18:24 - 01101024 _____ (TENCENT) C:\Windows\system32\TesSafe.sys
2016-06-03 20:19 - 2016-06-04 18:03 - 00000000 ____D C:\ProgramData\Tencent
2016-06-03 20:19 - 2016-06-04 13:15 - 00000945 _____ C:\Users\Konishi\Desktop\Monster Hunter Online.lnk
2016-06-03 20:19 - 2016-06-03 20:19 - 00000000 ____D C:\Users\Konishi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tencent Game
2016-06-03 15:03 - 2016-06-03 15:09 - 568683966 ____R C:\Users\Konishi\Downloads\[HorribleSubs] JoJo's Bizarre Adventure - Diamond is Unbreakable - 10 [1080p].mkv
2016-06-03 03:45 - 2016-06-04 17:55 - 00000000 ____D C:\Program Files\TencentGame
2016-06-03 01:42 - 2016-06-04 18:17 - 00000000 ____D C:\Users\Konishi\AppData\Roaming\Tencent
2016-06-03 01:41 - 2016-06-03 01:41 - 03381144 _____ C:\Users\Konishi\Downloads\MHO_Setup_1.0.8.182_QQVIPDL_signed.exe
2016-06-02 20:33 - 2016-06-02 20:33 - 00873207 _____ C:\Users\Konishi\Downloads\tibiacast_3_1_61_0.zip
2016-06-02 12:24 - 2016-05-28 19:35 - 00049292 _____ C:\Users\Konishi\Downloads\Hardcore.Henry.2016.720p.HC.HDRip.750MB.MkvCage.srt
2016-06-02 12:23 - 2016-06-02 12:23 - 00151457 _____ C:\Users\Konishi\Downloads\legendas_tv_20160529102747000000.rar
2016-06-01 15:38 - 2016-06-01 16:29 - 00000000 ____D C:\Users\Konishi\Downloads\[PIC] imouto.tv collection 2-kunoichi
2016-05-31 14:29 - 2016-05-31 14:29 - 02530304 _____ (BitTorrent Inc.) C:\Users\Konishi\Downloads\uTorrent.exe
2016-05-29 18:03 - 2016-05-29 18:08 - 767783652 ____R C:\Users\Konishi\Downloads\[HorribleSubs] Boku no Hero Academia - 09 [1080p].mkv
2016-05-29 00:03 - 2016-05-29 00:03 - 00000000 ____D C:\Users\Konishi\AppData\LocalLow\Jagex Ltd
2016-05-28 23:19 - 2016-05-28 23:29 - 789057625 ____R C:\Users\Konishi\Downloads\Hardcore.Henry.2016.720p.HC.HDRip.750MB.MkvCage.mkv
2016-05-28 15:25 - 2016-05-28 15:30 - 571636324 ____R C:\Users\Konishi\Downloads\[HorribleSubs] Ace Attorney - 09 [1080p].mkv
2016-05-28 02:08 - 2016-05-28 23:25 - 00000000 ____D C:\Users\Konishi\Downloads\ピンキーwebdl086-098&othersets
2016-05-27 15:42 - 2016-05-27 15:48 - 568089187 ____R C:\Users\Konishi\Downloads\[HorribleSubs] JoJo's Bizarre Adventure - Diamond is Unbreakable - 09 [1080p].mkv
2016-05-22 23:42 - 2016-05-22 23:52 - 1151793340 ____R C:\Users\Konishi\Downloads\[HorribleSubs] Shouwa Genroku Rakugo Shinjuu - 01 [1080p].mkv
2016-05-19 23:20 - 2016-05-19 23:20 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2016-05-19 23:07 - 2016-05-19 23:07 - 00000000 ____D C:\Users\Konishi\Desktop\SltndSnctrv1003-MPCG
2016-05-18 17:10 - 2016-06-04 13:28 - 00270360 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-17 17:48 - 2016-06-04 14:20 - 00059216 _____ C:\Users\Konishi\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-16 18:56 - 2016-05-20 17:09 - 3790461347 _____ C:\Users\Konishi\Desktop\tppn-084.HD.mp4
2016-05-16 18:48 - 2016-05-21 00:48 - 322497394 _____ C:\Users\Konishi\Downloads\abp-365.HD.mp4
2016-05-16 17:17 - 2016-06-04 18:32 - 00000000 ____D C:\Users\Konishi\Desktop\New folder
2016-05-16 17:17 - 2016-05-16 17:17 - 00431026 _____ C:\Users\Konishi\Desktop\FORMULARIO DE RMA 2016.pdf
2016-05-16 16:25 - 2016-05-16 16:25 - 00131909 _____ C:\Users\Konishi\Downloads\FORMULARIO DE RMA 2016.pdf
2016-05-16 04:28 - 2016-05-16 04:28 - 00828232 _____ C:\Users\Konishi\Downloads\Akiba Online Complete U-15 Index of Torrents.torrent
2016-05-15 16:57 - 2016-05-15 16:57 - 00029879 _____ C:\Users\Konishi\Downloads\[HorribleSubs] Boku no Hero Academia - 07 [1080p].mkv.torrent
2016-05-14 06:30 - 2016-05-14 06:53 - 1347659414 ____R C:\Users\Konishi\Downloads\[Show Girl] GCOLB-001.mp4
2016-05-12 23:27 - 2016-05-12 23:27 - 02137813 _____ C:\Users\Konishi\Downloads\PPSSPPWindows64normal-1.mp4
2016-05-12 09:21 - 2016-05-12 09:56 - 00000000 ____D C:\Program Files (x86)\Danganronpa 2 Goodbye Despair
2016-05-10 23:19 - 2016-05-10 23:39 - 00000000 ____D C:\Users\Konishi\AppData\Roaming\Vso
2016-05-10 23:19 - 2016-05-10 23:19 - 00118400 _____ (VSO Software) C:\Users\Konishi\AppData\Roaming\ezplay.sys
2016-05-10 23:19 - 2016-05-10 23:19 - 00099384 _____ C:\Users\Konishi\AppData\Roaming\inst.exe
2016-05-10 23:19 - 2016-05-10 23:19 - 00082816 _____ (VSO Software) C:\Users\Konishi\AppData\Roaming\pcouffin.sys
2016-05-10 23:19 - 2016-05-10 23:19 - 00007859 _____ C:\Users\Konishi\AppData\Roaming\pcouffin.cat
2016-05-10 23:19 - 2016-05-10 23:19 - 00007833 _____ C:\Users\Konishi\AppData\Roaming\ezplay.cat
2016-05-10 23:19 - 2016-05-10 23:19 - 00001153 _____ C:\Users\Konishi\Desktop\BlindWrite 7.lnk
2016-05-10 23:19 - 2016-05-10 23:19 - 00000125 _____ C:\Users\Konishi\AppData\Roaming\ezplay.ini
2016-05-10 23:19 - 2016-05-10 23:19 - 00000000 ____D C:\Users\Konishi\Documents\PcSetup
2016-05-10 23:19 - 2016-05-10 23:19 - 00000000 ____D C:\ProgramData\VSO
2016-05-10 23:19 - 2016-05-10 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
2016-05-10 23:19 - 2016-05-10 23:19 - 00000000 ____D C:\Program Files (x86)\VSO
2016-05-10 22:45 - 2016-05-10 22:45 - 00000000 ____D C:\Program Files (x86)\Alex Feinman
2016-05-10 22:03 - 2016-05-13 16:13 - 00000000 ____D C:\Users\Konishi\Documents\Coisas pra levar pro pc novo
2016-05-07 06:12 - 2016-05-07 06:14 - 143217472 _____ C:\Users\Konishi\Downloads\[160506][chippai]LO Reパコ すくすくみずきちゃん THE ANIMATION.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-04 18:33 - 2014-08-18 20:24 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-04 18:27 - 2009-07-14 01:45 - 00020096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-04 18:27 - 2009-07-14 01:45 - 00020096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-04 18:17 - 2015-09-16 05:28 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys
2016-06-04 18:17 - 2014-11-17 12:43 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-06-04 18:16 - 2014-08-18 20:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-04 18:16 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-04 18:00 - 2014-07-27 04:21 - 00000000 ____D C:\Users\Konishi\AppData\Local\VirtualStore
2016-06-04 17:49 - 2015-06-01 14:16 - 00000982 _____ C:\Users\Konishi\Desktop\New Text Document.txt
2016-06-04 16:26 - 2014-07-27 02:35 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-04 15:33 - 2015-09-18 15:00 - 00000000 ____D C:\Users\Konishi\AppData\LocalLow\uTorrent
2016-06-04 15:33 - 2014-07-27 21:32 - 00000000 ____D C:\Users\Konishi\AppData\Roaming\uTorrent
2016-06-04 15:26 - 2014-07-27 21:56 - 00000000 ____D C:\Users\Konishi\AppData\Roaming\vlc
2016-06-03 17:58 - 2015-06-16 15:25 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-02 20:36 - 2015-07-02 21:17 - 00000000 ____D C:\Users\Konishi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tibiacast
2016-06-02 20:36 - 2015-07-02 21:17 - 00000000 ____D C:\Program Files (x86)\Tibiacast
2016-06-01 16:57 - 2015-06-04 00:35 - 00000000 ____D C:\Users\Konishi\AppData\Local\CrashDumps
2016-06-01 15:23 - 2015-03-04 04:43 - 00000000 ____D C:\Users\Konishi\AppData\Local\Battle.net
2016-06-01 14:18 - 2015-05-04 07:17 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-06-01 13:26 - 2015-03-04 04:43 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-05-31 21:08 - 2015-06-08 04:41 - 00000000 ____D C:\Program Files (x86)\Tibia
2016-05-31 14:32 - 2016-03-12 14:47 - 00002651 _____ C:\Users\Konishi\Desktop\µTorrent.lnk
2016-05-29 22:45 - 2015-06-02 17:58 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-29 07:27 - 2015-05-12 06:43 - 00000000 ____D C:\Users\Konishi\AppData\Roaming\mIRC
2016-05-29 03:50 - 2016-03-29 09:07 - 00003624 _____ C:\Users\Konishi\Documents\SemLag.xml
2016-05-29 01:33 - 2016-03-29 09:08 - 00000408 _____ C:\Users\Konishi\AppData\Roaming\comhsx
2016-05-29 00:03 - 2014-07-27 09:36 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-25 13:13 - 2016-03-29 09:05 - 00000000 ____D C:\Program Files (x86)\SemLag Pro
2016-05-23 06:24 - 2015-03-15 11:03 - 00000000 ____D C:\Windows\System32\Tasks\Games
2016-05-18 04:00 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-05-17 16:57 - 2014-09-25 11:22 - 00000000 ____D C:\Users\Konishi\AppData\Roaming\DAEMON Tools Lite
2016-05-17 16:55 - 2015-06-01 13:55 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-05-13 12:58 - 2009-07-14 02:08 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-12 22:34 - 2014-08-18 20:27 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-12 17:10 - 2015-06-16 15:25 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-12 10:25 - 2014-08-01 00:02 - 00000000 ____D C:\Users\Konishi\Documents\My Games
2016-05-11 02:56 - 2016-04-19 00:21 - 00000000 ____D C:\Users\Konishi\Desktop\New fol
2016-05-10 23:27 - 2015-11-17 14:30 - 00000000 ____D C:\ProgramData\GbPlugin
2016-05-10 20:28 - 2014-08-18 20:24 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 20:28 - 2014-08-18 20:24 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-05 19:48 - 2016-03-27 16:51 - 00000000 ____D C:\ProgramData\Umineko4final

==================== Files in the root of some directories =======

2016-03-29 09:08 - 2016-05-29 01:33 - 0000408 _____ () C:\Users\Konishi\AppData\Roaming\comhsx
2016-05-10 23:19 - 2016-05-10 23:19 - 0007833 _____ () C:\Users\Konishi\AppData\Roaming\ezplay.cat
2016-05-10 23:19 - 2016-05-10 23:19 - 0001126 _____ () C:\Users\Konishi\AppData\Roaming\ezplay.inf
2016-05-10 23:19 - 2016-05-10 23:19 - 0000125 _____ () C:\Users\Konishi\AppData\Roaming\ezplay.ini
2016-05-10 23:20 - 2016-05-10 23:20 - 0000074 _____ () C:\Users\Konishi\AppData\Roaming\ezplay.log
2016-05-10 23:19 - 2016-05-10 23:19 - 0118400 _____ (VSO Software) C:\Users\Konishi\AppData\Roaming\ezplay.sys
2016-05-10 23:19 - 2016-05-10 23:19 - 0099384 _____ () C:\Users\Konishi\AppData\Roaming\inst.exe
2016-05-10 23:19 - 2016-05-10 23:19 - 0007859 _____ () C:\Users\Konishi\AppData\Roaming\pcouffin.cat
2016-05-10 23:19 - 2016-05-10 23:19 - 0001167 _____ () C:\Users\Konishi\AppData\Roaming\pcouffin.inf
2016-05-10 23:19 - 2016-05-10 23:19 - 0000055 _____ () C:\Users\Konishi\AppData\Roaming\pcouffin.log
2016-05-10 23:19 - 2016-05-10 23:19 - 0082816 _____ (VSO Software) C:\Users\Konishi\AppData\Roaming\pcouffin.sys
2016-03-29 09:08 - 2016-03-29 09:08 - 0000020 _____ () C:\Users\Konishi\AppData\Roaming\system.xml
2016-03-18 00:45 - 2016-03-18 00:45 - 0002722 _____ () C:\Users\Konishi\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
C:\Users\Konishi\AppData\Local\Temp\QQPCDOWNLOAD74707.EXE


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-28 19:04

==================== End of FRST.txt ============================

 

[Konishi]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2016
Ran by Konishi (2016-06-04 18:36:38)
Running from C:\Users\Konishi\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-07-27 07:20:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1519485860-2903035351-2837986310-500 - Administrator - Disabled)
Guest (S-1-5-21-1519485860-2903035351-2837986310-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1519485860-2903035351-2837986310-1002 - Limited - Enabled)
Konishi (S-1-5-21-1519485860-2903035351-2837986310-1000 - Administrator - Enabled) => C:\Users\Konishi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 电脑管家系统防护 (Disabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
AV: Sunbelt VIPRE (Enabled - Out of date) {BE5DD172-7F42-7948-1A60-E6A720288F81}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 电脑管家系统防护 (Disabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
AS: Sunbelt VIPRE (Enabled - Out of date) {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Sunbelt VIPRE (Disabled) {86665057-352D-7810-313F-4F92DEFBC8FA}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{E4490157-303F-F06F-FB6E-D2053A43A182}) (Version: 8.0.873.0 - Advanced Micro Devices, Inc.)
Aviary Attorney v1.02 version Aviary Attorney v1.02 (HKLM-x32\...\{3291893D-40F3-46CB-BE7C-28740BADC652}_is1) (Version: Aviary Attorney v1.02 - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BlindWrite 7 (HKLM-x32\...\{C0775A40-9CBC-430A-B055-6367E3DFEB13}_is1) (Version: 7.0.0.0 - VSO Software)
Carpe Diem (HKLM-x32\...\Steam App 423880) (Version: - Eyzi)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
Cheat Engine 6.5 (HKLM-x32\...\Cheat Engine 6.5_is1) (Version: - Cheat Engine)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Crush Crush (HKLM\...\Steam App 459820) (Version: - Sad Panda Studios)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Danganronpa 2 Goodbye Despair (HKLM-x32\...\Danganronpa 2 Goodbye Despair_is1) (Version: - )
Dolby Axon - 1.5.1.1 (HKLM-x32\...\{17936630-5344-4F18-9970-616129E2A114}_is1) (Version: 1.5.1.1 - Dolby Laboratories)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.18 - Echobit, LLC)
Galeria de Fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GIGABYTE FORCE Driver (HKLM-x32\...\GMouse) (Version: - )
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{4268BF51-DFDF-4178-8B8D-5D5752FCAA58}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
ISO Recorder (HKLM-x32\...\{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}) (Version: 3.0.0 - Alex Feinman)
Jigoku Kisetsukan: Sense of the Seasons (HKLM-x32\...\Steam App 368950) (Version: - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MHO - Team HD English Patch version 1.1.1 (HKLM-x32\...\MHO - Team HD English Patch_is1) (Version: 1.1.1 - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (한국어) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1042) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.41 - mIRC Co. Ltd.)
Monster Hunter Online (HKLM-x32\...\Monster Hunter Online) (Version: - Tencent)
Moon Hunters (HKLM\...\bW9vbmh1bnRlcnM_is1) (Version: 1 - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 pt-BR)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NeoplePlugin (HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\...\NeoplePlugin) (Version: - )
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Receitanet (HKLM-x32\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.07 - Serpro - Serviço Federal de Processamento de Dados)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SemLag Pro (HKLM\...\{AEC8DFC2-F7EE-4506-B872-41541B319AE7}) (Version: 11.0.0.0 - SemLag)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Tibia (HKLM-x32\...\Tibia_is1) (Version: 10.78 - CipSoft GmbH)
Tibiacast (HKLM-x32\...\{455530C1-257B-479E-B5F7-550814D66FE7}) (Version: 3.1.06100 - Silver Squirrel Software HB)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.4 - Tunngle.net GmbH)
Ultima Online: Mondain's Legacy (HKLM-x32\...\{DF7B213D-2065-41ED-BB51-7A3EED31EA7B}) (Version: 1.00.0000 - EA Games)
Unity Web Player (HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
UO Auto MAP (UOAM) (HKLM-x32\...\{C822589E-5E99-4C63-9212-A72EEB93B7C3}) (Version: 8.2.0.1 - Chaos Age Ultima Online Shard)
UOS version 1.0.5 (HKLM-x32\...\{FC6804BE-B90F-4C2B-BF21-6A4063C8FD4C}_is1) (Version: 1.0.5 - UOS, Team.)
VIPRE Antivirus Premium (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 4.0.4194 - Sunbelt Software)
VIPRE Antivirus Premium (x32 Version: 4.0.4194 - Sunbelt Software) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Warsaw 1.5.1.8886 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.5.1.8886 - GAS Tecnologia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
뙉뼻귟궻깋긛긹깏귻 ?궰귪걳긢귢놳?1.00 (HKLM-x32\...\http://www.tinklebell.jp/applictions/ppexe/appid/1_is1) (Version: 1.00 - TinkleBell)
电脑管家11.5 (HKLM-x32\...\QQPCMgr) (Version: 11.5.17480.801 - 腾讯科技(深圳)有限公司) <==== ATTENTION
輪舞曲 ～ぷにゅぷり女子高編～ (HKLM-x32\...\輪舞曲 ～ぷにゅぷり女子高編～) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4C9C2D9A-7B33-4707-A5D3-46F1765F84C9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {6234F5D3-6ECB-4E02-B7FC-E9964075C927} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {674653D2-9F6D-44EB-BFAF-66806A3C5DA7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {87BF6106-814F-42E7-8871-49CAC4942074} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1519485860-2903035351-2837986310-1000
Task: {BDC76E87-9A60-456D-B753-295832422F9C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-10-04 03:12 - 2012-10-04 03:12 - 01253376 _____ () C:\GIGABYTE FORCE\GIGABYTE FORCE.exe
2016-06-03 20:20 - 2016-06-03 20:20 - 00115904 _____ () C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\QMAntiInject.dll
2016-06-03 20:20 - 2016-06-03 20:20 - 00088416 _____ () C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\zlib.dll
2016-06-03 20:20 - 2016-06-03 20:20 - 00488640 _____ () C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\sqlite.dll
2016-06-03 20:20 - 2016-06-03 20:20 - 00100704 _____ () C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\tinyxml.dll
2016-06-03 20:20 - 2016-06-03 20:20 - 00046784 _____ () C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll
2016-06-03 20:20 - 2016-06-03 20:20 - 00070848 _____ () C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll
2016-06-03 20:20 - 2016-02-27 19:55 - 00036128 _____ () C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\oDayProtect.dll
2016-06-03 20:20 - 2016-06-03 20:20 - 00128192 _____ () c:\program files\tencentgame\qqpcmgr\11.5.17480.801\qmrtpcontroller.dll
2005-12-22 17:28 - 2005-12-22 17:28 - 00160768 _____ () C:\Program Files (x86)\Sunbelt Software\VIPRE\unrar.dll
2016-05-12 22:34 - 2016-05-11 08:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-12 22:34 - 2016-05-11 08:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
2016-05-12 22:34 - 2016-05-11 08:48 - 17565848 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll
2011-01-19 11:20 - 2011-01-19 11:20 - 00308560 _____ () C:\Program Files (x86)\Sunbelt Software\VIPRE\Vipre.dll
2014-08-13 00:25 - 2015-06-26 03:13 - 00184184 _____ () C:\Program Files (x86)\Sunbelt Software\VIPRE\Definitions\libBase64.dll
2014-08-13 00:25 - 2015-06-26 03:13 - 00175992 _____ () C:\Program Files (x86)\Sunbelt Software\VIPRE\Definitions\libMachoUniv.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1254]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\...\4game.com -> hxxps://4game.com
IE trusted site: HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\...\bancobrasil.com.br -> www.bancobrasil.com.br
IE trusted site: HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\...\bb.com.br -> hxxps://seg.bb.com.br

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:34 - 2016-02-26 19:59 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Konishi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: TQOS_REPORT => c:\program files\tencentgame\monster hunter online\bin\client\tools\tqos_reporter.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{21DD7754-A6E9-48AF-9BD4-021DED79884A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B466E017-7AC3-490B-81FF-6F2D7B4A6CC6}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{DC0FB67B-1276-4E0D-902B-49A1DBEC0743}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [{9268C53F-0032-4962-9CEC-3E458B20E186}] => (Allow) C:\Program Files (x86)\DolbyAxon\Axon.exe
FirewallRules: [{3D880237-EBA7-4723-AE07-E8E7D343F857}] => (Allow) C:\Program Files (x86)\DolbyAxon\Axon.exe
FirewallRules: [{0555F2A1-992E-414F-A121-3BB8C6F1FFCE}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [{B10B26A9-5EDB-43FA-A6C7-8CCAE86AC0F6}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [{CF405966-0B2A-4AE6-9FD5-CC85AFE426D8}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe
FirewallRules: [{3987D524-F6C9-40E8-A12E-552DCC4CD2EA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4225A1AE-9E9B-4A74-AFB3-D7828A6F703D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4E4BB7D4-AEB8-4014-9B97-2A93873D0509}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0553E35E-BCBA-48C9-BF7C-879ED352167A}] => (Allow) LPort=2869
FirewallRules: [{E962AC62-690D-41A5-9827-FDB0A98FFC27}] => (Allow) LPort=1900
FirewallRules: [{BD71D5FE-C608-43C7-844F-447214A8C5C1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FF0287AC-3DCE-4FEA-9B38-B9D3C7654B6C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8AD8CEE2-446B-40EC-8F0B-55C3B08D1D09}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E88B639C-814F-48F2-A799-5671A52899CD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{08324971-3927-4FD9-B4D7-66AE0FE45DDF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Carpe Diem\Carpe Diem.exe
FirewallRules: [{0CBFE1B9-A093-475B-B1C8-F147EEA37FB2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Carpe Diem\Carpe Diem.exe
FirewallRules: [{C9C5E403-AAE5-4459-8A14-96D6EDFA752A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5915F019-09E0-405A-B526-F9D0C10C546D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D0DA7FFB-8946-45B7-BB5C-AD13C919B956}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{67C330A0-EDFE-4D16-8EBD-1398ABF65307}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{D63028BD-FEF9-435E-A5FF-6E527479D51D}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{B589EFEC-15E9-422D-ABFA-CF29BFE3B418}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{9C6DB654-A389-4E76-8B90-2D6AC7AA7F75}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Jigoku Kisetsukan\Jigoku_Kisetsukan.exe
FirewallRules: [{F3604495-66D6-4E12-AB9A-DC5628A160E0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Jigoku Kisetsukan\Jigoku_Kisetsukan.exe
FirewallRules: [{67048F99-2DF1-4C76-86E2-D0996AD46E2E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BC5F1F10-96EC-498B-876F-C3A4BEED511D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CrushCrush\CrushCrush.exe
FirewallRules: [{F4A73B0E-3626-4864-87C7-F478F583FDB1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CrushCrush\CrushCrush.exe
FirewallRules: [{15D659C5-3C87-4428-9EDC-94D48BDCE242}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{90A4B733-B66A-40CC-BD2E-DDE5619BBF48}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{C0BF5071-39E6-42C2-A396-0E8BAF4AB667}] => (Allow) C:\Users\Konishi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9F9566EC-E025-4121-8913-3C3B62439DB4}] => (Allow) C:\Users\Konishi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4172AAE1-0EB8-4523-AFDF-7966DA6526DF}] => (Allow) C:\Users\Konishi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BF5E9F30-D0DE-46CA-8ED1-0AD7D0B34CBB}] => (Allow) C:\Users\Konishi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4612CBEE-CD02-4ED7-93F8-EDFA9BC73447}] => (Allow) C:\Users\Konishi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D3913187-5DA9-47A7-8FC5-2C951CE2BEA0}] => (Allow) C:\Users\Konishi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{159FA1F2-07B6-4B25-B7C2-3C14EE320740}] => (Allow) C:\Users\Konishi\AppData\Local\Temp\QQVipDownloader\mhfc_1461726964_48688\MiniQQDL.exe
FirewallRules: [{13580553-BDD2-4A80-ADA7-0ED8EA66518C}] => (Allow) C:\Users\Konishi\AppData\Local\Temp\QQVipDownloader\mhfc_1461726964_48688\MiniQQDL.exe
FirewallRules: [{354A9C01-64AE-45A7-AA9D-F755EECE9BC4}] => (Allow) C:\QQVipDownload\MHO_Setup_1.0.8.182.exe
FirewallRules: [{C7D1EAAD-41AB-4E60-BC8E-892DC65DDF9B}] => (Allow) C:\QQVipDownload\MHO_Setup_1.0.8.182.exe
FirewallRules: [{CE2F4044-882C-477A-B6AF-164842F706C6}] => (Allow) C:\QQVipDownload\MHO_Setup_1.0.8.182.exe
FirewallRules: [{174B5E24-24DB-4D70-85EA-9351BF6EB685}] => (Allow) C:\QQVipDownload\MHO_Setup_1.0.8.182.exe
FirewallRules: [{47848B75-5D72-455F-8421-2EC52BEA0B7D}] => (Allow) c:\users\konishi\appdata\roaming\tencent\怪物猎人online\8a4a852fa00c637d39db1ee5d9697db9\teniodl\teniodl.exe
FirewallRules: [{BCDB8B69-7DD8-4B8E-9371-60DCCDE0123E}] => (Allow) c:\users\konishi\appdata\roaming\tencent\怪物猎人online\8a4a852fa00c637d39db1ee5d9697db9\teniodl\teniodl.exe
FirewallRules: [{5E7025A3-2628-4706-9DFB-733CAB827465}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{9CFE8A92-C0C7-4F59-BBA3-3FCD6A9D58CD}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{9E8605EB-0B90-46F8-8F77-F2EEA7745ECA}] => (Allow) c:\program files\tencentgame\monster hunter online\bin\client\iips\iipshostapp.exe
FirewallRules: [{4EBA71D3-43AC-410B-B3C3-7E27A97FB2E5}] => (Allow) c:\program files\tencentgame\monster hunter online\bin\client\iips\iipshostapp.exe
FirewallRules: [{55B550D9-53F7-4617-B722-F37520D1AEED}] => (Allow) c:\program files\tencentgame\monster hunter online\bin\client\iips\iipshostapp.exe
FirewallRules: [{C118A503-74D8-4395-BD1B-8D7A05B5D529}] => (Allow) c:\program files\tencentgame\monster hunter online\bin\client\iips\iipshostapp.exe

==================== Restore Points =========================

02-06-2016 20:34:52 Installed Tibiacast
03-06-2016 20:09:18 Installed DirectX
03-06-2016 20:13:53 已安装 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
04-06-2016 18:06:57 Revo Uninstaller's restore point - 电脑管家11.5
04-06-2016 18:22:29 Revo Uninstaller's restore point - 电脑管家11.5

==================== Faulty Device Manager Devices =============

Name: Evolve Virtual Ethernet Adapter
Description: Evolve Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Echobit LLC
Service: EvolveVirtualAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter V9 (Tunngle)
Description: TAP-Win32 Adapter V9 (Tunngle)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider V9 (Tunngle)
Service: tap0901t
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: ezplay device ...
Description: ezplay device ...
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/04/2016 06:25:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mhoclient.exe version 1.0.9.213 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1358

Start Time: 01d1bea7832fdc02

Termination Time: 49

Application Path: c:\program files\tencentgame\monster hunter online\bin\client\bin32\mhoclient.exe

Report Id: e8ad277b-2a9a-11e6-ad1e-902b34f49402

Error: (06/04/2016 06:00:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mhoclient.exe version 1.0.9.213 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1118

Start Time: 01d1bea3e6b18fdd

Termination Time: 51

Application Path: c:\program files\tencentgame\monster hunter online\bin\client\bin32\mhoclient.exe

Report Id: 5d3a07ca-2a97-11e6-862b-902b34f49402

Error: (06/04/2016 05:47:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Client.exe version 3.0.19.6 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1100

Start Time: 01d1be9fae28e7a2

Termination Time: 10

Application Path: C:\Program Files\TencentGame\Monster Hunter Online\TCLS\Client.exe

Report Id: 8044db30-2a95-11e6-862b-902b34f49402

Error: (06/01/2016 04:57:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 2.2.1.0, time stamp: 0x00000004
Faulting module name: libqt4_plugin.dll, version: 2.2.1.0, time stamp: 0x00020002
Exception code: 0x40000015
Fault offset: 0x007ca10a
Faulting process id: 0x49c
Faulting application start time: 0xvlc.exe0
Faulting application path: vlc.exe1
Faulting module path: vlc.exe2
Report Id: vlc.exe3

Error: (05/29/2016 02:19:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Tibia.exe, version: 10.9.3.0, time stamp: 0x5726e97b
Faulting module name: route32.dll, version: 0.0.0.0, time stamp: 0x571ac277
Exception code: 0xc0000005
Fault offset: 0x0004bd7c
Faulting process id: 0x1824
Faulting application start time: 0xTibia.exe0
Faulting application path: Tibia.exe1
Faulting module path: Tibia.exe2
Report Id: Tibia.exe3

Error: (05/25/2016 12:06:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: salt.exe, version: 1.0.0.0, time stamp: 0x573baa43
Faulting module name: KERNELBASE.dll, version: 6.1.7601.19160, time stamp: 0x56bcd5c3
Exception code: 0xe0434352
Fault offset: 0x0000c52f
Faulting process id: 0x1290
Faulting application start time: 0xsalt.exe0
Faulting application path: salt.exe1
Faulting module path: salt.exe2
Report Id: salt.exe3

Error: (05/25/2016 12:06:43 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: salt.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IndexOutOfRangeException
at ProjectTower.character.CharEquipment.IsContentLoaded()
at ProjectTower.character.CharDraw.Draw(xCharEdit.Character.CharDef, Microsoft.Xna.Framework.Vector2, Int32, Single, Int32, Int32, Boolean, Single, Boolean, Boolean, Boolean)
at ProjectTower.gameservices.PropCharDraw.Draw(ProjectTower.gameservices.PropChar)
at ProjectTower.gameservices.PropChar.Draw()
at ProjectTower.gameservices.PropCharMgr.Draw()
at ProjectTower.character.CharMgr.Draw()
at ProjectTower.Game1.DrawGame(ProjectTower.player.Player, Microsoft.Xna.Framework.Graphics.RenderTarget2D, Boolean)
at ProjectTower.Game1.Draw(Microsoft.Xna.Framework.GameTime)
at Microsoft.Xna.Framework.Game.DrawFrame()
at Microsoft.Xna.Framework.Game.Tick()
at Microsoft.Xna.Framework.Game.HostIdle(System.Object, System.EventArgs)
at Microsoft.Xna.Framework.GameHost.OnIdle()
at Microsoft.Xna.Framework.WindowsGameHost.RunOneFrame()
at Microsoft.Xna.Framework.WindowsGameHost.ApplicationIdle(System.Object, System.EventArgs)
at System.Windows.Forms.Application+ThreadContext.System.Windows.Forms.UnsafeNativeMethods.IMsoComponent.FDoIdle(Int32)
at System.Windows.Forms.Application+ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr, Int32, Int32)
at System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext)
at System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext)
at System.Windows.Forms.Application.Run(System.Windows.Forms.Form)
at Microsoft.Xna.Framework.WindowsGameHost.Run()
at Microsoft.Xna.Framework.Game.RunGame(Boolean)
at ProjectTower.Program.Main(System.String[])

Error: (05/23/2016 09:28:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: salt.exe, version: 1.0.0.0, time stamp: 0x573baa43
Faulting module name: KERNELBASE.dll, version: 6.1.7601.19160, time stamp: 0x56bcd5c3
Exception code: 0xe0434352
Fault offset: 0x0000c52f
Faulting process id: 0x1178
Faulting application start time: 0xsalt.exe0
Faulting application path: salt.exe1
Faulting module path: salt.exe2
Report Id: salt.exe3

Error: (05/23/2016 09:28:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: salt.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IndexOutOfRangeException
at ProjectTower.character.CharEquipment.IsContentLoaded()
at ProjectTower.character.CharDraw.Draw(xCharEdit.Character.CharDef, Microsoft.Xna.Framework.Vector2, Int32, Single, Int32, Int32, Boolean, Single, Boolean, Boolean, Boolean)
at ProjectTower.gameservices.PropCharDraw.Draw(ProjectTower.gameservices.PropChar)
at ProjectTower.gameservices.PropChar.Draw()
at ProjectTower.gameservices.PropCharMgr.Draw()
at ProjectTower.character.CharMgr.Draw()
at ProjectTower.Game1.DrawGame(ProjectTower.player.Player, Microsoft.Xna.Framework.Graphics.RenderTarget2D, Boolean)
at ProjectTower.Game1.Draw(Microsoft.Xna.Framework.GameTime)
at Microsoft.Xna.Framework.Game.DrawFrame()
at Microsoft.Xna.Framework.Game.Tick()
at Microsoft.Xna.Framework.Game.HostIdle(System.Object, System.EventArgs)
at Microsoft.Xna.Framework.GameHost.OnIdle()
at Microsoft.Xna.Framework.WindowsGameHost.RunOneFrame()
at Microsoft.Xna.Framework.WindowsGameHost.ApplicationIdle(System.Object, System.EventArgs)
at System.Windows.Forms.Application+ThreadContext.System.Windows.Forms.UnsafeNativeMethods.IMsoComponent.FDoIdle(Int32)
at System.Windows.Forms.Application+ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr, Int32, Int32)
at System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext)
at System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext)
at System.Windows.Forms.Application.Run(System.Windows.Forms.Form)
at Microsoft.Xna.Framework.WindowsGameHost.Run()
at Microsoft.Xna.Framework.Game.RunGame(Boolean)
at ProjectTower.Program.Main(System.String[])

Error: (05/22/2016 12:23:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: salt.exe, version: 1.0.0.0, time stamp: 0x573baa43
Faulting module name: KERNELBASE.dll, version: 6.1.7601.19160, time stamp: 0x56bcd5c3
Exception code: 0xe0434352
Fault offset: 0x0000c52f
Faulting process id: 0xaf8
Faulting application start time: 0xsalt.exe0
Faulting application path: salt.exe1
Faulting module path: salt.exe2
Report Id: salt.exe3


System errors:
=============
Error: (06/04/2016 06:24:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Gbpddreg svc service failed to start due to the following error:
%%2

Error: (06/04/2016 06:18:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Gbpddreg svc service failed to start due to the following error:
%%2

Error: (06/04/2016 06:16:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinDivert1.1 service failed to start due to the following error:
%%2

Error: (06/04/2016 06:16:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
gbpddreg

Error: (06/04/2016 05:56:04 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The QQPCMgr RTP Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/04/2016 01:33:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Gbpddreg svc service failed to start due to the following error:
%%2

Error: (06/04/2016 01:29:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Gbpddreg svc service failed to start due to the following error:
%%2

Error: (06/04/2016 01:28:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinDivert1.1 service failed to start due to the following error:
%%2

Error: (06/04/2016 01:28:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
gbpddreg

Error: (06/04/2016 12:54:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Gbpddreg svc service failed to start due to the following error:
%%2


CodeIntegrity:
===================================
Date: 2016-02-26 19:56:11.859
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-26 19:56:11.766
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-26 19:56:11.672
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-26 19:56:11.594
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-26 18:28:11.242
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-26 18:28:11.164
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-06-03 18:22:15.690
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-06-03 18:22:15.596
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X4 620 Processor
Percentage of memory in use: 55%
Total physical RAM: 4093.55 MB
Available physical RAM: 1802.16 MB
Total Virtual: 8185.32 MB
Available Virtual: 5294.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:78.28 GB) NTFS
Drive z: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2CA533A6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================

What's the program which won't uniunstall?

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

• Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
  
• Launch Malwarebytes Anti-Malware
• A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  
• Click Finish.
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Export'.
• Click 'Text file (*.txt)'
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
• Click Ok
• Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[Konishi]

The program name is 电脑管家, it showed in this line "电脑管家11.5 (HKLM-x32\...\QQPCMgr) (Version: 11.5.17480.801 - 腾讯科技(深圳)有限公司) <==== ATTENTION".

Whoever I think I managed to uninstall it properly. Should I do a new scan with FRST or just go to the other steps?

 

[Broni]

Go ahead with other steps.

 

[Konishi]

Adwarecleaner froze in the middle of cleaning process, I could finish the cleaning process in the second try but it created two different logs.


RogueKiller V12.3.2.0 [Jun 6 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Konishi [Administrator]
Started from : C:\Users\Konishi\Desktop\RogueKiller.exe
Mode : Delete -- Date : 06/07/2016 19:21:27

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 14 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\QMUdisk (\??\C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\QMUdisk64.sys) -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\QQPCRTP ("C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\QQPCRtp.exe" -r) -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\softaal (\??\C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\softaal64.sys) -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TsDefenseBt (\??\C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\TsDefenseBT64.sys) -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\QMUdisk (\??\C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\QMUdisk64.sys) -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\QQPCRTP ("C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\QQPCRtp.exe" -r) -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\softaal (\??\C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\softaal64.sys) -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TsDefenseBt (\??\C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\TsDefenseBT64.sys) -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\QMUdisk (\??\C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\QMUdisk64.sys) -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\QQPCRTP ("C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\QQPCRtp.exe" -r) -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\softaal (\??\C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\softaal64.sys) -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TSDefenseBt (\??\C:\Program Files\TencentGame\QQPCMgr\11.5.17480.801\TsDefenseBT64.sys) -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1519485860-2903035351-2837986310-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://df.nexon.com -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1519485860-2903035351-2837986310-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://df.nexon.com -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AADS-00L4B1 ATA Device +++++
--- User ---
[MBR] e43a3f73e4e399604236f56b3ec1cf01
[BSP] 32495f2a77ce5c1b7f19e483f18c9450 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476833 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/7/2016
Scan Time: 7:28 PM
Logfile: 0.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.06.07.07
Rootkit Database: v2016.05.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Konishi

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 305868
Time Elapsed: 15 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

[Konishi]

# AdwCleaner v5.119 - Logfile created 07/06/2016 at 19:53:42
# Updated 30/05/2016 by Xplode
# Database : 2016-06-07.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (X64)
# Username : Konishi - KONISHI-PC
# Running from : C:\Users\Konishi\Desktop\adwcleaner_5.119.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : QQPCRTP
[-] Service Deleted : TSDefenseBt
[-] Service Deleted : QMUdisk
[-] Service Deleted : TSSKX64
[-] Service Deleted : softaal
[-] Service Deleted : SRepairDrv
[-] Service Deleted : tsnethlpx64

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\tencent
[-] Folder Deleted : C:\ProgramData\TXQMPC
[#] Folder Deleted : C:\ProgramData\Application Data\tencent
[#] Folder Deleted : C:\ProgramData\Application Data\TXQMPC
[-] Folder Deleted : C:\Program Files (x86)\tencent
[-] Folder Deleted : C:\Program Files (x86)\Common Files\tencent
[-] Folder Deleted : C:\Users\Konishi\AppData\Local\Temp\tencent
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\tencent
[-] Folder Deleted : C:\Users\Konishi\AppData\Local\28050
[-] Folder Deleted : C:\Users\Konishi\AppData\Roaming\tencent
[-] Folder Deleted : C:\Users\Konishi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
[-] Folder Deleted : C:\Program Files\Common Files\tencent

***** [ Files ] *****

[-] File Deleted : C:\Windows\SysWOW64\drivers\TS888x64.sys
[-] File Deleted : C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ui.ptlogin2.qq.com_0.localstorage
[-] File Deleted : C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ui.ptlogin2.qq.com_0.localstorage-journal
[-] File Deleted : C:\Windows\SysNative\drivers\TSSKX64.sys
[-] File Deleted : C:\Windows\SysNative\drivers\TFsFltX64.sys

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
[-] Key Deleted : HKLM\SOFTWARE\Classes\metnsd
[-] Key Deleted : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key Deleted : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\qmgcfiles
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}


# AdwCleaner v5.119 - Logfile created 07/06/2016 at 19:59:06
# Updated 30/05/2016 by Xplode
# Database : 2016-06-07.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (X64)
# Username : Konishi - KONISHI-PC
# Running from : C:\Users\Konishi\Desktop\adwcleaner_5.119.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{354A9C01-64AE-45A7-AA9D-F755EECE9BC4}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{C7D1EAAD-41AB-4E60-BC8E-892DC65DDF9B}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{CE2F4044-882C-477A-B6AF-164842F706C6}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{174B5E24-24DB-4D70-85EA-9351BF6EB685}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{47848B75-5D72-455F-8421-2EC52BEA0B7D}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{BCDB8B69-7DD8-4B8E-9371-60DCCDE0123E}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{5E7025A3-2628-4706-9DFB-733CAB827465}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{9CFE8A92-C0C7-4F59-BBA3-3FCD6A9D58CD}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{9E8605EB-0B90-46F8-8F77-F2EEA7745ECA}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{4EBA71D3-43AC-410B-B3C3-7E27A97FB2E5}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{55B550D9-53F7-4617-B722-F37520D1AEED}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{C118A503-74D8-4395-BD1B-8D7A05B5D529}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{F026543E-529F-47C7-87AB-CD05B74987D6}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{058DE391-06EA-4809-B3B9-022CECEEFD82}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{908C910E-E8AC-4441-873E-02E8B229EAF6}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{BD1E3D64-1616-4E9E-AB5D-2D2F9546671B}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{392F6E2D-48D2-40B1-A428-6910373169C5}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{8E94CD80-3DBF-4DC0-AAA8-82C29FC01AE5}]

***** [ Web browsers ] *****

[-] [C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3380 bytes] - [07/06/2016 19:53:42]
C:\AdwCleaner\AdwCleaner[C2].txt - [4013 bytes] - [07/06/2016 19:59:06]
C:\AdwCleaner\AdwCleaner[S1].txt - [6428 bytes] - [07/06/2016 19:51:48]
C:\AdwCleaner\AdwCleaner[S2].txt - [4017 bytes] - [07/06/2016 19:58:11]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [4232 bytes] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Ultimate x64
Ran by Konishi (Administrator) on 06/07/2016 Tue at 20:04:08.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 9

Successfully deleted: C:\ProgramData\DP0004.dat (File)
Successfully deleted: C:\Users\Konishi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3XN7AFO4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Konishi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4HPYR9KX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Konishi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLP9YAQN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Konishi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NFWX2MDF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3XN7AFO4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4HPYR9KX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLP9YAQN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NFWX2MDF (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06/07/2016 Tue at 20:29:35.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[Konishi]

ComboFix 16-06-01.01 - Konishi 06/11/2016 17:41:39.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2883 [GMT -3:00]
Running from: c:\users\Konishi\Desktop\ComboFix.exe
AV: Sunbelt VIPRE *Disabled/Outdated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
FW: Sunbelt VIPRE *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
SP: Sunbelt VIPRE *Disabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Konishi\AppData\Roaming\inst.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_TESSAFE
-------\Service_TesSafe
.
.
((((((((((((((((((((((((( Files Created from 2016-05-11 to 2016-06-11 )))))))))))))))))))))))))))))))
.
.
2016-06-11 20:56 . 2016-06-11 20:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2016-06-11 20:56 . 2016-06-11 20:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-06-08 01:46 . 2016-06-08 01:46 -------- d-----w- c:\programdata\Tencent
2016-06-08 01:46 . 2016-06-09 04:33 -------- d-----w- c:\users\Konishi\AppData\Roaming\Tencent
2016-06-07 22:51 . 2016-06-07 23:31 -------- d-----w- C:\AdwCleaner
2016-06-04 23:56 . 2016-06-04 23:56 -------- d-----w- C:\NpAPI
2016-06-04 23:38 . 2016-06-10 05:39 -------- d-----w- c:\program files (x86)\NoPing Elite v11
2016-06-04 23:38 . 2016-06-04 23:38 -------- d-----w- c:\program files (x86)\SemLag
2016-06-04 23:38 . 2016-06-04 23:38 -------- d-----w- c:\program files (x86)\Common Files\NoPing Elite
2016-06-04 23:37 . 2016-06-04 23:37 -------- d-----w- c:\users\Konishi\AppData\Roaming\NT Company
2016-06-04 21:34 . 2016-06-04 21:38 -------- d-----w- C:\FRST
2016-06-04 00:07 . 2016-06-04 00:07 -------- d-----w- c:\program files (x86)\TencentGame
2016-06-04 00:03 . 2016-06-10 01:37 -------- d-----w- c:\users\Konishi\AppData\Local\TeamHD
2016-06-03 23:36 . 2016-06-11 04:35 71976 ----a-w- c:\windows\system32\TesMon.sys
2016-06-03 23:19 . 2016-06-11 07:07 1101024 ----a-w- c:\windows\system32\TesSafe.sys
2016-06-03 06:45 . 2016-06-04 20:55 -------- d-----w- c:\program files\TencentGame
2016-05-20 02:20 . 2016-05-20 02:20 -------- d-----w- c:\program files (x86)\Microsoft XNA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-06-11 20:58 . 2015-09-16 08:28 28888 ----a-w- c:\windows\system32\drivers\gbpddfac64.sys
2016-06-09 20:40 . 2014-07-27 07:14 286574 ----a-w- C:\DUMP3706.tmp
2016-06-07 22:27 . 2015-06-02 20:58 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-06-07 22:01 . 2015-06-02 20:50 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-06-06 18:19 . 2016-05-11 02:19 82816 ----a-w- c:\users\Konishi\AppData\Roaming\pcouffin.sys
2016-05-11 02:19 . 2016-05-11 02:19 118400 ----a-w- c:\users\Konishi\AppData\Roaming\ezplay.sys
2016-03-30 19:26 . 2015-09-21 02:32 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-03-30 19:26 . 2015-09-21 02:32 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-03-25 20:29 . 2014-07-27 08:30 143659408 ----a-w- c:\windows\system32\MRT.exe
2016-03-25 19:06 . 2016-04-01 19:00 38120 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-03-25 18:54 . 2016-04-01 19:00 1169408 ----a-w- c:\windows\system32\aeinv.dll
2016-03-23 14:02 . 2016-04-01 19:00 215040 ----a-w- c:\windows\system32\aepic.dll
2016-03-23 14:02 . 2016-04-01 19:00 1385472 ----a-w- c:\windows\system32\appraiser.dll
2016-03-18 01:48 . 2016-03-18 01:48 95040 ----a-w- c:\windows\SysWow64\mfcm140u.dll
2016-03-18 01:48 . 2016-03-18 01:48 95032 ----a-w- c:\windows\SysWow64\mfcm140.dll
2016-03-18 01:48 . 2016-03-18 01:48 85840 ----a-w- c:\windows\SysWow64\vcruntime140.dll
2016-03-18 01:48 . 2016-03-18 01:48 75584 ----a-w- c:\windows\SysWow64\mfc140fra.dll
2016-03-18 01:48 . 2016-03-18 01:48 75584 ----a-w- c:\windows\SysWow64\mfc140deu.dll
2016-03-18 01:48 . 2016-03-18 01:48 74560 ----a-w- c:\windows\SysWow64\mfc140esn.dll
2016-03-18 01:48 . 2016-03-18 01:48 73536 ----a-w- c:\windows\SysWow64\mfc140ita.dll
2016-03-18 01:48 . 2016-03-18 01:48 71488 ----a-w- c:\windows\SysWow64\mfc140rus.dll
2016-03-18 01:48 . 2016-03-18 01:48 65856 ----a-w- c:\windows\SysWow64\mfc140enu.dll
2016-03-18 01:48 . 2016-03-18 01:48 55104 ----a-w- c:\windows\SysWow64\mfc140jpn.dll
2016-03-18 01:48 . 2016-03-18 01:48 54080 ----a-w- c:\windows\SysWow64\mfc140kor.dll
2016-03-18 01:48 . 2016-03-18 01:48 46912 ----a-w- c:\windows\SysWow64\mfc140cht.dll
2016-03-18 01:48 . 2016-03-18 01:48 46912 ----a-w- c:\windows\SysWow64\mfc140chs.dll
2016-03-18 01:48 . 2016-03-18 01:48 4437304 ----a-w- c:\windows\SysWow64\mfc140u.dll
2016-03-18 01:48 . 2016-03-18 01:48 443712 ----a-w- c:\windows\SysWow64\msvcp140.dll
2016-03-18 01:48 . 2016-03-18 01:48 4372784 ----a-w- c:\windows\SysWow64\mfc140.dll
2016-03-18 01:48 . 2016-03-18 01:48 400704 ----a-w- c:\windows\SysWow64\vcamp140.dll
2016-03-18 01:48 . 2016-03-18 01:48 271176 ----a-w- c:\windows\SysWow64\vccorlib140.dll
2016-03-18 01:48 . 2016-03-18 01:48 244544 ----a-w- c:\windows\SysWow64\concrt140.dll
2016-03-18 01:48 . 2016-03-18 01:48 163128 ----a-w- c:\windows\SysWow64\vcomp140.dll
2016-03-17 18:04 . 2016-04-01 19:00 698368 ----a-w- c:\windows\system32\generaltel.dll
2016-03-17 18:04 . 2016-04-01 19:00 499200 ----a-w- c:\windows\system32\devinv.dll
2016-03-17 18:04 . 2016-04-01 19:00 279040 ----a-w- c:\windows\system32\invagent.dll
2016-03-17 18:04 . 2016-04-01 19:00 76800 ----a-w- c:\windows\system32\acmigration.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TQOS_REPORT"="c:\program files\tencentgame\monster hunter online\bin\client\tools\tqos_reporter.exe" [2015-10-27 440832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SBAMTray"="c:\program files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" [2011-05-11 1353040]
"GMouse"="c:\gigabyte force\GIGABYTE FORCE.EXE" [2012-10-04 1253376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2015-10-20 17:09 1945472 ----a-w- c:\program files (x86)\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"RequireSignedAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
R0 gbpddreg;Gbpddreg svc;c:\windows\system32\drivers\gbpddreg64.sys;c:\windows\SYSNATIVE\drivers\gbpddreg64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x]
R3 EvoSvc;Evolve Service;c:\program files\Echobit\Evolve\EvoSvc.exe;c:\program files\Echobit\Evolve\EvoSvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0036.sys;c:\windows\SYSNATIVE\DRIVERS\Neo_0036.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys;c:\windows\SYSNATIVE\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys;c:\windows\SYSNATIVE\drivers\sbhips.sys [x]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
R3 TesMon;TesMon;c:\windows\system32\TesMon.sys;c:\windows\SYSNATIVE\TesMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S1 gbpddfac;Warsaw File Access svc;c:\windows\system32\drivers\gbpddfac64.sys;c:\windows\SYSNATIVE\drivers\gbpddfac64.sys [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys;c:\windows\SYSNATIVE\drivers\SbFw.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys;c:\windows\SYSNATIVE\drivers\sbtis.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]
S2 SBAMSvc;VIPRE Antivirus Premium;c:\program files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe;c:\program files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [x]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe;c:\program files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [x]
S2 Warsaw Technology;Warsaw Technology;c:\program files\Diebold\Warsaw\core.exe;c:\program files\Diebold\Warsaw\core.exe [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 GBPRCM;Service for G-Buster Driver (PM);c:\program files (x86)\GbPlugin\gbprcm64.sys;c:\program files (x86)\GbPlugin\gbprcm64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys;c:\windows\SYSNATIVE\DRIVERS\SBFWIM.sys [x]
S3 Warsaw_PP;Warsaw Protector;c:\progra~2\GbPlugin\wsftprp64.sys;c:\progra~2\GbPlugin\wsftprp64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - GbFtIn
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-06-08 21:34 1245848 ----a-w- c:\program files (x86)\Google\Chrome\Application\51.0.2704.84\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-18 23:04]
.
2016-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-18 23:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBRegRebootCleaner"="c:\program files (x86)\Sunbelt Software\VIPRE\SBRC.exe" [2011-05-11 197968]
"Diebold - Warsaw"="c:\program files\Diebold\Warsaw\core.exe" [2015-02-13 847160]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: 4game.com
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\seg
Trusted Zone: bb.com.br\www
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\s1rehta2.default-1442513781816\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-MHO - Team HD English Patch_is1 - c:\program files\TencentGame\Monster Hunter Online\TeamHD\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,11,78,74,11,1b,e8,4e,93,4e,ef,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,11,78,74,11,1b,e8,4e,93,4e,ef,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Completion time: 2016-06-11 18:08:50 - machine was rebooted
ComboFix-quarantined-files.txt 2016-06-11 21:08
.
Pre-Run: 72,066,400,256 bytes free
Post-Run: 71,772,684,288 bytes free
.
- - End Of File - - 6EAA6FC80E9979A495E4B58D449CF6FF
A36C5E4F47E84449FF07ED3517B43A31

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[Konishi]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2016
Ran by Konishi (administrator) on KONISHI-PC (11-06-2016 23:32:09)
Running from C:\Users\Konishi\Desktop
Loaded Profiles: Konishi (Available Profiles: Konishi)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sunbelt Software) C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
() C:\GIGABYTE FORCE\GIGABYTE FORCE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SBRegRebootCleaner] => C:\Program Files (x86)\Sunbelt Software\VIPRE\SBRC.exe [197968 2011-05-11] (Sunbelt Software)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [847160 2015-02-13] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe [1353040 2011-05-11] (Sunbelt Software)
HKLM-x32\...\Run: [GMouse] => C:\GIGABYTE FORCE\GIGABYTE FORCE.EXE [1253376 2012-10-04] ()
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil)
HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\...\Run: [TQOS_REPORT] => c:\program files\tencentgame\monster hunter online\bin\client\tools\tqos_reporter.exe [440832 2015-10-27] ()
AppInit_DLLs: ,C:\NpAPI\NpLoadApi64.dll => C:\NpAPI\NpLoadApi64.dll [229376 2016-06-04] ()
AppInit_DLLs-x32: ,C:\NpAPI\NpLoadApi32.dll => C:\NpAPI\NpLoadApi32.dll [306688 2016-06-04] ()
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1945472 2015-10-20] (Banco do Brasil)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{363960C9-CA6B-4BB1-8E41-AFFABA666BE0}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{B56C9954-5873-414B-B39F-267B05C3B6F0}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil)

FireFox:
========
FF ProfilePath: C:\Users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\s1rehta2.default-1442513781816
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-30] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-30] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1519485860-2903035351-2837986310-1000: @neople.co.kr/NeopleGameInstaller -> C:\ProgramData\NeoplePlugin\npNeopleGameInstaller.dll [2014-08-16] ( )
FF Plugin HKU\S-1-5-21-1519485860-2903035351-2837986310-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Konishi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
FF Extension: Adblock Plus - C:\Users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\s1rehta2.default-1442513781816\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-29]
FF HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Konishi\AppData\Local\GAS Tecnologia\GBBD\bb\xpi => not found

Chrome:
=======
CHR Profile: C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-26]
CHR Extension: (BetterTTV) - C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-06-03]
CHR Extension: (Google Docs) - C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-13]
CHR Extension: (Google Drive) - C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Planilhas do Google) - C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-26]
CHR Extension: (Documentos Google off-line) - C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (AdBlock) - C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-01]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Gmail) - C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-28]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2016-01-24] (Echobit LLC)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [593120 2015-09-22] (GAS Tecnologia)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3310176 2014-05-13] (INCA Internet Co., Ltd.)
S2 SBAMSvc; C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2804280 2011-05-11] (Sunbelt Software)
R2 SBPIMSvc; C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [181584 2011-05-11] (Sunbelt Software)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [814064 2015-12-22] (Tunngle.net GmbH)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [847160 2015-02-13] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-25] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-07-27] (Echobit, LLC)
R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2016-06-11] (GAS Tecnologia)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-11-25] (GAS Tecnologia)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0036.sys [40704 2015-07-18] (SoftEther Corporation)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [72280 2011-05-11] (Sunbelt Software)
R1 SbFw; C:\Windows\System32\drivers\SbFw.sys [253528 2011-04-05] (Sunbelt Software, Inc.)
S3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
R3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [60504 2011-04-05] (Sunbelt Software, Inc.)
S1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [55384 2011-04-29] (Sunbelt Software)
S1 SBRE; C:\Windows\SysWOW64\drivers\SBREdrv.sys [101720 2011-04-29] (Sunbelt Software)
R1 SbTis; C:\Windows\System32\drivers\sbtis.sys [94296 2011-04-05] (Sunbelt Software, Inc.)
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [47736 2015-12-21] (Tunngle.net)
S3 TesMon; C:\Windows\system32\TesMon.sys [71976 2016-06-11] (Tencent)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [1101024 2016-06-11] (TENCENT)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-06-07] ()
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-11-25] (GAS Tecnologia LTDA)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-11 23:32 - 2016-06-11 23:32 - 00012249 _____ C:\Users\Konishi\Desktop\FRST.txt
2016-06-11 19:05 - 2016-06-11 19:05 - 00000000 ____D C:\Users\Konishi\AppData\Local\Geckofx
2016-06-11 18:08 - 2016-06-11 18:08 - 00019557 _____ C:\ComboFix.txt
2016-06-11 17:33 - 2011-06-26 03:45 - 00256000 _____ C:\Windows\PEV.exe
2016-06-11 17:33 - 2010-11-07 14:20 - 00208896 _____ C:\Windows\MBR.exe
2016-06-11 17:33 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-06-11 17:33 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-06-11 17:33 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-06-11 17:33 - 2000-08-30 21:00 - 00098816 _____ C:\Windows\sed.exe
2016-06-11 17:33 - 2000-08-30 21:00 - 00080412 _____ C:\Windows\grep.exe
2016-06-11 17:33 - 2000-08-30 21:00 - 00068096 _____ C:\Windows\zip.exe
2016-06-11 17:32 - 2016-06-11 18:09 - 00000000 ____D C:\Qoobox
2016-06-11 17:29 - 2016-06-11 17:29 - 05659224 ____R (Swearware) C:\Users\Konishi\Desktop\ComboFix.exe
2016-06-10 15:50 - 2016-06-10 15:55 - 567351816 ____R C:\Users\Konishi\Downloads\[HorribleSubs] JoJo's Bizarre Adventure - Diamond is Unbreakable - 11 [1080p].mkv
2016-06-09 18:14 - 2016-06-02 00:58 - 01787392 _____ (TeamHD) C:\Users\Konishi\Desktop\Team HD - English Patch Updater.exe
2016-06-08 06:09 - 2016-06-08 06:09 - 00000043 _____ C:\Users\Konishi\Downloads\QQ_2154863782.txt
2016-06-07 23:46 - 2016-06-07 23:46 - 03031655 _____ C:\Users\Konishi\Desktop\Desvendando.A.Língua.Japonesa.-.Livro2v.pdf
2016-06-07 22:51 - 2016-06-11 18:24 - 00000289 _____ C:\ProgramData\DP0004.dat
2016-06-07 22:46 - 2016-06-09 01:33 - 00000000 ____D C:\Users\Konishi\AppData\Roaming\Tencent
2016-06-07 22:46 - 2016-06-07 22:46 - 00000000 ____D C:\ProgramData\Tencent
2016-06-07 21:05 - 2016-06-08 06:28 - 00000000 ____D C:\Users\Konishi\Downloads\Senran.Kagura.Shinovi.Versus-3DM
2016-06-07 20:02 - 2016-06-07 20:03 - 01610816 _____ (Malwarebytes) C:\Users\Konishi\Desktop\JRT.exe
2016-06-07 19:51 - 2016-06-07 20:31 - 00000000 ____D C:\AdwCleaner
2016-06-07 19:47 - 2016-06-07 19:48 - 03677248 _____ C:\Users\Konishi\Desktop\adwcleaner_5.119.exe
2016-06-07 18:55 - 2016-06-07 18:57 - 19906632 _____ C:\Users\Konishi\Desktop\RogueKiller.exe
2016-06-05 04:32 - 2016-06-05 04:36 - 570898156 ____R C:\Users\Konishi\Downloads\[HorribleSubs] Ace Attorney - 10 [1080p].mkv
2016-06-05 00:20 - 2016-06-05 00:20 - 00000000 ____D C:\Users\Konishi\Documents\Tencent Files
2016-06-04 20:56 - 2016-06-11 21:53 - 00004590 _____ C:\Users\Konishi\Documents\NoPing.xml
2016-06-04 20:56 - 2016-06-04 20:56 - 00000000 ____D C:\NpAPI
2016-06-04 20:39 - 2016-06-04 20:39 - 00001911 _____ C:\Users\Public\Desktop\NoPing Elite v11.lnk
2016-06-04 20:38 - 2016-06-10 02:39 - 00000000 ____D C:\Program Files (x86)\NoPing Elite v11
2016-06-04 20:38 - 2016-06-04 20:38 - 00000000 ____D C:\Program Files (x86)\SemLag
2016-06-04 20:37 - 2016-06-04 20:37 - 00000000 ____D C:\Users\Konishi\AppData\Roaming\NT Company
2016-06-04 18:34 - 2016-06-11 23:32 - 00000000 ____D C:\FRST
2016-06-04 18:29 - 2016-06-04 18:29 - 02384384 _____ (Farbar) C:\Users\Konishi\Desktop\FRST64.exe
2016-06-04 18:01 - 2016-06-04 18:01 - 00112868 ____H C:\Windows\SysWOW64\mlfcache.dat
2016-06-04 17:59 - 2016-06-04 19:06 - 00000000 ____D C:\Users\Konishi\Documents\MonsterHunterOnline
2016-06-04 17:10 - 2016-06-04 17:10 - 00000030 _____ C:\Users\Konishi\Downloads\QQ_2847212273.txt
2016-06-03 21:07 - 2016-06-03 21:07 - 00000000 ____D C:\Program Files (x86)\TencentGame
2016-06-03 21:03 - 2016-06-09 22:37 - 00000000 ____D C:\Users\Konishi\AppData\Local\TeamHD
2016-06-03 20:36 - 2016-06-11 18:18 - 00071976 _____ (Tencent) C:\Windows\system32\TesMon.sys
2016-06-03 20:19 - 2016-06-11 18:20 - 01101024 _____ (TENCENT) C:\Windows\system32\TesSafe.sys
2016-06-03 20:19 - 2016-06-04 13:15 - 00000945 _____ C:\Users\Konishi\Desktop\Monster Hunter Online.lnk
2016-06-03 20:19 - 2016-06-03 20:19 - 00000000 ____D C:\Users\Konishi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tencent Game
2016-06-03 15:03 - 2016-06-03 15:09 - 568683966 ____R C:\Users\Konishi\Downloads\[HorribleSubs] JoJo's Bizarre Adventure - Diamond is Unbreakable - 10 [1080p].mkv
2016-06-03 03:45 - 2016-06-04 17:55 - 00000000 ____D C:\Program Files\TencentGame
2016-06-03 01:41 - 2016-06-03 01:41 - 03381144 _____ C:\Users\Konishi\Downloads\MHO_Setup_1.0.8.182_QQVIPDL_signed.exe
2016-05-29 18:03 - 2016-05-29 18:08 - 767783652 ____R C:\Users\Konishi\Downloads\[HorribleSubs] Boku no Hero Academia - 09 [1080p].mkv
2016-05-29 00:03 - 2016-05-29 00:03 - 00000000 ____D C:\Users\Konishi\AppData\LocalLow\Jagex Ltd
2016-05-28 15:25 - 2016-05-28 15:30 - 571636324 ____R C:\Users\Konishi\Downloads\[HorribleSubs] Ace Attorney - 09 [1080p].mkv
2016-05-27 15:42 - 2016-05-27 15:48 - 568089187 ____R C:\Users\Konishi\Downloads\[HorribleSubs] JoJo's Bizarre Adventure - Diamond is Unbreakable - 09 [1080p].mkv
2016-05-22 23:42 - 2016-05-22 23:52 - 1151793340 ____R C:\Users\Konishi\Downloads\[HorribleSubs] Shouwa Genroku Rakugo Shinjuu - 01 [1080p].mkv
2016-05-19 23:20 - 2016-05-19 23:20 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2016-05-19 23:07 - 2016-05-19 23:07 - 00000000 ____D C:\Users\Konishi\Desktop\SltndSnctrv1003-MPCG
2016-05-18 17:10 - 2016-06-11 17:35 - 00269152 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-17 17:48 - 2016-06-11 18:50 - 00059216 _____ C:\Users\Konishi\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-16 18:48 - 2016-05-21 00:48 - 322497394 _____ C:\Users\Konishi\Downloads\abp-365.HD.mp4
2016-05-16 17:17 - 2016-06-11 23:23 - 00000000 ____D C:\Users\Konishi\Desktop\New folder
2016-05-16 17:17 - 2016-05-16 17:17 - 00431026 _____ C:\Users\Konishi\Desktop\FORMULARIO DE RMA 2016.pdf
2016-05-16 16:25 - 2016-05-16 16:25 - 00131909 _____ C:\Users\Konishi\Downloads\FORMULARIO DE RMA 2016.pdf
2016-05-15 16:57 - 2016-05-15 16:57 - 00029879 _____ C:\Users\Konishi\Downloads\[HorribleSubs] Boku no Hero Academia - 07 [1080p].mkv.torrent
2016-05-12 23:27 - 2016-05-12 23:27 - 02137813 _____ C:\Users\Konishi\Downloads\PPSSPPWindows64normal-1.mp4
2016-05-12 09:21 - 2016-05-12 09:56 - 00000000 ____D C:\Program Files (x86)\Danganronpa 2 Goodbye Despair

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-11 23:31 - 2015-09-18 15:00 - 00000000 ____D C:\Users\Konishi\AppData\LocalLow\uTorrent
2016-06-11 23:31 - 2014-07-27 21:32 - 00000000 ____D C:\Users\Konishi\AppData\Roaming\uTorrent
2016-06-11 23:17 - 2014-07-27 21:56 - 00000000 ____D C:\Users\Konishi\AppData\Roaming\vlc
2016-06-11 22:33 - 2014-08-18 20:24 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-11 20:33 - 2014-08-18 20:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-11 19:38 - 2014-07-27 02:35 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-11 19:28 - 2009-07-14 01:45 - 00020096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-11 19:28 - 2009-07-14 01:45 - 00020096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-11 19:20 - 2015-09-16 05:28 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys
2016-06-11 19:20 - 2014-11-17 12:43 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-06-11 19:20 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-11 17:58 - 2009-07-13 23:34 - 00000215 _____ C:\Windows\system.ini
2016-06-11 17:57 - 2009-07-13 23:34 - 82051072 _____ C:\Windows\system32\config\SOFTWARE.bak
2016-06-11 17:57 - 2009-07-13 23:34 - 14155776 _____ C:\Windows\system32\config\SYSTEM.bak
2016-06-11 17:57 - 2009-07-13 23:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2016-06-11 17:57 - 2009-07-13 23:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2016-06-11 17:57 - 2009-07-13 23:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2016-06-11 17:56 - 2015-06-03 18:10 - 00000000 ____D C:\Windows\erdnt
2016-06-10 05:18 - 2015-03-04 04:43 - 00000000 ____D C:\Users\Konishi\AppData\Local\Battle.net
2016-06-10 03:31 - 2015-03-04 04:43 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-06-10 01:08 - 2015-06-04 00:35 - 00000000 ____D C:\Users\Konishi\AppData\Local\CrashDumps
2016-06-09 17:40 - 2014-07-27 04:14 - 00286574 _____ C:\DUMP3706.tmp
2016-06-09 02:41 - 2016-03-29 09:08 - 00000510 _____ C:\Users\Konishi\AppData\Roaming\comhsx
2016-06-08 18:35 - 2014-08-18 20:27 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-08 18:13 - 2015-06-01 14:16 - 00002445 _____ C:\Users\Konishi\Desktop\New Text Document.txt
2016-06-07 19:27 - 2015-06-02 17:58 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-07 19:01 - 2015-06-02 17:50 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-06-06 15:20 - 2015-01-31 05:05 - 00000000 ____D C:\Windows\system32\appmgmt
2016-06-06 15:19 - 2016-05-10 23:19 - 00082816 _____ (VSO Software) C:\Users\Konishi\AppData\Roaming\pcouffin.sys
2016-06-06 15:19 - 2016-05-10 23:19 - 00007859 _____ C:\Users\Konishi\AppData\Roaming\pcouffin.cat
2016-06-06 15:19 - 2016-05-10 23:19 - 00000000 ____D C:\Users\Konishi\AppData\Roaming\Vso
2016-06-06 15:19 - 2016-05-10 23:19 - 00000000 ____D C:\Program Files (x86)\VSO
2016-06-06 02:17 - 2015-03-15 11:03 - 00000000 ____D C:\Users\Konishi\AppData\Local\Microsoft Games
2016-06-04 18:00 - 2014-07-27 04:21 - 00000000 ____D C:\Users\Konishi\AppData\Local\VirtualStore
2016-06-03 17:58 - 2015-06-16 15:25 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-02 20:36 - 2015-07-02 21:17 - 00000000 ____D C:\Users\Konishi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tibiacast
2016-06-02 20:36 - 2015-07-02 21:17 - 00000000 ____D C:\Program Files (x86)\Tibiacast
2016-06-01 14:18 - 2015-05-04 07:17 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-05-31 21:08 - 2015-06-08 04:41 - 00000000 ____D C:\Program Files (x86)\Tibia
2016-05-31 14:32 - 2016-03-12 14:47 - 00002651 _____ C:\Users\Konishi\Desktop\µTorrent.lnk
2016-05-29 07:27 - 2015-05-12 06:43 - 00000000 ____D C:\Users\Konishi\AppData\Roaming\mIRC
2016-05-29 03:50 - 2016-03-29 09:07 - 00003624 _____ C:\Users\Konishi\Documents\SemLag.xml
2016-05-29 00:03 - 2014-07-27 09:36 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-25 13:13 - 2016-03-29 09:05 - 00000000 ____D C:\Program Files (x86)\SemLag Pro
2016-05-23 06:24 - 2015-03-15 11:03 - 00000000 ____D C:\Windows\System32\Tasks\Games
2016-05-18 04:00 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-05-17 16:57 - 2014-09-25 11:22 - 00000000 ____D C:\Users\Konishi\AppData\Roaming\DAEMON Tools Lite
2016-05-17 16:55 - 2015-06-01 13:55 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-05-13 16:13 - 2016-05-10 22:03 - 00000000 ____D C:\Users\Konishi\Documents\Coisas pra levar pro pc novo
2016-05-13 12:58 - 2009-07-14 02:08 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-12 17:10 - 2015-06-16 15:25 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-12 10:25 - 2014-08-01 00:02 - 00000000 ____D C:\Users\Konishi\Documents\My Games

==================== Files in the root of some directories =======

2016-03-29 09:08 - 2016-06-09 02:41 - 0000510 _____ () C:\Users\Konishi\AppData\Roaming\comhsx
2016-05-10 23:19 - 2016-05-10 23:19 - 0007833 _____ () C:\Users\Konishi\AppData\Roaming\ezplay.cat
2016-05-10 23:19 - 2016-05-10 23:19 - 0001126 _____ () C:\Users\Konishi\AppData\Roaming\ezplay.inf
2016-05-10 23:19 - 2016-05-10 23:19 - 0000125 _____ () C:\Users\Konishi\AppData\Roaming\ezplay.ini
2016-05-10 23:20 - 2016-05-10 23:20 - 0000074 _____ () C:\Users\Konishi\AppData\Roaming\ezplay.log
2016-05-10 23:19 - 2016-05-10 23:19 - 0118400 _____ (VSO Software) C:\Users\Konishi\AppData\Roaming\ezplay.sys
2016-05-10 23:19 - 2016-06-06 15:19 - 0007859 _____ () C:\Users\Konishi\AppData\Roaming\pcouffin.cat
2016-05-10 23:19 - 2016-06-06 15:19 - 0001167 _____ () C:\Users\Konishi\AppData\Roaming\pcouffin.inf
2016-05-10 23:19 - 2016-06-06 15:19 - 0000055 _____ () C:\Users\Konishi\AppData\Roaming\pcouffin.log
2016-05-10 23:19 - 2016-06-06 15:19 - 0082816 _____ (VSO Software) C:\Users\Konishi\AppData\Roaming\pcouffin.sys
2016-03-29 09:08 - 2016-03-29 09:08 - 0000020 _____ () C:\Users\Konishi\AppData\Roaming\system.xml
2016-03-18 00:45 - 2016-03-18 00:45 - 0002722 _____ () C:\Users\Konishi\AppData\Local\recently-used.xbel
2016-06-07 22:51 - 2016-06-11 18:24 - 0000289 _____ () C:\ProgramData\DP0004.dat

Files to move or delete:
====================
C:\ProgramData\DP0004.dat


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-10 18:13

==================== End of FRST.txt ============================

 

[Konishi]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2016
Ran by Konishi (2016-06-11 23:32:39)
Running from C:\Users\Konishi\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-07-27 07:20:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1519485860-2903035351-2837986310-500 - Administrator - Disabled)
Guest (S-1-5-21-1519485860-2903035351-2837986310-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1519485860-2903035351-2837986310-1002 - Limited - Enabled)
Konishi (S-1-5-21-1519485860-2903035351-2837986310-1000 - Administrator - Enabled) => C:\Users\Konishi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Sunbelt VIPRE (Disabled - Out of date) {BE5DD172-7F42-7948-1A60-E6A720288F81}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Sunbelt VIPRE (Disabled - Out of date) {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Sunbelt VIPRE (Disabled) {86665057-352D-7810-313F-4F92DEFBC8FA}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{E4490157-303F-F06F-FB6E-D2053A43A182}) (Version: 8.0.873.0 - Advanced Micro Devices, Inc.)
Aviary Attorney v1.02 version Aviary Attorney v1.02 (HKLM-x32\...\{3291893D-40F3-46CB-BE7C-28740BADC652}_is1) (Version: Aviary Attorney v1.02 - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Carpe Diem (HKLM-x32\...\Steam App 423880) (Version: - Eyzi)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
Cheat Engine 6.5 (HKLM-x32\...\Cheat Engine 6.5_is1) (Version: - Cheat Engine)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Crush Crush (HKLM\...\Steam App 459820) (Version: - Sad Panda Studios)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Danganronpa 2 Goodbye Despair (HKLM-x32\...\Danganronpa 2 Goodbye Despair_is1) (Version: - )
Dolby Axon - 1.5.1.1 (HKLM-x32\...\{17936630-5344-4F18-9970-616129E2A114}_is1) (Version: 1.5.1.1 - Dolby Laboratories)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.18 - Echobit, LLC)
Galeria de Fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GIGABYTE FORCE Driver (HKLM-x32\...\GMouse) (Version: - )
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{4268BF51-DFDF-4178-8B8D-5D5752FCAA58}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
Jigoku Kisetsukan: Sense of the Seasons (HKLM-x32\...\Steam App 368950) (Version: - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MHO - Team HD English Patch version 1.2.0 (HKLM-x32\...\MHO - Team HD English Patch_is1) (Version: 1.2.0 - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (한국어) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1042) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.41 - mIRC Co. Ltd.)
Monster Hunter Online (HKLM-x32\...\Monster Hunter Online) (Version: - Tencent)
Moon Hunters (HKLM\...\bW9vbmh1bnRlcnM_is1) (Version: 1 - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 pt-BR)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NeoplePlugin (HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\...\NeoplePlugin) (Version: - )
NoPing Elite (HKLM\...\{FD5B8324-F00F-475D-9A1D-A721D612CE70}) (Version: 11.0.0.0 - NT Company)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Receitanet (HKLM-x32\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.07 - Serpro - Serviço Federal de Processamento de Dados)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SemLag Pro (HKLM\...\{AEC8DFC2-F7EE-4506-B872-41541B319AE7}) (Version: 11.0.0.0 - SemLag)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Tibia (HKLM-x32\...\Tibia_is1) (Version: 10.78 - CipSoft GmbH)
Tibiacast (HKLM-x32\...\{455530C1-257B-479E-B5F7-550814D66FE7}) (Version: 3.1.06100 - Silver Squirrel Software HB)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.4 - Tunngle.net GmbH)
Ultima Online: Mondain's Legacy (HKLM-x32\...\{DF7B213D-2065-41ED-BB51-7A3EED31EA7B}) (Version: 1.00.0000 - EA Games)
Unity Web Player (HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
UO Auto MAP (UOAM) (HKLM-x32\...\{C822589E-5E99-4C63-9212-A72EEB93B7C3}) (Version: 8.2.0.1 - Chaos Age Ultima Online Shard)
UOS version 1.0.5 (HKLM-x32\...\{FC6804BE-B90F-4C2B-BF21-6A4063C8FD4C}_is1) (Version: 1.0.5 - UOS, Team.)
VIPRE Antivirus Premium (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 4.0.4194 - Sunbelt Software)
VIPRE Antivirus Premium (x32 Version: 4.0.4194 - Sunbelt Software) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Warsaw 1.5.1.8886 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.5.1.8886 - GAS Tecnologia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4C9C2D9A-7B33-4707-A5D3-46F1765F84C9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {6234F5D3-6ECB-4E02-B7FC-E9964075C927} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {674653D2-9F6D-44EB-BFAF-66806A3C5DA7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {87BF6106-814F-42E7-8871-49CAC4942074} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1519485860-2903035351-2837986310-1000
Task: {BDC76E87-9A60-456D-B753-295832422F9C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-06-04 20:56 - 2016-06-04 20:55 - 00229376 _____ () C:\NpAPI\NpLoadApi64.dll
2012-10-04 03:12 - 2012-10-04 03:12 - 01253376 _____ () C:\GIGABYTE FORCE\GIGABYTE FORCE.exe
2016-06-04 20:56 - 2016-06-04 20:55 - 00306688 _____ () C:\NpAPI\NpLoadApi32.dll
2005-12-22 17:28 - 2005-12-22 17:28 - 00160768 _____ () C:\Program Files (x86)\Sunbelt Software\VIPRE\unrar.dll
2015-03-24 11:25 - 2016-04-29 17:10 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-03-24 11:25 - 2015-07-03 13:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-03-24 11:25 - 2015-07-03 13:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-03-24 11:25 - 2015-07-03 13:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-03-24 11:25 - 2016-06-09 19:24 - 02387024 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 15:50 - 2016-02-08 20:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 15:50 - 2016-02-08 20:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 15:50 - 2016-02-08 20:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 15:50 - 2016-02-08 20:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-29 15:50 - 2016-02-08 20:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-03-24 11:25 - 2016-06-09 19:24 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-08 23:30 - 2016-02-17 19:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2014-07-27 02:36 - 2016-05-31 21:21 - 49826080 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-12-16 02:51 - 2015-09-24 20:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1254]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\...\4game.com -> hxxps://4game.com
IE trusted site: HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\...\bancobrasil.com.br -> www.bancobrasil.com.br
IE trusted site: HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\...\bb.com.br -> hxxps://seg.bb.com.br

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:34 - 2016-06-11 17:58 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Konishi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: TQOS_REPORT => c:\program files\tencentgame\monster hunter online\bin\client\tools\tqos_reporter.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{21DD7754-A6E9-48AF-9BD4-021DED79884A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B466E017-7AC3-490B-81FF-6F2D7B4A6CC6}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{DC0FB67B-1276-4E0D-902B-49A1DBEC0743}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [{9268C53F-0032-4962-9CEC-3E458B20E186}] => (Allow) C:\Program Files (x86)\DolbyAxon\Axon.exe
FirewallRules: [{3D880237-EBA7-4723-AE07-E8E7D343F857}] => (Allow) C:\Program Files (x86)\DolbyAxon\Axon.exe
FirewallRules: [{0555F2A1-992E-414F-A121-3BB8C6F1FFCE}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [{B10B26A9-5EDB-43FA-A6C7-8CCAE86AC0F6}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [{CF405966-0B2A-4AE6-9FD5-CC85AFE426D8}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe
FirewallRules: [{3987D524-F6C9-40E8-A12E-552DCC4CD2EA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4225A1AE-9E9B-4A74-AFB3-D7828A6F703D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4E4BB7D4-AEB8-4014-9B97-2A93873D0509}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0553E35E-BCBA-48C9-BF7C-879ED352167A}] => (Allow) LPort=2869
FirewallRules: [{E962AC62-690D-41A5-9827-FDB0A98FFC27}] => (Allow) LPort=1900
FirewallRules: [{BD71D5FE-C608-43C7-844F-447214A8C5C1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FF0287AC-3DCE-4FEA-9B38-B9D3C7654B6C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8AD8CEE2-446B-40EC-8F0B-55C3B08D1D09}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E88B639C-814F-48F2-A799-5671A52899CD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{08324971-3927-4FD9-B4D7-66AE0FE45DDF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Carpe Diem\Carpe Diem.exe
FirewallRules: [{0CBFE1B9-A093-475B-B1C8-F147EEA37FB2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Carpe Diem\Carpe Diem.exe
FirewallRules: [{C9C5E403-AAE5-4459-8A14-96D6EDFA752A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5915F019-09E0-405A-B526-F9D0C10C546D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D0DA7FFB-8946-45B7-BB5C-AD13C919B956}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{67C330A0-EDFE-4D16-8EBD-1398ABF65307}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{D63028BD-FEF9-435E-A5FF-6E527479D51D}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{B589EFEC-15E9-422D-ABFA-CF29BFE3B418}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{9C6DB654-A389-4E76-8B90-2D6AC7AA7F75}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Jigoku Kisetsukan\Jigoku_Kisetsukan.exe
FirewallRules: [{F3604495-66D6-4E12-AB9A-DC5628A160E0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Jigoku Kisetsukan\Jigoku_Kisetsukan.exe
FirewallRules: [{BC5F1F10-96EC-498B-876F-C3A4BEED511D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CrushCrush\CrushCrush.exe
FirewallRules: [{F4A73B0E-3626-4864-87C7-F478F583FDB1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CrushCrush\CrushCrush.exe
FirewallRules: [{15D659C5-3C87-4428-9EDC-94D48BDCE242}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{90A4B733-B66A-40CC-BD2E-DDE5619BBF48}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{C0BF5071-39E6-42C2-A396-0E8BAF4AB667}] => (Allow) C:\Users\Konishi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9F9566EC-E025-4121-8913-3C3B62439DB4}] => (Allow) C:\Users\Konishi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4172AAE1-0EB8-4523-AFDF-7966DA6526DF}] => (Allow) C:\Users\Konishi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BF5E9F30-D0DE-46CA-8ED1-0AD7D0B34CBB}] => (Allow) C:\Users\Konishi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4612CBEE-CD02-4ED7-93F8-EDFA9BC73447}] => (Allow) C:\Users\Konishi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D3913187-5DA9-47A7-8FC5-2C951CE2BEA0}] => (Allow) C:\Users\Konishi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{159FA1F2-07B6-4B25-B7C2-3C14EE320740}] => (Allow) C:\Users\Konishi\AppData\Local\Temp\QQVipDownloader\mhfc_1461726964_48688\MiniQQDL.exe
FirewallRules: [{13580553-BDD2-4A80-ADA7-0ED8EA66518C}] => (Allow) C:\Users\Konishi\AppData\Local\Temp\QQVipDownloader\mhfc_1461726964_48688\MiniQQDL.exe
FirewallRules: [{E9712FC9-5411-421D-AF6F-5D7C9E902879}] => (Allow) c:\users\konishi\appdata\roaming\tencent\怪物猎人online\8a4a852fa00c637d39db1ee5d9697db9\teniodl\teniodl.exe
FirewallRules: [{697CFFD8-5EAF-482D-BB19-C9298EBA193C}] => (Allow) c:\users\konishi\appdata\roaming\tencent\怪物猎人online\8a4a852fa00c637d39db1ee5d9697db9\teniodl\teniodl.exe
FirewallRules: [{2A779F33-A40C-42B9-AE29-811ECC37E414}] => (Allow) c:\program files\tencentgame\monster hunter online\bin\client\iips\iipshostapp.exe
FirewallRules: [{A1935559-EFAC-4EC4-98F4-41418EE531D4}] => (Allow) c:\program files\tencentgame\monster hunter online\bin\client\iips\iipshostapp.exe
FirewallRules: [{18C9694A-FDA9-48C5-9B0F-E3A5B7B2397B}] => (Allow) C:\Program Files\TencentGame\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{BDB20F9D-71ED-4299-9F64-CBD2BD00756C}] => (Allow) C:\Program Files\TencentGame\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{AC2139B3-F23D-4B0B-8F62-3A46BBA97581}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{72230655-571E-4542-852C-1D0433F0AAAF}] => (Allow) C:\Program Files\TencentGame\Monster Hunter Online\Bin\Client\Bin32\Cross\apps\cqs\qtalk\bin\miniqtalk.exe
FirewallRules: [{9FF4AF8A-F311-48AE-80B6-E005DCE92EA3}] => (Allow) C:\Program Files\TencentGame\Monster Hunter Online\Bin\Client\Bin32\Cross\apps\cqs\qtalk\bin\miniqtalk.exe

==================== Restore Points =========================

11-06-2016 17:33:39 ComboFix created restore point

==================== Faulty Device Manager Devices =============

Name: Evolve Virtual Ethernet Adapter
Description: Evolve Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Echobit LLC
Service: EvolveVirtualAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter V9 (Tunngle)
Description: TAP-Win32 Adapter V9 (Tunngle)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider V9 (Tunngle)
Service: tap0901t
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: ezplay device ...
Description: ezplay device ...
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/10/2016 01:08:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 51.0.2704.84, time stamp: 0x575221e0
Faulting module name: route32.dll, version: 0.0.0.0, time stamp: 0x575230a2
Exception code: 0xc0000005
Fault offset: 0x00051a69
Faulting process id: 0xf80
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (06/07/2016 07:57:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program adwcleaner_5.119.exe version 5.1.1.9 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 63c

Start Time: 01d1c10f23b2f515

Termination Time: 16

Application Path: C:\Users\Konishi\Desktop\adwcleaner_5.119.exe

Report Id: 34a902bd-2d03-11e6-9046-902b34f49402

Error: (06/04/2016 09:47:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 50.0.2661.102, time stamp: 0x57329142
Faulting module name: route32.dll, version: 0.0.0.0, time stamp: 0x575230a2
Exception code: 0xc0000005
Fault offset: 0x0004ecdc
Faulting process id: 0x44c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (06/04/2016 08:38:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary TS888x64.

System Error:
The system cannot find the file specified.
.

Error: (06/04/2016 08:38:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary TSSysKit.

System Error:
The system cannot find the file specified.
.

Error: (06/04/2016 08:38:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary TFsFlt.

System Error:
The system cannot find the file specified.
.

Error: (06/04/2016 08:38:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary QQSysMonX64.

System Error:
The system cannot find the file specified.
.

Error: (06/04/2016 06:25:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mhoclient.exe version 1.0.9.213 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1358

Start Time: 01d1bea7832fdc02

Termination Time: 49

Application Path: c:\program files\tencentgame\monster hunter online\bin\client\bin32\mhoclient.exe

Report Id: e8ad277b-2a9a-11e6-ad1e-902b34f49402

Error: (06/04/2016 06:00:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mhoclient.exe version 1.0.9.213 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1118

Start Time: 01d1bea3e6b18fdd

Termination Time: 51

Application Path: c:\program files\tencentgame\monster hunter online\bin\client\bin32\mhoclient.exe

Report Id: 5d3a07ca-2a97-11e6-862b-902b34f49402

Error: (06/04/2016 05:47:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Client.exe version 3.0.19.6 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1100

Start Time: 01d1be9fae28e7a2

Termination Time: 10

Application Path: C:\Program Files\TencentGame\Monster Hunter Online\TCLS\Client.exe

Report Id: 8044db30-2a95-11e6-862b-902b34f49402


System errors:
=============
Error: (06/11/2016 07:37:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Gbpddreg svc service failed to start due to the following error:
%%2

Error: (06/11/2016 07:24:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Gbpddreg svc service failed to start due to the following error:
%%2

Error: (06/11/2016 07:20:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinDivert1.1 service failed to start due to the following error:
%%2

Error: (06/11/2016 07:20:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
gbpddreg

Error: (06/11/2016 06:02:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Gbpddreg svc service failed to start due to the following error:
%%2

Error: (06/11/2016 05:58:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Gbpddreg svc service failed to start due to the following error:
%%2

Error: (06/11/2016 05:57:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinDivert1.1 service failed to start due to the following error:
%%2

Error: (06/11/2016 05:57:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
gbpddreg

Error: (06/11/2016 05:56:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/11/2016 05:56:20 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


CodeIntegrity:
===================================
Date: 2016-06-11 17:55:18.756
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-06-11 17:55:18.647
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-26 19:56:11.859
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-26 19:56:11.766
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-26 19:56:11.672
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-26 19:56:11.594
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-26 18:28:11.242
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-26 18:28:11.164
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-06-03 18:22:15.690
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-06-03 18:22:15.596
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X4 620 Processor
Percentage of memory in use: 34%
Total physical RAM: 4093.55 MB
Available physical RAM: 2674.85 MB
Total Virtual: 8185.32 MB
Available Virtual: 6722.92 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:77.42 GB) NTFS
Drive z: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2CA533A6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[Konishi]

Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2016
Ran by Konishi (2016-06-12 06:26:14) Run:1
Running from C:\Users\Konishi\Desktop
Loaded Profiles: Konishi (Available Profiles: Konishi)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Konishi\AppData\Local\GAS Tecnologia\GBBD\bb\xpi => not found
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\...\Run: [TQOS_REPORT] => c:\program files\tencentgame\monster hunter online\bin\client\tools\tqos_reporter.exe [440832 2015-10-27] ()
c:\program files\tencentgame
S3 TesMon; C:\Windows\system32\TesMon.sys [71976 2016-06-11] (Tencent)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [1101024 2016-06-11] (TENCENT)
C:\Windows\system32\TesMon.sys
C:\Windows\system32\TesSafe.sys
2016-06-07 22:46 - 2016-06-09 01:33 - 00000000 ____D C:\Users\Konishi\AppData\Roaming\Tencent
2016-06-07 22:46 - 2016-06-07 22:46 - 00000000 ____D C:\ProgramData\Tencent
2016-06-05 00:20 - 2016-06-05 00:20 - 00000000 ____D C:\Users\Konishi\Documents\Tencent Files
2016-06-03 21:07 - 2016-06-03 21:07 - 00000000 ____D C:\Program Files (x86)\TencentGame
2016-06-03 20:36 - 2016-06-11 18:18 - 00071976 _____ (Tencent) C:\Windows\system32\TesMon.sys
2016-06-03 20:19 - 2016-06-11 18:20 - 01101024 _____ (TENCENT) C:\Windows\system32\TesSafe.sys
2016-06-03 20:19 - 2016-06-03 20:19 - 00000000 ____D C:\Users\Konishi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tencent Game
2016-06-03 03:45 - 2016-06-04 17:55 - 00000000 ____D C:\Program Files\TencentGame
2016-03-29 09:08 - 2016-06-09 02:41 - 0000510 _____ () C:\Users\Konishi\AppData\Roaming\comhsx
2016-05-10 23:19 - 2016-05-10 23:19 - 0007833 _____ () C:\Users\Konishi\AppData\Roaming\ezplay.cat
2016-05-10 23:19 - 2016-05-10 23:19 - 0001126 _____ () C:\Users\Konishi\AppData\Roaming\ezplay.inf
2016-05-10 23:19 - 2016-05-10 23:19 - 0000125 _____ () C:\Users\Konishi\AppData\Roaming\ezplay.ini
2016-05-10 23:20 - 2016-05-10 23:20 - 0000074 _____ () C:\Users\Konishi\AppData\Roaming\ezplay.log
2016-05-10 23:19 - 2016-05-10 23:19 - 0118400 _____ (VSO Software) C:\Users\Konishi\AppData\Roaming\ezplay.sys
2016-05-10 23:19 - 2016-06-06 15:19 - 0007859 _____ () C:\Users\Konishi\AppData\Roaming\pcouffin.cat
2016-05-10 23:19 - 2016-06-06 15:19 - 0001167 _____ () C:\Users\Konishi\AppData\Roaming\pcouffin.inf
2016-05-10 23:19 - 2016-06-06 15:19 - 0000055 _____ () C:\Users\Konishi\AppData\Roaming\pcouffin.log
2016-05-10 23:19 - 2016-06-06 15:19 - 0082816 _____ (VSO Software) C:\Users\Konishi\AppData\Roaming\pcouffin.sys
2016-03-29 09:08 - 2016-03-29 09:08 - 0000020 _____ () C:\Users\Konishi\AppData\Roaming\system.xml
2016-03-18 00:45 - 2016-03-18 00:45 - 0002722 _____ () C:\Users\Konishi\AppData\Local\recently-used.xbel
2016-06-07 22:51 - 2016-06-11 18:24 - 0000289 _____ () C:\ProgramData\DP0004.dat
C:\ProgramData\DP0004.dat
DeleteKey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Monster Hunter Online"
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1254]
2016-06-03 20:19 - 2016-06-04 13:15 - 00000945 _____ C:\Users\Konishi\Desktop\Monster Hunter Online.lnk
2016-06-04 17:59 - 2016-06-04 19:06 - 00000000 ____D C:\Users\Konishi\Documents\MonsterHunterOnline
FirewallRules: [{E9712FC9-5411-421D-AF6F-5D7C9E902879}] => (Allow) c:\users\konishi\appdata\roaming\tencent\怪物猎人online\8a4a852fa00c637d39db1ee5d9697db9\teniodl\teniodl.exe
FirewallRules: [{697CFFD8-5EAF-482D-BB19-C9298EBA193C}] => (Allow) c:\users\konishi\appdata\roaming\tencent\怪物猎人online\8a4a852fa00c637d39db1ee5d9697db9\teniodl\teniodl.exe
FirewallRules: [{2A779F33-A40C-42B9-AE29-811ECC37E414}] => (Allow) c:\program files\tencentgame\monster hunter online\bin\client\iips\iipshostapp.exe
FirewallRules: [{A1935559-EFAC-4EC4-98F4-41418EE531D4}] => (Allow) c:\program files\tencentgame\monster hunter online\bin\client\iips\iipshostapp.exe
FirewallRules: [{18C9694A-FDA9-48C5-9B0F-E3A5B7B2397B}] => (Allow) C:\Program Files\TencentGame\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{BDB20F9D-71ED-4299-9F64-CBD2BD00756C}] => (Allow) C:\Program Files\TencentGame\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{72230655-571E-4542-852C-1D0433F0AAAF}] => (Allow) C:\Program Files\TencentGame\Monster Hunter Online\Bin\Client\Bin32\Cross\apps\cqs\qtalk\bin\miniqtalk.exe
FirewallRules: [{9FF4AF8A-F311-48AE-80B6-E005DCE92EA3}] => (Allow) C:\Program Files\TencentGame\Monster Hunter Online\Bin\Client\Bin32\Cross\apps\cqs\qtalk\bin\miniqtalk.exe


*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\Software\Mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886C} => value removed successfully
catchme => service removed successfully
gbpddreg => service removed successfully
xhunter1 => service removed successfully
HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\Software\Microsoft\Windows\CurrentVersion\Run\\TQOS_REPORT => value removed successfully
c:\program files\tencentgame => moved successfully
TesMon => service removed successfully
TesSafe => service removed successfully
C:\Windows\system32\TesMon.sys => moved successfully
C:\Windows\system32\TesSafe.sys => moved successfully
C:\Users\Konishi\AppData\Roaming\Tencent => moved successfully
C:\ProgramData\Tencent => moved successfully
C:\Users\Konishi\Documents\Tencent Files => moved successfully
C:\Program Files (x86)\TencentGame => moved successfully
"C:\Windows\system32\TesMon.sys" => not found.
"C:\Windows\system32\TesSafe.sys" => not found.
C:\Users\Konishi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tencent Game => moved successfully
"C:\Program Files\TencentGame" => not found.
C:\Users\Konishi\AppData\Roaming\comhsx => moved successfully
C:\Users\Konishi\AppData\Roaming\ezplay.cat => moved successfully
C:\Users\Konishi\AppData\Roaming\ezplay.inf => moved successfully
C:\Users\Konishi\AppData\Roaming\ezplay.ini => moved successfully
C:\Users\Konishi\AppData\Roaming\ezplay.log => moved successfully
C:\Users\Konishi\AppData\Roaming\ezplay.sys => moved successfully
C:\Users\Konishi\AppData\Roaming\pcouffin.cat => moved successfully
C:\Users\Konishi\AppData\Roaming\pcouffin.inf => moved successfully
C:\Users\Konishi\AppData\Roaming\pcouffin.log => moved successfully
C:\Users\Konishi\AppData\Roaming\pcouffin.sys => moved successfully
C:\Users\Konishi\AppData\Roaming\system.xml => moved successfully
C:\Users\Konishi\AppData\Local\recently-used.xbel => moved successfully
C:\ProgramData\DP0004.dat => moved successfully
"C:\ProgramData\DP0004.dat" => not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Monster Hunter Online => key removed successfully
C:\Program Files (x86)\GbPlugin => ":IncompleteStartProcessProtection.cnt" ADS removed successfully.
C:\Program Files (x86)\GbPlugin => ":u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==" ADS removed successfully.
C:\Windows\system32\Drivers\gbpddfac64.sys => ":X5ZN8aGvT4" ADS removed successfully.
C:\Users\Konishi\Desktop\Monster Hunter Online.lnk => moved successfully
C:\Users\Konishi\Documents\MonsterHunterOnline => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E9712FC9-5411-421D-AF6F-5D7C9E902879} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{697CFFD8-5EAF-482D-BB19-C9298EBA193C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2A779F33-A40C-42B9-AE29-811ECC37E414} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A1935559-EFAC-4EC4-98F4-41418EE531D4} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{18C9694A-FDA9-48C5-9B0F-E3A5B7B2397B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BDB20F9D-71ED-4299-9F64-CBD2BD00756C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{72230655-571E-4542-852C-1D0433F0AAAF} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9FF4AF8A-F311-48AE-80B6-E005DCE92EA3} => value removed successfully

==== End of Fixlog 06:26:24 ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[Konishi]

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
Sunbelt VIPRE
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 21.0.0.197
Mozilla Firefox (42.0)
Google Chrome (50.0.2661.102)
Google Chrome (51.0.2704.84)
Google Chrome (SetupMetrics.pma..)
````````Process Check: objlist.exe by Laurent````````
tencentgame monster hunter online bin client\IIPS\IIPSHostApp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````


Farbar Service Scanner Version: 27-01-2016
Ran by Konishi (administrator) on 14-06-2016 at 16:22:08
Running from "C:\Users\Konishi\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

[Konishi]

2015-06-11 20:15:20.370 Sophos Virus Removal Tool version 2.5.4
2015-06-11 20:15:20.370 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-06-11 20:15:20.370 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-06-11 20:15:20.370 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2015-06-11 20:15:20.370 Checking for updates...
2015-06-11 20:15:23.426 Update progress: proxy server not available
2015-06-11 20:15:47.236 Option all = no
2015-06-11 20:15:47.236 Option recurse = yes
2015-06-11 20:15:47.236 Option archive = no
2015-06-11 20:15:47.236 Option service = yes
2015-06-11 20:15:47.236 Option confirm = yes
2015-06-11 20:15:47.236 Option sxl = yes
2015-06-11 20:15:47.238 Option max-data-age = 35
2015-06-11 20:15:47.238 Option EnableSafeClean = yes
2015-06-11 20:15:48.923 Option vdl-logging = yes
2015-06-11 20:15:48.933 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-06-11 20:15:48.933 Machine ID: 7b978c7afbf6437eac746606d1fcf56f
2015-06-11 20:15:48.943 Component SVRTcli.exe version 2.5.4
2015-06-11 20:15:48.944 Component control.dll version 2.5.4
2015-06-11 20:15:48.944 Component SVRTservice.exe version 2.5.4
2015-06-11 20:15:48.945 Component engine\osdp.dll version 1.44.1.2200
2015-06-11 20:15:48.945 Component engine\veex.dll version 3.60.0.2200
2015-06-11 20:15:48.945 Component engine\savi.dll version 8.1.7.2200
2015-06-11 20:15:48.953 Component rkdisk.dll version 1.5.30.0
2015-06-11 20:15:48.953 Version info: Product version 2.5.4
2015-06-11 20:15:48.954 Version info: Detection engine 3.60.0
2015-06-11 20:15:48.954 Version info: Detection data 5.15
2015-06-11 20:15:48.954 Version info: Build date 2015-05-26
2015-06-11 20:15:48.954 Version info: Data files added 254
2015-06-11 20:15:48.954 Version info: Last successful update (not yet updated)
2015-06-11 20:16:35.381 Downloading updates...
2015-06-11 20:16:35.382 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-06-11 20:16:35.382 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-06-11 20:16:35.382 Update progress: [I49502] Found supplement IDE516 LATEST
2015-06-11 20:16:35.382 Update progress: [I49502] Found supplement IDE517 LATEST
2015-06-11 20:16:35.382 Update progress: [I49502] Found supplement IDE518 LATEST
2015-06-11 20:16:35.382 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-06-11 20:16:35.382 Update progress: [I19463] Syncing product SAVIW32 55
2015-06-11 20:17:10.094 Update progress: [I19463] Syncing product IDE516 178
2015-06-11 20:17:10.968 Update progress: [I19463] Syncing product IDE517 92
2015-06-11 20:17:14.932 Installing updates...
2015-06-11 20:17:15.536 Error level 1
2015-06-11 20:17:15.819 Update progress: [I19463] Syncing product IDE518 1
2015-06-11 20:17:55.732 Update successful
2015-06-11 20:18:24.942 Option all = no
2015-06-11 20:18:24.942 Option recurse = yes
2015-06-11 20:18:24.942 Option archive = no
2015-06-11 20:18:24.942 Option service = yes
2015-06-11 20:18:24.942 Option confirm = yes
2015-06-11 20:18:24.942 Option sxl = yes
2015-06-11 20:18:24.948 Option max-data-age = 35
2015-06-11 20:18:24.948 Option EnableSafeClean = yes
2015-06-11 20:18:25.070 Option vdl-logging = yes
2015-06-11 20:18:25.075 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-06-11 20:18:25.075 Machine ID: 7b978c7afbf6437eac746606d1fcf56f
2015-06-11 20:18:25.080 Component SVRTcli.exe version 2.5.4
2015-06-11 20:18:25.080 Component control.dll version 2.5.4
2015-06-11 20:18:25.081 Component SVRTservice.exe version 2.5.4
2015-06-11 20:18:25.081 Component engine\osdp.dll version 1.44.1.2200
2015-06-11 20:18:25.081 Component engine\veex.dll version 3.60.0.2200
2015-06-11 20:18:25.081 Component engine\savi.dll version 8.1.7.2200
2015-06-11 20:18:25.086 Component rkdisk.dll version 1.5.30.0
2015-06-11 20:18:25.086 Version info: Product version 2.5.4
2015-06-11 20:18:25.086 Version info: Detection engine 3.60.0
2015-06-11 20:18:25.086 Version info: Detection data 5.15G
2015-06-11 20:18:25.086 Version info: Build date 2015-05-26
2015-06-11 20:18:25.086 Version info: Data files added 266
2015-06-11 20:18:25.086 Version info: Last successful update 2015-06-11 오후 5:17:55

2015-06-11 21:42:51.399 SafeClean bin directory is empty.
2015-06-11 21:42:51.399 Error level 0

2015-06-11 21:48:58.100 Scan cancelled by user.
2015-06-11 21:48:58.100

------------------------------------------------------------

2015-06-11 23:34:36.549 Sophos Virus Removal Tool version 2.5.4
2015-06-11 23:34:36.549 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-06-11 23:34:36.549 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-06-11 23:34:36.549 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2015-06-11 23:34:36.549 Checking for updates...
2015-06-11 23:34:39.479 Update progress: proxy server not available
2015-06-11 23:35:35.189 Option all = no
2015-06-11 23:35:35.189 Option recurse = yes
2015-06-11 23:35:35.189 Option archive = no
2015-06-11 23:35:35.189 Option service = yes
2015-06-11 23:35:35.189 Option confirm = yes
2015-06-11 23:35:35.189 Option sxl = yes
2015-06-11 23:35:35.189 Option max-data-age = 35
2015-06-11 23:35:35.189 Option EnableSafeClean = yes
2015-06-11 23:35:35.299 Option vdl-logging = yes
2015-06-11 23:35:35.299 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-06-11 23:35:35.299 Machine ID: 7b978c7afbf6437eac746606d1fcf56f
2015-06-11 23:35:35.329 Component SVRTcli.exe version 2.5.4
2015-06-11 23:35:35.329 Component control.dll version 2.5.4
2015-06-11 23:35:35.329 Component SVRTservice.exe version 2.5.4
2015-06-11 23:35:35.329 Component engine\osdp.dll version 1.44.1.2200
2015-06-11 23:35:35.329 Component engine\veex.dll version 3.60.0.2200
2015-06-11 23:35:35.329 Component engine\savi.dll version 8.1.7.2200
2015-06-11 23:35:35.339 Downloading updates...
2015-06-11 23:35:35.339 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-06-11 23:35:35.339 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-06-11 23:35:35.339 Update progress: [I49502] Found supplement IDE516 LATEST
2015-06-11 23:35:35.339 Update progress: [I49502] Found supplement IDE517 LATEST
2015-06-11 23:35:35.339 Update progress: [I49502] Found supplement IDE518 LATEST
2015-06-11 23:35:35.339 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-06-11 23:35:35.339 Update progress: [I19463] Syncing product SAVIW32 55
2015-06-11 23:35:35.339 Update progress: [I19463] Syncing product IDE516 178
2015-06-11 23:35:35.359 Component rkdisk.dll version 1.5.30.0
2015-06-11 23:35:35.359 Version info: Product version 2.5.4
2015-06-11 23:35:35.359 Version info: Detection engine 3.60.0
2015-06-11 23:35:35.359 Version info: Detection data 5.15G
2015-06-11 23:35:35.359 Version info: Build date 2015-05-26
2015-06-11 23:35:35.359 Version info: Data files added 266
2015-06-11 23:35:35.359 Version info: Last successful update 2015-06-11 오후 5:17:55
2015-06-11 23:35:36.549 Update progress: [I19463] Syncing product IDE517 94
2015-06-11 23:35:37.059 Installing updates...
2015-06-11 23:35:37.659 Error level 1
2015-06-11 23:35:39.569 Update progress: [I19463] Syncing product IDE518 1
2015-06-11 23:35:39.669 Update successful
2015-06-11 23:35:57.059 Option all = no
2015-06-11 23:35:57.059 Option recurse = yes
2015-06-11 23:35:57.059 Option archive = no
2015-06-11 23:35:57.059 Option service = yes
2015-06-11 23:35:57.059 Option confirm = yes
2015-06-11 23:35:57.059 Option sxl = yes
2015-06-11 23:35:57.069 Option max-data-age = 35
2015-06-11 23:35:57.069 Option EnableSafeClean = yes
2015-06-11 23:35:57.179 Option vdl-logging = yes
2015-06-11 23:35:57.179 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-06-11 23:35:57.179 Machine ID: 7b978c7afbf6437eac746606d1fcf56f
2015-06-11 23:35:57.189 Component SVRTcli.exe version 2.5.4
2015-06-11 23:35:57.189 Component control.dll version 2.5.4
2015-06-11 23:35:57.189 Component SVRTservice.exe version 2.5.4
2015-06-11 23:35:57.189 Component engine\osdp.dll version 1.44.1.2200
2015-06-11 23:35:57.189 Component engine\veex.dll version 3.60.0.2200
2015-06-11 23:35:57.189 Component engine\savi.dll version 8.1.7.2200
2015-06-11 23:35:57.189 Component rkdisk.dll version 1.5.30.0
2015-06-11 23:35:57.189 Version info: Product version 2.5.4
2015-06-11 23:35:57.199 Version info: Detection engine 3.60.0
2015-06-11 23:35:57.199 Version info: Detection data 5.15G
2015-06-11 23:35:57.199 Version info: Build date 2015-05-26
2015-06-11 23:35:57.199 Version info: Data files added 268
2015-06-11 23:35:57.199 Version info: Last successful update 2015-06-11 오후 8:35:39

2015-06-12 00:17:15.408 SafeClean bin directory is empty.
2015-06-12 00:17:15.408 Error level 0

2015-06-12 00:17:16.805 Scan cancelled by user.
2015-06-12 00:17:16.805

------------------------------------------------------------

2015-06-12 08:52:39.552 Sophos Virus Removal Tool version 2.5.4
2015-06-12 08:52:39.552 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-06-12 08:52:39.552 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-06-12 08:52:39.552 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2015-06-12 08:52:39.552 Checking for updates...
2015-06-12 08:52:42.391 Update progress: proxy server not available
2015-06-12 08:53:36.539 Downloading updates...
2015-06-12 08:53:36.539 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-06-12 08:53:36.539 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-06-12 08:53:36.539 Update progress: [I49502] Found supplement IDE516 LATEST
2015-06-12 08:53:36.539 Update progress: [I49502] Found supplement IDE517 LATEST
2015-06-12 08:53:36.539 Update progress: [I49502] Found supplement IDE518 LATEST
2015-06-12 08:53:36.539 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-06-12 08:53:36.539 Update progress: [I19463] Syncing product SAVIW32 55
2015-06-12 08:53:36.539 Update progress: [I19463] Syncing product IDE516 178
2015-06-12 08:53:39.175 Update progress: [I19463] Syncing product IDE517 97
2015-06-12 08:53:40.002 Installing updates...
2015-06-12 08:53:46.663 Option all = no
2015-06-12 08:53:47.474 Option recurse = yes
2015-06-12 08:53:47.474 Option archive = no
2015-06-12 08:53:47.474 Option service = yes
2015-06-12 08:53:47.474 Option confirm = yes
2015-06-12 08:53:47.474 Option sxl = yes
2015-06-12 08:53:47.474 Option max-data-age = 35
2015-06-12 08:53:47.474 Option EnableSafeClean = yes
2015-06-12 08:53:47.474 Option vdl-logging = yes
2015-06-12 08:53:47.474 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-06-12 08:53:47.474 Machine ID: 7b978c7afbf6437eac746606d1fcf56f
2015-06-12 08:53:47.474 Component SVRTcli.exe version 2.5.4
2015-06-12 08:53:47.474 Component control.dll version 2.5.4
2015-06-12 08:53:47.474 Component SVRTservice.exe version 2.5.4
2015-06-12 08:53:47.474 Component engine\osdp.dll version 1.44.1.2200
2015-06-12 08:53:47.474 Component engine\veex.dll version 3.60.0.2200
2015-06-12 08:53:47.474 Component engine\savi.dll version 8.1.7.2200
2015-06-12 08:53:47.474 Component rkdisk.dll version 1.5.30.0
2015-06-12 08:53:47.474 Version info: Product version 2.5.4
2015-06-12 08:53:47.474 Version info: Detection engine 3.60.0
2015-06-12 08:53:47.474 Version info: Detection data 5.15G
2015-06-12 08:53:47.474 Version info: Build date 2015-05-26
2015-06-12 08:53:47.474 Version info: Data files added 268
2015-06-12 08:53:47.474 Version info: Last successful update 2015-06-11 오후 8:35:39
2015-06-12 08:53:47.474 Error level 1
2015-06-12 08:53:48.551 Update progress: [I19463] Syncing product IDE518 1
2015-06-12 08:53:48.676 Update successful
2015-06-12 08:54:06.351 Option all = no
2015-06-12 08:54:06.351 Option recurse = yes
2015-06-12 08:54:06.351 Option archive = no
2015-06-12 08:54:06.366 Option service = yes
2015-06-12 08:54:06.366 Option confirm = yes
2015-06-12 08:54:06.366 Option sxl = yes
2015-06-12 08:54:06.366 Option max-data-age = 35
2015-06-12 08:54:06.366 Option EnableSafeClean = yes
2015-06-12 08:54:06.429 Option vdl-logging = yes
2015-06-12 08:54:06.444 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-06-12 08:54:06.444 Machine ID: 7b978c7afbf6437eac746606d1fcf56f
2015-06-12 08:54:06.444 Component SVRTcli.exe version 2.5.4
2015-06-12 08:54:06.444 Component control.dll version 2.5.4
2015-06-12 08:54:06.444 Component SVRTservice.exe version 2.5.4
2015-06-12 08:54:06.444 Component engine\osdp.dll version 1.44.1.2200
2015-06-12 08:54:06.444 Component engine\veex.dll version 3.60.0.2200
2015-06-12 08:54:06.444 Component engine\savi.dll version 8.1.7.2200
2015-06-12 08:54:06.444 Component rkdisk.dll version 1.5.30.0
2015-06-12 08:54:06.444 Version info: Product version 2.5.4
2015-06-12 08:54:06.444 Version info: Detection engine 3.60.0
2015-06-12 08:54:06.444 Version info: Detection data 5.15G
2015-06-12 08:54:06.444 Version info: Build date 2015-05-26
2015-06-12 08:54:06.444 Version info: Data files added 271
2015-06-12 08:54:06.444 Version info: Last successful update 2015-06-12 오전 5:53:48

2015-06-12 10:28:33.000 Could not open C:\hiberfil.sys
2015-06-12 10:29:50.626 Could not open C:\pagefile.sys
2015-06-12 11:25:11.029 >>> Virus 'W32/Autorun-CV' found in file C:\ProgramData\Sunbelt\AntiMalware\Quarantine\{4D2633E3-C6CB-46CA-8860-8BCDF8ABE7A2}_ENC2
2015-06-12 11:25:11.029 >>> Virus 'W32/Autorun-CV' found in file HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-06-12 11:25:11.029 >>> Virus 'W32/Autorun-CV' found in file HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-06-12 11:25:11.029 >>> Virus 'W32/Autorun-CV' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-06-12 11:25:47.003 >>> Virus 'W32/Autorun-CV' found in file C:\ProgramData\Sunbelt\AntiMalware\Quarantine\{80829534-154F-4056-AA2F-2320E0A671BF}_ENC2
2015-06-12 11:25:47.003 >>> Virus 'W32/Autorun-CV' found in file HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-06-12 11:25:47.003 >>> Virus 'W32/Autorun-CV' found in file HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-06-12 11:25:47.003 >>> Virus 'W32/Autorun-CV' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-06-12 11:30:03.732 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-06-12 11:30:03.732 Could not open C:\System Volume Information\{574ccda5-1071-11e5-8264-902b34f49402}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-06-12 12:06:48.437 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-06-12 12:06:48.453 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-06-12 12:06:54.771 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-06-12 12:06:54.787 Could not open C:\Windows\System32\config\RegBack\SAM
2015-06-12 12:06:54.787 Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-06-12 12:06:54.818 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-06-12 12:06:54.833 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-06-12 12:57:11.114 The following items will be cleaned up:
2015-06-12 12:57:11.114 W32/Autorun-CV
2015-06-12 14:33:41.611 Threat 'W32/Autorun-CV' has been cleaned up.
2015-06-12 14:33:41.624 File "C:\ProgramData\Sunbelt\AntiMalware\Quarantine\{4D2633E3-C6CB-46CA-8860-8BCDF8ABE7A2}_ENC2" belongs to 'W32/Autorun-CV'.
2015-06-12 14:33:41.624 File "C:\ProgramData\Sunbelt\AntiMalware\Quarantine\{4D2633E3-C6CB-46CA-8860-8BCDF8ABE7A2}_ENC2" has been cleaned up.
2015-06-12 14:33:41.625 File "C:\ProgramData\Sunbelt\AntiMalware\Quarantine\{80829534-154F-4056-AA2F-2320E0A671BF}_ENC2" belongs to 'W32/Autorun-CV'.
2015-06-12 14:33:41.625 File "C:\ProgramData\Sunbelt\AntiMalware\Quarantine\{80829534-154F-4056-AA2F-2320E0A671BF}_ENC2" has been cleaned up.
2015-06-12 14:33:41.625 Registry value "HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" belongs to 'W32/Autorun-CV'.
2015-06-12 14:33:41.625 Registry value "HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" has been cleaned up.
2015-06-12 14:33:41.625 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" belongs to 'W32/Autorun-CV'.
2015-06-12 14:33:41.625 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" has been cleaned up.
2015-06-12 14:33:41.625 Removal successful
2015-06-12 14:33:41.663 Contents of SafeClean bin directory:
2015-06-12 14:33:41.676 {
2015-06-12 14:33:41.676 RecordID : "0000000000000001",
2015-06-12 14:33:41.676 ItemType : "1",
2015-06-12 14:33:41.676 Location : "C:\ProgramData\Sunbelt\AntiMalware\Quarantine\",
2015-06-12 14:33:41.676 FileName : "{4D2633E3-C6CB-46CA-8860-8BCDF8ABE7A2}_ENC2",
2015-06-12 14:33:41.676 ThreatName : "W32/Autorun-CV",
2015-06-12 14:33:41.676 Checksum : "be230a1e2384cd2648e4f3e44d5f8f7ad2ac8e61c159ef30dbaa908a16890ad8",
2015-06-12 14:33:41.676 TimeStamp : "Fri Jun 12 11:33:31 2015"
2015-06-12 14:33:41.676 }
2015-06-12 14:33:41.676 {
2015-06-12 14:33:41.676 RecordID : "0000000000000002",
2015-06-12 14:33:41.676 ItemType : "1",
2015-06-12 14:33:41.676 Location : "C:\ProgramData\Sunbelt\AntiMalware\Quarantine\",
2015-06-12 14:33:41.676 FileName : "{80829534-154F-4056-AA2F-2320E0A671BF}_ENC2",
2015-06-12 14:33:41.676 ThreatName : "W32/Autorun-CV",
2015-06-12 14:33:41.676 Checksum : "be230a1e2384cd2648e4f3e44d5f8f7ad2ac8e61c159ef30dbaa908a16890ad8",
2015-06-12 14:33:41.676 TimeStamp : "Fri Jun 12 11:33:31 2015"
2015-06-12 14:33:41.676 }
2015-06-12 14:33:42.259 Error level 0

2015-06-12 14:33:59.694 Scan completed.
2015-06-12 14:33:59.694

------------------------------------------------------------

2015-09-12 09:26:16.638 Sophos Virus Removal Tool version 2.5.4
2015-09-12 09:26:16.638 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-09-12 09:26:16.638 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-09-12 09:26:16.638 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2015-09-12 09:26:16.639 Checking for updates...
2015-09-12 09:26:18.976 Update progress: proxy server not available
2015-09-12 09:26:26.719 Update error: invalid login credentials (error 5)
Couldn't authenticate user for resource with host server. URL was: http://dci.sophosupd.com/update
2015-09-12 09:26:50.094 Option all = no
2015-09-12 09:26:50.094 Option recurse = yes
2015-09-12 09:26:50.094 Option archive = no
2015-09-12 09:26:50.094 Option service = yes
2015-09-12 09:26:50.094 Option confirm = yes
2015-09-12 09:26:50.094 Option sxl = yes
2015-09-12 09:26:50.096 Option max-data-age = 35
2015-09-12 09:26:50.096 Option EnableSafeClean = yes
2015-09-12 09:26:50.227 Option vdl-logging = yes
2015-09-12 09:26:50.229 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-09-12 09:26:50.229 Machine ID: 7b978c7afbf6437eac746606d1fcf56f
2015-09-12 09:26:50.242 Component SVRTcli.exe version 2.5.4
2015-09-12 09:26:50.242 Component control.dll version 2.5.4
2015-09-12 09:26:50.242 Component SVRTservice.exe version 2.5.4
2015-09-12 09:26:50.242 Component engine\osdp.dll version 1.44.1.2200
2015-09-12 09:26:50.242 Component engine\veex.dll version 3.60.0.2200
2015-09-12 09:26:50.242 Component engine\savi.dll version 8.1.7.2200
2015-09-12 09:26:50.256 Component rkdisk.dll version 1.5.30.0
2015-09-12 09:26:50.256 Version info: Product version 2.5.4
2015-09-12 09:26:50.257 Version info: Detection engine 3.60.0
2015-09-12 09:26:50.257 Version info: Detection data 5.15G
2015-09-12 09:26:50.257 Version info: Build date 2015-05-26
2015-09-12 09:26:50.257 Version info: Data files added 271
2015-09-12 09:26:50.257 Version info: Last successful update 2015-06-12 오전 5:53:48
2015-09-12 09:27:06.039 Error level 1

2015-09-12 09:27:06.039 Scan completed.
2015-09-12 09:27:06.039

------------------------------------------------------------

2015-10-11 10:35:52.662 Sophos Virus Removal Tool version 2.5.4
2015-10-11 10:35:52.662 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-10-11 10:35:52.662 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-10-11 10:35:52.662 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2015-10-11 10:35:52.662 Checking for updates...
2015-10-11 10:35:55.379 Update progress: proxy server not available
2015-10-11 10:36:02.859 Update error: invalid login credentials (error 5)
Couldn't authenticate user for resource with host server. URL was: http://dci.sophosupd.com/update
2015-10-11 10:36:13.235 Option all = no
2015-10-11 10:36:13.235 Option recurse = yes
2015-10-11 10:36:13.235 Option archive = no
2015-10-11 10:36:13.235 Option service = yes
2015-10-11 10:36:13.235 Option confirm = yes
2015-10-11 10:36:13.235 Option sxl = yes
2015-10-11 10:36:13.238 Option max-data-age = 35
2015-10-11 10:36:13.238 Option EnableSafeClean = yes
2015-10-11 10:36:13.415 Option vdl-logging = yes
2015-10-11 10:36:13.430 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-10-11 10:36:13.430 Machine ID: 7b978c7afbf6437eac746606d1fcf56f
2015-10-11 10:36:13.444 Component SVRTcli.exe version 2.5.4
2015-10-11 10:36:13.444 Component control.dll version 2.5.4
2015-10-11 10:36:13.444 Component SVRTservice.exe version 2.5.4
2015-10-11 10:36:13.444 Component engine\osdp.dll version 1.44.1.2200
2015-10-11 10:36:13.445 Component engine\veex.dll version 3.60.0.2200
2015-10-11 10:36:13.445 Component engine\savi.dll version 8.1.7.2200
2015-10-11 10:36:13.458 Component rkdisk.dll version 1.5.30.0
2015-10-11 10:36:13.459 Version info: Product version 2.5.4
2015-10-11 10:36:13.459 Version info: Detection engine 3.60.0
2015-10-11 10:36:13.459 Version info: Detection data 5.15G
2015-10-11 10:36:13.459 Version info: Build date 2015-05-26
2015-10-11 10:36:13.459 Version info: Data files added 271
2015-10-11 10:36:13.459 Version info: Last successful update 2015-06-12 오전 5:53:48

2015-10-11 10:38:28.751 Contents of SafeClean bin directory:
2015-10-11 10:38:28.751 {
2015-10-11 10:38:28.751 RecordID : "0000000000000001",
2015-10-11 10:38:28.751 ItemType : "1",
2015-10-11 10:38:28.751 Location : "C:\ProgramData\Sunbelt\AntiMalware\Quarantine\",
2015-10-11 10:38:28.751 FileName : "{4D2633E3-C6CB-46CA-8860-8BCDF8ABE7A2}_ENC2",
2015-10-11 10:38:28.751 ThreatName : "W32/Autorun-CV",
2015-10-11 10:38:28.751 Checksum : "be230a1e2384cd2648e4f3e44d5f8f7ad2ac8e61c159ef30dbaa908a16890ad8",
2015-10-11 10:38:28.751 TimeStamp : "Fri Jun 12 11:33:31 2015"
2015-10-11 10:38:28.751 }
2015-10-11 10:38:28.751 {
2015-10-11 10:38:28.751 RecordID : "0000000000000002",
2015-10-11 10:38:28.751 ItemType : "1",
2015-10-11 10:38:28.751 Location : "C:\ProgramData\Sunbelt\AntiMalware\Quarantine\",
2015-10-11 10:38:28.751 FileName : "{80829534-154F-4056-AA2F-2320E0A671BF}_ENC2",
2015-10-11 10:38:28.751 ThreatName : "W32/Autorun-CV",
2015-10-11 10:38:28.751 Checksum : "be230a1e2384cd2648e4f3e44d5f8f7ad2ac8e61c159ef30dbaa908a16890ad8",
2015-10-11 10:38:28.756 TimeStamp : "Fri Jun 12 11:33:31 2015"
2015-10-11 10:38:28.756 }
2015-10-11 10:38:28.756 Error level 0

2015-10-11 10:38:30.043 Scan cancelled by user.
2015-10-11 10:38:30.043

 

[Konishi]

------------------------------------------------------------

2015-10-11 10:48:03.967 Sophos Virus Removal Tool version 2.5.4
2015-10-11 10:48:03.972 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-10-11 10:48:03.972 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-10-11 10:48:03.972 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2015-10-11 10:48:04.796 Removed SafeClean bin directory.


2015-10-11 10:48:04.801 Scan completed.
2015-10-11 10:48:04.801

------------------------------------------------------------

2015-10-11 11:01:33.241 Sophos Virus Removal Tool version 2.5.4
2015-10-11 11:01:33.241 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-10-11 11:01:33.241 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-10-11 11:01:33.241 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2015-10-11 11:01:33.241 Checking for updates...
2015-10-11 11:01:36.491 Update progress: proxy server not available
2015-10-11 11:01:55.703 Option all = no
2015-10-11 11:01:55.703 Option recurse = yes
2015-10-11 11:01:55.703 Option archive = no
2015-10-11 11:01:55.704 Option service = yes
2015-10-11 11:01:55.704 Option confirm = yes
2015-10-11 11:01:55.704 Option sxl = yes
2015-10-11 11:01:55.705 Option max-data-age = 35
2015-10-11 11:01:55.705 Option EnableSafeClean = yes
2015-10-11 11:01:58.296 Option vdl-logging = yes
2015-10-11 11:01:58.301 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-10-11 11:01:58.301 Machine ID: 10017f38f59d4937b2fa0e7521285640
2015-10-11 11:01:58.328 Component SVRTcli.exe version 2.5.4
2015-10-11 11:01:58.328 Component control.dll version 2.5.4
2015-10-11 11:01:58.328 Component SVRTservice.exe version 2.5.4
2015-10-11 11:01:58.328 Component engine\osdp.dll version 1.44.1.2210
2015-10-11 11:01:58.328 Component engine\veex.dll version 3.61.0.2210
2015-10-11 11:01:58.328 Component engine\savi.dll version 8.1.8.2210
2015-10-11 11:01:58.328 Component rkdisk.dll version 1.5.30.0
2015-10-11 11:01:58.448 Version info: Product version 2.5.4
2015-10-11 11:01:58.448 Version info: Detection engine 3.61.0
2015-10-11 11:01:58.448 Version info: Detection data 5.19
2015-10-11 11:01:58.448 Version info: Build date 2015-09-15
2015-10-11 11:01:58.448 Version info: Data files added 301
2015-10-11 11:01:58.448 Version info: Last successful update (not yet updated)
2015-10-11 11:02:25.154 Downloading updates...
2015-10-11 11:02:25.195 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-10-11 11:02:25.195 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-10-11 11:02:25.195 Update progress: [I49502] Found supplement IDE520 LATEST
2015-10-11 11:02:25.195 Update progress: [I49502] Found supplement IDE521 LATEST
2015-10-11 11:02:25.196 Update progress: [I49502] Found supplement IDE522 LATEST
2015-10-11 11:02:25.196 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-10-11 11:02:25.196 Update progress: [I19463] Syncing product SAVIW32 60
2015-10-11 11:02:51.990 Update progress: [I19463] Syncing product IDE520 171
2015-10-11 11:02:53.731 Installing updates...
2015-10-11 11:02:54.738 Error level 1
2015-10-11 11:02:55.544 Update progress: [I19463] Syncing product IDE521 132
2015-10-11 11:02:55.544 Update progress: [I19463] Syncing product IDE522 1
2015-10-11 11:03:21.678 Update successful
2015-10-11 11:04:12.821 Option all = no
2015-10-11 11:04:12.821 Option recurse = yes
2015-10-11 11:04:12.821 Option archive = no
2015-10-11 11:04:12.821 Option service = yes
2015-10-11 11:04:12.821 Option confirm = yes
2015-10-11 11:04:12.821 Option sxl = yes
2015-10-11 11:04:12.821 Option max-data-age = 35
2015-10-11 11:04:12.821 Option EnableSafeClean = yes
2015-10-11 11:04:13.321 Option vdl-logging = yes
2015-10-11 11:04:13.331 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-10-11 11:04:13.331 Machine ID: 10017f38f59d4937b2fa0e7521285640
2015-10-11 11:04:13.331 Component SVRTcli.exe version 2.5.4
2015-10-11 11:04:13.331 Component control.dll version 2.5.4
2015-10-11 11:04:13.331 Component SVRTservice.exe version 2.5.4
2015-10-11 11:04:13.331 Component engine\osdp.dll version 1.44.1.2210
2015-10-11 11:04:13.331 Component engine\veex.dll version 3.61.0.2210
2015-10-11 11:04:13.331 Component engine\savi.dll version 8.1.8.2210
2015-10-11 11:04:13.331 Component rkdisk.dll version 1.5.30.0
2015-10-11 11:04:13.331 Version info: Product version 2.5.4
2015-10-11 11:04:13.331 Version info: Detection engine 3.61.0
2015-10-11 11:04:13.331 Version info: Detection data 5.19G
2015-10-11 11:04:13.331 Version info: Build date 2015-09-15
2015-10-11 11:04:13.331 Version info: Data files added 301
2015-10-11 11:04:13.331 Version info: Last successful update 2015-10-11 오전 8:03:21

2015-10-11 11:22:12.920 Could not open C:\hiberfil.sys
2015-10-11 11:22:18.463 Could not open C:\pagefile.sys
2015-10-11 11:40:16.313 Could not open C:\System Volume Information\{12915eea-6f9f-11e5-8b76-902b34f49402}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-10-11 11:40:16.314 Could not open C:\System Volume Information\{12915ef0-6f9f-11e5-8b76-902b34f49402}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-10-11 11:40:16.315 Could not open C:\System Volume Information\{12915ef4-6f9f-11e5-8b76-902b34f49402}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-10-11 11:40:16.316 Could not open C:\System Volume Information\{12915ef8-6f9f-11e5-8b76-902b34f49402}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-10-11 11:40:16.317 Could not open C:\System Volume Information\{12915efc-6f9f-11e5-8b76-902b34f49402}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-10-11 11:40:16.319 Could not open C:\System Volume Information\{12915f00-6f9f-11e5-8b76-902b34f49402}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-10-11 11:40:16.319 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-10-11 11:40:16.320 Could not open C:\System Volume Information\{54bc5612-6f00-11e5-85fe-902b34f49402}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-10-11 11:40:16.321 Could not open C:\System Volume Information\{abf3bdb0-7001-11e5-aa20-902b34f49402}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-10-11 11:40:16.322 Could not open C:\System Volume Information\{abf3bdb4-7001-11e5-aa20-902b34f49402}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-10-11 11:40:16.322 Could not open C:\System Volume Information\{abf3bdb9-7001-11e5-aa20-902b34f49402}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-10-11 11:41:40.547 Could not open C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Current Session
2015-10-11 11:41:40.547 Could not open C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2015-10-11 11:41:40.598 Could not check C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)
2015-10-11 11:41:43.499 Could not check C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOCK (virus scan failed)
2015-10-11 11:41:59.013 Could not check C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOCK (virus scan failed)
2015-10-11 11:41:59.075 Could not check C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
2015-10-11 12:11:00.707 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-10-11 12:11:00.717 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-10-11 12:11:15.029 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-10-11 12:11:15.029 Could not open C:\Windows\System32\config\RegBack\SAM
2015-10-11 12:11:15.029 Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-10-11 12:11:15.039 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-10-11 12:11:15.039 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-10-11 12:41:23.147 SafeClean bin directory is empty.
2015-10-11 12:41:23.744 Error level 0

2015-10-11 12:50:33.533 Scan completed.
2015-10-11 12:50:33.533

------------------------------------------------------------

2016-03-03 06:25:52.743 Sophos Virus Removal Tool version 2.5.4
2016-03-03 06:25:52.743 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-03-03 06:25:52.743 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-03-03 06:25:52.743 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2016-03-03 06:25:52.743 Checking for updates...
2016-03-03 06:25:55.742 Update progress: proxy server not available
2016-03-03 06:26:07.617 Update error: invalid login credentials (error 5)
Couldn't authenticate user for resource with host server. URL was: http://dci.sophosupd.com/update
2016-03-03 06:26:20.207 Option all = no
2016-03-03 06:26:20.207 Option recurse = yes
2016-03-03 06:26:20.207 Option archive = no
2016-03-03 06:26:20.207 Option service = yes
2016-03-03 06:26:20.207 Option confirm = yes
2016-03-03 06:26:20.207 Option sxl = yes
2016-03-03 06:26:20.207 Option max-data-age = 35
2016-03-03 06:26:20.207 Option EnableSafeClean = yes
2016-03-03 06:26:20.327 Option vdl-logging = yes
2016-03-03 06:26:20.337 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-03-03 06:26:20.337 Machine ID: 10017f38f59d4937b2fa0e7521285640
2016-03-03 06:26:20.357 Component SVRTcli.exe version 2.5.4
2016-03-03 06:26:20.357 Component control.dll version 2.5.4
2016-03-03 06:26:20.357 Component SVRTservice.exe version 2.5.4
2016-03-03 06:26:20.357 Component engine\osdp.dll version 1.44.1.2210
2016-03-03 06:26:20.357 Component engine\veex.dll version 3.61.0.2210
2016-03-03 06:26:20.357 Component engine\savi.dll version 8.1.8.2210
2016-03-03 06:26:20.377 Component rkdisk.dll version 1.5.30.0
2016-03-03 06:26:20.377 Version info: Product version 2.5.4
2016-03-03 06:26:20.377 Version info: Detection engine 3.61.0
2016-03-03 06:26:20.377 Version info: Detection data 5.19G
2016-03-03 06:26:20.377 Version info: Build date 2015/09/15
2016-03-03 06:26:20.377 Version info: Data files added 301
2016-03-03 06:26:20.377 Version info: Last successful update 2015/10/11 8:03:21
2016-03-03 06:27:03.666 Error level 1

2016-03-03 06:27:03.706 Scan completed.
2016-03-03 06:27:03.706

------------------------------------------------------------

2016-03-03 06:33:36.360 Sophos Virus Removal Tool version 2.5.4
2016-03-03 06:33:36.360 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-03-03 06:33:36.361 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-03-03 06:33:36.361 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2016-03-03 06:33:37.287 Removed SafeClean bin directory.


2016-03-03 06:33:37.287 Scan completed.
2016-03-03 06:33:37.287

------------------------------------------------------------

2016-03-03 06:58:04.121 Sophos Virus Removal Tool version 2.5.5
2016-03-03 06:58:04.121 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-03-03 06:58:04.121 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-03-03 06:58:04.121 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2016-03-03 06:58:04.121 Checking for updates...
2016-03-03 06:58:07.132 Update progress: proxy server not available
2016-03-03 06:58:34.004 Option all = no
2016-03-03 06:58:34.005 Option recurse = yes
2016-03-03 06:58:34.005 Option archive = no
2016-03-03 06:58:34.005 Option service = yes
2016-03-03 06:58:34.005 Option confirm = yes
2016-03-03 06:58:34.005 Option sxl = yes
2016-03-03 06:58:34.007 Option max-data-age = 35
2016-03-03 06:58:34.007 Option EnableSafeClean = yes
2016-03-03 06:58:36.927 Option vdl-logging = yes
2016-03-03 06:58:36.938 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-03-03 06:58:36.938 Machine ID: 79f325380f774cfbadc17756005347cc
2016-03-03 06:58:36.990 Component SVRTcli.exe version 2.5.5
2016-03-03 06:58:36.991 Component control.dll version 2.5.5
2016-03-03 06:58:36.991 Component SVRTservice.exe version 2.5.5
2016-03-03 06:58:36.991 Component engine\osdp.dll version 1.44.1.2240
2016-03-03 06:58:36.991 Component engine\veex.dll version 3.64.0.2240
2016-03-03 06:58:36.992 Component engine\savi.dll version 9.0.0.2240
2016-03-03 06:58:36.992 Component rkdisk.dll version 1.5.30.0
2016-03-03 06:58:36.993 Version info: Product version 2.5.5
2016-03-03 06:58:36.994 Version info: Detection engine 3.64.0
2016-03-03 06:58:36.994 Version info: Detection data 5.24
2016-03-03 06:58:36.994 Version info: Build date 2016/02/09
2016-03-03 06:58:36.995 Version info: Data files added 280
2016-03-03 06:58:36.995 Version info: Last successful update (not yet updated)
2016-03-03 06:59:28.820 Downloading updates...
2016-03-03 06:59:28.839 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2016-03-03 06:59:28.839 Update progress: [I49502] Found supplement SAVIW32 LATEST
2016-03-03 06:59:28.839 Update progress: [I49502] Found supplement IDE525 LATEST
2016-03-03 06:59:28.839 Update progress: [I49502] Found supplement IDE526 LATEST
2016-03-03 06:59:28.839 Update progress: [I49502] Found supplement IDE527 LATEST
2016-03-03 06:59:28.839 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-03-03 06:59:28.839 Update progress: [I19463] Syncing product SAVIW32 67
2016-03-03 06:59:29.573 Update progress: [I19463] Syncing product IDE525 141
2016-03-03 06:59:30.099 Installing updates...
2016-03-03 06:59:30.901 Error level 1
2016-03-03 06:59:30.944 Update progress: [I19463] Syncing product IDE526 141
2016-03-03 06:59:30.944 Update progress: [I19463] Syncing product IDE527 1
2016-03-03 06:59:52.184 Update successful
2016-03-03 07:00:10.727 Option all = no
2016-03-03 07:00:10.727 Option recurse = yes
2016-03-03 07:00:10.727 Option archive = no
2016-03-03 07:00:10.727 Option service = yes
2016-03-03 07:00:10.727 Option confirm = yes
2016-03-03 07:00:10.728 Option sxl = yes
2016-03-03 07:00:10.730 Option max-data-age = 35
2016-03-03 07:00:10.730 Option EnableSafeClean = yes
2016-03-03 07:00:10.775 Option vdl-logging = yes
2016-03-03 07:00:10.778 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-03-03 07:00:10.778 Machine ID: 79f325380f774cfbadc17756005347cc
2016-03-03 07:00:10.779 Component SVRTcli.exe version 2.5.5
2016-03-03 07:00:10.779 Component control.dll version 2.5.5
2016-03-03 07:00:10.779 Component SVRTservice.exe version 2.5.5
2016-03-03 07:00:10.779 Component engine\osdp.dll version 1.44.1.2240
2016-03-03 07:00:10.779 Component engine\veex.dll version 3.64.0.2240
2016-03-03 07:00:10.779 Component engine\savi.dll version 9.0.0.2240
2016-03-03 07:00:10.780 Component rkdisk.dll version 1.5.30.0
2016-03-03 07:00:10.780 Version info: Product version 2.5.5
2016-03-03 07:00:10.780 Version info: Detection engine 3.64.0
2016-03-03 07:00:10.780 Version info: Detection data 5.24
2016-03-03 07:00:10.780 Version info: Build date 2016/02/09
2016-03-03 07:00:10.780 Version info: Data files added 280
2016-03-03 07:00:10.780 Version info: Last successful update 2016/03/03 3:59:52

2016-03-03 07:21:36.442 Could not open C:\hiberfil.sys
2016-03-03 07:21:55.848 Could not open C:\pagefile.sys
2016-03-03 07:43:53.341 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-03-03 07:43:53.341 Could not open C:\System Volume Information\{50c88211-e0ee-11e5-b0bf-902b34f49402}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-03-03 07:43:53.342 Could not open C:\System Volume Information\{50c88215-e0ee-11e5-b0bf-902b34f49402}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-03-03 07:43:53.342 Could not open C:\System Volume Information\{50c88219-e0ee-11e5-b0bf-902b34f49402}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-03-03 07:43:53.342 Could not open C:\System Volume Information\{50c8821e-e0ee-11e5-b0bf-902b34f49402}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-03-03 07:43:53.343 Could not open C:\System Volume Information\{50c88225-e0ee-11e5-b0bf-902b34f49402}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-03-03 07:43:53.343 Could not open C:\System Volume Information\{9ed9e000-dfc8-11e5-9030-902b34f49402}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-03-03 07:43:53.343 Could not open C:\System Volume Information\{9ed9e00c-dfc8-11e5-9030-902b34f49402}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-03-03 07:44:53.167 Could not open C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Current Session
2016-03-03 07:44:53.168 Could not open C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2016-03-03 07:44:53.351 Could not check C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOCK (virus scan failed)
2016-03-03 07:44:53.374 Could not check C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)
2016-03-03 07:44:56.664 Could not check C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOCK (virus scan failed)
2016-03-03 07:45:00.738 Could not check C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOCK (virus scan failed)
2016-03-03 07:45:01.061 Could not check C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
2016-03-03 08:11:05.343 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2016-03-03 08:11:05.344 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2016-03-03 08:11:17.039 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2016-03-03 08:11:17.055 Could not open C:\Windows\System32\config\RegBack\SAM
2016-03-03 08:11:17.058 Could not open C:\Windows\System32\config\RegBack\SECURITY
2016-03-03 08:11:17.065 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2016-03-03 08:11:17.075 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2016-03-03 08:38:56.286 SafeClean bin directory is empty.
2016-03-03 08:38:56.921 Error level 0

2016-03-03 16:25:43.269 Scan completed.
2016-03-03 16:25:43.269

------------------------------------------------------------

2016-06-14 19:29:26.043 Sophos Virus Removal Tool version 2.5.5
2016-06-14 19:29:26.053 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-06-14 19:29:26.053 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-06-14 19:29:26.053 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2016-06-14 19:29:26.053 Checking for updates...
2016-06-14 19:29:30.048 Update progress: proxy server not available
2016-06-14 19:29:39.650 Option all = no
2016-06-14 19:29:39.650 Option recurse = yes
2016-06-14 19:29:39.650 Option archive = no
2016-06-14 19:29:39.650 Option service = yes
2016-06-14 19:29:39.650 Option confirm = yes
2016-06-14 19:29:39.650 Option sxl = yes
2016-06-14 19:29:39.650 Option max-data-age = 35
2016-06-14 19:29:39.650 Option EnableSafeClean = yes
2016-06-14 19:29:39.700 Option vdl-logging = yes
2016-06-14 19:29:39.710 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-06-14 19:29:39.710 Machine ID: 32f84272e7d04aef976eeac49da59e16
2016-06-14 19:29:39.710 Component SVRTcli.exe version 2.5.5
2016-06-14 19:29:39.710 Component control.dll version 2.5.5
2016-06-14 19:29:39.710 Component SVRTservice.exe version 2.5.5
2016-06-14 19:29:39.710 Component engine\osdp.dll version 1.44.1.2250
2016-06-14 19:29:39.710 Component engine\veex.dll version 3.65.0.2250
2016-06-14 19:29:39.710 Component engine\savi.dll version 9.0.1.2250
2016-06-14 19:29:39.710 Component rkdisk.dll version 1.5.30.0
2016-06-14 19:29:39.710 Version info: Product version 2.5.5
2016-06-14 19:29:39.710 Version info: Detection engine 3.65.0
2016-06-14 19:29:39.710 Version info: Detection data 5.26
2016-06-14 19:29:39.710 Version info: Build date 4/5/2016
2016-06-14 19:29:39.710 Version info: Data files added 470
2016-06-14 19:29:39.710 Version info: Last successful update (not yet updated)
2016-06-14 19:31:31.929 Downloading updates...
2016-06-14 19:31:31.929 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2016-06-14 19:31:31.929 Update progress: [I49502] Found supplement SAVIW32 LATEST
2016-06-14 19:31:31.929 Update progress: [I49502] Found supplement IDE527 LATEST
2016-06-14 19:31:31.929 Update progress: [I49502] Found supplement IDE528 LATEST
2016-06-14 19:31:31.929 Update progress: [I49502] Found supplement IDE529 LATEST
2016-06-14 19:31:31.929 Update progress: [I49502] Found supplement IDE530 LATEST
2016-06-14 19:31:31.929 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-06-14 19:31:31.929 Update progress: [I19463] Syncing product SAVIW32 70
2016-06-14 19:31:44.121 Update progress: [I19463] Syncing product IDE527 142
2016-06-14 19:31:45.171 Update progress: [I19463] Syncing product IDE528 127
2016-06-14 19:31:45.171 Update progress: [I19463] Syncing product IDE529 135
2016-06-14 19:31:45.171 Update progress: [I19463] Syncing product IDE530 73
2016-06-14 19:31:45.551 Installing updates...
2016-06-14 19:31:46.361 Error level 1
2016-06-14 19:31:48.961 Update successful
2016-06-14 19:32:06.162 Option all = no
2016-06-14 19:32:06.162 Option recurse = yes
2016-06-14 19:32:06.162 Option archive = no
2016-06-14 19:32:06.162 Option service = yes
2016-06-14 19:32:06.162 Option confirm = yes
2016-06-14 19:32:06.162 Option sxl = yes
2016-06-14 19:32:06.162 Option max-data-age = 35
2016-06-14 19:32:06.162 Option EnableSafeClean = yes
2016-06-14 19:32:06.202 Option vdl-logging = yes
2016-06-14 19:32:06.222 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-06-14 19:32:06.222 Machine ID: 32f84272e7d04aef976eeac49da59e16
2016-06-14 19:32:06.222 Component SVRTcli.exe version 2.5.5
2016-06-14 19:32:06.222 Component control.dll version 2.5.5
2016-06-14 19:32:06.222 Component SVRTservice.exe version 2.5.5
2016-06-14 19:32:06.222 Component engine\osdp.dll version 1.44.1.2250
2016-06-14 19:32:06.222 Component engine\veex.dll version 3.65.0.2250
2016-06-14 19:32:06.222 Component engine\savi.dll version 9.0.1.2250
2016-06-14 19:32:06.222 Component rkdisk.dll version 1.5.30.0
2016-06-14 19:32:06.222 Version info: Product version 2.5.5
2016-06-14 19:32:06.222 Version info: Detection engine 3.65.0
2016-06-14 19:32:06.222 Version info: Detection data 5.26
2016-06-14 19:32:06.222 Version info: Build date 4/5/2016
2016-06-14 19:32:06.222 Version info: Data files added 471
2016-06-14 19:32:06.222 Version info: Last successful update 6/14/2016 4:31:48 PM
2016-06-14 19:55:50.445 Error level 1

2016-06-14 19:55:50.445 Scan completed.
2016-06-14 19:55:50.445

------------------------------------------------------------

2016-06-15 16:56:39.369 Sophos Virus Removal Tool version 2.5.5
2016-06-15 16:56:39.369 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-06-15 16:56:39.369 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-06-15 16:56:39.369 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2016-06-15 16:56:39.369 Checking for updates...
2016-06-15 16:56:43.378 Update progress: proxy server not available
2016-06-15 16:57:34.094 Option all = no
2016-06-15 16:57:34.094 Option recurse = yes
2016-06-15 16:57:34.094 Option archive = no
2016-06-15 16:57:34.094 Option service = yes
2016-06-15 16:57:34.094 Option confirm = yes
2016-06-15 16:57:34.094 Option sxl = yes
2016-06-15 16:57:34.094 Option max-data-age = 35
2016-06-15 16:57:34.094 Option EnableSafeClean = yes
2016-06-15 16:57:34.172 Option vdl-logging = yes
2016-06-15 16:57:34.172 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-06-15 16:57:34.172 Machine ID: 32f84272e7d04aef976eeac49da59e16
2016-06-15 16:57:34.203 Component SVRTcli.exe version 2.5.5
2016-06-15 16:57:34.203 Component control.dll version 2.5.5
2016-06-15 16:57:34.218 Component SVRTservice.exe version 2.5.5
2016-06-15 16:57:34.218 Component engine\osdp.dll version 1.44.1.2250
2016-06-15 16:57:34.218 Component engine\veex.dll version 3.65.0.2250
2016-06-15 16:57:34.218 Component engine\savi.dll version 9.0.1.2250
2016-06-15 16:57:34.218 Component rkdisk.dll version 1.5.30.0
2016-06-15 16:57:34.218 Version info: Product version 2.5.5
2016-06-15 16:57:34.218 Version info: Detection engine 3.65.0
2016-06-15 16:57:34.218 Version info: Detection data 5.26
2016-06-15 16:57:34.218 Version info: Build date 4/5/2016
2016-06-15 16:57:34.218 Version info: Data files added 471
2016-06-15 16:57:34.218 Version info: Last successful update 6/14/2016 4:31:48 PM
2016-06-15 16:57:39.460 Downloading updates...
2016-06-15 16:57:39.476 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2016-06-15 16:57:39.476 Update progress: [I49502] Found supplement SAVIW32 LATEST
2016-06-15 16:57:39.476 Update progress: [I49502] Found supplement IDE527 LATEST
2016-06-15 16:57:39.476 Update progress: [I49502] Found supplement IDE528 LATEST
2016-06-15 16:57:39.476 Update progress: [I49502] Found supplement IDE529 LATEST
2016-06-15 16:57:39.476 Update progress: [I49502] Found supplement IDE530 LATEST
2016-06-15 16:57:39.476 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-06-15 16:57:39.476 Update progress: [I19463] Syncing product SAVIW32 70
2016-06-15 16:57:39.476 Update progress: [I19463] Syncing product IDE527 142
2016-06-15 16:57:39.959 Update progress: [I19463] Syncing product IDE528 127
2016-06-15 16:57:39.959 Update progress: [I19463] Syncing product IDE529 135
2016-06-15 16:57:39.959 Update progress: [I19463] Syncing product IDE530 77
2016-06-15 16:57:40.614 Installing updates...
2016-06-15 16:57:41.426 Error level 1
2016-06-15 16:57:41.925 Update successful
2016-06-15 16:57:53.984 Option all = no
2016-06-15 16:57:53.984 Option recurse = yes
2016-06-15 16:57:53.984 Option archive = no
2016-06-15 16:57:53.984 Option service = yes
2016-06-15 16:57:53.984 Option confirm = yes
2016-06-15 16:57:53.984 Option sxl = yes
2016-06-15 16:57:53.984 Option max-data-age = 35
2016-06-15 16:57:53.984 Option EnableSafeClean = yes
2016-06-15 16:57:54.030 Option vdl-logging = yes
2016-06-15 16:57:54.030 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-06-15 16:57:54.030 Machine ID: 32f84272e7d04aef976eeac49da59e16
2016-06-15 16:57:54.030 Component SVRTcli.exe version 2.5.5
2016-06-15 16:57:54.030 Component control.dll version 2.5.5
2016-06-15 16:57:54.030 Component SVRTservice.exe version 2.5.5
2016-06-15 16:57:54.030 Component engine\osdp.dll version 1.44.1.2250
2016-06-15 16:57:54.030 Component engine\veex.dll version 3.65.0.2250
2016-06-15 16:57:54.030 Component engine\savi.dll version 9.0.1.2250
2016-06-15 16:57:54.030 Component rkdisk.dll version 1.5.30.0
2016-06-15 16:57:54.030 Version info: Product version 2.5.5
2016-06-15 16:57:54.030 Version info: Detection engine 3.65.0
2016-06-15 16:57:54.030 Version info: Detection data 5.26
2016-06-15 16:57:54.030 Version info: Build date 4/5/2016
2016-06-15 16:57:54.030 Version info: Data files added 475
2016-06-15 16:57:54.030 Version info: Last successful update 6/15/2016 1:57:41 PM

2016-06-15 17:34:42.532 Could not open C:\hiberfil.sys
2016-06-15 17:34:43.394 Could not open C:\pagefile.sys
2016-06-15 17:53:10.524 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-06-15 17:53:10.525 Could not open C:\System Volume Information\{46f4f76c-3192-11e6-9504-902b34f49402}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-06-15 17:54:29.635 Could not open C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Current Session
2016-06-15 17:54:29.635 Could not open C:\Users\Konishi\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2016-06-15 18:01:35.975 >>> Virus 'Mal/VMProtBad-A' found in file C:\Users\Konishi\Desktop\SltndSnctrv1003-MPCG\Salt and Sanctuary v1.0.0.3-MPCG\steam_api.dll
2016-06-15 18:01:35.976 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-06-15 18:01:35.976 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-1519485860-2903035351-2837986310-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-06-15 18:01:35.977 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-06-15 18:23:53.446 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2016-06-15 18:23:53.447 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2016-06-15 18:24:01.369 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2016-06-15 18:24:01.372 Could not open C:\Windows\System32\config\RegBack\SAM
2016-06-15 18:24:01.389 Could not open C:\Windows\System32\config\RegBack\SECURITY
2016-06-15 18:24:01.390 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2016-06-15 18:24:01.393 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2016-06-15 18:58:42.987 Could not open Z:\Boot\BCD
2016-06-15 18:58:43.914 The following items will be cleaned up:
2016-06-15 18:58:43.914 Mal/VMProtBad-A

 

[Broni]

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

 

[Konishi]

Computer seems better now, the program is no showing anymore.

 

[Broni]

Way to go!!
Good luck and stay safe