悪代官の伏魔殿掲示板別館

アドウェアに感染したようなので削除したい。"DiegiSSaveer"

yahoo 知恵袋から来ました。IE11のアドオンを書き換えられたようなので、IE11を削除しようと思っていますが、それだけでは治らないと思いますので以下に　Logファイルとインストールのテキストをお送りします。
ご検討戴きたくよろしくお願い申し上げます。
IEのアドオン管理画面上に　アドウェア　"DiegiSSaveer"がリストされていて、セキュリティ対策のPhishwall,gooogleツールバーなどは有効にできないようにアドオン一覧にありません。　またツールバーと拡張機能を使えなくしてあります。

fokihobo
2015/03/09 (Mon) 13:44:13

返信フォームへ

Re: アドウェアに感染したようなので削除したい。

ログとインスとーつテキスト貼付け忘れました。
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:07:53, on 2015/03/09
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)

FIREFOX: 36.0.1 (x86 ja)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
C:\Program Files (x86)\HmNetMonitor\HmNetMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\ProgramData\{05002096-74da-9d0b-0500-0209674d8259}\glary-utilities.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Users\qq873_000\Downloads\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: DiegiSSaveeR - {7d6f357f-75c7-4163-b092-b0c5737309c2} - C:\Program Files (x86)\DiegiSSaveeR\yNNRZe6oJsF24P.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BrRssUtility] C:\Program Files (x86)\Brother\RSSUtility\BrRssWatcher.exe /autorun
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
O4 - Startup: glary-utilities.lnk = C:\ProgramData\{05002096-74da-9d0b-0500-0209674d8259}\glary-utilities.exe
O4 - Startup: らくらくアップデートツール.lnk = C:\Program Files\Buffalo\RakUpdate\RakUpdate.exe
O4 - Global Startup: クライアントマネージャＶ.lnk = C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
O4 - Global Startup: 秀丸ネットモニター.lnk = C:\Program Files (x86)\HmNetMonitor\HmNetMonitor.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://qtinstall.apple.com/qtactivex/qtplugin.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: BWH32S - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem14.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\WINDOWS\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: PriceMeterLiveUpdate Service (pricemeterliveUpdate) (pricemeterliveUpdate) - PriceMeter - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
O23 - Service: PriceMeterLiveUpdate Service (pricemeterliveUpdatem) (pricemeterliveUpdatem) - PriceMeter - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: SecureBrain PhishWall Update - SecureBrain Corporation - C:\Program Files (x86)\SecureBrain\PhishWall\sbpwupdx.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9597 bytes

AdBlocker Manger AdBlocker Manger 2014/02/22
Adobe AIR Adobe Systems Incorporated 2014/11/10 15.0.0.293
Adobe Flash Player 16 NPAPI Adobe Systems Incorporated 2015/02/05 6.00 MB 16.0.0.305
Adobe Reader XI (11.0.10) - Japanese Adobe Systems Incorporated 2014/12/11 204 MB 11.0.10
Adobe Shockwave Player 11.6 Adobe Systems, Inc. 2014/02/14 11.6.5.635
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 2012/10/20 26.3 MB 8.0.881.0
AMD Quick Stream AppEx Networks 2012/10/20 2.80 MB 3.3.26.0
Brother ドライバー＆ソフトウェア DCP-J940N Brother Industries, Ltd. 2014/12/24 2.0.0.0
BUFFALO エアステーション設定ツール BUFFALO INC. 2014/12/30 2.95 MB 2.0.15
BUFFALO クライアントマネージャＶをアンインストール BUFFALO INC. 2012/11/16 9.87 MB 1.4.9
BUFFALO パソコン環境表示ツール BUFFALO INC. 2013/03/03 1.0.3
Business Card Reader Business Card Reader 2013/01/22 1.00.0000
CCleaner Piriform 2015/03/09 5.03
Energy Star Hewlett-Packard 2012/10/20 3.47 MB 1.0.8
FFFTP Ver.1.98g FFFTP Project 2014/02/14
Glary Utilities 5.20 Glarysoft Ltd 2015/03/03 5.20.0.35
HP 3D DriveGuard Hewlett-Packard Company 2013/04/27 7.01 MB 4.2.9.1
HP AC Power Control Hewlett-Packard 2012/08/25 9.77 MB 1.0.6
HP CoolSense Hewlett-Packard Company 2013/11/09 10.9 MB 2.10.62
HP Documentation Hewlett-Packard 2012/10/20 247 MB 1.1.0.0
HP Quick Launch Hewlett-Packard Company 2013/06/29 4.18 MB 3.0.6
HP Registration Service Hewlett-Packard 2012/10/20 75.4 MB 1.0.5976.4186
HP Software Framework Hewlett-Packard Company 2012/11/17 8.06 MB 4.6.10.1
HP Support Assistant 2014/02/20
HP Utility Center Hewlett-Packard 2012/10/20 3.97 MB 1.0.7
HP Wireless Button Driver Hewlett-Packard Company 2013/11/23 733 KB 1.1.2.1
HTML Project2 2014/02/14
IDT Audio IDT 2013/06/29 1.0.6425.0
Java 8 Update 25 Oracle Corporation 2014/10/16 73.3 MB 8.0.250
Java SE Development Kit 7 Update 11 Oracle 2013/01/21 153 MB 1.7.0.110
JOLLY飛行機編スクリーンセーバー 2015/03/01
Lhaplus 2014/02/14
LibraryProc Software Publisher 2014/02/15
Microsoft Silverlight Microsoft Corporation 2014/12/15 249 MB 5.1.31211.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2012/08/25 1.92 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2012/10/20 4.84 MB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 2012/12/13 6.83 MB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 2012/10/20 13.1 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2012/12/17 13.2 MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2012/10/20 8.20 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 2012/08/25 10.1 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2012/12/17 10.1 MB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 2013/07/03 15.0 MB 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 2013/07/03 9.89 MB 10.0.30319
Mozilla Firefox 36.0.1 (x86 ja) Mozilla 2015/03/06 84.3 MB 36.0.1
Mozilla Maintenance Service Mozilla 2015/03/05 247 KB 36.0
nakayosi44 2014/02/14
OpenOffice.org 3.4.1 Apache Software Foundation 2012/12/17 313 MB 3.41.9593
PhishWall SecureBrain Corporation 2014/09/17 3.5.14
PhotoScape 2014/02/14
Qualcomm Atheros Driver Installation Program Qualcomm Atheros 2014/02/22 10.0
Realtek Ethernet Controller Driver Realtek 2014/03/01 8.3.730.2012
Realtek PCIE Card Reader Realtek Semiconductor Corp. 2012/10/20 6.2.8400.29029
Ruby 2.0.0-p481 RubyInstaller Team 2014/07/11 40.2 MB 2.0.0-p481
Ruby 2.1.3-p242 RubyInstaller Team 2014/10/02 42.7 MB 2.1.3-p242
Synaptics Pointing Device Driver Synaptics Incorporated 2014/02/14 46.4 MB 16.5.3.3
Update for Japanese Microsoft IME Postal Code Dictionary Microsoft Corporation 2014/05/12 4.53 MB 15.0.1759
Update for Japanese Microsoft IME Standard Dictionary Microsoft Corporation 2014/10/24 34.8 MB 15.0.1215
Update for Japanese Microsoft IME Standard Extended Dictionary Microsoft Corporation 2014/02/16 11.5 MB 15.0.1215
Update for Japanese Microsoft IME Trending Words Dictionary Microsoft Corporation 2014/10/24 17.0 KB 16.0.1016.1
Windows Live Essentials Microsoft Corporation 2012/08/25 15.4.3555.0308
Wise Registry Cleaner 8.31 WiseCleaner.com, Inc. 2014/12/17 7.11 MB 8.31
うきうき家計簿 2012/11/19 19.5 MB
はがきデザインキット Japan Post Co., Ltd. 2014/11/10 v8.0.0
はがき作家 8 Free 株式会社ルートプロ 2014/11/10 390 MB 8.01.0000
ネットストック・ハイスピード 2014/11/19
バッファローらくらくアップデートツール Buffalo Inc. 2014/07/24 11.0 MB 1.12
秀丸ネットモニター 2014/05/09
闘牌王 2014/01/23

fokihobo
2015/03/09 (Mon) 13:48:06

返信フォームへ

Re: アドウェアに感染したようなので削除したい。

Logfileの中に　BHO: DiegiSSaveeR　にあるのでプログラムファイルの中にありました。この削除をしてみたいんですが？？

fokihobo
MAIL
2015/03/09 (Mon) 18:11:43

返信フォームへ

色々妙な物多数。順番に作業を

こんばんは。
見るからに怪しいIDの悪代官です。
でも日本語はもっと怪しいので安心してください（←国に帰れ

説明とログを見せていただきました。
やはり色々と食らってますね。

>Logfileの中に　BHO: DiegiSSaveeR　にあるのでプログラムファイルの中にありました。この削除をしてみたいんですが？？

いえ、そこは今はまだいじらないでください。
いきなり糸口を消してしまうとそこから先の処置もできなくなることがありますから。

まずは順番に確認しながら進めていきましょうか。

まず最初にお伝えしておきます。
見てのとおり現在相談者さん多数のため、相談受けてから皆さんに順番にレスできるまで、毎回1日かそれ以上かかる可能性もあるので、すみませんがご了承ください。

では以下の説明をよく見てから、順番に作業をお願いします。
既に準備した物もあるはずですが、一応説明を再度見ておいてください。

隠しファイルと拡張子を表示設定にしてください(やり方↓）
http://pasofaq.jp/windows/mycomputer/hiddenfile.htm
http://support.microsoft.com/kb/978449/ja

下記のツールをダウンロードして、基本の使い方を把握しておいてください。
ただし、配布サイトで他のアプリをダウンロードしろと勧めてくるような広告も出てきたらそれらは絶対にクリックしないでください。
「ATF-Cleaner」（通称：ATF）
説明↓
http://freesoft.tvbok.com/freesoft/pc_system/atf-cleaner.html
ダウンロード↓
http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25
中央の赤い文字がダウンロードリンクです。
片付けるときはファイルを直接削除してください。

Iobit Uninstaller（通称・IU）
公式ページ↓
http://jp.iobit.com/free/iou.html
解説↓
http://www.japan-secure.com/entry/blog-entry-282.html
片付けのときは以下のサイト様の説明を参考に、
http://www.japan-secure.com/entry/blog-entry-396.html
コントロールパネルからアンインストールですが、ポータブル版をお使いの場合はフォルダごと削除してください。
また、2014年ごろからIUはスポンサーサイトの広告も1週間に1度ほどのペースで表示するようになりました。
以下のページのような広告が表示されても慌てずに、一度PC再起動すればあとはまた次の週まで広告も出ないでしょう
http://okwave.jp/qa/q8644647.html

「CCleaner」（通称：CC）
説明↓
http://www.gigafree.net/system/clean/ccleaner.html
http://note.chiebukuro.yahoo.co.jp/detail/n178757
ダウンロード↓
http://www.piriform.com/ccleaner/download/standard
最新バージョンをダウンロードしてください。なお、インストール時におまけのアプリも勧めてくることがありますが、それらはチェック外してインストールは避けてください。
片付けるときはアンインストールしてください。

ここで重要な注意です。
CCは本来は高い性能を持つメンテナンスソフトですが、間違った使い方すると
【Windowsにダメージを与えてしまうおそれもある】
ので、ここでは解析ツールとしてのみ使います。
説明をしっかり読んで、自分が指示した以外の操作はしないように。

「AdwCleaner」（通称：AC）
http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
ファイル直リンです。アクセスしてファイルをデスクトップにでも保存しておいてください。
片付けるときは起動後に「uninstall」ボタンを押せば自動で削除されます。
使い方は下記サイト様に詳しい説明があるのでサンショウウオ↓
http://www.japan-secure.com/entry/adwcleaner.html

そして下記ページは作業開始前に必ず熟読して、必要な場合が出たらそれに沿って対処してください。この対処が必要な事例が増えています。
http://note.chiebukuro.yahoo.co.jp/detail/n335704

準備できたら作業開始です。

少なくとも下記のアプリは旧バージョンです。
>Adobe Shockwave Player 11.6 Adobe Systems, Inc. 2014/02/14 11.6.5.635
>Java 8 Update 25 Oracle Corporation 2014/10/16 73.3 MB 8.0.250
>OpenOffice.org 3.4.1 Apache Software Foundation 2012/12/17 313 MB 3.41.9593

各種アプリの更新を怠っただけでも、脆弱性を悪用されて深刻な感染はあっさり起きます。
使うなら最新版に更新してください。使わないアプリならアンインストールが安全です。
他にも旧バージョンないか調べて、あれば同様に更新するか、アンインストールしてください。

ここでWindowsの標準機能である「システムの復元」での復元ポイントをひとつ、手動で作成しておいてください。
これはこの後の作業で、間違って対象外のものをいじってしまうとそれだけでWindowsに深刻な不具合を起こすこともあるので、万一の際に復元可能にしておくためです。
http://windows.microsoft.com/ja-jp/windows7/create-a-restore-point

次にここで一度ACを起動してください。
起動するとまず定義の更新が行われるはずなので、更新だけしてから、それができたらACは一旦終了してください。
ここではスキャンもしなくていいです。

今度はPCをセーフモードで起動してください（やり方↓）
http://freesoft.tvbok.com/win8/tips-and-tools/safemode.html

セーフモードでIUを使って、下記をアンインストールしてください。
>Glary Utilities 5.20 Glarysoft Ltd 2015/03/03 5.20.0.35
>LibraryProc Software Publisher 2014/02/15
>nakayosi44 2014/02/14

IU起動して、該当のアプリを選択して、アンインストール→パワースキャンの順にスキャンして、残骸ファイル、レジストリも表示されたらそれにチェックして削除です。
なお、IUは削除後ごくまれに異常が出ることもあるので、もし異常があればWindows標準のシステムの復元で、削除時の復元ポイントに戻してください。
ただここで確認ですが、上記アプリのうちご自身で必要として入れたものならそのことを次回レスで教えてください。
覚えもないのに入っていたならそのまま遠慮なく削除でいいですが、ご自身で入れたものでも今回の作業の上で掃除を兼ねて一度削除推奨です。
このスレが解決したら再度使うかどうかの判断はお任せします。

セーフモードのままでATFを起動して、「Recycle bin」（ゴミ箱）以外の箇所全部にチェックしてから、下部の「Empty selected」を押してください。
これでPC内の一時ファイル等のゴミが掃除できます。
ゴミ箱を空にしないのは、もし間違って安全なファイルを削除しても戻せるようにとの対処です。

HJTを起動させ、スキャンを行ってください。
スキャン結果が表示されましたら、以下の項目にチェックを入れてください。
ただし、特にHJTでの作業は一歩間違えれば簡単にPCが起動しなくなるため、こちらが指示した以外のものは絶対にチェックを入れないでください。
>O2 - BHO: DiegiSSaveeR - {7d6f357f-75c7-4163-b092-b0c5737309c2} - C:\Program Files (x86)\DiegiSSaveeR\yNNRZe6oJsF24P.dll

>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

>O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun

>O4 - Startup: glary-utilities.lnk = C:\ProgramData\{05002096-74da-9d0b-0500-0209674d8259}\glary-utilities.exe

>O23 - Service: PriceMeterLiveUpdate Service (pricemeterliveUpdate) (pricemeterliveUpdate) - PriceMeter - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe

>O23 - Service: PriceMeterLiveUpdate Service (pricemeterliveUpdatem) (pricemeterliveUpdatem) - PriceMeter - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe

必要な項目すべてにチェックが入りましたら、Fix checkedをクリックしてください。
探しても見つからないものはスルーして進めていいです。

マイコンピュータのCドライブを開いて、下記のフォルダを探して、見つかればゴミ箱に削除してください。
>C:\Program Files (x86)\DiegiSSaveeR

>C:\Program Files (x86)\Glary Utilities 5

>C:\ProgramData\{05002096-74da-9d0b-0500-0209674d8259}

>C:\Program Files (x86)\PriceMeterLiveUpdate

今度は先にも起動したACを再度起動してください。
起動したら今度は「スキャン」したあと、そのスキャン終了後に検出されたものがあったら「除去」を押してください。
表示された画面で「はい」を選択すると処置開始されます。

処置完了したらそこでPCを通常モードで再起動してください。

再起動後にACのあらたなログが出るので、それをデスクトップにでも保存しておいてください。
ですが、もし作業後にログが出ないorわからない場合はマイコンピュータのCドライブを開くとその直下に以下のような名前のファイルが作成されているので、それがACのログです。
>AdwCleaner[英数字].txt
同じような名前のログが複数ある時は、作成日時が作業処置時のファイルが対象のログです。

今度はCCを起動してください。
起動したら、「ツール」→」「スタートアップ」→「Windows」タブを開いてください。
そこで右下の「テキストとして保存」を押すと、表示の内容がログとして保存できるので、ログをデスクトップにでも保存しておいてください。

続いて「InternetExplorer」タブ以下の各タブも順番に開いて、そのログもとっておいてください。
ただし、「コンテキストメニュー」のログは取らなくていいです。

CCの各ログをとったらCCは終了してください。

このあとブラウザを起動して、数時間ほどPC状態を様子見したあと、あらたにHJTとCCでのインストール情報ログを取り直してください。

取り直した両ログと、ACとCCの各ログを返信に貼って、状態報告とともにレスください。
それらを見てから続きの作業を指示します。

悪代官
2015/03/09 (Mon) 20:50:56

返信フォームへ

Re: アドウェアに感染したようなので削除したい。

早速のご返事有難うございます。
各ログファイル　ご検討ください。

　作業はFirefoxでやり　しばらく様子見の時に　IE11を初めて使い、いろいろな新聞等を見たりしましたが、変な動きはありませんでした。
アドオン管理画面を見たところ、アドウェアは表示されませんがツールバーと管理画面の文字上に、赤丸の駐車禁止のような記号が付いています。ですから無効化／有効化の選択はできませんでした。
インターネットオプションのリセットをやってみたんですが同じ症状です。
広告は出ませんが、ネットモニターで見てると接続先が多すぎるように感じます。

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 18:40:37, on 2015/03/10
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)

FIREFOX: 36.0.1 (x86 ja)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
C:\Program Files (x86)\HmNetMonitor\HmNetMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Users\qq873_000\Downloads\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [BrRssUtility] C:\Program Files (x86)\Brother\RSSUtility\BrRssWatcher.exe /autorun
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1425973480
O4 - Startup: らくらくアップデートツール.lnk = C:\Program Files\Buffalo\RakUpdate\RakUpdate.exe
O4 - Global Startup: クライアントマネージャＶ.lnk = C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
O4 - Global Startup: 秀丸ネットモニター.lnk = C:\Program Files (x86)\HmNetMonitor\HmNetMonitor.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://qtinstall.apple.com/qtactivex/qtplugin.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: BWH32S - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem14.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\WINDOWS\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: SecureBrain PhishWall Update - SecureBrain Corporation - C:\Program Files (x86)\SecureBrain\PhishWall\sbpwupdx.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8146 bytes

Adobe AIR Adobe Systems Incorporated 2014/11/10 15.0.0.293
Adobe Flash Player 16 NPAPI Adobe Systems Incorporated 2015/02/05 6.00 MB 16.0.0.305
Adobe Reader XI (11.0.10) - Japanese Adobe Systems Incorporated 2014/12/11 204 MB 11.0.10
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 2012/10/20 26.3 MB 8.0.881.0
AMD Quick Stream AppEx Networks 2012/10/20 2.80 MB 3.3.26.0
Brother ドライバー＆ソフトウェア DCP-J940N Brother Industries, Ltd. 2014/12/24 2.0.0.0
BUFFALO エアステーション設定ツール BUFFALO INC. 2014/12/30 2.95 MB 2.0.15
BUFFALO クライアントマネージャＶをアンインストール BUFFALO INC. 2012/11/16 9.87 MB 1.4.9
BUFFALO パソコン環境表示ツール BUFFALO INC. 2013/03/03 1.0.3
CCleaner Piriform 2015/03/09 5.03
Energy Star Hewlett-Packard 2012/10/20 3.47 MB 1.0.8
FFFTP Ver.1.98g FFFTP Project 2014/02/14
HP 3D DriveGuard Hewlett-Packard Company 2013/04/27 7.01 MB 4.2.9.1
HP AC Power Control Hewlett-Packard 2012/08/25 9.77 MB 1.0.6
HP CoolSense Hewlett-Packard Company 2013/11/09 10.9 MB 2.10.62
HP Documentation Hewlett-Packard 2012/10/20 247 MB 1.1.0.0
HP Quick Launch Hewlett-Packard Company 2013/06/29 4.18 MB 3.0.6
HP Registration Service Hewlett-Packard 2012/10/20 75.4 MB 1.0.5976.4186
HP Software Framework Hewlett-Packard Company 2012/11/17 8.06 MB 4.6.10.1
HP Support Assistant 2014/02/20
HP Utility Center Hewlett-Packard 2012/10/20 3.97 MB 1.0.7
HP Wireless Button Driver Hewlett-Packard Company 2013/11/23 733 KB 1.1.2.1
HTML Project2 2014/02/14
IDT Audio IDT 2013/06/29 1.0.6425.0
IObit Uninstaller IObit 2015/01/25 4.2.6.1
Java SE Development Kit 7 Update 11 Oracle 2013/01/21 153 MB 1.7.0.110
JOLLY飛行機編スクリーンセーバー 2015/03/01
Lhaplus 2014/02/14
Microsoft Silverlight Microsoft Corporation 2014/12/15 249 MB 5.1.31211.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2012/08/25 1.92 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2012/10/20 4.84 MB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 2012/12/13 6.83 MB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 2012/10/20 13.1 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2012/12/17 13.2 MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2012/10/20 8.20 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 2012/08/25 10.1 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2012/12/17 10.1 MB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 2013/07/03 15.0 MB 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 2013/07/03 9.89 MB 10.0.30319
Mozilla Firefox 36.0.1 (x86 ja) Mozilla 2015/03/06 84.3 MB 36.0.1
Mozilla Maintenance Service Mozilla 2015/03/05 247 KB 36.0
PhishWall SecureBrain Corporation 2014/09/17 3.5.14
PhotoScape 2014/02/14
Qualcomm Atheros Driver Installation Program Qualcomm Atheros 2014/02/22 10.0
Realtek Ethernet Controller Driver Realtek 2014/03/01 8.3.730.2012
Realtek PCIE Card Reader Realtek Semiconductor Corp. 2012/10/20 6.2.8400.29029
Ruby 2.0.0-p481 RubyInstaller Team 2014/07/11 40.2 MB 2.0.0-p481
Ruby 2.1.3-p242 RubyInstaller Team 2014/10/02 42.7 MB 2.1.3-p242
Synaptics Pointing Device Driver Synaptics Incorporated 2014/02/14 46.4 MB 16.5.3.3
Update for Japanese Microsoft IME Postal Code Dictionary Microsoft Corporation 2014/05/12 4.53 MB 15.0.1759
Update for Japanese Microsoft IME Standard Dictionary Microsoft Corporation 2014/10/24 34.8 MB 15.0.1215
Update for Japanese Microsoft IME Standard Extended Dictionary Microsoft Corporation 2014/02/16 11.5 MB 15.0.1215
Update for Japanese Microsoft IME Trending Words Dictionary Microsoft Corporation 2014/10/24 17.0 KB 16.0.1016.1
Windows Live Essentials Microsoft Corporation 2012/08/25 15.4.3555.0308
Wise Registry Cleaner 8.31 WiseCleaner.com, Inc. 2014/12/17 7.11 MB 8.31
うきうき家計簿 2012/11/19 19.5 MB
はがきデザインキット Japan Post Co., Ltd. 2014/11/10 v8.0.0
はがき作家 8 Free 株式会社ルートプロ 2014/11/10 390 MB 8.01.0000
ネットストック・ハイスピード 2014/11/19
バッファローらくらくアップデートツール Buffalo Inc. 2014/07/24 11.0 MB 1.12
秀丸ネットモニター 2014/05/09
闘牌王 2014/01/23

# AdwCleaner v4.112 - ログファイルの作成日 10/03/2015 作成時間 07:30:49
# 更新日 09/03/2015 作成元 Xplode
# データベース : 2015-03-05.1 [サーバー]
# オペレーティングシステム : Windows 8.1 (x64)
# ユーザー名 : qq873_000 - PC3
# 実行場所 : C:\Users\qq873_000\Downloads\AdwCleaner.exe
# オプション : 削除

***** [ サービス ] *****

[#] サービス削除済み項目 : pricemeterliveUpdate
[#] サービス削除済み項目 : pricemeterliveUpdatem

***** [ ファイル / フォルダ ] *****

[!] フォルダ削除済み項目 : C:\ProgramData\PriceMeterLiveUpdate
フォルダ削除済み項目 : C:\ProgramData\AdBlocker Manger
フォルダ削除済み項目 : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer
フォルダ削除済み項目 : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mipony
[!] フォルダ削除済み項目 : C:\Program Files (x86)\PriceMeterLiveUpdate
フォルダ削除済み項目 : C:\Program Files (x86)\DiegiSSaveeR
フォルダ削除済み項目 : C:\Program Files (x86)\SaVErExtensioon
フォルダ削除済み項目 : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\baidu
フォルダ削除済み項目 : C:\Users\qq873_000\AppData\Local\PriceMeterLiveUpdate
フォルダ削除済み項目 : C:\Users\qq873_000\AppData\Local\SaveSense
フォルダ削除済み項目 : C:\Users\qq873_000\AppData\LocalLow\incredibar.com
フォルダ削除済み項目 : C:\Users\qq873_000\AppData\LocalLow\Minibar
フォルダ削除済み項目 : C:\Users\qq873_000\AppData\Roaming\1H1Q
フォルダ削除済み項目 : C:\Users\qq873_000\AppData\Roaming\baidu
フォルダ削除済み項目 : C:\Users\qq873_000\AppData\Roaming\DigitalSites
フォルダ削除済み項目 : C:\Users\qq873_000\AppData\Roaming\GrabPro
フォルダ削除済み項目 : C:\Users\qq873_000\AppData\Roaming\incredibar
フォルダ削除済み項目 : C:\Users\qq873_000\AppData\Roaming\OpenCandy
フォルダ削除済み項目 : C:\Users\qq873_000\AppData\Roaming\PriceMeterUpdater
フォルダ削除済み項目 : C:\Users\qq873_000\AppData\Roaming\ProgSense
フォルダ削除済み項目 : C:\Users\qq873_000\Documents\Optimizer Pro

***** [ スケジュールタスク ] *****

タスク削除済み項目 : Digital Sites
タスク削除済み項目 : pricemeterdownloader
タスク削除済み項目 : PriceMeterLiveUpdateUpdateTaskMachineCore
タスク削除済み項目 : PriceMeterLiveUpdateUpdateTaskMachineUA
タスク削除済み項目 : PriceMeterUpdater

***** [ ショートカット ] *****

***** [ レジストリ ] *****

キー削除済み項目 : HKLM\SOFTWARE\Classes\AppID\PriceMeterLiveUpdate.exe
キー削除済み項目 : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickCtrl.9
キー削除済み項目 : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickProcessLauncherMachine
キー削除済み項目 : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickProcessLauncherMachine.1.0
キー削除済み項目 : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.Update3WebControl.3
キー削除済み項目 : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoCreateAsync
キー削除済み項目 : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoCreateAsync.1.0
キー削除済み項目 : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreClass
キー削除済み項目 : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreClass.1
キー削除済み項目 : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreMachineClass
キー削除済み項目 : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreMachineClass.1
キー削除済み項目 : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CredentialDialogMachine
キー削除済み項目 : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CredentialDialogMachine.1.0
キー削除済み項目 : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine
キー削除済み項目 : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine.1.0
キー削除済み項目 : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback
キー削除済み項目 : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
キー削除済み項目 : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc
キー削除済み項目 : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0
キー削除済み項目 : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.ProcessLauncher
キー削除済み項目 : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.ProcessLauncher.1.0
キー削除済み項目 : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3COMClassService
キー削除済み項目 : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0
キー削除済み項目 : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachine
キー削除済み項目 : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachine.1.0
キー削除済み項目 : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback
キー削除済み項目 : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback.1.0
キー削除済み項目 : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebSvc
キー削除済み項目 : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0
キー削除済み項目 : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3
キー削除済み項目 : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9
キー削除済み項目 : HKLM\SOFTWARE\Classes\P7d6f357f_75c7_4163_b092_b0c5737309c2_.P7d6f357f_75c7_4163_b092_b0c5737309c2_
キー削除済み項目 : HKLM\SOFTWARE\Classes\P7d6f357f_75c7_4163_b092_b0c5737309c2_.P7d6f357f_75c7_4163_b092_b0c5737309c2_.9
キー削除済み項目 : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{163ac2d4}
キー削除済み項目 : HKLM\SOFTWARE\Classes\AppID\{126C78A0-36E7-4697-A3AB-32706144398B}
キー削除済み項目 : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
キー削除済み項目 : HKLM\SOFTWARE\Classes\AppID\{8D73A258-9787-4AE7-9232-41036673FD0E}
キー削除済み項目 : HKLM\SOFTWARE\Classes\CLSID\{00A154AE-6C33-4F1E-9057-242350540936}
キー削除済み項目 : HKLM\SOFTWARE\Classes\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B}
キー削除済み項目 : HKLM\SOFTWARE\Classes\CLSID\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}
キー削除済み項目 : HKLM\SOFTWARE\Classes\CLSID\{41C35ADE-DEDA-439F-8140-D53F2C76C963}
キー削除済み項目 : HKLM\SOFTWARE\Classes\CLSID\{4211E851-747F-4470-923D-6EF683EE79CA}
キー削除済み項目 : HKLM\SOFTWARE\Classes\CLSID\{45F8961E-1314-421E-9F00-BDDE18CF8EA0}
キー削除済み項目 : HKLM\SOFTWARE\Classes\CLSID\{4825ACAD-F495-4CDD-9603-9C91BABB2B88}
キー削除済み項目 : HKLM\SOFTWARE\Classes\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}
キー削除済み項目 : HKLM\SOFTWARE\Classes\CLSID\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
キー削除済み項目 : HKLM\SOFTWARE\Classes\CLSID\{74930D00-2198-46FE-B6BC-FEEC60C666C9}
キー削除済み項目 : HKLM\SOFTWARE\Classes\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}
キー削除済み項目 : HKLM\SOFTWARE\Classes\CLSID\{8D73A258-9787-4AE7-9232-41036673FD0E}
キー削除済み項目 : HKLM\SOFTWARE\Classes\CLSID\{9D24562E-40EC-4E46-B57C-700352059B55}
キー削除済み項目 : HKLM\SOFTWARE\Classes\CLSID\{B1F29F0C-2EC8-487B-97C2-8B8FEA6CEF14}
キー削除済み項目 : HKLM\SOFTWARE\Classes\CLSID\{C0756D99-64A1-4332-B783-A5A1B571D431}
キー削除済み項目 : HKLM\SOFTWARE\Classes\CLSID\{CF0A778A-DDA0-4492-9804-EF38C9A9F1A5}
キー削除済み項目 : HKLM\SOFTWARE\Classes\CLSID\{D1C6444C-CC06-4060-A486-736DEAFD9C16}
キー削除済み項目 : HKLM\SOFTWARE\Classes\CLSID\{D8746A3A-A372-4C8B-96E5-B58F6474EB19}
キー削除済み項目 : HKLM\SOFTWARE\Classes\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
キー削除済み項目 : HKLM\SOFTWARE\Classes\CLSID\{7d6f357f-75c7-4163-b092-b0c5737309c2}
キー削除済み項目 : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
キー削除済み項目 : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
キー削除済み項目 : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d6f357f-75c7-4163-b092-b0c5737309c2}
キー削除済み項目 : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
キー削除済み項目 : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
キー削除済み項目 : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d6f357f-75c7-4163-b092-b0c5737309c2}
キー削除済み項目 : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
キー削除済み項目 : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7d6f357f-75c7-4163-b092-b0c5737309c2}
キー削除済み項目 : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89449F37-4AB2-46ED-A566-BB3A7797701B}
キー削除済み項目 : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
キー削除済み項目 : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7d6f357f-75c7-4163-b092-b0c5737309c2}
キー削除済み項目 : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}
キー削除済み項目 : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
キー削除済み項目 : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89449F37-4AB2-46ED-A566-BB3A7797701B}
キー削除済み項目 : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
キー削除済み項目 : [x64] HKLM\SOFTWARE\Classes\CLSID\{7d6f357f-75c7-4163-b092-b0c5737309c2}
キー削除済み項目 : [x64] HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
キー削除済み項目 : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d6f357f-75c7-4163-b092-b0c5737309c2}
キー削除済み項目 : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
キー削除済み項目 : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
キー削除済み項目 : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
キー削除済み項目 : HKCU\Software\APN PIP
キー削除済み項目 : HKCU\Software\BI
キー削除済み項目 : HKCU\Software\Conduit_Search_Protect
キー削除済み項目 : HKCU\Software\dsiteproducts
キー削除済み項目 : HKCU\Software\IM
キー削除済み項目 : HKCU\Software\ImInstaller
キー削除済み項目 : HKCU\Software\InstallCore
キー削除済み項目 : HKCU\Software\PriceMeterLiveUpdate
キー削除済み項目 : HKCU\Software\PriceMeterUpdater
キー削除済み項目 : HKCU\Software\Baidu
キー削除済み項目 : HKCU\Software\ProgSense
キー削除済み項目 : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
キー削除済み項目 : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
キー削除済み項目 : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
キー削除済み項目 : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
キー削除済み項目 : HKLM\SOFTWARE\IB Updater
キー削除済み項目 : HKLM\SOFTWARE\PriceMeterLiveUpdate
キー削除済み項目 : HKLM\SOFTWARE\systweak
キー削除済み項目 : HKLM\SOFTWARE\Baidu
キー削除済み項目 : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
キー削除済み項目 : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
キー削除済み項目 : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
キー削除済み項目 : [x64] HKLM\SOFTWARE\IB Updater
キー削除済み項目 : [x64] HKLM\SOFTWARE\Baidu
キー削除済み項目 : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PriceMeterLiveUpdate.exe
データ削除済み項目 : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
データ削除済み項目 : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:8888;hxxps=127.0.0.1:8888

***** [ Webブラウザ ] *****

-\\ Internet Explorer v11.0.9600.17416

設定復元済み項目 : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
設定復元済み項目 : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
設定復元済み項目 : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v36.0.1 (x86 ja)

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [13350 bytes] - [10/03/2015 06:36:46]
AdwCleaner[S0].txt - [12300 bytes] - [10/03/2015 07:30:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12360 bytes] ##########

有効 HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
有効 HKCU:RunOnce Adobe Speed Launcher 1425960287
有効 HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
有効 HKLM:Run BrRssUtility Brother Industries, Ltd. C:\Program Files (x86)\Brother\RSSUtility\BrRssWatcher.exe /autorun
有効 HKLM:Run BrStsMon00 Brother Industries, Ltd. C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
有効 HKLM:Run ControlCenter4 Brother Industries, Ltd. C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
有効 HKLM:Run HP Quick Launch Hewlett-Packard Development Company, L.P. C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
有効 HKLM:Run StartCCC Advanced Micro Devices, Inc. "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
有効 HKLM:Run SynTPEnh Synaptics Incorporated %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
有効 HKLM:Run SysTrayApp IDT, Inc. C:\Program Files\IDT\WDM\sttray64.exe
無効 HKLM:Run TkBellExe RealNetworks, Inc. "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
有効 Startup Common クライアントマネージャＶ.lnk BUFFALO INC. C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
有効 Startup Common 秀丸ネットモニター.lnk Saito-kikaku Corporation C:\Program Files (x86)\HmNetMonitor\HmNetMonitor.exe
有効 Startup User らくらくアップデートツール.lnk Buffalo Inc. C:\Program Files\Buffalo\RakUpdate\RakUpdate.exe

無効 Extension [HP Network Check]を起動して接続の問題を解決する Hewlett-Packard C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
無効 Extension このコンテンツを引用 Microsoft Corporation C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

有効 Extension DownThemAll! 2.0.18 Federico Parodi, Stefano Verna, Nils Maier default-1425527106190 Firefox 36.0.1 C:\Users\qq873_000\AppData\Roaming\Mozilla\Firefox\Profiles\ku9qnt78.default-1425527106190\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
有効 Extension RealDownloader 1.3.4 Real Networks, Inc. default-1425527106190 Firefox 36.0.1 C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
有効 Plugin Adobe Acrobat 11.0.10.32 Adobe Systems Inc. default-1425527106190 Firefox 36.0.1 C:\Program Files (x86)\Adobe\Reader 11.0\Reader\browser\nppdf32.dll
有効 Plugin RealDownloader Plugin 1.3.4.3 RealDownloader default-1425527106190 Firefox 36.0.1 C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
有効 Plugin RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) 1.3.4.3 RealNetworks, Inc. default-1425527106190 Firefox 36.0.1 C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
有効 Plugin RealPlayer Download Plugin 16.0.4.19 RealPlayer default-1425527106190 Firefox 36.0.1 C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
有効 Plugin RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) 16.0.4.19 RealNetworks, Inc. default-1425527106190 Firefox 36.0.1 C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
有効 Plugin Shockwave Flash 16.0.0.305 Adobe Systems Incorporated default-1425527106190 Firefox 36.0.1 C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
有効 Plugin Silverlight Plug-In 5.1.31211.0 Microsoft Corporation default-1425527106190 Firefox 36.0.1 c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll
有効 Plugin Windows LiveEPhoto Gallery 15.4.3555.308 Microsoft Corporation default-1425527106190 Firefox 36.0.1 C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

有効 App Gmail 8 最初のユーザー C:\Users\qq873_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8_0
有効 App Google ドライブ 6.4 最初のユーザー C:\Users\qq873_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0
有効 App Google 検索 0.0.0.20 最初のユーザー C:\Users\qq873_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
有効 App YouTube 4.2.7 最初のユーザー C:\Users\qq873_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0
有効 Extension Google スプレッドシート 1.1 最初のユーザー C:\Users\qq873_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0
有効 Extension Google ドキュメント 0.9 最初のユーザー C:\Users\qq873_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0

有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task BaiduJP_Update_{8099779F-A13B-403e-B39A-65133857586B} C:\Program Files (x86)\baidu\update\baidujp_update.exe -Update
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task GlaryInitialize 5 C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
有効 Task HPCeeScheduleForqq873_000 Hewlett-Packard C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForqq873_000 (null)
無効 Task Optimize Start Menu Cache Files-S-1-5-21-2267849352-1407111120-1147532467-1002
有効 Task Optimize Start Menu Cache Files-S-1-5-21-2267849352-1407111120-1147532467-500
有効 Task RealDownloaderDownloaderScheduledTaskS-1-5-21-2267849352-1407111120-1147532467-1002 RealNetworks, Inc. C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe /bgrecordaliveevent
有効 Task RealDownloaderRealUpgradeLogonTaskS-1-5-21-2267849352-1407111120-1147532467-1002 RealNetworks, Inc. C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe /logoncheck
有効 Task RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2267849352-1407111120-1147532467-1002 RealNetworks, Inc. C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe /scheduledcheck
有効 Task RealPlayerRealUpgradeLogonTaskS-1-5-21-2267849352-1407111120-1147532467-1002 RealNetworks, Inc. C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck
有効 Task RealPlayerRealUpgradeScheduledTaskS-1-5-21-2267849352-1407111120-1147532467-1002 RealNetworks, Inc. C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
有効 Task RealUpgradeLogonTaskS-1-5-21-2267849352-1407111120-1147532467-1002 RealNetworks, Inc. C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck
有効 Task RealUpgradeScheduledTaskS-1-5-21-2267849352-1407111120-1147532467-1002 RealNetworks, Inc. C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
有効 Task Synaptics TouchPad Enhancements Synaptics Incorporated "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
有効 Task Uninstaller_SkipUac_qq873_000 IObit C:\Users\qq873_000\Downloads\IObitUninstallerPortable\App\uninstaller\IObitUninstaler.exe /UninstallExplorer
有効 Task {FCBF9075-65E9-4BC8-8410-6FA24B859824} Microsoft Corporation C:\WINDOWS\system32\pcalua.exe -a C:\Users\qq873_000\AppData\Local\SaveSense\uninst.exe -c /uninstall

以上

fokihobo
MAIL
2015/03/10 (Tue) 19:30:36

返信フォームへ

続いてCCとMBAMでの作業を

作業と報告、ご苦労様です。
説明とログを見せてもらいましたが、まだ異常も続いているようですね。
確かにログでもまだわかります。
ではまた説明に沿って次の作業をお願いします。

先の手順でまたCC起動して「Firefox」タブ内の下記を右クリックから「無効」にしたあと「エントリの削除」してください。
>有効 Extension DownThemAll! 2.0.18 Federico Parodi, Stefano Verna, Nils Maier default-1425527106190 Firefox 36.0.1 C:\Users\qq873_000\AppData\Roaming\Mozilla\Firefox\Profiles\ku9qnt78.default-1425527106190\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
無効にできないときはそのまま削除でもいいです。

次に「スケジュールされたタスク」内の下記も同様に処置です。
>有効 Task BaiduJP_Update_{8099779F-A13B-403e-B39A-65133857586B} C:\Program Files (x86)\baidu\update\baidujp_update.exe -Update
>有効 Task {FCBF9075-65E9-4BC8-8410-6FA24B859824} Microsoft Corporation C:\WINDOWS\system32\pcalua.exe -a C:\Users\qq873_000\AppData\Local\SaveSense\uninst.exe -c /uninstall

CCを終了したら以下のアプリを準備してください。
Malwarebytes' Anti-Malware（通称・MBAM）
本家サイト
http://www.malwarebytes.org/

ですが、MBAMは現在安定性や動作でかなり難が出ており、普通に使っても正常にスキャンができないバグまで多発中です。
そのため本家サイトから最新版のダウンロードせず、ここではあえて旧バージョンで作業します。

旧バージョンの説明サイト↓
http://fine.tok2.com/home/heto2/0700SecurityApp/Malwarebytes/0001.htm

以下のURLからMBAMの旧バージョンをダウンロードしてください。
http://www.oldapps.com/malwarebytes.php?old_malwarebytes=12090?download
ファイル直リンです。保存しておいてください。

注）インストール時に日本語でインストールすると文字化けすることがあります。英語でインストール後に日本語化してください。
MBAM起動して「Settings」タブ→「Language」→「Japanese」で日本語化できます。

準備できたらMBAMをインストールとアップデートまでしておいてください。
ただし、ここではまだスキャンはしないように。
なお、ここでMBAMの更新で「プログラム」自体は更新せず、定義だけ更新しておいてください。
プログラム本体を更新すると、バグ多発中の最新版になってしまうので、せっかく旧バージョンでインストールした意味がなくなります。

アップデートまでできたらPCをセーフモードで再起動してから、ATFを使ってゴミファイルの掃除してください。

続いてセーフモードのままMBAMでスキャンしてください。
MBAM起動したら「スキャナー」タブから「フルスキャン」してください。
対象ドライブはCを含めて全ドライブを選択してください。

スキャン対象は全ドライブを選択（チェック）してください。時間はかかりますができるだけ細かくスキャンするためです。
順番はどちらからでもいいですが、なにか検出されたらそれを選択して「remove」（隔離）したあと、再起動を促す表示が出たらそこで一度PCを再起動してください。
もし再起動表示が出ないときは手動で再起動してください。

またMBAMスキャン終了後、「詳細を表示」を押すとその結果が表示されるはずなので、そこで「ログを保存」を押すとそのログが保存可能になります。
そのログをデスクトップにでも保存しておいてください。
このログ確認が特に重要なので、忘れないようにお願いします。

このあとMBAMのログを返信に貼り付けて、それを状態報告とともにレスで見せてください。

悪代官
2015/03/10 (Tue) 21:29:24

返信フォームへ

Re: アドウェアに感染したようなので削除したい。

お忙しい中お世話になります。現状はウェブを見るのは問題ありません。
ライブラリを展開するのがすごく遅くなりました。
前回の報告でツールバーと管理画面での各アドオンの有効化・無効化のボタン制御はOKです。しかし赤丸記号の表示はまだ消えていません。
パソコンの再起動をするとよくフリーズしてたんですが,だいぶ良くなってきました。
MBAMのLOGとまだ隔離されているだけで削除してないリストの参考画像です。

startupのlog
有効 Extension RealDownloader 1.3.4 Real Networks, Inc. default-1425527106190 Firefox 36.0.1 C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
有効 Plugin Adobe Acrobat 11.0.10.32 Adobe Systems Inc. default-1425527106190 Firefox 36.0.1 C:\Program Files (x86)\Adobe\Reader 11.0\Reader\browser\nppdf32.dll
有効 Plugin RealDownloader Plugin 1.3.4.3 RealDownloader default-1425527106190 Firefox 36.0.1 C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
有効 Plugin RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) 1.3.4.3 RealNetworks, Inc. default-1425527106190 Firefox 36.0.1 C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
有効 Plugin RealPlayer Download Plugin 16.0.4.19 RealPlayer default-1425527106190 Firefox 36.0.1 C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
有効 Plugin RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) 16.0.4.19 RealNetworks, Inc. default-1425527106190 Firefox 36.0.1 C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
有効 Plugin Shockwave Flash 16.0.0.305 Adobe Systems Incorporated default-1425527106190 Firefox 36.0.1 C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
有効 Plugin Silverlight Plug-In 5.1.31211.0 Microsoft Corporation default-1425527106190 Firefox 36.0.1 c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll
有効 Plugin Windows LiveEPhoto Gallery 15.4.3555.308 Microsoft Corporation default-1425527106190 Firefox 36.0.1 C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

Malwarebytes Anti-Malware
www.malwarebytes.org

MBAMのlog

Update, 2015/03/11 0:42:43, SYSTEM, PC3, Scheduler, Malware Database, 2015.3.10.3, 2015.3.10.4,
Protection, 2015/03/11 0:42:44, SYSTEM, PC3, Protection, Refresh, Starting,
Protection, 2015/03/11 0:42:44, SYSTEM, PC3, Protection, Malicious Website Protection, Stopping,
Protection, 2015/03/11 0:42:44, SYSTEM, PC3, Protection, Malicious Website Protection, Stopped,
Protection, 2015/03/11 0:43:01, SYSTEM, PC3, Protection, Refresh, Success,
Protection, 2015/03/11 0:43:01, SYSTEM, PC3, Protection, Malicious Website Protection, Starting,
Protection, 2015/03/11 0:43:02, SYSTEM, PC3, Protection, Malicious Website Protection, Started,
Scan, 2015/03/11 0:51:45, SYSTEM, PC3, Manual, 開始: 2015/03/110:09:01, 期間: 36 分 50 秒, 脅威スキャン, 完了しました, 0 マルウェア検出, 4 - マルウェア検出,
Protection, 2015/03/11 0:55:25, SYSTEM, PC3, Protection, Malware Protection, Starting,
Protection, 2015/03/11 0:55:25, SYSTEM, PC3, Protection, Malware Protection, Started,
Protection, 2015/03/11 0:55:25, SYSTEM, PC3, Protection, Malicious Website Protection, Starting,
Protection, 2015/03/11 0:55:26, SYSTEM, PC3, Protection, Malicious Website Protection, Started,
Update, 2015/03/11 6:58:31, SYSTEM, PC3, Scheduler, Failed, Unable to access update server,

画像は本当はこのlogをエクスポートしたかったものです。
(end)

fokihobo
MAIL
2015/03/11 (Wed) 09:13:39

返信フォームへ

今度はOTLでスキャンです

レスが遅くなってすみません。

>ライブラリを展開するのがすごく遅くなりました。
>前回の報告でツールバーと管理画面での各アドオンの有効化・無効化のボタン制御はOKです。しかし赤丸記号の表示はまだ消えていません

はい、画像も見せてもらいました。
LibraryprocならそのままMBAMで隔離していいです。
ではMBAMも導入時の説明に沿って片付けていいです。

それではまた次の作業をお願いします。

以下のツールを準備してください。
OTL(OldTimer Listit)
ファイル直リンなので、DLしたら保存しておいてください。
http://oldtimer.geekstogo.com/OTL.exe
片付けるときは起動後に「Cleanup」ボタンを押せば自動で削除されます。

他のプログラムを起動しない状態でOTLを起動してください。
起動したら、ウィンドウの上の方にある「Scan All Users」にチェックを入れ、以下のコマンドを「Custom Scan/Fixes」にコピペしてください。

%windir%\tasks\*.job
DRIVES
BASESERVICES
%SYSTEMDRIVE%\*.exe
CREATERESTOREPOINT

その後、左上の「Run Scan」を押すとスキャン開始されます。
スキャン開始後、PC環境にもよりますが数分ほどすると、「OTL.txt」と「Extras.txt」がOTL.exeと同じ場所に作成されるはずなので、この2つのファイルをデスクトップあたりに保存しておいてください。
なお、Extras.txtは出ないこともありますが、その場合はOTL.txtだけでもいいです。

このあとOTLログを丸ごと返信に貼り付けてレスで見せてください。
ただしOTLログはかなり長くなるため、一度に送信してもfc2の文字数制限で途切れます。
なのでログも適当なところで分割して、複数回に分けてレス送信してください。

OTLでスキャンしただけでは何も変化は起きません。
この結果を見て、検出されたものを次回以降の作業で処置することになるはずです

悪代官
2015/03/11 (Wed) 22:09:09

返信フォームへ

Re: アドウェアに感染したようなので削除したい。

早い対応ありがとうございます。
OTLとExtrasのlog送ります。

OTL logfile created on: 2015/03/12 15:45:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\qq873_000\Downloads\アドウェア対策ソフト
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17690)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

5.47 Gb Total Physical Memory | 3.89 Gb Available Physical Memory | 71.11% Memory free
10.97 Gb Paging File | 8.79 Gb Available in Paging File | 80.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.37 Gb Total Space | 312.76 Gb Free Space | 69.60% Space Free | Partition Type: NTFS
Drive D: | 15.27 Gb Total Space | 1.94 Gb Free Space | 12.71% Space Free | Partition Type: NTFS
Drive F: | 59.09 Gb Total Space | 3.69 Gb Free Space | 6.24% Space Free | Partition Type: exFAT

Computer Name: PC3 | User Name: qq873_000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2015/03/12 11:44:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\qq873_000\Downloads\アドウェア対策ソフト\OTL.exe
PRC - [2015/03/03 12:54:20 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2014/12/03 15:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/08/12 11:34:48 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2014/06/09 21:43:00 | 000,093,800 | ---- | M] (SecureBrain Corporation) -- C:\Program Files (x86)\SecureBrain\PhishWall\sbpwupdx.exe
PRC - [2014/02/18 14:43:18 | 001,075,768 | ---- | M] (Saito-kikaku Corporation) -- C:\Program Files (x86)\HmNetMonitor\HmNetMonitor.exe
PRC - [2012/11/05 16:14:34 | 001,343,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2012/09/07 17:33:08 | 000,581,024 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/09/07 17:33:08 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/08/28 12:00:32 | 001,327,104 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2012/08/28 11:55:16 | 000,393,216 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2012/06/06 15:31:56 | 003,076,096 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2011/07/14 22:00:50 | 000,209,784 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
PRC - [2011/07/14 22:00:50 | 000,126,328 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2015/02/04 08:58:28 | 000,366,520 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:[b]64bit:[/b] - [2015/02/04 08:58:28 | 000,023,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:[b]64bit:[/b] - [2014/12/06 10:35:00 | 000,229,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2014/10/31 13:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2014/08/16 12:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:[b]64bit:[/b] - [2014/08/16 09:58:35 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:[b]64bit:[/b] - [2014/08/16 09:45:51 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:[b]64bit:[/b] - [2014/07/24 16:28:58 | 001,600,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:[b]64bit:[/b] - [2014/03/14 15:26:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:[b]64bit:[/b] - [2014/03/08 14:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:[b]64bit:[/b] - [2014/03/06 16:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:[b]64bit:[/b] - [2014/02/23 00:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:[b]64bit:[/b] - [2014/02/22 18:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:[b]64bit:[/b] - [2014/02/22 18:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:[b]64bit:[/b] - [2014/02/22 18:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:[b]64bit:[/b] - [2014/02/22 18:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:[b]64bit:[/b] - [2014/02/14 11:00:31 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:[b]64bit:[/b] - [2013/12/13 10:23:32 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2013/12/10 16:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:[b]64bit:[/b] - [2013/08/22 20:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:[b]64bit:[/b] - [2013/08/22 20:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:[b]64bit:[/b] - [2013/08/22 20:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:[b]64bit:[/b] - [2013/08/22 20:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:[b]64bit:[/b] - [2013/08/22 20:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:[b]64bit:[/b] - [2013/08/22 19:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:[b]64bit:[/b] - [2013/08/22 19:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:[b]64bit:[/b] - [2013/08/22 19:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:[b]64bit:[/b] - [2013/08/22 19:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:[b]64bit:[/b] - [2013/08/22 19:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:[b]64bit:[/b] - [2013/08/22 19:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:[b]64bit:[/b] - [2013/08/22 19:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:[b]64bit:[/b] - [2013/08/22 19:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:[b]64bit:[/b] - [2013/08/22 19:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:[b]64bit:[/b] - [2013/08/22 18:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:[b]64bit:[/b] - [2013/08/22 18:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2013/08/22 18:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:[b]64bit:[/b] - [2013/08/22 18:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2013/08/22 18:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:[b]64bit:[/b] - [2013/08/22 18:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:[b]64bit:[/b] - [2013/08/22 18:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:[b]64bit:[/b] - [2013/08/22 18:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:[b]64bit:[/b] - [2013/06/29 13:12:32 | 000,323,072 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:[b]64bit:[/b] - [2012/09/24 13:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:[b]64bit:[/b] - [2012/08/08 10:36:06 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2015/03/06 17:22:44 | 000,148,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/02/05 07:15:31 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/03 15:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/08/16 12:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/08/12 11:34:48 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2014/06/09 21:43:00 | 000,093,800 | ---- | M] (SecureBrain Corporation) [Auto | Running] -- C:\Program Files (x86)\SecureBrain\PhishWall\sbpwupdx.exe -- (SecureBrain PhishWall Update)
SRV - [2014/03/14 15:10:16 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/02/14 11:00:32 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2014/02/14 11:00:30 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2014/02/14 11:00:30 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/08/22 12:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/22 11:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2012/09/07 17:33:08 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/07/14 10:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2011/07/14 22:00:50 | 000,126,328 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe -- (BWH32S)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2015/02/04 08:58:33 | 000,264,000 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:[b]64bit:[/b] - [2015/02/04 08:58:33 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:[b]64bit:[/b] - [2015/02/04 08:58:04 | 000,044,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:[b]64bit:[/b] - [2014/12/12 09:51:20 | 000,075,776 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:[b]64bit:[/b] - [2014/10/29 12:56:04 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2014/10/13 11:43:17 | 000,238,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2014/10/13 11:43:17 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:[b]64bit:[/b] - [2014/10/13 11:43:17 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:[b]64bit:[/b] - [2014/08/15 09:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:[b]64bit:[/b] - [2014/07/25 00:28:38 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:[b]64bit:[/b] - [2014/07/25 00:28:38 | 000,412,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:[b]64bit:[/b] - [2014/07/24 20:42:22 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:[b]64bit:[/b] - [2014/05/01 22:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:[b]64bit:[/b] - [2014/03/20 12:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:[b]64bit:[/b] - [2014/03/13 21:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:[b]64bit:[/b] - [2014/03/09 05:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:[b]64bit:[/b] - [2014/02/23 00:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:[b]64bit:[/b] - [2014/02/23 00:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:[b]64bit:[/b] - [2014/02/23 00:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:[b]64bit:[/b] - [2014/02/23 00:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:[b]64bit:[/b] - [2014/02/22 21:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:[b]64bit:[/b] - [2014/02/14 11:05:14 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:[b]64bit:[/b] - [2013/12/13 10:23:36 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2013/12/13 10:23:36 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2013/11/14 16:28:00 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:[b]64bit:[/b] - [2013/11/14 16:24:30 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:[b]64bit:[/b] - [2013/11/14 16:15:23 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2013/08/23 01:11:12 | 003,860,480 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athwbx.sys -- (athr)
DRV:[b]64bit:[/b] - [2013/08/22 22:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:[b]64bit:[/b] - [2013/08/22 22:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2013/08/22 21:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:[b]64bit:[/b] - [2013/08/22 21:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:[b]64bit:[/b] - [2013/08/22 21:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:[b]64bit:[/b] - [2013/08/22 21:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:[b]64bit:[/b] - [2013/08/22 21:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:[b]64bit:[/b] - [2013/08/22 21:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:[b]64bit:[/b] - [2013/08/22 20:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:[b]64bit:[/b] - [2013/08/22 20:39:50 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:[b]64bit:[/b] - [2013/08/22 20:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:[b]64bit:[/b] - [2013/08/22 20:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:[b]64bit:[/b] - [2013/08/22 20:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2013/08/22 20:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:[b]64bit:[/b] - [2013/08/22 20:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:[b]64bit:[/b] - [2013/08/22 20:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:[b]64bit:[/b] - [2013/08/22 20:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:[b]64bit:[/b] - [2013/08/22 19:27:46 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:[b]64bit:[/b] - [2013/08/22 17:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:[b]64bit:[/b] - [2013/08/13 08:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:[b]64bit:[/b] - [2013/08/10 09:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:[b]64bit:[/b] - [2013/07/31 03:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:[b]64bit:[/b] - [2013/07/26 04:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:[b]64bit:[/b] - [2013/06/29 13:12:34 | 000,542,208 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:[b]64bit:[/b] - [2013/06/22 14:02:01 | 000,495,856 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2013/06/02 04:56:58 | 000,031,920 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:[b]64bit:[/b] - [2012/09/24 13:40:56 | 000,043,840 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:[b]64bit:[/b] - [2012/09/24 13:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:[b]64bit:[/b] - [2012/08/31 09:40:24 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:[b]64bit:[/b] - [2012/08/24 18:38:28 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:[b]64bit:[/b] - [2012/08/24 18:38:26 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:[b]64bit:[/b] - [2012/08/01 04:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:[b]64bit:[/b] - [2012/07/31 17:04:12 | 000,690,832 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:[b]64bit:[/b] - [2012/07/24 18:35:12 | 000,079,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:[b]64bit:[/b] - [2012/07/24 18:35:12 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:[b]64bit:[/b] - [2012/07/18 13:59:12 | 000,098,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:[b]64bit:[/b] - [2012/07/04 07:09:08 | 000,269,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:[b]64bit:[/b] - [2012/06/23 06:23:38 | 000,199,008 | ---- | M] (AppEx Networks Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\appexDrv.sys -- (APXACC)
DRV:[b]64bit:[/b] - [2012/06/19 23:07:50 | 000,057,000 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:[b]64bit:[/b] - [2011/07/14 22:00:50 | 000,018,944 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bufeap64.sys -- (Bufeap)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2267849352-1407111120-1147532467-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2267849352-1407111120-1147532467-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Users/qq873_000/Documents/作業用/fw-14-2-col%5B1%5D/linkmenu.html
IE - HKU\S-1-5-21-2267849352-1407111120-1147532467-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2267849352-1407111120-1147532467-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-2267849352-1407111120-1147532467-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2267849352-1407111120-1147532467-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.countryCode: "JP"
FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.region: "JP"
FF - prefs.js..browser.startup.homepage: "file:///C:/Users/qq873_000/Documents/%E4%BD%9C%E6%A5%AD%E7%94%A8/fw-14-2-col%5B1%5D/linkmenu.html"
FF - prefs.js..extensions.enabledAddons: %7B1B12EF76-2B5E-4DA1-B587-4762D49BFE03%7D:1.3.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:36.0.1
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.4.19: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.4: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.4.19: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015/03/03 12:55:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1B12EF76-2B5E-4DA1-B587-4762D49BFE03}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2015/03/03 12:55:12 | 000,000,000 | ---D | M]

[2013/08/18 15:56:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\qq873_000\AppData\Roaming\mozilla\Extensions
[2015/03/10 23:25:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\qq873_000\AppData\Roaming\mozilla\Firefox\Profiles\ku9qnt78.default-1425527106190\extensions
[2015/03/06 17:22:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/03/06 17:22:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2015/03/03 12:55:12 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT

[color=#E56717]========== Chrome ==========[/color]

CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\qq873_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\qq873_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\qq873_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\qq873_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: No name found = C:\Users\qq873_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\qq873_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\qq873_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\qq873_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\qq873_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\qq873_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\
CHR - Extension: No name found = C:\Users\qq873_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\qq873_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8_0\

O1 HOSTS File: ([2013/08/22 22:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3 - HKU\S-1-5-21-2267849352-1407111120-1147532467-1002\..\Toolbar\WebBrowser: (no name) - {0CBC8163-AC34-476A-9E22-4B6D5184E060} - No CLSID value found.
O3 - HKU\S-1-5-21-2267849352-1407111120-1147532467-1002\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [BrRssUtility] C:\Program Files (x86)\Brother\RSSUtility\BrRssWatcher.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2267849352-1407111120-1147532467-1002..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-2267849352-1407111120-1147532467-1002..\RunOnce: [Adobe Speed Launcher] 1426138664 File not found
O4 - Startup: C:\Users\qq873_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\らくらくアップデートツール.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2267849352-1407111120-1147532467-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-2267849352-1407111120-1147532467-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9:[b]64bit:[/b] - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D1FEC1C-75DD-4799-8553-469A370FC329}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

fokihobo
MAIL
2015/03/12 (Thu) 16:49:44

返信フォームへ

Re: アドウェアに感染したようなので削除したい。

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2015/03/12 14:36:53 | 000,000,000 | ---D | C] -- C:\Users\qq873_000\AppData\Local\Adobe
[2015/03/11 07:32:13 | 000,723,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SHCore.dll
[2015/03/11 07:32:12 | 000,560,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SHCore.dll
[2015/03/11 07:32:11 | 000,933,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\calc.exe
[2015/03/11 07:32:11 | 000,816,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\calc.exe
[2015/03/11 07:32:07 | 000,264,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdFilter.sys
[2015/03/11 07:32:07 | 000,114,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdNisDrv.sys
[2015/03/11 07:32:07 | 000,044,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdBoot.sys
[2015/03/11 07:32:06 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winshfhc.dll
[2015/03/11 07:32:06 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winshfhc.dll
[2015/03/11 07:32:03 | 000,358,912 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysNative\atmfd.dll
[2015/03/11 07:32:02 | 000,301,056 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\atmfd.dll
[2015/03/11 07:32:02 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fontsub.dll
[2015/03/11 07:32:02 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fontsub.dll
[2015/03/11 07:32:02 | 000,044,032 | ---- | C] (Adobe Systems) -- C:\WINDOWS\SysNative\atmlib.dll
[2015/03/11 07:32:02 | 000,035,840 | ---- | C] (Adobe Systems) -- C:\WINDOWS\SysWow64\atmlib.dll
[2015/03/11 07:32:02 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dciman32.dll
[2015/03/11 07:32:01 | 003,547,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpcorets.dll
[2015/03/11 07:32:01 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lpk.dll
[2015/03/11 07:32:00 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ubpm.dll
[2015/03/11 07:32:00 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpudd.dll
[2015/03/11 07:32:00 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rfxvmt.dll
[2015/03/11 07:32:00 | 000,027,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\rdpvideominiport.sys
[2015/03/11 07:31:58 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\photowiz.dll
[2015/03/11 07:31:58 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\photowiz.dll
[2015/03/11 07:31:48 | 007,472,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2015/03/11 07:31:48 | 001,733,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2015/03/11 07:31:46 | 001,091,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\localspl.dll
[2015/03/11 07:31:46 | 000,864,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32spl.dll
[2015/03/11 07:31:46 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\puiobj.dll
[2015/03/11 07:31:46 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\puiobj.dll
[2015/03/11 07:31:46 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DafPrintProvider.dll
[2015/03/11 07:31:46 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\prnntfy.dll
[2015/03/11 07:31:46 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DafPrintProvider.dll
[2015/03/11 07:31:45 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\compstui.dll
[2015/03/11 07:31:45 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\compstui.dll
[2015/03/11 07:31:45 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\prnntfy.dll
[2015/03/11 07:31:45 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\puiapi.dll
[2015/03/11 07:31:45 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\puiapi.dll
[2015/03/11 07:31:45 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\findnetprinters.dll
[2015/03/11 07:31:45 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\printui.exe
[2015/03/11 07:31:45 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\findnetprinters.dll
[2015/03/11 07:31:44 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\printui.exe
[2015/03/11 07:31:43 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\StorageContextHandler.dll
[2015/03/11 07:31:43 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\StorageContextHandler.dll
[2015/03/11 07:31:42 | 003,097,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msftedit.dll
[2015/03/11 07:31:42 | 002,773,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2015/03/11 07:31:42 | 002,484,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msftedit.dll
[2015/03/11 07:31:41 | 002,459,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2015/03/11 07:31:39 | 000,971,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll
[2015/03/11 07:31:38 | 000,811,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll
[2015/03/11 07:31:38 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.dll
[2015/03/11 07:31:38 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2015/03/11 07:31:38 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
[2015/03/11 07:31:38 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2015/03/11 07:31:38 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSCollect.exe
[2015/03/11 07:31:37 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSReset.exe
[2015/03/11 07:31:36 | 002,257,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2015/03/11 07:31:35 | 001,943,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2015/03/11 07:31:34 | 004,298,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\D3DCompiler_47.dll
[2015/03/11 07:31:34 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\atlthunk.dll
[2015/03/11 07:31:33 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\atlthunk.dll
[2015/03/11 07:31:32 | 003,551,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\D3DCompiler_47.dll
[2015/03/11 07:31:32 | 001,488,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfc42u.dll
[2015/03/11 07:31:32 | 001,230,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfc42u.dll
[2015/03/11 07:31:31 | 001,464,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfc42.dll
[2015/03/11 07:31:31 | 001,204,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfc42.dll
[2015/03/11 07:31:29 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eappcfg.dll
[2015/03/11 07:31:29 | 000,339,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eapphost.dll
[2015/03/11 07:31:29 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eapp3hst.dll
[2015/03/11 07:31:28 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eappcfg.dll
[2015/03/11 07:31:28 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eapphost.dll
[2015/03/11 07:31:27 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eapp3hst.dll
[2015/03/11 07:31:27 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eappgnui.dll
[2015/03/11 07:31:27 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eappgnui.dll
[2015/03/11 07:31:27 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eappprxy.dll
[2015/03/11 07:31:27 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eappprxy.dll
[2015/03/11 07:31:15 | 006,035,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2015/03/11 07:31:06 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2015/03/11 07:31:05 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2015/03/11 07:31:05 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iepeers.dll
[2015/03/11 07:31:04 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2015/03/11 07:31:04 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2015/03/11 07:31:03 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll
[2015/03/11 07:31:03 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MshtmlDac.dll
[2015/03/11 07:31:02 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9diag.dll
[2015/03/11 07:31:02 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll
[2015/03/11 07:31:02 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MshtmlDac.dll
[2015/03/11 07:31:01 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll
[2015/03/11 07:31:00 | 002,865,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2015/03/11 07:31:00 | 000,816,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll
[2015/03/11 07:31:00 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iepeers.dll
[2015/03/11 07:30:56 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2015/03/11 07:30:56 | 000,664,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll
[2015/03/11 07:30:54 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2015/03/11 07:30:47 | 001,763,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WindowsCodecs.dll
[2015/03/11 07:30:40 | 000,046,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LockScreenContentServer.exe
[2015/03/11 07:30:39 | 000,402,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPhoto.dll
[2015/03/11 07:30:39 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPhoto.dll
[2015/03/11 07:30:37 | 002,501,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2015/03/11 07:30:27 | 002,207,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2015/03/11 07:30:26 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MrmCoreR.dll
[2015/03/11 07:30:21 | 000,791,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MrmCoreR.dll
[2015/03/11 07:30:19 | 001,384,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msctf.dll
[2015/03/10 23:42:34 | 000,000,000 | ---D | C] -- C:\Users\qq873_000\AppData\Roaming\Malwarebytes
[2015/03/10 23:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/03/10 23:42:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2015/03/10 20:16:14 | 000,000,000 | ---D | C] -- C:\Users\qq873_000\Desktop\log
[2015/03/10 11:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2015/03/10 10:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2015/03/10 10:07:36 | 000,000,000 | ---D | C] -- C:\Users\qq873_000\AppData\Roaming\IObit
[2015/03/10 06:23:03 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/03/09 12:15:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2015/03/09 12:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2015/03/06 17:22:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/03/06 15:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\1561141472792876895
[2015/03/05 12:42:16 | 000,000,000 | ---D | C] -- C:\Users\qq873_000\Desktop\Old Firefox Data
[2015/03/05 12:39:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2015/03/05 11:58:43 | 000,000,000 | ---D | C] -- C:\Users\qq873_000\Desktop\ブックマーク
[2015/03/03 18:05:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2015/03/03 18:00:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Baidu
[2015/03/03 18:00:37 | 000,000,000 | ---D | C] -- C:\Users\qq873_000\AppData\Local\MiniService
[2015/03/03 12:55:45 | 000,000,000 | ---D | C] -- C:\Users\qq873_000\AppData\Roaming\RealNetworks
[2015/03/03 12:55:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2015/03/03 12:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2015/03/03 12:54:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2015/03/03 12:54:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2015/03/03 12:51:52 | 000,000,000 | ---D | C] -- C:\Users\qq873_000\AppData\Roaming\Kingsoft
[2015/03/02 21:29:01 | 000,000,000 | ---D | C] -- C:\Users\qq873_000\voy
[2015/03/01 09:34:27 | 000,511,572 | ---- | C] (SERIALGAMES Inc.) -- C:\WINDOWS\JOLLY飛行機編Uninst.exe
[2015/02/25 11:40:44 | 001,200,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Globalization.dll
[2015/02/25 11:40:44 | 000,868,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Globalization.dll
[2015/02/25 11:40:44 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GlobCollationHost.dll
[2015/02/25 11:40:43 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GlobCollationHost.dll
[2015/02/17 05:09:28 | 000,000,000 | ---D | C] -- C:\ProgramData\{e58e78a5-01d6-3fbc-e58e-e78a501de294}
[2015/02/12 23:21:43 | 000,029,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aspnet_counters.dll
[2015/02/12 23:21:39 | 000,028,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\aspnet_counters.dll
[2015/02/11 08:53:36 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\scesrv.dll
[2015/02/11 08:53:35 | 000,393,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\scesrv.dll
[2015/02/11 08:53:32 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wow64.dll
[2015/02/11 08:53:31 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\setup16.exe
[2015/02/11 08:53:31 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntvdm64.dll
[2015/02/11 08:53:31 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ntvdm64.dll
[2015/02/11 08:53:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wow64cpu.dll
[2015/02/11 08:53:31 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\instnm.exe
[2015/02/11 08:53:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wow32.dll
[2015/02/11 08:53:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\user.exe
[2015/02/11 08:53:24 | 001,441,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2015/02/11 08:53:24 | 000,736,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\adtschema.dll
[2015/02/11 08:53:24 | 000,736,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\adtschema.dll
[2015/02/11 08:53:24 | 000,445,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\certcli.dll
[2015/02/11 08:53:24 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\certcli.dll
[2015/02/11 08:53:24 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msaudite.dll
[2015/02/11 08:53:24 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msaudite.dll
[2015/02/11 08:52:56 | 000,788,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\oleaut32.dll
[2015/02/11 08:52:25 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtmsft.dll
[2015/02/11 08:52:24 | 000,718,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2015/02/11 08:52:14 | 001,487,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppobjs.dll
[2015/02/11 08:52:13 | 001,098,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aeinv.dll
[2015/02/11 08:52:13 | 000,894,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appraiser.dll
[2015/02/11 08:52:13 | 000,609,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\generaltel.dll
[2015/02/11 08:52:12 | 000,761,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\invagent.dll
[2015/02/11 08:52:12 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\devinv.dll
[2015/02/11 08:52:12 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aepdu.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2015/03/12 15:15:00 | 000,000,626 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/03/12 10:32:24 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/03/11 17:06:35 | 001,253,376 | ---- | M] () -- C:\Users\qq873_000\Documents\t家家計簿.uki
[2015/03/11 15:47:17 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/03/11 15:47:14 | 404,549,631 | -HS- | M] () -- C:\hiberfil.sys
[2015/03/11 12:29:21 | 001,649,302 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2015/03/11 12:29:21 | 000,786,952 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2015/03/11 12:29:21 | 000,533,462 | ---- | M] () -- C:\WINDOWS\SysNative\perfh011.dat
[2015/03/11 12:29:21 | 000,161,240 | ---- | M] () -- C:\WINDOWS\SysNative\perfc011.dat
[2015/03/11 12:29:21 | 000,161,212 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2015/03/11 12:23:01 | 000,682,584 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2015/03/10 21:01:43 | 001,253,376 | ---- | M] () -- C:\Users\qq873_000\Documents\t家家計簿_自動Bkup.bak
[2015/03/10 11:25:04 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\Uninstaller_SkipUac_qq873_000.job
[2015/03/09 17:29:41 | 001,253,376 | ---- | M] () -- C:\Users\qq873_000\Documents\t家家計簿_自動Bkup2.bak
[2015/03/09 14:24:09 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForqq873_000.job
[2015/03/09 12:15:07 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/03/06 23:54:59 | 000,000,020 | ---- | M] () -- C:\Users\qq873_000\AppData\Roaming\appdataFr3.bin
[2015/03/05 12:39:28 | 000,001,163 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015/03/05 11:31:09 | 000,039,612 | ---- | M] () -- C:\Users\qq873_000\Documents\2015-03-04.ods
[2015/03/05 06:24:42 | 000,792,032 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2015/03/05 06:24:42 | 000,178,144 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2015/03/03 12:55:20 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2015/03/03 12:55:20 | 000,001,184 | ---- | M] () -- C:\Users\qq873_000\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2015/03/03 12:55:20 | 000,000,141 | ---- | M] () -- C:\Users\Public\Desktop\RealPlay.url
[2015/03/03 12:54:46 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\SysWow64\rmoc3260.dll
[2015/03/03 12:54:25 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\SysWow64\pndx5016.dll
[2015/03/03 12:54:25 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\SysWow64\pndx5032.dll
[2015/03/03 12:54:23 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\SysWow64\pncrt.dll
[2015/03/01 09:34:30 | 000,511,572 | ---- | M] (SERIALGAMES Inc.) -- C:\WINDOWS\JOLLY飛行機編Uninst.exe
[2015/03/01 09:34:27 | 000,792,678 | ---- | M] () -- C:\WINDOWS\JOLLY飛行機編.scr
[2015/02/28 00:48:53 | 000,000,000 | ---- | M] () -- C:\Users\qq873_000\AppData\Local\{752B2892-4309-485B-ADA4-A10587337806}
[2015/02/27 15:44:05 | 000,038,470 | ---- | M] () -- C:\Users\qq873_000\Documents\2015-02-27.ods
[2015/02/26 15:51:45 | 000,034,015 | ---- | M] () -- C:\Users\qq873_000\Documents\2015-02-26.ods
[2015/02/25 22:55:20 | 000,032,303 | ---- | M] () -- C:\Users\qq873_000\Documents\2015-02-25.ods
[2015/02/25 13:21:51 | 000,019,914 | ---- | M] () -- C:\Users\qq873_000\Desktop\ゲーム関連企業.ods
[2015/02/25 01:07:14 | 000,035,160 | ---- | M] () -- C:\Users\qq873_000\Documents\2015-02-24.ods
[2015/02/23 16:10:31 | 000,037,604 | ---- | M] () -- C:\Users\qq873_000\Documents\2015-02-23.ods
[2015/02/22 23:24:07 | 000,036,721 | ---- | M] () -- C:\Users\qq873_000\Documents\2015-02-17.ods
[2015/02/21 09:27:45 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iepeers.dll
[2015/02/21 08:58:53 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll
[2015/02/21 08:32:48 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll
[2015/02/20 12:03:49 | 000,358,912 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysNative\atmfd.dll
[2015/02/20 11:58:26 | 000,044,032 | ---- | M] (Adobe Systems) -- C:\WINDOWS\SysNative\atmlib.dll
[2015/02/20 11:49:19 | 000,584,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2015/02/20 11:47:56 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MshtmlDac.dll
[2015/02/20 11:35:01 | 000,816,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll
[2015/02/20 11:34:24 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9diag.dll
[2015/02/20 11:32:34 | 006,035,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2015/02/20 11:20:15 | 000,301,056 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\atmfd.dll
[2015/02/20 11:15:32 | 000,035,840 | ---- | M] (Adobe Systems) -- C:\WINDOWS\SysWow64\atmlib.dll
[2015/02/20 11:07:24 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iepeers.dll
[2015/02/20 11:06:44 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MshtmlDac.dll
[2015/02/20 11:05:05 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll
[2015/02/20 10:56:47 | 000,664,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll
[2015/02/20 10:49:28 | 000,801,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2015/02/20 10:46:45 | 002,125,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2015/02/20 10:29:00 | 002,865,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2015/02/20 10:24:21 | 002,052,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2015/02/20 10:03:34 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2015/02/20 09:55:38 | 000,710,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2015/02/19 16:01:37 | 000,036,490 | ---- | M] () -- C:\Users\qq873_000\Documents\2015-02-19.ods
[2015/02/19 10:07:16 | 000,036,459 | ---- | M] () -- C:\Users\qq873_000\Documents\2015-02-18.ods
[2015/02/16 15:26:32 | 000,030,811 | ---- | M] () -- C:\Users\qq873_000\Documents\2015-02-16.ods
[2015/02/15 16:42:24 | 000,032,626 | ---- | M] () -- C:\Users\qq873_000\Documents\2015-02-13.ods
[2015/02/12 23:15:09 | 000,037,602 | ---- | M] () -- C:\Users\qq873_000\Documents\2015-02-12.ods
[2015/02/10 17:06:26 | 000,038,973 | ---- | M] () -- C:\Users\qq873_000\Documents\2015-02-10.ods

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2015/03/11 07:32:04 | 000,396,419 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2015/03/10 06:09:19 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\Uninstaller_SkipUac_qq873_000.job
[2015/03/09 12:15:07 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/03/05 12:39:28 | 000,001,175 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2015/03/05 12:39:28 | 000,001,163 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015/03/05 07:39:34 | 000,039,612 | ---- | C] () -- C:\Users\qq873_000\Documents\2015-03-04.ods
[2015/03/03 12:55:20 | 000,001,192 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2015/03/03 12:55:20 | 000,001,184 | ---- | C] () -- C:\Users\qq873_000\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2015/03/03 11:29:42 | 000,000,141 | ---- | C] () -- C:\Users\Public\Desktop\RealPlay.url
[2015/03/02 22:31:43 | 000,000,020 | ---- | C] () -- C:\Users\qq873_000\AppData\Roaming\appdataFr3.bin
[2015/03/01 09:34:26 | 000,792,678 | ---- | C] () -- C:\WINDOWS\JOLLY飛行機編.scr
[2015/02/28 00:48:53 | 000,000,000 | ---- | C] () -- C:\Users\qq873_000\AppData\Local\{752B2892-4309-485B-ADA4-A10587337806}
[2015/02/27 15:44:03 | 000,038,470 | ---- | C] () -- C:\Users\qq873_000\Documents\2015-02-27.ods
[2015/02/26 15:51:42 | 000,034,015 | ---- | C] () -- C:\Users\qq873_000\Documents\2015-02-26.ods
[2015/02/25 22:55:18 | 000,032,303 | ---- | C] () -- C:\Users\qq873_000\Documents\2015-02-25.ods
[2015/02/25 07:01:40 | 000,019,914 | ---- | C] () -- C:\Users\qq873_000\Desktop\ゲーム関連企業.ods
[2015/02/25 01:05:06 | 000,035,160 | ---- | C] () -- C:\Users\qq873_000\Documents\2015-02-24.ods
[2015/02/23 16:10:29 | 000,037,604 | ---- | C] () -- C:\Users\qq873_000\Documents\2015-02-23.ods
[2015/02/19 15:46:36 | 000,036,490 | ---- | C] () -- C:\Users\qq873_000\Documents\2015-02-19.ods
[2015/02/18 16:50:49 | 000,036,459 | ---- | C] () -- C:\Users\qq873_000\Documents\2015-02-18.ods
[2015/02/17 22:49:35 | 000,036,721 | ---- | C] () -- C:\Users\qq873_000\Documents\2015-02-17.ods
[2015/02/16 15:26:30 | 000,030,811 | ---- | C] () -- C:\Users\qq873_000\Documents\2015-02-16.ods
[2015/02/15 16:42:22 | 000,032,626 | ---- | C] () -- C:\Users\qq873_000\Documents\2015-02-13.ods
[2015/02/12 23:15:06 | 000,037,602 | ---- | C] () -- C:\Users\qq873_000\Documents\2015-02-12.ods
[2015/02/10 17:06:24 | 000,038,973 | ---- | C] () -- C:\Users\qq873_000\Documents\2015-02-10.ods
[2014/04/29 11:21:52 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/04/04 14:16:03 | 000,000,083 | ---- | C] () -- C:\Users\qq873_000\AppData\Roaming\WB.CFG
[2014/03/18 11:02:17 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/02/14 11:19:39 | 001,598,368 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2014/02/14 11:16:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013/12/13 10:23:56 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2013/12/13 10:23:54 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2013/12/13 10:23:46 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat
[2013/12/13 10:23:24 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2013/12/13 10:23:24 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2013/12/13 10:23:14 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2013/08/23 00:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/23 00:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 23:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 16:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/22 12:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/22 08:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/22 08:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2014/02/15 11:19:05 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/02/13 02:40:58 | 022,291,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/02/13 02:34:06 | 019,731,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 18:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 11:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 18:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %windir%\tasks\*.job >[/color]
[2015/03/12 15:15:00 | 000,000,626 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/03/09 14:24:09 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForqq873_000.job
[2014/02/14 11:17:29 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job
[2015/03/10 11:25:04 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\Uninstaller_SkipUac_qq873_000.job

[color=#E56717]========== Drive Information ==========[/color]

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HTS547550A9E384 SATA Disk Device
Partitions: 5
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Removable Media
Interface type:
Media Type: Removable Media
Model: SDXC Card
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: GPT: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 400.00MB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: GPT: System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 260.00MB
Starting Offset: 420478976
Hidden sectors: 0

DeviceID: Disk #0, Partition #2
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 449.00GB
Starting Offset: 827326464
Hidden sectors: 0

DeviceID: Disk #0, Partition #3
PartitionType: GPT: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 363.00MB
Starting Offset: 483331670016
Hidden sectors: 0

DeviceID: Disk #0, Partition #4
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 483712303104
Hidden sectors: 0

DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 59.00GB
Starting Offset: 16777216
Hidden sectors: 0

[color=#E56717]========== Base Services ==========[/color]
SRV:[b]64bit:[/b] - [2014/02/22 21:02:14 | 000,208,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:[b]64bit:[/b] - [2014/10/08 16:30:59 | 000,110,080 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:[b]64bit:[/b] - [2013/08/22 18:53:13 | 000,092,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:[b]64bit:[/b] - [2013/08/22 19:19:14 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:[b]64bit:[/b] - [2014/04/30 13:14:19 | 000,827,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:[b]64bit:[/b] - [2013/08/22 18:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV - [2013/08/22 11:48:12 | 000,044,032 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2013/08/22 18:40:30 | 000,468,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2013/08/22 11:38:29 | 000,329,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:[b]64bit:[/b] - [2014/07/24 18:21:23 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:[b]64bit:[/b] - [2013/08/22 19:01:39 | 000,129,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:[b]64bit:[/b] - [2014/02/22 18:38:56 | 000,753,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:[b]64bit:[/b] - [2014/04/30 13:23:54 | 000,353,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2014/04/30 12:46:07 | 000,285,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:[b]64bit:[/b] - [2014/03/04 16:13:06 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:[b]64bit:[/b] - [2013/08/22 18:44:18 | 000,107,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (Eaphost)
SRV:[b]64bit:[/b] - [2013/08/22 20:34:06 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2013/08/22 13:05:54 | 000,029,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:[b]64bit:[/b] - [2013/11/14 16:28:01 | 000,433,664 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:[b]64bit:[/b] - [2013/08/22 18:35:27 | 000,403,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:[b]64bit:[/b] - [2014/03/27 12:15:43 | 000,718,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:[b]64bit:[/b] - [2013/08/22 18:54:27 | 000,070,656 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:[b]64bit:[/b] - [2013/08/22 18:05:22 | 000,254,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:[b]64bit:[/b] - [2013/08/22 18:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2014/12/06 10:41:58 | 000,391,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:[b]64bit:[/b] - [2013/08/22 22:25:35 | 000,029,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:[b]64bit:[/b] - [2014/03/06 18:19:44 | 000,115,200 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:[b]64bit:[/b] - [2014/07/24 17:18:34 | 000,795,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
No service found with a name of ProtectedStorage
No service found with a name of EMDMgmt
SRV:[b]64bit:[/b] - [2013/08/22 20:22:30 | 000,101,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:[b]64bit:[/b] - [2014/01/29 09:18:11 | 000,534,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:[b]64bit:[/b] - [2014/02/22 18:38:56 | 000,753,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:[b]64bit:[/b] - [2013/08/22 20:32:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:[b]64bit:[/b] - [2013/08/22 22:25:35 | 000,045,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:[b]64bit:[/b] - [2014/04/09 12:33:54 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:[b]64bit:[/b] - [2014/07/24 18:03:18 | 000,324,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:[b]64bit:[/b] - [2013/08/22 18:24:27 | 000,629,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2013/08/22 11:27:04 | 000,564,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:[b]64bit:[/b] - [2014/08/02 09:18:31 | 001,212,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:[b]64bit:[/b] - [2013/08/22 19:55:30 | 000,306,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2013/08/22 12:33:38 | 000,248,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:[b]64bit:[/b] - [2013/08/22 19:00:18 | 000,050,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:[b]64bit:[/b] - [2014/12/09 10:50:34 | 000,225,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:[b]64bit:[/b] - [2014/03/27 12:10:11 | 001,436,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:[b]64bit:[/b] - [2014/10/29 10:02:48 | 000,911,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (Audiosrv)
SRV:[b]64bit:[/b] - [2014/12/06 10:35:00 | 000,229,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
No service found with a name of SDRSVC
SRV:[b]64bit:[/b] - [2015/02/04 08:58:28 | 000,023,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:[b]64bit:[/b] - [2013/08/22 18:44:27 | 001,669,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (EventLog)
SRV:[b]64bit:[/b] - [2013/08/22 18:23:55 | 000,878,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:[b]64bit:[/b] - [2013/08/22 19:39:20 | 000,634,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:[b]64bit:[/b] - [2013/08/22 20:23:10 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\msiexec.exe -- (msiserver)
SRV - [2013/08/22 12:56:51 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWow64\msiexec.exe -- (msiserver)
SRV:[b]64bit:[/b] - [2013/08/22 18:48:04 | 000,220,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:[b]64bit:[/b] - [2014/10/18 15:38:57 | 003,557,376 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:[b]64bit:[/b] - [2013/08/22 19:30:45 | 000,258,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:[b]64bit:[/b] - [2014/07/24 17:32:47 | 001,532,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (WlanSvc)
SRV:[b]64bit:[/b] - [2013/08/22 18:54:22 | 000,284,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 237 bytes -> C:\Users\qq873_000\SkyDrive:ms-properties

< End of report >

fokihobo
MAIL
2015/03/12 (Thu) 16:51:45

返信フォームへ

Re: アドウェアに感染したようなので削除したい。

OTL Extras logfile created on: 2015/03/12 15:45:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\qq873_000\Downloads\アドウェア対策ソフト
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17690)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

5.47 Gb Total Physical Memory | 3.89 Gb Available Physical Memory | 71.11% Memory free
10.97 Gb Paging File | 8.79 Gb Available in Paging File | 80.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.37 Gb Total Space | 312.76 Gb Free Space | 69.60% Space Free | Partition Type: NTFS
Drive D: | 15.27 Gb Total Space | 1.94 Gb Free Space | 12.71% Space Free | Partition Type: NTFS
Drive F: | 59.09 Gb Total Space | 3.69 Gb Free Space | 6.24% Space Free | Partition Type: exFAT

Computer Name: PC3 | User Name: qq873_000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\baidu\Spark\Spark.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\baidu\Spark\Spark.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\baidu\Spark\Spark.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\baidu\Spark\Spark.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{46607490-91CF-42A3-AAC9-3FE9ACFCA995}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4BE77BE7-E8C5-422E-A949-F3CB9B11D77D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{51F031A1-64EB-4D01-971B-B3A40F711238}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5BF273C5-BDFE-471B-9568-017C1920E157}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{642CEAF0-F883-4CA6-8571-5FF762CF8D80}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{744C1E93-9152-4036-90EC-86578B18A458}" = lport=2869 | protocol=6 | dir=in | app=system |
"{76959CC6-700F-4165-B6DA-B83E2769ED7E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A709A06-3021-4FF4-ACCE-97A2B7286F34}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C7F3508B-E6E3-4E74-9E80-426719F62EED}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D498F798-94AE-46D4-8C6C-BF123F6405EE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DA343F2C-2BC7-449F-B290-F28CB0C3F0FC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD567A99-CD76-43E6-81FC-ECB0FB4E9E11}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04FE8F12-D6B7-4D2C-A7AC-1531594734F5}" = dir=in | name=skype |
"{057710A9-7C33-4070-833B-EB9379EC96A4}" = dir=out | name=@{ad2f1837.gettingstartedwithwindows8_1.6.0.0_neutral__v10z8vjag6ke6?ms-resource://ad2f1837.gettingstartedwithwindows8/resources/id_app_title} |
"{06671150-0199-4D6B-8E74-4AB66F6F08B8}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{08181FB9-99A2-48DA-AB0C-ADEBEECA1C13}" = dir=out | name=hp+ |
"{09BFCF98-05EF-4D66-90D8-7CCD310959C6}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{0AB210B3-01CF-49D0-9108-E2ECEC1289FB}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{0BB108EB-F6E2-44B3-B17A-31A89B1A5B80}" = dir=out | name=@{microsoft.bingsports_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{0DFC8B6F-1F9D-4DB2-8230-7DBD6312EC82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 |
"{1B063DFA-6DF3-4E03-AAFF-884B5C33304E}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.253_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{29987E4C-B753-4313-8A93-D08398070162}" = dir=out | name=microsoft solitaire collection |
"{2D3CA55F-DA4F-40A3-B617-7E3185B3A497}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\rssutility\brrsswatcher.exe |
"{2D7BDB2A-6F31-43C4-B500-D38710EFC585}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{34E6E156-72C2-4A64-8344-671AFEE9CDA1}" = dir=out | name=sonicwall mobile connect |
"{3603350C-F9E2-407C-8610-06E0A0C2A069}" = dir=out | name=@{microsoft.bingsports_3.0.4.298_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{37030349-706C-4C7E-842E-C2FEB402B5B2}" = protocol=58 | dir=in | app=system |
"{39723B9E-F671-4F9B-9A87-BCD907DB7BEE}" = dir=out | name=skype |
"{3B312864-9804-4B1D-BCAF-E685BDC5C304}" = dir=out | name=juniper networks junos pulse |
"{3D76131D-EBC6-42AE-9113-90CF42FD656B}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{3E10277F-A410-43E0-8576-0EAA4D8F301F}" = protocol=17 | dir=in | app=c:\program files\buffalo\rakupdate\rakupdate.exe |
"{419629D5-E2D6-40D3-A9BB-6DE9730673A4}" = dir=out | name=@{microsoft.bingtravel_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{4CE211FC-F6A6-432F-865A-F47B467A6079}" = dir=out | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{4D6C47EA-1835-44B3-8304-36A61B4A68FA}" = dir=out | name=@{microsoft.zunevideo_1.5.338.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{4E40E747-6FA2-4712-AEE5-CDE021FA5112}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5214224C-7B1F-40EE-AE65-E4505119374C}" = dir=out | name=@{microsoft.zunemusic_1.5.216.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{52E0B34E-1B3A-47F5-8ED1-D1ECBF8EA0D5}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{558A87BC-1C00-4FAB-9617-AA4967E66576}" = dir=out | name=hp registration |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{5A02DD23-B6BF-48AF-98A2-72BCC772E59A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5BBBD1B0-A6EC-4F4A-8573-9832925603FC}" = dir=out | name=check point vpn |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{6AD34D4D-3B08-477A-B4D6-FCA4BF782E37}" = dir=in | name=sonicwall mobile connect |
"{70608598-B03B-43D4-9614-909DB5D6DCE9}" = protocol=6 | dir=in | app=c:\program files\buffalo\rakupdate\rakupdate.exe |
"{71694149-B7A5-4F71-B387-0FCE6161E664}" = dir=in | name=check point vpn |
"{77B8BC7E-3E77-489F-B7D9-308C2DB7BB49}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{79E33118-F2CC-46D9-8721-2B868B9D8547}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{7A6B3645-4A8B-4501-90D5-95FEBB79F668}" = dir=out | name=windows_ie_ac_001 |
"{7B1344AE-990F-497F-9DF2-690158B49581}" = dir=out | name=microsoft mahjong |
"{7ECF2468-B8C5-498C-8B69-96CE47CFD346}" = dir=in | name=hp+ |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{857B4F80-A190-4D66-A429-789D43673568}" = protocol=17 | dir=in | app=c:\program files\buffalo\rakupdate\rakupdate.exe |
"{86D42620-7A70-49A0-B6F5-0E34BA7173F2}" = dir=out | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{8BFDB518-820A-4A4B-A5F2-47DAFD3340F7}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{8F5E9EA2-B99A-4986-ABE6-92EED9F83D4A}" = dir=out | name=f5 vpn |
"{91E4228B-3EAA-48B8-A226-2D7D2309A648}" = dir=out | name=@{microsoft.bingnews_3.0.4.268_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{98434CF7-C1F8-4DD4-AA7B-A14D1219CC8A}" = protocol=6 | dir=out | app=system |
"{9B1F3D4B-C97A-42F7-8430-413F3FD7CC0E}" = dir=in | name=microsoft mahjong |
"{9C02F789-3CBE-4433-8223-5BFD8EE9491F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{9F5C3AE2-5F49-4FAE-837B-000624943B00}" = dir=in | name=juniper networks junos pulse |
"{A1E94FAE-202F-4EB4-9601-4B1942E6B0FD}" = dir=out | name=@{microsoft.bingtravel_3.0.4.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{A9E0503B-1C7E-48B6-ADA0-2C4CBB44A6AE}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\rssutility\brrsswatcher.exe |
"{ADE73DBA-B3F6-4BDD-82C7-3041E73779EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B01CF599-0B5B-4E78-8D38-35038F9866C9}" = protocol=6 | dir=in | app=c:\program files\buffalo\rakupdate\rakupdate.exe |
"{B3A71EF3-0F57-4938-9F50-D7E11064E39D}" = dir=out | name=norton studio |
"{B8DCC674-9F9C-4469-8916-7D69A4B22C7C}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{BACFD528-E267-47FC-A345-7FF06B328934}" = dir=in | name=f5 vpn |
"{BB543D18-7202-4480-ABDA-D5A503942C38}" = dir=out | name=@{microsoft.bingweather_3.0.4.298_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} |
"{BDBD5900-5963-49B9-9DE4-9F22DD6E4C32}" = dir=out | name=windows_ie_ac_001 |
"{BFBFE5F5-3E91-49DD-A8A1-04FD77B1B29A}" = dir=in | name=@{ad2f1837.gettingstartedwithwindows8_1.6.0.0_neutral__v10z8vjag6ke6?ms-resource://ad2f1837.gettingstartedwithwindows8/resources/id_app_title} |
"{BFE36EDD-ABCF-4834-8B42-3287CE1326D6}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{C0D03B5C-58E0-4AB9-BB10-F4296D1E0EF5}" = dir=out | name=@{microsoft.zunevideo_2.6.434.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{C77A9B3F-E7B0-46FB-BD8F-479C60919B1A}" = dir=out | name=hp connected photo |
"{CD256B16-C1AC-4531-A467-7475E2444DBB}" = dir=out | name=@{microsoft.zunemusic_2.6.670.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{CF8651CF-13CE-47C9-97CA-13AB2E67AD7E}" = dir=out | name=media player |
"{D19C2892-393F-4BD1-BF7A-01472BED550E}" = dir=out | name=instapic |
"{D1DAD9A2-8D3F-4F58-8FBB-6E519B488FDA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{D913B4D2-52FB-428C-B7E9-7807568ABBBA}" = dir=in | name=hp connected photo |
"{DAA1200A-7942-4D54-BD19-DFAF07ECC67E}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{E65F90F5-A4E1-4B0F-B193-DA6CDFEFD734}" = dir=in | name=microsoft solitaire collection |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E84E0D2B-C13C-4860-BA39-AFE3DAA1EF20}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EA6A5790-D806-478F-B3FE-22EF2DDAC0CA}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{EF411D3E-956F-4939-99B7-8988B5B1B12B}" = dir=out | name=@{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{EFAD5962-5C50-4E61-889A-A7411BEFF269}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EFB75C28-E982-45F5-96E7-AFC7E004BCD0}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{F14CFE7C-F129-4697-9F4B-50E0161919DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F2222CDE-ED36-4468-85F5-2CF2F390EFC5}" = dir=in | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{FA37B3EB-C99A-4248-9918-A1D96CEA8596}" = dir=out | name=@{microsoft.bingfinance_3.0.4.298_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{FD023E3B-7A54-4A83-AF21-D3B7F9E6D885}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"TCP Query User{4AEC9E9C-3DA9-4C5A-9248-2FB0161DA8E3}C:\program files (x86)\brother\rssutility\brrsswatcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\brother\rssutility\brrsswatcher.exe |
"TCP Query User{7AA673DD-4414-4E30-8E33-37FFDBA1E191}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{1572EC4F-CA5A-4C78-89A4-83D8E8517AC7}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{F5B39619-CC69-4AB6-B809-14D0535AD753}C:\program files (x86)\brother\rssutility\brrsswatcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\brother\rssutility\brrsswatcher.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{08F2724F-3B6A-91BD-E63F-1B9F8463D097}" = AMD Accelerated Video Transcoding
"{0FA995CC-C849-4755-B14B-5404CC75DC24}" = Energy Star
"{14D155F8-40FC-F843-30C6-8776BF5CEBAA}" = AMD Fuel
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5A1CD0BB-7E65-45DC-9A9A-682CE8B62AA4}" = Update for Japanese Microsoft IME Standard Dictionary
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{81227F4B-3EB1-4B31-A52D-07ECE3E6840D}" = HP 3D DriveGuard
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E59415B-ECAC-43F7-B496-7BCD636C63E1}" = Update for Japanese Microsoft IME Postal Code Dictionary
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A257DDD7-AFD4-ABEA-0F67-9C3930091B19}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B939BFEB-824F-4456-A4EE-2B86ED04033D}" = Update for Japanese Microsoft IME Trending Words Dictionary
"{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}" = AMD Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service
"{E9EED4AE-682B-4501-9574-D09A21717599}_is1" = AMD Quick Stream
"CCleaner" = CCleaner
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"バッファローらくらくアップデートツール" = バッファローらくらくアップデートツール

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03E3548E-8B2E-4F8E-8222-63CA135B54EF}" = HP AC Power Control
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{097CB5A1-D19E-F62A-6400-91DBF8D97B17}" = CCC Help Turkish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center
"{0DCCD5F4-29E7-4AA0-8C1D-F8E1503B91F4}" = Catalyst Control Center - Branding
"{0EF2A1AF-6F24-FD4B-3140-3656CC9A6BEC}" = CCC Help Italian
"{10AB1F40-BDEC-4A8D-B427-30F9429378B0}" = Windows Live Movie Maker
"{11230C68-9248-D3B8-A0C5-0461D8C0691E}" = CCC Help Dutch
"{15015752-9990-4516-A2B1-93823281FB8E}" = Update for Japanese Microsoft IME Postal Code Dictionary
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}" = HP Documentation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29A6A747-07ED-DB5E-AD38-5F66B06E8888}" = CCC Help Russian
"{2BE3A1BC-D155-1D32-9080-685C54689C34}" = CCC Help Korean
"{2F413B34-8C18-328C-E68C-0332AB527CFF}" = CCC Help Czech
"{30B2D1D8-0A07-4B71-9553-0710C5D31E35}" = HP Wireless Button Driver
"{32267483-A20E-A049-700F-55D0A430A1D2}" = はがきデザインキット
"{32A3A4F4-B792-11D6-A78A-00B0D0170110}" = Java SE Development Kit 7 Update 11
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34C4FD08-6253-47B9-B09B-B2FB5F4AF70A}" = はがき作家 8 Free
"{3D062C86-0CCA-8F10-A575-3564BD50372C}" = Catalyst Control Center Graphics Previews Common
"{3E2D81D1-5FEE-6E90-2E0C-B8C15F05237A}" = CCC Help Norwegian
"{47B3FDA1-E7F2-D3C3-0970-B9916C5530F3}" = AMD VISION Engine Control Center
"{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager
"{52C42F70-76B8-4E3F-B570-FA7DC7B88BA6}" = HP Software Framework
"{59F8C5AA-91BD-423D-BF05-09A80F39898F}" = HP CoolSense
"{5CBA9A98-4CAE-92DC-4662-A77268EE1D04}" = CCC Help English
"{5F1C0CF4-49C6-B096-0F72-AA2C319BBEE0}" = CCC Help German
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{650AA9FB-CA49-A284-8E13-F3732CC20D9A}" = Catalyst Control Center Localization All
"{675D8E1E-2388-4718-902C-E5FC4888AC0E}" = Windows Live Essentials
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6935C750-2D8C-4705-B4F9-052F550D225D}" = RealDownloader
"{6C3F8916-D6A5-4A31-9DA8-80C973CE437F}" = Windows Live Writer
"{6DF0DAF1-BED0-F5BB-B96E-10AA15DF65E7}" = CCC Help Swedish
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73AD6CBA-D50D-F30C-E579-14389FF41D1D}" = Catalyst Control Center InstallProxy
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}" = Update for Japanese Microsoft IME Standard Extended Dictionary
"{7AF962CF-7018-C589-8439-EA7C9F2FA200}" = CCC Help Danish
"{7BB80D45-4024-2E0C-FC0D-45A319CD3F99}" = CCC Help Thai
"{7BBAEC47-1CC0-4CB8-ADB4-531B78DBD1DD}" = Adobe AIR
"{7DB71278-9AD7-4480-AB08-8649C5010B17}" = Update for Japanese Microsoft IME Standard Dictionary
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{88A686A9-D687-4295-B633-50D8A4B88371}" = Windows Live Writer Resources
"{8A66A2C8-0032-4949-8D99-C293A3EACF79}" = Windows Live Photo Common
"{8C0B0C9E-60E6-48CD-8080-615A6D271C0F}" = PhishWall
"{8D59BE38-3A4F-4525-AD0D-8980E9E31EFA}" = Windows Live フォトギャラリー
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95A762D1-99E7-F428-99B3-E3CC636C48D9}" = CCC Help Hungarian
"{96DAE3D0-5008-F1FC-186D-0B364071C98C}" = CCC Help French
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AD64023-4000-424C-9858-BD7CDB1D1B34}" = Brother ドライバー＆ソフトウェア DCP-J940N
"{9B42457E-3781-7293-5643-C722BA43397E}" = CCC Help Greek
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2BCF78-EDAD-A8BC-123D-10E0D9234753}" = CCC Help Chinese Traditional
"{9FEDC691-A307-D525-7D71-EDB97240CFF3}" = CCC Help Chinese Standard
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AB1F1677-926B-894A-A890-56A3FCD9794B}" = CCC Help Finnish
"{AC76BA86-7AD7-1041-7B44-AB0000000001}" = Adobe Reader XI (11.0.10) - Japanese
"{ACC5984D-6859-874C-B939-058DED2692FA}" = CCC Help Portuguese
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Qualcomm Atheros Driver Installation Program
"{C458E818-0B4F-C961-AFDF-29F172EE5A1B}" = CCC Help Spanish
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E175B925-538F-6D69-A9C9-4D0699648752}" = CCC Help Japanese
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E46BF405-4ADF-36F4-A0EA-EF4CDF1A21E6}" = CCC Help Polish
"{E5823036-6F09-4D0A-B05C-E2BAA129288A}" = HP Quick Launch
"{EE408577-9C0E-4E5F-BCB2-DB5B3A220958}" = Windows Live UX Platform Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"Adobe AIR" = Adobe AIR
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"BUFFALO_AirSet2_is1" = BUFFALO エアステーション設定ツール
"BUFFALO_BPCEnv_is1" = BUFFALO パソコン環境表示ツール
"designKit.702840F10216893FC3494B731E825B33666733D6.1" = はがきデザインキット
"FFFTP" = FFFTP Ver.1.98g
"HmNetMonitor" = 秀丸ネットモニター
"HTML Project2" = HTML Project2
"IObitUninstall" = IObit Uninstaller
"JOLLY飛行機編" = JOLLY飛行機編スクリーンセーバー
"Lhaplus" = Lhaplus
"Mozilla Firefox 36.0.1 (x86 ja)" = Mozilla Firefox 36.0.1 (x86 ja)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PhotoScape" = PhotoScape
"Toupaiou_is1" = 闘牌王
"UN900119" = BUFFALO クライアントマネージャＶ
"UN900119_is1" = BUFFALO クライアントマネージャＶをアンインストール
"WinLiveSuite" = Windows Live Essentials
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 8.31
"うきうき家計簿_is1" = うきうき家計簿

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-2267849352-1407111120-1147532467-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2015/03/09 16:03:53 | Computer Name = pc3 | Source = SideBySide | ID = 16842785
Description = "C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe"
のアクティブ化コンテキストの生成に失敗しました。従属アセンブリ rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"
が見つかりませんでした。詳細な診断を行うには sxstrace.exe を実行してください。

Error - 2015/03/09 16:42:58 | Computer Name = pc3 | Source = SideBySide | ID = 16842785
Description = "C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe"
のアクティブ化コンテキストの生成に失敗しました。従属アセンブリ rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"
が見つかりませんでした。詳細な診断を行うには sxstrace.exe を実行してください。

Error - 2015/03/10 22:52:39 | Computer Name = pc3 | Source = Application Hang | ID = 1002
Description = プログラム IEXPLORE.EXE バージョン 11.0.9600.17416 は Windows との対話を停止し、終了しました。問題に関する詳細な情報があるかどうかを確認するには、アクション
センターコントロールパネルで、問題の履歴をクリックしてください。プロセス ID: 1960 開始時刻: 01d05ba4c9a75671 終了時刻: 500 アプリケーション
パス: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE レポート ID: a7dec515-c799-11e4-bf53-8434977dd011

障害が発生しているパッケージのフル
ネーム: 障害が発生しているパッケージに関連するアプリケーション ID:

Error - 2015/03/10 23:23:37 | Computer Name = pc3 | Source = Microsoft-Windows-WMI | ID = 24
Description = イベントプロバイダーが、名前空間 //./root/microsoft/protectionManagement の対象クラス
"MSFT_MpEvent" が存在しないクエリ "select * from MSFT_MpEvent" を登録しようとしました。クエリは無視されます。

Error - 2015/03/10 23:23:37 | Computer Name = pc3 | Source = Microsoft-Windows-WMI | ID = 24
Description = イベントプロバイダー ProtectionManagement が、名前空間 //./root/microsoft/protectionManagement
の対象クラス "MSFT_MpEvent" が存在しないクエリ "select * from MSFT_MpEvent" を登録しようとしました。クエリは無視されます。

Error - 2015/03/11 11:21:20 | Computer Name = pc3 | Source = Application Hang | ID = 1002
Description = プログラム LiveComm.exe バージョン 17.5.9600.20689 は Windows との対話を停止し、終了しました。問題に関する詳細な情報があるかどうかを確認するには、アクション
センターコントロールパネルで、問題の履歴をクリックしてください。プロセス ID: a20 開始時刻: 01d05bdf583d4538 終了時刻: 4294967295

アプリケーション
パス: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

レポート
ID: 43e99716-c802-11e4-bf55-8434977dd011 障害が発生しているパッケージのフルネーム: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

障害が発生しているパッケージに関連するアプリケーション
ID: ppleae38af2e007f4358a809ac99a64a67c1

Error - 2015/03/11 20:11:30 | Computer Name = pc3 | Source = SideBySide | ID = 16842785
Description = "C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe"
のアクティブ化コンテキストの生成に失敗しました。従属アセンブリ rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"
が見つかりませんでした。詳細な診断を行うには sxstrace.exe を実行してください。

Error - 2015/03/11 20:18:14 | Computer Name = pc3 | Source = SideBySide | ID = 16842785
Description = "C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe"
のアクティブ化コンテキストの生成に失敗しました。従属アセンブリ rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"
が見つかりませんでした。詳細な診断を行うには sxstrace.exe を実行してください。

Error - 2015/03/11 20:20:19 | Computer Name = pc3 | Source = SideBySide | ID = 16842785
Description = "C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe"
のアクティブ化コンテキストの生成に失敗しました。従属アセンブリ rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"
が見つかりませんでした。詳細な診断を行うには sxstrace.exe を実行してください。

Error - 2015/03/12 1:00:36 | Computer Name = pc3 | Source = Application Hang | ID = 1002
Description = プログラム Explorer.EXE バージョン 6.3.9600.17667 は Windows との対話を停止し、終了しました。問題に関する詳細な情報があるかどうかを確認するには、アクション
センターコントロールパネルで、問題の履歴をクリックしてください。プロセス ID: b0c 開始時刻: 01d05bd8afe55b64 終了時刻: 0 アプリケーション
パス: C:\WINDOWS\Explorer.EXE レポート ID: 839af7ce-c874-11e4-bf55-8434977dd011 障害が発生しているパッケージのフル
ネーム: 障害が発生しているパッケージに関連するアプリケーション ID:

[ System Events ]
Error - 2015/03/10 17:58:49 | Computer Name = pc3 | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 2015/03/10 22:56:18 | Computer Name = pc3 | Source = Service Control Manager | ID = 7043
Description = Windows Update サービスは、プレシャットダウンコントロールを受け取った後に正しくシャットダウンされませんでした。

Error - 2015/03/10 23:23:07 | Computer Name = pc3 | Source = APXACC | ID = 16778219
Description = The NDIS6 LWF initialization has failed. (0xC0000001)

Error - 2015/03/10 23:23:07 | Computer Name = pc3 | Source = Service Control Manager | ID = 7000
Description = AppEx Networks Accelerator LWF サービスを、次のエラーが原因で開始できませんでした: %%31

Error - 2015/03/11 2:14:40 | Computer Name = pc3 | Source = DCOM | ID = 10010
Description =

Error - 2015/03/11 2:14:40 | Computer Name = pc3 | Source = DCOM | ID = 10010
Description =

Error - 2015/03/11 2:47:27 | Computer Name = pc3 | Source = APXACC | ID = 16778219
Description = The NDIS6 LWF initialization has failed. (0xC0000001)

Error - 2015/03/11 2:47:27 | Computer Name = pc3 | Source = Service Control Manager | ID = 7000
Description = AppEx Networks Accelerator LWF サービスを、次のエラーが原因で開始できませんでした: %%31

Error - 2015/03/11 19:28:35 | Computer Name = pc3 | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 2015/03/11 19:28:50 | Computer Name = pc3 | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

< End of report >

fokihobo
MAIL
2015/03/12 (Thu) 16:53:32

返信フォームへ

Re: アドウェアに感染したようなので削除したい。

報告遅れましたが　アドオン管理画面の赤い丸記号は最初から、あのままだとのことです。

アドオンの問題は解決したように思います。

fokihobo
MAIL
2015/03/12 (Thu) 17:03:58

返信フォームへ

一度Firefoxを入れ替えましょう

作業と報告、ご苦労様です。
OTLログを見せてもらいましたが、Firefoxに妙なエントリが食い込んでるようですね。
素性もはっきりしないようなので、一度FFを丸ごと削除してから入れなおしましょう。
下記の説明を読んでからまた作業をお願いします。

まずFFのブックマークで必要なものがあれば、ブクマをエクスポート（バックアップ）しておいてください。

準備できたらPCをセーフモードにして、IUを使ってFFをアンインストールしてください。
パワフルスキャンも忘れずに。

削除したらPCを通常モードで再起動後、Cドライブを開いて下記のフォルダを順番に探してください。
>C:\Program Files (x86)\Mozilla Firefox

>C:\ProgramData\Mozilla

>C:\Users\【ユーザー名】\AppData\Local\Mozilla

>C:\Users\【ユーザー名】\AppData\Roaming\Mozilla
見つかったらそれを手動で削除してください。
探しても見つからないものはスルーでいいです。

これができたらまた一度PC再起動後、今度はMozilla公式サイトに行ってFF最新版をダウンロード、再インストールしてください。

再インストできたら先の要領で再度OTLを起動、スキャンしてから、そのログをまたレスください。
この時点で不審なエントリが消えているかどうかを確認後、次の作業に移ります

悪代官
2015/03/12 (Thu) 18:18:57

返信フォームへ

Re: アドウェアに感染したようなので削除したい。

OTLログ　送ります。今回はこのログだけでした。
ご検討よろしくお願いします。

OTL logfile created on: 2015/03/12 23:12:18 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\qq873_000\Downloads\アドウェア対策ソフト
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17690)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

5.47 Gb Total Physical Memory | 4.12 Gb Available Physical Memory | 75.39% Memory free
10.97 Gb Paging File | 9.57 Gb Available in Paging File | 87.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.37 Gb Total Space | 321.76 Gb Free Space | 71.60% Space Free | Partition Type: NTFS
Drive D: | 15.27 Gb Total Space | 1.94 Gb Free Space | 12.71% Space Free | Partition Type: NTFS
Drive F: | 59.09 Gb Total Space | 3.69 Gb Free Space | 6.24% Space Free | Partition Type: exFAT

Computer Name: PC3 | User Name: qq873_000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2015/03/12 11:44:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\qq873_000\Downloads\アドウェア対策ソフト\OTL.exe
PRC - [2014/12/03 15:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/08/12 11:34:48 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2014/06/09 21:43:00 | 000,093,800 | ---- | M] (SecureBrain Corporation) -- C:\Program Files (x86)\SecureBrain\PhishWall\sbpwupdx.exe
PRC - [2014/02/18 14:43:18 | 001,075,768 | ---- | M] (Saito-kikaku Corporation) -- C:\Program Files (x86)\HmNetMonitor\HmNetMonitor.exe
PRC - [2012/11/05 16:14:34 | 001,343,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2012/09/07 17:33:08 | 000,581,024 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/09/07 17:33:08 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/08/28 12:00:32 | 001,327,104 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2012/08/28 11:55:16 | 000,393,216 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2012/06/06 15:31:56 | 003,076,096 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2011/07/14 22:00:50 | 000,209,784 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
PRC - [2011/07/14 22:00:50 | 000,126,328 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2015/02/04 08:58:28 | 000,366,520 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:[b]64bit:[/b] - [2015/02/04 08:58:28 | 000,023,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:[b]64bit:[/b] - [2014/12/06 10:35:00 | 000,229,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2014/10/31 13:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2014/08/16 12:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:[b]64bit:[/b] - [2014/08/16 09:58:35 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:[b]64bit:[/b] - [2014/08/16 09:45:51 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:[b]64bit:[/b] - [2014/07/24 16:28:58 | 001,600,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:[b]64bit:[/b] - [2014/03/14 15:26:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:[b]64bit:[/b] - [2014/03/08 14:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:[b]64bit:[/b] - [2014/03/06 16:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:[b]64bit:[/b] - [2014/02/23 00:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:[b]64bit:[/b] - [2014/02/22 18:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:[b]64bit:[/b] - [2014/02/22 18:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:[b]64bit:[/b] - [2014/02/22 18:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:[b]64bit:[/b] - [2014/02/22 18:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:[b]64bit:[/b] - [2014/02/14 11:00:31 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:[b]64bit:[/b] - [2013/12/13 10:23:32 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2013/12/10 16:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:[b]64bit:[/b] - [2013/08/22 20:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:[b]64bit:[/b] - [2013/08/22 20:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:[b]64bit:[/b] - [2013/08/22 20:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:[b]64bit:[/b] - [2013/08/22 20:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:[b]64bit:[/b] - [2013/08/22 20:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:[b]64bit:[/b] - [2013/08/22 19:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:[b]64bit:[/b] - [2013/08/22 19:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:[b]64bit:[/b] - [2013/08/22 19:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:[b]64bit:[/b] - [2013/08/22 19:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:[b]64bit:[/b] - [2013/08/22 19:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:[b]64bit:[/b] - [2013/08/22 19:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:[b]64bit:[/b] - [2013/08/22 19:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:[b]64bit:[/b] - [2013/08/22 19:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:[b]64bit:[/b] - [2013/08/22 19:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:[b]64bit:[/b] - [2013/08/22 18:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:[b]64bit:[/b] - [2013/08/22 18:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2013/08/22 18:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:[b]64bit:[/b] - [2013/08/22 18:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2013/08/22 18:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:[b]64bit:[/b] - [2013/08/22 18:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:[b]64bit:[/b] - [2013/08/22 18:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:[b]64bit:[/b] - [2013/08/22 18:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:[b]64bit:[/b] - [2013/06/29 13:12:32 | 000,323,072 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:[b]64bit:[/b] - [2012/09/24 13:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:[b]64bit:[/b] - [2012/08/08 10:36:06 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2015/03/05 22:06:22 | 000,148,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/02/05 07:15:31 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/03 15:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/08/16 12:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/08/12 11:34:48 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2014/06/09 21:43:00 | 000,093,800 | ---- | M] (SecureBrain Corporation) [Auto | Running] -- C:\Program Files (x86)\SecureBrain\PhishWall\sbpwupdx.exe -- (SecureBrain PhishWall Update)
SRV - [2014/03/14 15:10:16 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/02/14 11:00:32 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2014/02/14 11:00:30 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2014/02/14 11:00:30 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/08/22 12:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/22 11:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2012/09/07 17:33:08 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/07/14 10:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2011/07/14 22:00:50 | 000,126,328 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe -- (BWH32S)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2015/02/04 08:58:33 | 000,264,000 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:[b]64bit:[/b] - [2015/02/04 08:58:33 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:[b]64bit:[/b] - [2015/02/04 08:58:04 | 000,044,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:[b]64bit:[/b] - [2014/12/12 09:51:20 | 000,075,776 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:[b]64bit:[/b] - [2014/10/29 12:56:04 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2014/10/13 11:43:17 | 000,238,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2014/10/13 11:43:17 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:[b]64bit:[/b] - [2014/10/13 11:43:17 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:[b]64bit:[/b] - [2014/08/15 09:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:[b]64bit:[/b] - [2014/07/25 00:28:38 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:[b]64bit:[/b] - [2014/07/25 00:28:38 | 000,412,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:[b]64bit:[/b] - [2014/07/24 20:42:22 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:[b]64bit:[/b] - [2014/05/01 22:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:[b]64bit:[/b] - [2014/03/20 12:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:[b]64bit:[/b] - [2014/03/13 21:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:[b]64bit:[/b] - [2014/03/09 05:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:[b]64bit:[/b] - [2014/02/23 00:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:[b]64bit:[/b] - [2014/02/23 00:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:[b]64bit:[/b] - [2014/02/23 00:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:[b]64bit:[/b] - [2014/02/23 00:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:[b]64bit:[/b] - [2014/02/22 21:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:[b]64bit:[/b] - [2014/02/14 11:05:14 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:[b]64bit:[/b] - [2013/12/13 10:23:36 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2013/12/13 10:23:36 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2013/11/14 16:28:00 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:[b]64bit:[/b] - [2013/11/14 16:24:30 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:[b]64bit:[/b] - [2013/11/14 16:15:23 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2013/08/23 01:11:12 | 003,860,480 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athwbx.sys -- (athr)
DRV:[b]64bit:[/b] - [2013/08/22 22:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:[b]64bit:[/b] - [2013/08/22 22:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2013/08/22 21:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:[b]64bit:[/b] - [2013/08/22 21:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:[b]64bit:[/b] - [2013/08/22 21:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:[b]64bit:[/b] - [2013/08/22 21:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:[b]64bit:[/b] - [2013/08/22 21:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:[b]64bit:[/b] - [2013/08/22 21:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:[b]64bit:[/b] - [2013/08/22 20:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:[b]64bit:[/b] - [2013/08/22 20:39:50 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:[b]64bit:[/b] - [2013/08/22 20:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:[b]64bit:[/b] - [2013/08/22 20:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:[b]64bit:[/b] - [2013/08/22 20:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2013/08/22 20:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:[b]64bit:[/b] - [2013/08/22 20:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:[b]64bit:[/b] - [2013/08/22 20:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:[b]64bit:[/b] - [2013/08/22 20:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:[b]64bit:[/b] - [2013/08/22 19:27:46 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:[b]64bit:[/b] - [2013/08/22 17:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:[b]64bit:[/b] - [2013/08/13 08:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:[b]64bit:[/b] - [2013/08/10 09:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:[b]64bit:[/b] - [2013/07/31 03:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:[b]64bit:[/b] - [2013/07/26 04:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:[b]64bit:[/b] - [2013/06/29 13:12:34 | 000,542,208 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:[b]64bit:[/b] - [2013/06/22 14:02:01 | 000,495,856 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2013/06/02 04:56:58 | 000,031,920 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:[b]64bit:[/b] - [2012/09/24 13:40:56 | 000,043,840 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:[b]64bit:[/b] - [2012/09/24 13:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:[b]64bit:[/b] - [2012/08/31 09:40:24 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:[b]64bit:[/b] - [2012/08/24 18:38:28 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:[b]64bit:[/b] - [2012/08/24 18:38:26 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:[b]64bit:[/b] - [2012/08/01 04:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:[b]64bit:[/b] - [2012/07/31 17:04:12 | 000,690,832 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:[b]64bit:[/b] - [2012/07/24 18:35:12 | 000,079,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:[b]64bit:[/b] - [2012/07/24 18:35:12 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:[b]64bit:[/b] - [2012/07/18 13:59:12 | 000,098,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:[b]64bit:[/b] - [2012/07/04 07:09:08 | 000,269,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:[b]64bit:[/b] - [2012/06/23 06:23:38 | 000,199,008 | ---- | M] (AppEx Networks Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\appexDrv.sys -- (APXACC)
DRV:[b]64bit:[/b] - [2012/06/19 23:07:50 | 000,057,000 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:[b]64bit:[/b] - [2011/07/14 22:00:50 | 000,018,944 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bufeap64.sys -- (Bufeap)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2267849352-1407111120-1147532467-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2267849352-1407111120-1147532467-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Users/qq873_000/Documents/作業用/fw-14-2-col%5B1%5D/linkmenu.html
IE - HKU\S-1-5-21-2267849352-1407111120-1147532467-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2267849352-1407111120-1147532467-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-2267849352-1407111120-1147532467-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2267849352-1407111120-1147532467-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.countryCode: "JP"
FF - prefs.js..browser.search.highlightCount: 4
FF - prefs.js..browser.search.region: "JP"
FF - prefs.js..browser.startup.homepage: "file:///C:/Users/qq873_000/Documents/菴懈･ｭ逕ｨ/fw-14-2-col%5B1%5D/linkmenu.html"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:36.0.1
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.4.19: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.4: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.4.19: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015/03/03 12:55:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1B12EF76-2B5E-4DA1-B587-4762D49BFE03}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2015/03/03 12:55:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2015/03/12 22:43:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\qq873_000\AppData\Roaming\mozilla\Extensions
[2015/03/12 22:57:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\qq873_000\AppData\Roaming\mozilla\Firefox\Profiles\cql53r1c.default\extensions
[2015/03/12 22:41:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/03/12 22:41:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[color=#E56717]========== Chrome ==========[/color]

CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\qq873_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\qq873_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\qq873_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\qq873_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: No name found = C:\Users\qq873_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\qq873_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\qq873_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\qq873_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\qq873_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\qq873_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\
CHR - Extension: No name found = C:\Users\qq873_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\qq873_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8_0\

O1 HOSTS File: ([2013/08/22 22:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3 - HKU\S-1-5-21-2267849352-1407111120-1147532467-1002\..\Toolbar\WebBrowser: (no name) - {0CBC8163-AC34-476A-9E22-4B6D5184E060} - No CLSID value found.
O3 - HKU\S-1-5-21-2267849352-1407111120-1147532467-1002\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [BrRssUtility] C:\Program Files (x86)\Brother\RSSUtility\BrRssWatcher.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2267849352-1407111120-1147532467-1002..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-2267849352-1407111120-1147532467-1002..\RunOnce: [Adobe Speed Launcher] 1426166572 File not found
O4 - Startup: C:\Users\qq873_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\らくらくアップデートツール.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2267849352-1407111120-1147532467-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-2267849352-1407111120-1147532467-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9:[b]64bit:[/b] - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D1FEC1C-75DD-4799-8553-469A370FC329}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

fokihobo
2015/03/12 (Thu) 23:58:33

返信フォームへ

ではOTLで次の掃除です

レスが遅くなってすみません。
再度のOTLログも見せてもらいました。
先に気になったFFでのエントリですが、まだ残っているようです。
ではこれも含めて続きの作業しましょう。

今度はOTLを使っての処置します。
なお、先にバックアップしてもらったFFのブクマはまだ残しておいてください。
またあとでFFの入れなおしになる可能性もあるので。

このレスの最後にスクリプトを貼っておくので、それを丸ごとコピーして、それをWindowsのメモ帳ファイルに貼り付けて保存しておいてください。

用意できたらPCをまたセーフモードで再起動してOTL起動してください。
起動したらOTLのウインドウ下部にスクリプトを貼り付けて、今度は「Run fix」（赤字のボタン）を押してください。
これでOTLでの処置が開始されます。

しばらく待って処置ができたらPCを通常モードで再起動すると、またOTLのログが出るはずなので、それを保存してから、しばらく様子見の後、OTLのログとともに状態報告をレスください。
OTLのスクリプトは以下になります。破線(-----)を含まない箇所を丸ごとコピーして、それをOTLに貼って作業してください
------------------------------------------
:OTL
FF - prefs.js..browser.search.countryCode: "JP"
FF - prefs.js..browser.search.highlightCount: 4
FF - prefs.js..browser.search.region: "JP"
FF - prefs.js..browser.startup.homepage: "file:///C:/Users/qq873_000/Documents/菴懈･ｭ逕ｨ/fw-14-2-col%5B1%5D/linkmenu.html"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:36.0.1
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
[2015/03/06 15:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\1561141472792876895
[2015/03/03 18:00:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Baidu
[2015/02/17 05:09:28 | 000,000,000 | ---D | C] -- C:\ProgramData\{e58e78a5-01d6-3fbc-e58e-e78a501de294}
[2015/02/28 00:48:53 | 000,000,000 | ---- | M] () -- C:\Users\qq873_000\AppData\Local\{752B2892-4309-485B-ADA4-A10587337806}

:Files
C:/Users/qq873_000/Documents/菴懈･ｭ逕ｨ/fw-14-2-col%5B1%5D/linkmenu.html
C:\ProgramData\1561141472792876895
C:\Users\Public\Documents\Baidu
C:\ProgramData\{e58e78a5-01d6-3fbc-e58e-e78a501de294}
C:\Users\qq873_000\AppData\Local\{752B2892-4309-485B-ADA4-A10587337806}

:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]
[reboot]
------------------------------------------

悪代官
2015/03/13 (Fri) 20:01:05

返信フォームへ

Re: アドウェアに感染したようなので削除したい。

お世話になります。遅くなりました、１日様子を見ていました。
特に支障なく使えています。
logファイルをお送りします。

All processes killed
========== OTL ==========
Prefs.js: "JP" removed from browser.search.countryCode
Prefs.js: 4 removed from browser.search.highlightCount
Prefs.js: "JP" removed from browser.search.region
Prefs.js: "file:///C:/Users/qq873_000/Documents/作業用/fw-14-2-col%5B1%5D/linkmenu.html" removed from browser.startup.homepage
Prefs.js: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:36.0.1 removed from extensions.enabledAddons
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TkBellExe not found.
File C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe not found.
Folder C:\ProgramData\1561141472792876895\ not found.
Folder C:\Users\Public\Documents\Baidu\ not found.
Folder C:\ProgramData\{e58e78a5-01d6-3fbc-e58e-e78a501de294}\ not found.
File C:\Users\qq873_000\AppData\Local\{752B2892-4309-485B-ADA4-A10587337806} not found.
========== FILES ==========
Invalid Switch: linkmenu.html
File\Folder C:\ProgramData\1561141472792876895 not found.
File\Folder C:\Users\Public\Documents\Baidu not found.
File\Folder C:\ProgramData\{e58e78a5-01d6-3fbc-e58e-e78a501de294} not found.
File\Folder C:\Users\qq873_000\AppData\Local\{752B2892-4309-485B-ADA4-A10587337806} not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default.migrated

User: Public

User: qq873_000
->Temp folder emptied: 52939 bytes
->Temporary Internet Files folder emptied: 6063880 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17796675 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1331592248 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,293.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 03142015_005042

Files\Folders moved on Reboot...
C:\Users\qq873_000\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft.windows.s..ation.badcomponents_31bf3856ad364e35_6.3.9600.16384_none_cd3183f2deb856d2\suppression.xml scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-usermodensi.resources_31bf3856ad364e35_6.3.9600.16384_ja-jp_ffc122e6b8b2c71b\nsisvc.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\bfsvc.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\CbsCore.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\CbsMsg.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\cleanupai.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\cmiadapter.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\cmiaisupport.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\cmitrust.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\cmiv2.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\CntrtextInstaller.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\dpx.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\DrUpdate.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\drvstore.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\fveupdateai.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\GlobalInstallOrder.xml scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\luainstall.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\msdelta.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\mspatcha.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\poqexec.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\securebootai.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\smiengine.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\smipi.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\TiFileFetcher.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\timezoneai.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\TiWorker.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\WcmTypes.xsd scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\wcp.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\wdscore.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\winsockai.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\wrpint.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\ws2_helper.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\x86_installed scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack-net_31bf3856ad364e35_6.3.9600.16384_none_d325325a46b70320\cmifw.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack-net_31bf3856ad364e35_6.3.9600.16384_none_d325325a46b70320\FirewallOfflineAPI.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack-net_31bf3856ad364e35_6.3.9600.16384_none_d325325a46b70320\NetSetupAI.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack-net_31bf3856ad364e35_6.3.9600.16384_none_d325325a46b70320\NetSetupApi.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack-ds_31bf3856ad364e35_6.3.9600.16384_none_2e42495ec061fcf4\sppinst.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.3.9600.16384_none_532adbe627194768\esscli.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.3.9600.16384_none_532adbe627194768\fastprox.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.3.9600.16384_none_532adbe627194768\mofd.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.3.9600.16384_none_532adbe627194768\mofinstall.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.3.9600.16384_none_532adbe627194768\repdrvfs.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.3.9600.16384_none_532adbe627194768\wbemcomn.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.3.9600.16384_none_532adbe627194768\wbemcore.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.3.9600.16384_none_532adbe627194768\wbemprox.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.3.9600.16384_none_532adbe627194768\wmicmiplugin.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.3.9600.16384_none_532adbe627194768\wmiutils.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-s..ingstack-base-extra_31bf3856ad364e35_6.3.9600.16384_none_b3a4afa4deed279b\appxreg.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-s..ingstack-base-extra_31bf3856ad364e35_6.3.9600.16384_none_b3a4afa4deed279b\bcdeditai.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-s..ingstack-base-extra_31bf3856ad364e35_6.3.9600.16384_none_b3a4afa4deed279b\ceipfwdai.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-s..ingstack-base-extra_31bf3856ad364e35_6.3.9600.16384_none_b3a4afa4deed279b\cmipnpinstall.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-s..ingstack-base-extra_31bf3856ad364e35_6.3.9600.16384_none_b3a4afa4deed279b\ConfigureIEOptionalComponentsAI.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-s..ingstack-base-extra_31bf3856ad364e35_6.3.9600.16384_none_b3a4afa4deed279b\httpai.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-s..ingstack-base-extra_31bf3856ad364e35_6.3.9600.16384_none_b3a4afa4deed279b\IEFileInstallAI.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-s..ingstack-base-extra_31bf3856ad364e35_6.3.9600.16384_none_b3a4afa4deed279b\msdtcadvancedinstaller.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-s..ingstack-base-extra_31bf3856ad364e35_6.3.9600.16384_none_b3a4afa4deed279b\netfxconfig.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-s..ingstack-base-extra_31bf3856ad364e35_6.3.9600.16384_none_b3a4afa4deed279b\peerdistai.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-s..ingstack-base-extra_31bf3856ad364e35_6.3.9600.16384_none_b3a4afa4deed279b\PrintAdvancedInstaller.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-s..ingstack-base-extra_31bf3856ad364e35_6.3.9600.16384_none_b3a4afa4deed279b\RegisterIEPKeysAI.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-s..ingstack-base-extra_31bf3856ad364e35_6.3.9600.16384_none_b3a4afa4deed279b\servicemodelregai.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-s..ingstack-base-extra_31bf3856ad364e35_6.3.9600.16384_none_b3a4afa4deed279b\SetIEInstalledDateAI.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-pnpplugininstaller_1122334455667788_6.3.9600.16384_none_09cd99f35f337d24\cmipnpinstall.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-pantherengine_31bf3856ad364e35_6.3.9600.16384_none_42b13417c1704d12\wdscore.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-packagemanager_31bf3856ad364e35_6.3.9600.16384_none_817788a30edddae5\PkgMgr.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-packagemanager_31bf3856ad364e35_6.3.9600.16384_none_817788a30edddae5\SSShim.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_d032dc3cb14ba8a7\api-ms-win-base-util-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_d032dc3cb14ba8a7\API-MS-Win-core-file-l2-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_d032dc3cb14ba8a7\API-MS-Win-core-file-l2-1-1.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_d032dc3cb14ba8a7\API-MS-Win-Core-Heap-Obsolete-L1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_d032dc3cb14ba8a7\api-ms-win-core-kernel32-legacy-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_d032dc3cb14ba8a7\api-ms-win-core-kernel32-legacy-l1-1-1.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_d032dc3cb14ba8a7\API-MS-Win-Core-Kernel32-Private-L1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_d032dc3cb14ba8a7\API-MS-Win-Core-Kernel32-Private-L1-1-1.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_d032dc3cb14ba8a7\api-ms-win-core-privateprofile-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_d032dc3cb14ba8a7\api-ms-win-core-privateprofile-l1-1-1.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_d032dc3cb14ba8a7\api-ms-win-core-processtopology-obsolete-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_d032dc3cb14ba8a7\api-ms-win-core-registry-l2-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_d032dc3cb14ba8a7\api-ms-win-core-shlwapi-legacy-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_d032dc3cb14ba8a7\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_d032dc3cb14ba8a7\api-ms-win-core-shutdown-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_d032dc3cb14ba8a7\API-MS-Win-core-string-l2-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_d032dc3cb14ba8a7\API-MS-Win-core-string-obsolete-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_d032dc3cb14ba8a7\api-ms-win-core-stringansi-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_d032dc3cb14ba8a7\api-ms-win-core-version-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_d032dc3cb14ba8a7\API-MS-Win-core-xstate-l2-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_d032dc3cb14ba8a7\API-MS-Win-devices-config-L1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_d032dc3cb14ba8a7\API-MS-Win-devices-config-L1-1-1.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_d032dc3cb14ba8a7\API-MS-Win-Eventing-ClassicProvider-L1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_d032dc3cb14ba8a7\API-MS-Win-Eventing-Legacy-L1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_d032dc3cb14ba8a7\API-MS-Win-Eventing-Provider-L1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_d032dc3cb14ba8a7\API-MS-Win-EventLog-Legacy-L1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_d032dc3cb14ba8a7\API-MS-Win-Security-Lsalookup-L2-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_d032dc3cb14ba8a7\API-MS-Win-Security-Lsalookup-L2-1-1.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_d032dc3cb14ba8a7\API-MS-Win-security-provider-L1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-comm-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-console-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-datetime-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-datetime-l1-1-1.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-debug-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-debug-l1-1-1.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-delayload-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-errorhandling-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-errorhandling-l1-1-1.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-fibers-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-fibers-l1-1-1.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-file-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-file-l1-2-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-file-l1-2-1.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-handle-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-heap-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-interlocked-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-io-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-io-l1-1-1.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-libraryloader-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-libraryloader-l1-1-1.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-localization-l1-2-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-localization-l1-2-1.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\API-MS-Win-core-localization-obsolete-l1-2-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-memory-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-memory-l1-1-1.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-memory-l1-1-2.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-namedpipe-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-processenvironment-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-processenvironment-l1-2-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-processsecurity-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-processthreads-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-processthreads-l1-1-1.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-processthreads-l1-1-2.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-profile-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-realtime-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-registry-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-rtlsupport-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-string-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-stringloader-l1-1-1.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-synch-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-synch-l1-2-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-sysinfo-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-sysinfo-l1-2-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-sysinfo-l1-2-1.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-threadpool-l1-2-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-threadpool-legacy-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-threadpool-private-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-timezone-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-util-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-wow64-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-core-xstate-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-security-base-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-service-core-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-service-core-l1-1-1.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-service-management-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-service-management-l2-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-service-private-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-service-private-l1-1-1.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_5c049f379cb3e319\api-ms-win-service-winsvc-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_05e233dcf56fbed4\api-ms-win-eventing-consumer-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_05e233dcf56fbed4\API-MS-Win-Eventing-Controller-L1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_05e233dcf56fbed4\api-ms-win-security-cryptoapi-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_05e233dcf56fbed4\API-MS-Win-security-lsapolicy-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_05e233dcf56fbed4\api-ms-win-security-sddl-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-gacinstaller_1122334455667788_6.3.9600.16384_none_35fe0fe657e592e0\gacinstall.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_zh-tw_ed8240a2a28b356c\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_zh-hk_2432d7ea83cbee4c\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_zh-cn_167eafc88b82f55c\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_uk-ua_85d86e2f0cbeffc7\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_tr-tr_12551975bd795873\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_th-th_3b82fd49a6aac2a3\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_sv-se_2654b212221569ec\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_sr-..-rs_221630001193b8f1\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_sr-..-cs_6681f16feb171c22\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_sl-si_0fa68c062f3299aa\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_sk-sk_061595b8349d43a5\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_ru-ru_b3d4db78d286c71f\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_ro-ro_cc89fdc4c4d7a06f\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_pt-pt_65cd5f03de74c6ab\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_pt-br_6edeca17d95fb567\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_pl-pl_86bee213cc35e86b\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_nl-nl_3499353cda6bc3bf\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_nb-no_227ac6c0e4f81c3c\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_lv-lv_b945a491ff7034e3\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_lt-lt_c1820555fae07d53\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_ko-kr_9f56fa247e46a5d8\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_ja-jp_792e2e55043da59e\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_it-it_4649821390314651\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_hu-hu_19187b4619940fc3\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_hr-hr_25730c6c12bc7c6b\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_he-il_3b0e7cc0070b4f61\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_fr-fr_d34d5f9520f257bf\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_fi-fi_f85d13070c6b9db7\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_et-ee_e669e9d58620602a\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_es-es_a61c58c7aa552131\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_en-us_a3f4b981abb39ffe\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_en-gb_f171e6058021f1eb\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_el-gr_a7935ea9a9c15ced\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_de-de_b6b027b8118209eb\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_da-dk_998bbda0220b0355\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_cs-cz_3408a700ca80df4c\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_bg-bg_5c4e1a1d24479ccf\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.3.9600.16384_ar-sa_538c653f98ca78de\fms.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.3.9600.16384_ja-jp_3472ceea416b5cc8\CbsProvider.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.3.9600.16384_ja-jp_3472ceea416b5cc8\CompatProvider.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.3.9600.16384_ja-jp_3472ceea416b5cc8\DmiProvider.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.3.9600.16384_ja-jp_3472ceea416b5cc8\GenericProvider.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.3.9600.16384_ja-jp_3472ceea416b5cc8\ImagingProvider.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.3.9600.16384_ja-jp_3472ceea416b5cc8\IntlProvider.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.3.9600.16384_ja-jp_3472ceea416b5cc8\OSProvider.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.3.9600.16384_ja-jp_3472ceea416b5cc8\SmiProvider.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.3.9600.16384_ja-jp_3472ceea416b5cc8\UnattendProvider.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.3.9600.16384_ja-jp_3472ceea416b5cc8\VhdProvider.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.3.9600.16384_ja-jp_3472ceea416b5cc8\WimProvider.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.3.9600.16384_en-us_05a286b384255d68\CbsProvider.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.3.9600.16384_en-us_05a286b384255d68\CompatProvider.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.3.9600.16384_en-us_05a286b384255d68\DmiProvider.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.3.9600.16384_en-us_05a286b384255d68\GenericProvider.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.3.9600.16384_en-us_05a286b384255d68\ImagingProvider.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.3.9600.16384_en-us_05a286b384255d68\IntlProvider.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.3.9600.16384_en-us_05a286b384255d68\OSProvider.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.3.9600.16384_en-us_05a286b384255d68\SmiProvider.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.3.9600.16384_en-us_05a286b384255d68\UnattendProvider.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.3.9600.16384_en-us_05a286b384255d68\VhdProvider.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.3.9600.16384_en-us_05a286b384255d68\WimProvider.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..nt-winproviders-ibs_31bf3856ad364e35_6.3.9600.16384_none_765b656176bfc61e\IBSProvider.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..ment-core.resources_31bf3856ad364e35_6.3.9600.16384_ja-jp_d561c0289a1b79c3\DismCore.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..ment-core.resources_31bf3856ad364e35_6.3.9600.16384_ja-jp_d561c0289a1b79c3\DismProv.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..ment-core.resources_31bf3856ad364e35_6.3.9600.16384_ja-jp_d561c0289a1b79c3\FolderProvider.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..ment-core.resources_31bf3856ad364e35_6.3.9600.16384_ja-jp_d561c0289a1b79c3\LogProvider.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..ment-core.resources_31bf3856ad364e35_6.3.9600.16384_en-us_a69177f1dcd57a63\DismCore.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..ment-core.resources_31bf3856ad364e35_6.3.9600.16384_en-us_a69177f1dcd57a63\DismProv.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..ment-core.resources_31bf3856ad364e35_6.3.9600.16384_en-us_a69177f1dcd57a63\FolderProvider.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..ment-core.resources_31bf3856ad364e35_6.3.9600.16384_en-us_a69177f1dcd57a63\LogProvider.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..ing-management-core_31bf3856ad364e35_6.3.9600.16384_none_bfd3ea8c4658b072\DismCore.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..ing-management-core_31bf3856ad364e35_6.3.9600.16384_none_bfd3ea8c4658b072\DismCorePS.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..ing-management-core_31bf3856ad364e35_6.3.9600.16384_none_bfd3ea8c4658b072\DismHost.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..ing-management-core_31bf3856ad364e35_6.3.9600.16384_none_bfd3ea8c4658b072\DismProv.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..ing-management-core_31bf3856ad364e35_6.3.9600.16384_none_bfd3ea8c4658b072\FolderProvider.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..ing-management-core_31bf3856ad364e35_6.3.9600.16384_none_bfd3ea8c4658b072\LogProvider.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..iders-ibs.resources_31bf3856ad364e35_6.3.9600.16384_en-us_9bc4a4d6d5f98277\IBSProvider.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.3.9600.16384_none_4bed7e1ec085b509\CbsProvider.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.3.9600.16384_none_4bed7e1ec085b509\CompatProvider.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.3.9600.16384_none_4bed7e1ec085b509\DmiProvider.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.3.9600.16384_none_4bed7e1ec085b509\GenericProvider.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.3.9600.16384_none_4bed7e1ec085b509\ImagingProvider.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.3.9600.16384_none_4bed7e1ec085b509\IntlProvider.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.3.9600.16384_none_4bed7e1ec085b509\OSProvider.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.3.9600.16384_none_4bed7e1ec085b509\SmiProvider.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.3.9600.16384_none_4bed7e1ec085b509\UnattendProvider.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.3.9600.16384_none_4bed7e1ec085b509\VhdProvider.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.3.9600.16384_none_4bed7e1ec085b509\WimProvider.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..ers-winpe.resources_31bf3856ad364e35_6.3.9600.16384_ja-jp_00fd6493338219d4\PEProvider.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..ers-winpe.resources_31bf3856ad364e35_6.3.9600.16384_en-us_d22d1c5c763c1a74\PEProvider.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-d..-winproviders-winpe_31bf3856ad364e35_6.3.9600.16384_none_b34f7660e5ee3287\PEProvider.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-c..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_6c996e43ad7d7471\api-ms-win-core-com-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-bootenvironment-pxe_31bf3856ad364e35_6.3.9600.16415_none_823f4a38ad2a4cea\abortpxe.com scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-bootenvironment-pxe_31bf3856ad364e35_6.3.9600.16415_none_823f4a38ad2a4cea\bootmgr.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-bootenvironment-pxe_31bf3856ad364e35_6.3.9600.16415_none_823f4a38ad2a4cea\hdlscom1.com scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-bootenvironment-pxe_31bf3856ad364e35_6.3.9600.16415_none_823f4a38ad2a4cea\hdlscom1.n12 scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-bootenvironment-pxe_31bf3856ad364e35_6.3.9600.16415_none_823f4a38ad2a4cea\hdlscom2.com scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-bootenvironment-pxe_31bf3856ad364e35_6.3.9600.16415_none_823f4a38ad2a4cea\hdlscom2.n12 scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-bootenvironment-pxe_31bf3856ad364e35_6.3.9600.16415_none_823f4a38ad2a4cea\pxeboot.com scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc5e31e-028f-4f6a-8f91-52819ac586b9\Windows\WinSxS\x86_microsoft-windows-bootenvironment-pxe_31bf3856ad364e35_6.3.9600.16415_none_823f4a38ad2a4cea\pxeboot.n12 scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\5bc

fokihobo
2015/03/16 (Mon) 11:01:54

返信フォームへ

ログから全体の再確認を

またレスが遅くなってすみません。
ログによるとOTLでの処置は成功のようです。
異常も出てないようですね。

では全体の再確認しましょう。
またHJTとインストール情報ログと、CCでの各タブのログを取り直して、それらをレスで見せてください。
取りこぼしがあるといけないので、最後まで気を抜かずにお願いします

悪代官
2015/03/16 (Mon) 20:48:56

返信フォームへ

Re: アドウェアに感染したようなので削除したい。

返事遅くなり申し訳ありません。

パソコンの再起動を行うと動かなくなりました為、やむなく初期化しました。

　初期設定からWindows/ハード関係/セキュリティー更新に２日以上かかりやっと連絡できました。
ご多忙にもかかわらず、多くのアドバイス/指示を戴き本当にありがとうございました。

今後もいろいろ参考にさせていただくこともあるかと思います。
お体に気をつけて頑張ってください。

fokihobo
2015/03/19 (Thu) 11:10:51

返信フォームへ

ではリカバリ後の自衛もお忘れなく

レスが遅くなってすみません。

>パソコンの再起動を行うと動かなくなりました為、やむなく初期化しました

リカバリされましたか。
確かにリカバリすればたいていの感染もシステム異常も消えるので、これは本来は一番確実な対処法です。
ではリカバリ後の自衛も整えておいてください。

ブラウザの設定を少し固めるだけでも、セキュリティ上の効果を高めることが可能です。
「インターネットオプション」→「プライバシー」→「詳細設定」と開いて、「自動cookie処理」と「サードパーティのcookieをブロック」にチェックして「適用」して「OK」。
これをやっておくと、多くの危険サイトからの保護にかなり有効です。
が、これもすべての危険サイトに有効でもないし、本物の危険サイトではこの程度ではまったく太刀打ちできないので、過信はしないこと。
また、「すべてのcookieをブロックする」設定にすると、プロバイダのメールボックスなどログイン必要なページに入れなくなる弊害も出るので、これは状況を考えて使い分けるといいでしょう。
安全なサイトでもcookieブロックだと閲覧や投稿ができなくなるところもあるのでこれも注意。

次に、アンチウイルスやファイアウォール等のセキュリティソフトの使い方も注意してください。
セキュリティソフトはただ入れてさえいればそれだけでフル機能を発揮するものではありません。
設定と機能をできるだけ把握して、正しく使うことが重要です。
間違った使い方すると、本来ならブロックできた感染でもあっさりスルーします。

また、いくら高性能なセキュリティソフトがあっても、ユーザーが自分から危険なサイトやファイルにアクセスしてたらまったく保護もできません。
セキュリティソフトは使い方次第でその性能を、倍にも半にも無にも変動させます。

そして百聞は一見にしかず。
現在この掲示板で継続中や解決済みの他スレもできるだけ見ておくことをおすすめします。
同様、類似、別種含めて参考になる部分は多いでしょう。

今回はリカバリでの対処となって、お手間かけながら直接解決にはならずごめんなさい。
ですが掲示板の各スレも参考にしながら、以後は安全で快適なPCライフをどうぞ

悪代官
2015/03/19 (Thu) 13:16:37

返信フォームへ

返信フォーム※初心者、通りすがり等、重複しやすい名前の利用はご遠慮ください。

Template by マシマロック