悪代官の伏魔殿掲示板別館

　ＭＰＣ　Ｃｌｅａｎｅｒというソフトがいつの間にかインストールされており、アプリケーションの削除をしようとしても、そこに表示されません。
　ＩＥのｈｏｍｅ画面にもＭＰＣという検索サイトが表示され、こちらもｇｏｏｇｌｅに設定を戻してもＰＣを再起動すると元に戻っています。
　デスクトップのショートカットも消したのに、再起動すると出てきます。おまけに、画面左下に広告が表示されるようになり、困っております。
　なんとか助けていただけないでしょうか・・・。ご指示の通り下記にログを貼っておきます。よろしくお願いします。

　Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:26:59, on 2016/01/10
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18124)


Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5WQS6GJ\HijackThis.exe

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [kssetup] C:\Program Files\Kingsoft\Kssetup\starthome.exe init
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [IME JPN 2007 Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload
O4 - HKLM\..\Run: [kxesc] "C:\Program Files\Common Files\Kingsoft\kiscommon\kxetray.exe" -autorun
O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKLM\..\Run: [LightGate] c:\programdata\lightgate.exe
O4 - HKLM\..\RunOnce: [XG_Synth] rundll32.exe /N streamci.dll,StreamingDeviceSetup {CEA6A804-0F0C-4fcf-B30F-CC12D19D3E88},SXGXGWDM,{DFF220F3-F70F-11D0-B917-00A0C9223196},C:\Windows\System32\DriverStore\FileRepository\sxgxgwdm.inf_x86_neutral_06b1a3147a1c017d\sxgxgwdm.inf,WDM_SOFTXG.Interface.Install
O4 - HKLM\..\RunOnce: [XG_Audio] rundll32.exe /N streamci.dll,StreamingDeviceSetup {CEA6A804-0F0C-4fcf-B30F-CC12D19D3E88},SXGXGWDM,{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\Windows\System32\DriverStore\FileRepository\sxgxgwdm.inf_x86_neutral_06b1a3147a1c017d\sxgxgwdm.inf,WDM_SOFTXG.Interface.Install
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer
O4 - HKCU\..\Run: [-] C:\Users\taku nishiguchi\AppData\Roaming\msiql.exe /RUNNING
O4 - HKCU\..\Run: [taskhost] rundll32.exe C:\ProgramData\WindowsMsg\70C07FC7C48301DD26CC9379650C79CC.dll Start /RUNNING
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [KISINSTALL] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [KISINSTALL] (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: starthome - {06926B30-424E-4f1c-8EE3-543CD96573DF} - C:\Program Files\Kingsoft\Kssetup\starthome.exe
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: starthome - {06926B30-424E-4f1c-8EE3-543CD96573DF} - C:\Program Files\Kingsoft\Kssetup\starthome.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0172828C-CB7D-4C10-AF96-0ED9B52DCFDC} (GameOnG2GCtrl Class) - http://update.g2gcdn.com/g2g/g2gdownloader/GameOnG2G.cab
O16 - DPF: {134DD8EF-7716-4538-A430-EFEB7517E6E7} (WebLauncher Control) - http://icarus.gamecom.jp/Common/cab/WebLauncher.cab
O16 - DPF: {145C073F-9098-41CA-81E1-295D17CDFD55} (TTS Launcher Class) - https://ta-online.jp/weblauncher/common/CnCGameLauncher.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {31EE92CA-C0F5-48F7-AE60-B54CDF3BB76C} (AcqVPlayer Control) - http://202.95.222.164/player/AcqVPlayerX_2_0_3_9.cab
O16 - DPF: {416A7570-8626-4935-B4AC-F7712B909FFE} (KCSActiveXJPv3Ctrl Class) - http://210.136.222.73/kamuse/kcsjpdownload/activex/KCSActiveXJPv3_1002.cab
O16 - DPF: {5082D9B5-5538-4C50-BDB1-C5F44BFB98CC} (HgRunPub Class) - http://down.hangame.co.jp/jp/installer/HgRunPub.cab
O16 - DPF: {5EBC1E61-6BD1-4FBC-AB60-744144EA615D} (AtlAXCtrl Class) - http://karos.oge.jp/html/cab/ver4/AtlAX.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivX Web Player Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6FC19219-C47E-4880-9A70-D218A1C374F9} (CJIJTransX Control) - http://www.sdgundamcfo.jp/common/CJIJTransX.cab
O16 - DPF: {7216BF69-1FB3-438C-9A51-9DA82B676BC0} (ArarioGameStarter6 Class) - http://stonline.arario.jp/activeX/AraGameStarterW6.cab
O16 - DPF: {785287DD-2A28-4558-BC5C-4F8D1350631D} (CapcomLoaderObject Class) - https://sys.ixion-saga.jp/auth/login/pannel/CapcomLoader32.cab
O16 - DPF: {865C98C4-E909-44DF-B2A1-C659E6C2AF47} (DragonsProphetGameStarter Control) - http://dragonsprophet.aeriagames.jp/files/cab/DP_GameStarter.cab
O16 - DPF: {8C2E6E01-D1F6-4A94-B314-7C5DF4EE1853} (SpecAnalyzer Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGReport.cab
O16 - DPF: {9BEEA7FF-FF76-403C-B124-86D9835435F0} (GameChu Login Control) - https://file.gamechu.net/dl/download/sessionctrl.cab
O16 - DPF: {A1A81C4D-C5FB-40C7-98F0-308516A67693} (HLauncher Control) - http://ge.hanbitstation.jp/launcher/HUELauncher.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher.cab_1.0.1.8
O16 - DPF: {B0B7F252-5B1D-4F56-9172-29AD9F62537E} (GamesCampus Control) - http://tartaros.gamescampus.co.jp/activex/GamesCampus.cab
O16 - DPF: {BBA1ABFD-C9A1-41E8-959A-161F17E145D4} (G2GDownloaderCtrl Class) - http://update.g2gcdn.com/g2g/g2gdownloader/G2GDownloader.cab
O16 - DPF: {C299BD0C-F41B-4A8B-8D05-964A141D8C28} (GameStarter Control) - https://grandfantasia.aeriagames.jp/files/gf/GrandFantasia.cab
O16 - DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} (Game Starter Control) - https://gash.gamania.co.jp/acxauth/cab/2.0.1/lcjggame.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - https://nprotect.gameon.co.jp/keycrypt_20101021/npkcx_10021.cab
O16 - DPF: {E2729F99-A050-4F4D-AE9F-7492C5532F49} (HgTAgent2 Extension Class) - http://down.hangame.co.jp/jp/dist/hgtagent2/hgtagent2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E4FC78EE-7DB9-444B-AF43-DB5F48E29D60} (ccmedia_launcher Control) - http://plugins.mk-style.com/ccmedia_launcher_vov.cab
O16 - DPF: {F2A8D14C-33BE-4E6E-B4B3-67F4062428A9} (G2GDownloader2Ctrl Class) - http://update.g2gcdn.com/g2g/g2gdownloader/G2GDownloader2.cab
O16 - DPF: {F4C75105-84BB-414D-AE37-4F0EEEEDE881} (X-Legend GameStarter Control) - https://genshin.x-legend.co.jp/X-LegendGameStarter.cab
O16 - DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} (PubPlugin Class) - http://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
O16 - DPF: {FFF7D8B7-A5EA-4270-8F68-140CE3F8F117} (ｅｏかんたんメール設定ツール) - http://support.eonet.jp/download/eo_tool/dldata/kantan_tool/32/eomcfgax.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~1\browse~1\sprote~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-UpdaterService.exe
O23 - Service: Chrome リモート デスクトップ サービス (chromoting) - Google Inc. - C:\Program Files\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: GoogleChromeUpServlce - TODO: - C:\ProgramData\Windows Update\upgsvr.exe
O23 - Service: GoogleChromeUpSvc - TODO: - C:\ProgramData\Windows Update\svrupg.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXUS 使用状況調査プログラム (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kingsoft Core Defend Service (kxedefend) - Kingsoft Corporation - C:\Program Files\Common Files\Kingsoft\kiscommon\kxedefend.exe
O23 - Service: Kingsoft Security App Service (kxesapp) - Kingsoft Corporation - C:\Program Files\Common Files\Kingsoft\kiscommon\kxesapp.exe
O23 - Service: Kingsoft Core Service (kxescore) - Kingsoft Corporation - C:\Program Files\Common Files\Kingsoft\kiscommon\kxescore.exe
O23 - Service: Kingsoft Antivirus Update Service (KxEUpSrv) - Kingsoft Corporation - C:\Program Files\Common Files\Kingsoft\kiscommon\upsvc.exe
O23 - Service: MPC Core Protect Service (MPCProtectService) - DotCash Limited - C:\Program Files\MPC Cleaner\MPCProtectService.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\OpenMG\PACSPTISVR.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SonicStage Back-End Service2 - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeService2.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
O23 - Service: xsherlock - Wellbia.com Co., Ltd. - C:\Windows\xsherlock.xem

--
End of file - 15483 bytes

　次にＣＣｌｅａｎｅｒのログを張ります。

Adobe Acrobat Reader DC - Japanese Adobe Systems Incorporated 2015/12/04 206 MB 15.009.20079
Adobe AIR Adobe Systems Incorporated 2012/12/24 3.5.0.880
Adobe Flash Player 20 ActiveX Adobe Systems Incorporated 2016/01/03 17.6 MB 20.0.0.270
Adobe Flash Player 20 NPAPI Adobe Systems Incorporated 2016/01/02 18.1 MB 20.0.0.267
Apple Application Support（32 ビット） Apple Inc. 2015/12/12 114 MB 4.1.1
Apple Mobile Device Support Apple Inc. 2015/11/08 22.5 MB 9.1.0.6
Apple Software Update Apple Inc. 2015/09/27 2.39 MB 2.1.4.131
ArarioWebGameStarter ARARIO Corp. 2014/07/21 20120820
Baby-G 2012/11/03
BlueStacks App Player BlueStack Systems, Inc. 2015/07/24 0.9.30.9239
BlueStacks Notification Center BlueStack Systems, Inc. 2015/06/20 170 MB 0.9.30.9239
Bonjour Apple Inc. 2015/09/27 1.10 MB 3.1.0.1
BrowseToSave 2011/12/15 1.0
Canon iP4500 series 2011/11/05
Canon Utilities Easy-PhotoPrint EX 2011/11/05
Canon Utilities Solution Menu 2011/11/05
Canon マイ プリンタ 2011/11/05
CCleaner Piriform 2016/01/10 5.13
Chrome Remote Desktop Host Google Inc. 2015/11/03 18.1 MB 47.0.2526.18
Common GameOn 2015/06/20 22696664
Daum ｽｺﾅｩｸｰｼｼﾀﾌｹ・ｰ柀ｭﾁ彧・ Daum Communications Corp. 2011/02/08
DivXセットアップ DivX, LLC 2015/12/26 2.8.0.13
DVD Decrypter (Remove Only) 2012/01/27
DVD Shrink 3.2 DVD Shrink 2013/03/14
E-girlsA 2015/01/04
ECHO OF SOUL HANGAME 2015/07/15 7.60 GB 03
FreeStyle_ScreenSaver_KARACAT Screensaver 2012/10/06
Google Toolbar for Internet Explorer Google Inc. 2015/12/19 7.5.7210.1528
iTunes Apple Inc. 2015/12/12 202 MB 12.3.2.35
Java 7 Update 9 Oracle 2012/11/07 130 MB 7.0.90
Java 8 Update 66 Oracle Corporation 2015/12/05 88.9 MB 8.0.660.18
Java(TM) 6 Update 27 Oracle 2011/10/13 97.0 MB 6.0.270
Kingsoft AntiVirus Kingsoft Internet Security 2012/10/20 Kingsoft AntiVirus
Kingsoft Office 2010 (6.6.0.2724) Kingsoft Corp. 2012/06/17 6.6.0.2724
LG CyberLink Power2Go CyberLink Corp. 2009/09/25 108 MB 6.0.3203
LG CyberLink PowerBackup CyberLink Corp. 2009/09/25 2.5.5529
LG CyberLink PowerDVD CyberLink Corp. 2009/09/25 79.8 MB 8.0.2815d
LG CyberLink PowerProducer CyberLink Corp. 2009/09/25 323 MB 5.0.2.2028
LG Power Tools CyberLink Corp. 2009/09/25 14.4 MB 6.0.2806
LG United Mobile Drivers LG Electronics 2012/12/09 6.70 MB 3.8.1
Microsoft .NET Framework 4.5.2 Microsoft Corporation 2015/02/02 38.8 MB 4.5.51209
Microsoft .NET Framework 4.5.2 (日本語) Microsoft Corporation 2015/05/10 2.93 MB 4.5.51209
Microsoft ASP.NET MVC 4 Runtime Microsoft Corporation 2015/09/26 1.59 MB 4.0.40804.0
Microsoft IntelliPoint 8.2 Microsoft Corporation 2012/01/26 8.20.468.0
Microsoft Office File Validation Add-In Microsoft Corporation 2014/05/15 10.9 MB 14.0.5130.5003
Microsoft Office Personal 2007 Microsoft Corporation 2012/07/23 12.0.6612.1000
Microsoft Silverlight Microsoft Corporation 2015/12/10 89.3 MB 5.1.41105.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2009/09/17 1.72 MB 3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 2012/01/25 252 KB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2011/06/18 300 KB 8.0.59193
Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Corporation 2013/12/22 2.64 MB 8.0.51011
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 2014/11/02 230 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2013/03/09 240 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 2009/09/25 596 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2011/06/18 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2015/04/19 4.61 MB 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 2015/04/18 17.1 MB 12.0.30501.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 2012/12/10 35.0 KB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 2012/12/10 1.33 MB 4.20.9876.0
NavyFIELD NorthAmerica SD EnterNET 2014/05/02 1.00.0000
NCLauncher (NCSOFT) NCSOFT 2014/10/13
Neffy 1,2,5,0 CDNetworks 2012/10/26 1,2,5,0
NVIDIA 3D Vision コントローラー ドライバー 352.65 NVIDIA Corporation 2015/12/30 352.65
NVIDIA 3D Vision ドライバー 361.43 NVIDIA Corporation 2015/12/30 361.43
NVIDIA Display Control Panel NVIDIA Corporation 2010/08/21 129 MB 6.14.12.5896
NVIDIA GeForce Experience 2.8.1.21 NVIDIA Corporation 2015/12/30 2.8.1.21
NVIDIA HD オーディオ ドライバー 1.3.34.4 NVIDIA Corporation 2015/12/30 1.3.34.4
NVIDIA PhysX システム ソフトウェア 9.15.0428 NVIDIA Corporation 2015/09/02 9.15.0428
NVIDIA グラフィックス ドライバー 361.43 NVIDIA Corporation 2015/12/30 361.43
PIXUS 使用状況調査プログラム 2011/11/05
Pmangインストールマネージャー GameOn,Pmang 2015/01/18 1.0.1.1
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2009/09/17 6.0.1.5898
Skype Click to Call Microsoft Corporation 2015/10/14 7.87 MB 7.5.0.9082
Skype(TM) 7.17 Skype Technologies S.A. 2015/12/28 79.2 MB 7.17.105
Sony Media Library Earth 9.0.00 Sony Corporation 2014/03/24 48.7 MB 9.0.00.09200
System Requirements Lab 2011/07/22
TeamSpeak 3 Client TeamSpeak Systems GmbH 2014/07/05 3.0.15
WebTablet FB Plugin 32 bit Wacom Technology Corp. 2015/01/06 2.1.0.7
Windows Live Essentials Microsoft Corporation 2011/08/08 15.4.3538.0513
Windows Live Sync Microsoft Corporation 2009/09/17 2.76 MB 14.0.8089.726
WinRAR archiver 2010/11/20
Wise Disk Cleaner 5.93 WiseCleaner.com 2011/04/09 3.40 MB
Wise Registry Cleaner 5.9.4 ZhiQing Soft, Inc. 2011/04/09 3.45 MB 5.9.4
x-アプリ 5.1 Sony Corporation 2014/03/24 88.7 MB 9.2
xrecode II 1.0.0.192 2013/05/20 23.0 MB
らくちんCDダイレクトプリント for Canon 2011/11/05
リモート接続用の Windows Live Mesh ActiveX コントロール (日本語) Microsoft Corporation 2010/10/20 5.57 MB 15.4.5722.2
ワコム タブレット Wacom Technology Corp. 2015/01/06 6.3.8-6
宛名職人MOOK版10 AGENDA Co.,Ltd. 2011/12/25

　以上よろしくお願いします。

おはようございます。
夜8時45分頃に成敗されるのが嫌なので、日アサ8時45分頃のスマイルな美少女戦隊にお仕置きされてる悪代官です。
♪逝こう　遺影　遺影　遺影！（謎

MPC Cleanerでの異常ですか。
これとすると結構手間は覚悟していただくことになります。
また、最悪の場合リカバリで対処してもらう可能性もあるので、必要なデータ類は最初に全部バックアップしておいてください。
本題以外にも複数の問題点が見えてますし、時間はかかってもいいですから落ち着いてひとつずつかかってください。
【お覚悟はよろしくて？】（違

まず最初にお伝えしておきます。
見てのとおり現在相談者さん多数のため、相談受けてから皆さんに順番にレスできるまで、毎回1日かそれ以上かかる可能性もあるので、すみませんがご了承ください。

では以下の説明をよく見てから、順番に作業をお願いします。
既に準備した物もあるはずですが、一応説明を再度見ておいてください。

隠しファイルと拡張子を表示設定にしてください(やり方↓）
http://pasofaq.jp/windows/mycomputer/hiddenfile.htm
http://support.microsoft.com/kb/978449/ja

下記のツールをダウンロードして、基本の使い方を把握しておいてください。
ただし、配布サイトで他のアプリをダウンロードしろと勧めてくるような広告も出てきたらそれらは絶対にクリックしないでください。
「GeekUninstaller」（通称：GU）
説明ページ↓
http://www.gigafree.net/system/install/geekuninstaller.html
ダウンロード↓
http://www.geekuninstaller.com/download
「download free」をクリック、保存後、解凍してください。
片付ける時はフォルダごと手動で削除してください。

「CCleaner」（通称：CC）
説明↓
http://www.gigafree.net/system/clean/ccleaner.html
http://note.chiebukuro.yahoo.co.jp/detail/n178757
ダウンロード↓
http://www.piriform.com/ccleaner/download/standard
最新バージョンをダウンロードしてください。なお、インストール時におまけのアプリも勧めてくることがありますが、それらはチェック外してインストールは避けてください。
片付けるときはアンインストールしてください。

ここで重要な注意です。
CCは本来は高い性能を持つメンテナンスソフトですが、間違った使い方すると
【Windowsにダメージを与えてしまうおそれもある】
ので、ここでは解析ツールとしてのみ使います。
説明をしっかり読んで、自分が指示した以外の操作はしないように。

そして下記ページは作業開始前に必ず熟読して、必要な場合が出たらそれに沿って対処してください。この対処が必要な事例が増えています。
http://note.chiebukuro.yahoo.co.jp/detail/n335704

準備できたら作業開始です。
なお、このあとの作業で探しても見つからないものはスルーして進めていいですが、指示した対象外の物は絶対にいじらないようによく見て作業してください。

また、作業のうえで削除指示するものもあるはずですが、ご自身で必要として入れたものがあればそれの削除は保留して、次のレスでその旨を教えてください。

Windowsの標準機能である「システムの復元」での復元ポイントをひとつ、手動で作成しておいてください。
これはこの後の作業で、間違って対象外のものをいじってしまうとそれだけでWindowsに深刻な不具合を起こすこともあるので、万一の際に復元可能にしておくためです。
http://windows.microsoft.com/ja-jp/windows7/create-a-restore-point

GUを使って下記をアンインストールしてください。
Adobe Acrobat Reader DC - Japanese Adobe Systems Incorporated 2015/12/04 206 MB 15.009.20079

Adobe AIR Adobe Systems Incorporated 2012/12/24 3.5.0.880

Java 7 Update 9 Oracle 2012/11/07 130 MB 7.0.90

Java 8 Update 66 Oracle Corporation 2015/12/05 88.9 MB 8.0.660.18

Java(TM) 6 Update 27 Oracle 2011/10/13 97.0 MB 6.0.270

今度はPCをセーフモードで起動してください（やり方↓）
http://www.pc-master.jp/sousa/s-safemode.html

セーフモードで再度GUを使って、下記をアンインストールしてください。
Daum ｽｺﾅｩｸｰｼｼﾀﾌｹ・ｰ柀ｭﾁ彧・ Daum Communications Corp. 2011/02/08

DVD Decrypter (Remove Only) 2012/01/27

DVD Shrink 3.2 DVD Shrink 2013/03/14

WinRAR archiver 2010/11/20

HJTを起動させ、スキャンを行ってください。
スキャン結果が表示されましたら、以下の項目にチェックを入れてください。
ただし、特にHJTでの作業は一歩間違えれば簡単にPCが起動しなくなるため、こちらが指示した以外のものは絶対にチェックを入れないでください。
O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe

O4 - HKLM\..\Run: [LightGate] c:\programdata\lightgate.exe

O4 - HKCU\..\Run: [-] C:\Users\taku nishiguchi\AppData\Roaming\msiql.exe /RUNNING

O4 - HKCU\..\Run: [taskhost] rundll32.exe C:\ProgramData\WindowsMsg\70C07FC7C48301DD26CC9379650C79CC.dll Start /RUNNING

O20 - AppInit_DLLs: c:\progra~1\browse~1\sprote~1.dll

O23 - Service: MPC Core Protect Service (MPCProtectService) - DotCash Limited - C:\Program Files\MPC Cleaner\MPCProtectService.exe

必要な項目すべてにチェックが入りましたら、Fix checkedをクリックしてください。
探しても見つからないものはスルーして進めていいです。

ここでPCを通常モードで再起動してから、スタートメニューの「アクセサリ」→「システムツール」から「ディスククリーンアップ」を起動してください。
起動したら対象ドライブでCドライブを選択してスキャンして、表示された中の「ダウンロードされたプログラムファイル」「インターネット一時ファイル」「一時ファイル」の項目だけチェックを入れてから「OK」「ファイルの削除」を押してください。
これを実行すると選択した部分のゴミファイルが掃除されます。

これを実行することで作業時にスキャンで検出される無駄なゴミファイルも減るのでその分かなり時間や解析も楽になるのです。
「ごみ箱」など他の項目にチェックしないのは、間違って正常なファイルを削除しないためと、もし正常なファイルを削除してごみ箱に入れても戻せるようにするための措置です。

続いてCCを起動してください。
起動したら、「ツール」→」「スタートアップ」→「Windows」タブを開いてください。
そこで右下の「テキストとして保存」を押すと、表示の内容がログとして保存できるので、ログをデスクトップにでも保存しておいてください。

続いて「InternetExplorer」タブ以下の各タブも順番に開いて、そのログもとっておいてください。

CCの各ログをとったらCCは終了してください。

このあとブラウザを起動して、数時間ほどPC状態を様子見したあと、あらたにHJTとCCでのインストール情報ログを取り直してください。

取り直した両ログと、CCの各ログを返信に貼って、状態報告とともにレスください。
それらを見てから続きの作業を指示します。

　ご指示頂いた手順の最後で「このあとブラウザを起動して、数時間ほどＰＣ状態を様子見したあと、あらたに
ＨＪＴとＣＣでインストール情報ログを取り直してください。」の手前まで出来たのですが、この数時間ほどＰ
Ｃ状態を様子見した後、ＨＪＴがウィルスソフトによってダウンロードしたＥＸＥファイルが削除されてました
。

　再度ダウンロードを試みたのですが、ウィルスソフトによってダウンロードしたとたん、ファイルが削除され
てしまいます。

　ウィルスソフトを一時的に止めて作業してみようかと思いましたが、聞いてからにしようと思いレスさせて頂
きました。

　使用ウィルスソフトはキングソフトのアンチウィルスです。ご指南願います。

レスが遅くなってすみません。

キングソフトでHJTが誤検出削除されるとのことですね。
では下記サイト様の説明を読んでから、HJTを除外設定してください。
http://hide.maruo.co.jp/setupantivirus/kav.html

そのあと、Kingの操作画面から「隔離」フォルダを開いて、そこに隔離されているはずのHJTファイルを復元してください。

これでまずHJTは戻るはずですが、うまくいかないときはまたレスで教えてください。

　早速のレスありがとうございます。えー、サイト説明見ましたがそもそもアンチウィルスソフトで隔離されており、
ファイルが存在しないため、除外設定ができません。

　隔離フォルダより復元をしましたが、復元後すぐにアンチウィルスソフトが作動し、削除されてしまいます。お手数
おかけして申し訳ありません。

　再度ご指南頂けますでしょうか。お願いします。

　少々荒技でリアルタイムスキャンを一時的に止めてＨＪＴをダウンロードし、除外設定した後すぐに
リアルタイムスキャンをＯＮにして対処しましたｗ。
　そして、最初の指示通りログが取れたので以下に張ります。

　（ＨＪＴのログ）
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 23:05:34, on 2016/01/10
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18124)


Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMNT.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Common Files\Kingsoft\kiscommon\kxetray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\taku nishiguchi\Desktop\HJT\HijackThis.exe

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [kssetup] C:\Program Files\Kingsoft\Kssetup\starthome.exe init
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [IME JPN 2007 Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload
O4 - HKLM\..\Run: [kxesc] "C:\Program Files\Common Files\Kingsoft\kiscommon\kxetray.exe" -autorun
O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKLM\..\RunOnce: [XG_Synth] rundll32.exe /N streamci.dll,StreamingDeviceSetup {CEA6A804-0F0C-4fcf-B30F-CC12D19D3E88},SXGXGWDM,{DFF220F3-F70F-11D0-B917-00A0C9223196},C:\Windows\System32\DriverStore\FileRepository\sxgxgwdm.inf_x86_neutral_06b1a3147a1c017d\sxgxgwdm.inf,WDM_SOFTXG.Interface.Install
O4 - HKLM\..\RunOnce: [XG_Audio] rundll32.exe /N streamci.dll,StreamingDeviceSetup {CEA6A804-0F0C-4fcf-B30F-CC12D19D3E88},SXGXGWDM,{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\Windows\System32\DriverStore\FileRepository\sxgxgwdm.inf_x86_neutral_06b1a3147a1c017d\sxgxgwdm.inf,WDM_SOFTXG.Interface.Install
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-18\..\RunOnce: [KISINSTALL] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [KAV7NEEDREBOOT] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Del25027895] cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Del8498684] cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Del16514531] cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [KISINSTALL] (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: starthome - {06926B30-424E-4f1c-8EE3-543CD96573DF} - C:\Program Files\Kingsoft\Kssetup\starthome.exe
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: starthome - {06926B30-424E-4f1c-8EE3-543CD96573DF} - C:\Program Files\Kingsoft\Kssetup\starthome.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0172828C-CB7D-4C10-AF96-0ED9B52DCFDC} (GameOnG2GCtrl Class) - http://update.g2gcdn.com/g2g/g2gdownloader/GameOnG2G.cab
O16 - DPF: {134DD8EF-7716-4538-A430-EFEB7517E6E7} (WebLauncher Control) - http://icarus.gamecom.jp/Common/cab/WebLauncher.cab
O16 - DPF: {145C073F-9098-41CA-81E1-295D17CDFD55} (TTS Launcher Class) - https://ta-online.jp/weblauncher/common/CnCGameLauncher.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {31EE92CA-C0F5-48F7-AE60-B54CDF3BB76C} (AcqVPlayer Control) - http://202.95.222.164/player/AcqVPlayerX_2_0_3_9.cab
O16 - DPF: {416A7570-8626-4935-B4AC-F7712B909FFE} (KCSActiveXJPv3Ctrl Class) - http://210.136.222.73/kamuse/kcsjpdownload/activex/KCSActiveXJPv3_1002.cab
O16 - DPF: {5082D9B5-5538-4C50-BDB1-C5F44BFB98CC} (HgRunPub Class) - http://down.hangame.co.jp/jp/installer/HgRunPub.cab
O16 - DPF: {5EBC1E61-6BD1-4FBC-AB60-744144EA615D} (AtlAXCtrl Class) - http://karos.oge.jp/html/cab/ver4/AtlAX.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivX Web Player Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6FC19219-C47E-4880-9A70-D218A1C374F9} (CJIJTransX Control) - http://www.sdgundamcfo.jp/common/CJIJTransX.cab
O16 - DPF: {7216BF69-1FB3-438C-9A51-9DA82B676BC0} (ArarioGameStarter6 Class) - http://stonline.arario.jp/activeX/AraGameStarterW6.cab
O16 - DPF: {785287DD-2A28-4558-BC5C-4F8D1350631D} (CapcomLoaderObject Class) - https://sys.ixion-saga.jp/auth/login/pannel/CapcomLoader32.cab
O16 - DPF: {865C98C4-E909-44DF-B2A1-C659E6C2AF47} (DragonsProphetGameStarter Control) - http://dragonsprophet.aeriagames.jp/files/cab/DP_GameStarter.cab
O16 - DPF: {8C2E6E01-D1F6-4A94-B314-7C5DF4EE1853} (SpecAnalyzer Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGReport.cab
O16 - DPF: {9BEEA7FF-FF76-403C-B124-86D9835435F0} (GameChu Login Control) - https://file.gamechu.net/dl/download/sessionctrl.cab
O16 - DPF: {A1A81C4D-C5FB-40C7-98F0-308516A67693} (HLauncher Control) - http://ge.hanbitstation.jp/launcher/HUELauncher.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher.cab_1.0.1.8
O16 - DPF: {B0B7F252-5B1D-4F56-9172-29AD9F62537E} (GamesCampus Control) - http://tartaros.gamescampus.co.jp/activex/GamesCampus.cab
O16 - DPF: {BBA1ABFD-C9A1-41E8-959A-161F17E145D4} (G2GDownloaderCtrl Class) - http://update.g2gcdn.com/g2g/g2gdownloader/G2GDownloader.cab
O16 - DPF: {C299BD0C-F41B-4A8B-8D05-964A141D8C28} (GameStarter Control) - https://grandfantasia.aeriagames.jp/files/gf/GrandFantasia.cab
O16 - DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} (Game Starter Control) - https://gash.gamania.co.jp/acxauth/cab/2.0.1/lcjggame.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - https://nprotect.gameon.co.jp/keycrypt_20101021/npkcx_10021.cab
O16 - DPF: {E2729F99-A050-4F4D-AE9F-7492C5532F49} (HgTAgent2 Extension Class) - http://down.hangame.co.jp/jp/dist/hgtagent2/hgtagent2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E4FC78EE-7DB9-444B-AF43-DB5F48E29D60} (ccmedia_launcher Control) - http://plugins.mk-style.com/ccmedia_launcher_vov.cab
O16 - DPF: {F2A8D14C-33BE-4E6E-B4B3-67F4062428A9} (G2GDownloader2Ctrl Class) - http://update.g2gcdn.com/g2g/g2gdownloader/G2GDownloader2.cab
O16 - DPF: {F4C75105-84BB-414D-AE37-4F0EEEEDE881} (X-Legend GameStarter Control) - https://genshin.x-legend.co.jp/X-LegendGameStarter.cab
O16 - DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} (PubPlugin Class) - http://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
O16 - DPF: {FFF7D8B7-A5EA-4270-8F68-140CE3F8F117} (ｅｏかんたんメール設定ツール) - http://support.eonet.jp/download/eo_tool/dldata/kantan_tool/32/eomcfgax.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-UpdaterService.exe
O23 - Service: Chrome リモート デスクトップ サービス (chromoting) - Google Inc. - C:\Program Files\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: GoogleChromeUpServlce - TODO: - C:\ProgramData\Windows Update\upgsvr.exe
O23 - Service: GoogleChromeUpSvc - TODO: - C:\ProgramData\Windows Update\svrupg.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXUS 使用状況調査プログラム (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kingsoft Core Defend Service (kxedefend) - Kingsoft Corporation - C:\Program Files\Common Files\Kingsoft\kiscommon\kxedefend.exe
O23 - Service: Kingsoft Security App Service (kxesapp) - Kingsoft Corporation - C:\Program Files\Common Files\Kingsoft\kiscommon\kxesapp.exe
O23 - Service: Kingsoft Core Service (kxescore) - Kingsoft Corporation - C:\Program Files\Common Files\Kingsoft\kiscommon\kxescore.exe
O23 - Service: Kingsoft Antivirus Update Service (KxEUpSrv) - Kingsoft Corporation - C:\Program Files\Common Files\Kingsoft\kiscommon\upsvc.exe
O23 - Service: MPC Core Protect Service (MPCProtectService) - DotCash Limited - C:\Program Files\MPC Cleaner\MPCProtectService.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\OpenMG\PACSPTISVR.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SonicStage Back-End Service2 - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeService2.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
O23 - Service: xsherlock - Wellbia.com Co., Ltd. - C:\Windows\xsherlock.xem

--
End of file - 15052 bytes

　～以下ＰＣ様子見前のＣＣログ～

　（windows）
有効 HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
有効 HKLM:Run CanonMyPrinter CANON INC. C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
有効 HKLM:Run CanonSolutionMenu CANON INC. C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
有効 HKLM:Run CLMLServer CyberLink "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
有効 HKLM:Run IME JPN 2007 Migration Microsoft Corporation C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload
有効 HKLM:Run IntelliPoint Microsoft Corporation "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
有効 HKLM:Run kssetup www.kingsoft.jp C:\Program Files\Kingsoft\Kssetup\starthome.exe init
有効 HKLM:Run kxesc Kingsoft Corporation "C:\Program Files\Common Files\Kingsoft\kiscommon\kxetray.exe" -autorun
有効 HKLM:Run RemoteControl8 CyberLink Corp. "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
有効 HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
有効 HKLM:Run ShadowPlay Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
有効 HKLM:Run UpdateP2GoShortCut CyberLink Corp. "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
有効 HKLM:Run UpdatePPShortCut CyberLink Corp. "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
有効 HKLM:Run UpdatePSTShortCut CyberLink Corp. "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
有効 HKLM:RunOnce B Register C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll Microsoft Corporation "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer
有効 HKLM:RunOnce B Register C:\Program Files\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax Microsoft Corporation "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer
有効 HKLM:RunOnce XG_Audio Microsoft Corporation rundll32.exe /N streamci.dll,StreamingDeviceSetup {CEA6A804-0F0C-4fcf-B30F-CC12D19D3E88},SXGXGWDM,{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\Windows\System32\DriverStore\FileRepository\sxgxgwdm.inf_x86_neutral_06b1a3147a1c017d\sxgxgwdm.inf,WDM_SOFTXG.Interface.Install
有効 HKLM:RunOnce XG_Synth Microsoft Corporation rundll32.exe /N streamci.dll,StreamingDeviceSetup {CEA6A804-0F0C-4fcf-B30F-CC12D19D3E88},SXGXGWDM,{DFF220F3-F70F-11D0-B917-00A0C9223196},C:\Windows\System32\DriverStore\FileRepository\sxgxgwdm.inf_x86_neutral_06b1a3147a1c017d\sxgxgwdm.inf,WDM_SOFTXG.Interface.Install

　（ＩＥ）
無効 Extension Messenger Companion (Ctrl+Shift+C) Microsoft Corporation C:\Program Files\Windows Live\Companion\companioncore.dll
有効 Extension Skype Click to Call settings Microsoft Corporation C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
無効 Extension このコンテンツを引用 Microsoft Corporation C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
無効 Helper Google Toolbar Helper Google Inc. C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
有効 Helper Skype Click to Call for Internet Explorer Microsoft Corporation C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
無効 Helper Windows Live ID Sign-in Helper Microsoft Corp. C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
無効 Helper Windows Live Messenger Companion Helper Microsoft Corporation C:\Program Files\Windows Live\Companion\companioncore.dll
無効 Toolbar Google Toolbar Google Inc. C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

　（スケジュールされたタスク）
有効 Task 0 Microsoft Corporation c:\program files\internet explorer\iexplore.exe
有効 Task 4816 Microsoft Corporation wscript.exe C:\Users\TAKUNI~1\AppData\Local\Temp\launchie.vbs //B
有効 Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task DealPly C:\Users\TAKUNI~1\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE /Check
有効 Task DivXUpdate DivX, LLC C:\Program Files\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe
有効 Task DSite C:\Users\TAKUNI~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE /Check
有効 Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task MPC AdCleaner C:\Program Files\MPC AdCleaner\AdCleaner.exe /autostart
有効 Task svchost C:\Users\TAKUNI~1\AppData\Local\Temp\is-N9HJF.tmp\716.exe
有効 Task {05ECFF6E-3107-4812-9472-D1B660AF352E} Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/4.2.0.155/ja/abandoninstall?page=tsChrome&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-installed
有効 Task {05F7C8E5-B819-4FD3-A504-2D891C6396A2} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Nexon\NAVYFIELD2\vcredist_x86.exe -d C:\Nexon\NAVYFIELD2
有効 Task {08163D3D-27F1-4A2B-8495-97D3AEF7028E} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Program Files\Silk-R\Remove.Exe"
有効 Task {08D269C3-F1E7-4CBF-9B59-FD841CCA1514} Microsoft Corporation C:\Windows\system32\pcalua.exe -a D:\kssetup_install\kssetup_install.exe -d D:\kssetup_install
有効 Task {0E3890F2-A308-4D25-A058-4365944803C7} SDEnterNET C:\Program Files\SD EnterNET\NavyFIELD\NavyFIELD Launcher.exe
有効 Task {14F7847B-FA90-458C-8F63-2E7E6EC212D8} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Program Files\Silk-R\Remove.Exe"
有効 Task {2375DA01-FD6C-4D7D-B2A4-65F947EBF02B} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\Desktop\ARKdownloadstart.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {2422AA9B-250A-4ED5-B2E4-07F5E23AB536} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WX55AC1A\pmang_common_module.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {2CF811CD-1D39-4516-B579-22FAB5045BF0} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Program Files\TeamSpeak 3 Client\package_inst.exe" -d "C:\Users\taku nishiguchi\Desktop" -c "C:\Users\taku nishiguchi\Desktop\130105_for_3092_rev1.ts3_translation"
有効 Task {31F2A8E6-1CF5-47C8-9FD3-E6F7D2B384C9} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\Desktop\Setup_SN_0422.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {36E6DA32-359B-4CE6-BB3B-8384DF9A9B63} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6A7TMPPA\SOR_EP2downloadstart.exe" -d "C:\Users\taku nishiguchi"
有効 Task {3A14BFA8-9382-4E90-8752-B4460CCAA4D5} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J298H6WF\common_module.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {3AFC55CF-6BB9-4D54-9F4E-903E4D37DA60} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Nexon\NAVYFIELD2\vcredist_x86.exe -d C:\Nexon\NAVYFIELD2
有効 Task {46DFC07F-EDB4-4C6C-8762-3FE043B95C46} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WX55AC1A\pmang_common_module.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {4B1B5F91-5A2D-477C-AC6B-F9905F5BA8F7} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\Desktop\PandoraSaga_install.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {5238B796-26A8-47A8-B44A-8A59EF8BE81A} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\Desktop\ddec3540inst_jp.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {690D2BDE-4929-470F-A1A8-D404186DA29E} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WX55AC1A\pmang_common_module.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {78CEC348-8669-4333-9F3D-6E0E45D7A7EC} Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/5.1.0.112.259/ar/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;alreadyoffered
有効 Task {81D483CF-0ED1-4172-AB3E-628116FE23C5} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\TAKUNI~1\AppData\Local\Temp\~pmangZip\Installer.exe -d C:\Users\TAKUNI~1\AppData\Local\Temp\NWZ6AB3.tmp
有効 Task {83A4F0CC-37F1-437A-8D90-F89A25F4B003} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\TAKUNI~1\AppData\Local\Temp\~pmangZip\setup.exe -d C:\Users\TAKUNI~1\AppData\Local\Temp\Low\NWZ6C5E.tmp
有効 Task {8942B346-CD5A-4575-817E-03B3EF21EC49} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\Desktop\Fantasy Earth Zero Client Installer\setup.exe" -d "C:\Users\taku nishiguchi\Desktop\Fantasy Earth Zero Client Installer"
有効 Task {946FAB7B-600E-496A-A787-2581B4667C31} Microsoft Corporation "c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/4.1.0.179/ja/go/help.faq.installer?LastError=1603
有効 Task {9831E48B-72ED-45DD-B472-B1892796682F} Skype Technologies S.A. C:\Program Files\Skype\Phone\Skype.exe
有効 Task {A2990A31-B7C8-4315-8A88-97D610AB6C3C} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5NTEXPJ\pmang_common_module.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {A6EB5F72-871D-4134-B89F-620D850B92B0} Skype Technologies S.A. C:\Program Files\Skype\Phone\Skype.exe
有効 Task {AFAAF2B3-65DB-4D2A-BC3F-91801F387DD9} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ANDPFQS\pmang_common_module.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {B703E6A1-86CB-4F56-B4D2-8505295E2BEB} Microsoft Corporation "c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/5.5.0.124.259/en/go/help.faq.installer?LastError=1618
有効 Task {BCE7938E-AFEE-4518-82D4-4C402AC8F26D} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ANDPFQS\pmang_common_module.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {C1571B46-E4EA-4AC5-A9EE-94EE140092BB} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\Desktop\3GP_Converter034\Setup.exe" -d "C:\Users\taku nishiguchi\Desktop\3GP_Converter034"
有効 Task {C8360997-FF9C-4596-8270-F19BED0990DF} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\Desktop\SORdownloadstart.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {D14AB51B-6680-415E-AD44-F8E5BD77E0C7} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\Desktop\fez_full_installer.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {D1E8582E-695C-4B59-8875-CAB855E6F5BF} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4W2D7GZB\pmang_common_module.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {D6237DF9-F239-4B91-BFD8-E162C7254F02} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CR87BM5X\pmang_common_module.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {E54DDB88-2583-4834-9E2D-E1B9A2C36AD9} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3GZ5O2F\common_module.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {F371BB31-E624-41F6-AE16-2CD04A1EA4BA} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\Desktop\SOR_EP2downloadstart.exe" -d "C:\Users\taku nishiguchi\Desktop"

　（コンテキストメニュー）
有効 Directory duba_32bit Kingsoft Corporation C:\Program Files\Kingsoft\Kingsoft AntiVirus\kavmenu.dll
有効 Drive duba_32bit Kingsoft Corporation C:\Program Files\Kingsoft\Kingsoft AntiVirus\kavmenu.dll
有効 File duba_32bit Kingsoft Corporation C:\Program Files\Kingsoft\Kingsoft AntiVirus\kavmenu.dll

　～以下ＰＣ様子見後のＣＣログ～

　（windows）
有効 HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
有効 HKLM:Run CanonMyPrinter CANON INC. C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
有効 HKLM:Run CanonSolutionMenu CANON INC. C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
有効 HKLM:Run CLMLServer CyberLink "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
有効 HKLM:Run IME JPN 2007 Migration Microsoft Corporation C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload
有効 HKLM:Run IntelliPoint Microsoft Corporation "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
有効 HKLM:Run kssetup www.kingsoft.jp C:\Program Files\Kingsoft\Kssetup\starthome.exe init
有効 HKLM:Run kxesc Kingsoft Corporation "C:\Program Files\Common Files\Kingsoft\kiscommon\kxetray.exe" -autorun
有効 HKLM:Run RemoteControl8 CyberLink Corp. "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
有効 HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
有効 HKLM:Run ShadowPlay Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
有効 HKLM:Run UpdateP2GoShortCut CyberLink Corp. "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
有効 HKLM:Run UpdatePPShortCut CyberLink Corp. "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
有効 HKLM:Run UpdatePSTShortCut CyberLink Corp. "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
有効 HKLM:RunOnce B Register C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll Microsoft Corporation "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer
有効 HKLM:RunOnce B Register C:\Program Files\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax Microsoft Corporation "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer
有効 HKLM:RunOnce XG_Audio Microsoft Corporation rundll32.exe /N streamci.dll,StreamingDeviceSetup {CEA6A804-0F0C-4fcf-B30F-CC12D19D3E88},SXGXGWDM,{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\Windows\System32\DriverStore\FileRepository\sxgxgwdm.inf_x86_neutral_06b1a3147a1c017d\sxgxgwdm.inf,WDM_SOFTXG.Interface.Install
有効 HKLM:RunOnce XG_Synth Microsoft Corporation rundll32.exe /N streamci.dll,StreamingDeviceSetup {CEA6A804-0F0C-4fcf-B30F-CC12D19D3E88},SXGXGWDM,{DFF220F3-F70F-11D0-B917-00A0C9223196},C:\Windows\System32\DriverStore\FileRepository\sxgxgwdm.inf_x86_neutral_06b1a3147a1c017d\sxgxgwdm.inf,WDM_SOFTXG.Interface.Install

　続きが書けませんね・・・

　（ＩＥ）
無効 Extension Messenger Companion (Ctrl+Shift+C) Microsoft Corporation C:\Program Files\Windows Live\Companion\companioncore.dll
有効 Extension Skype Click to Call settings Microsoft Corporation C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
無効 Extension このコンテンツを引用 Microsoft Corporation C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
無効 Helper Google Toolbar Helper Google Inc. C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
有効 Helper Skype Click to Call for Internet Explorer Microsoft Corporation C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
無効 Helper Windows Live ID Sign-in Helper Microsoft Corp. C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
無効 Helper Windows Live Messenger Companion Helper Microsoft Corporation C:\Program Files\Windows Live\Companion\companioncore.dll
無効 Toolbar Google Toolbar Google Inc. C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

　（スケジュールされたタスク）
有効 Task 0 Microsoft Corporation c:\program files\internet explorer\iexplore.exe
有効 Task 4816 Microsoft Corporation wscript.exe C:\Users\TAKUNI~1\AppData\Local\Temp\launchie.vbs //B
有効 Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task DealPly C:\Users\TAKUNI~1\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE /Check
有効 Task DivXUpdate DivX, LLC C:\Program Files\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe
有効 Task DSite C:\Users\TAKUNI~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE /Check
有効 Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task MPC AdCleaner C:\Program Files\MPC AdCleaner\AdCleaner.exe /autostart
有効 Task svchost C:\Users\TAKUNI~1\AppData\Local\Temp\is-N9HJF.tmp\716.exe
有効 Task {05ECFF6E-3107-4812-9472-D1B660AF352E} Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/4.2.0.155/ja/abandoninstall?page=tsChrome&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-installed
有効 Task {05F7C8E5-B819-4FD3-A504-2D891C6396A2} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Nexon\NAVYFIELD2\vcredist_x86.exe -d C:\Nexon\NAVYFIELD2
有効 Task {08163D3D-27F1-4A2B-8495-97D3AEF7028E} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Program Files\Silk-R\Remove.Exe"
有効 Task {08D269C3-F1E7-4CBF-9B59-FD841CCA1514} Microsoft Corporation C:\Windows\system32\pcalua.exe -a D:\kssetup_install\kssetup_install.exe -d D:\kssetup_install
有効 Task {0E3890F2-A308-4D25-A058-4365944803C7} SDEnterNET C:\Program Files\SD EnterNET\NavyFIELD\NavyFIELD Launcher.exe
有効 Task {14F7847B-FA90-458C-8F63-2E7E6EC212D8} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Program Files\Silk-R\Remove.Exe"
有効 Task {2375DA01-FD6C-4D7D-B2A4-65F947EBF02B} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\Desktop\ARKdownloadstart.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {2422AA9B-250A-4ED5-B2E4-07F5E23AB536} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WX55AC1A\pmang_common_module.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {2CF811CD-1D39-4516-B579-22FAB5045BF0} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Program Files\TeamSpeak 3 Client\package_inst.exe" -d "C:\Users\taku nishiguchi\Desktop" -c "C:\Users\taku nishiguchi\Desktop\130105_for_3092_rev1.ts3_translation"
有効 Task {31F2A8E6-1CF5-47C8-9FD3-E6F7D2B384C9} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\Desktop\Setup_SN_0422.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {36E6DA32-359B-4CE6-BB3B-8384DF9A9B63} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6A7TMPPA\SOR_EP2downloadstart.exe" -d "C:\Users\taku nishiguchi"
有効 Task {3A14BFA8-9382-4E90-8752-B4460CCAA4D5} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J298H6WF\common_module.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {3AFC55CF-6BB9-4D54-9F4E-903E4D37DA60} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Nexon\NAVYFIELD2\vcredist_x86.exe -d C:\Nexon\NAVYFIELD2
有効 Task {46DFC07F-EDB4-4C6C-8762-3FE043B95C46} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WX55AC1A\pmang_common_module.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {4B1B5F91-5A2D-477C-AC6B-F9905F5BA8F7} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\Desktop\PandoraSaga_install.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {5238B796-26A8-47A8-B44A-8A59EF8BE81A} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\Desktop\ddec3540inst_jp.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {690D2BDE-4929-470F-A1A8-D404186DA29E} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WX55AC1A\pmang_common_module.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {78CEC348-8669-4333-9F3D-6E0E45D7A7EC} Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/5.1.0.112.259/ar/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;alreadyoffered
有効 Task {81D483CF-0ED1-4172-AB3E-628116FE23C5} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\TAKUNI~1\AppData\Local\Temp\~pmangZip\Installer.exe -d C:\Users\TAKUNI~1\AppData\Local\Temp\NWZ6AB3.tmp
有効 Task {83A4F0CC-37F1-437A-8D90-F89A25F4B003} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\TAKUNI~1\AppData\Local\Temp\~pmangZip\setup.exe -d C:\Users\TAKUNI~1\AppData\Local\Temp\Low\NWZ6C5E.tmp
有効 Task {8942B346-CD5A-4575-817E-03B3EF21EC49} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\Desktop\Fantasy Earth Zero Client Installer\setup.exe" -d "C:\Users\taku nishiguchi\Desktop\Fantasy Earth Zero Client Installer"
有効 Task {946FAB7B-600E-496A-A787-2581B4667C31} Microsoft Corporation "c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/4.1.0.179/ja/go/help.faq.installer?LastError=1603
有効 Task {9831E48B-72ED-45DD-B472-B1892796682F} Skype Technologies S.A. C:\Program Files\Skype\Phone\Skype.exe
有効 Task {A2990A31-B7C8-4315-8A88-97D610AB6C3C} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5NTEXPJ\pmang_common_module.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {A6EB5F72-871D-4134-B89F-620D850B92B0} Skype Technologies S.A. C:\Program Files\Skype\Phone\Skype.exe
有効 Task {AFAAF2B3-65DB-4D2A-BC3F-91801F387DD9} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ANDPFQS\pmang_common_module.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {B703E6A1-86CB-4F56-B4D2-8505295E2BEB} Microsoft Corporation "c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/5.5.0.124.259/en/go/help.faq.installer?LastError=1618
有効 Task {BCE7938E-AFEE-4518-82D4-4C402AC8F26D} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ANDPFQS\pmang_common_module.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {C1571B46-E4EA-4AC5-A9EE-94EE140092BB} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\Desktop\3GP_Converter034\Setup.exe" -d "C:\Users\taku nishiguchi\Desktop\3GP_Converter034"
有効 Task {C8360997-FF9C-4596-8270-F19BED0990DF} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\Desktop\SORdownloadstart.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {D14AB51B-6680-415E-AD44-F8E5BD77E0C7} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\Desktop\fez_full_installer.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {D1E8582E-695C-4B59-8875-CAB855E6F5BF} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4W2D7GZB\pmang_common_module.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {D6237DF9-F239-4B91-BFD8-E162C7254F02} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CR87BM5X\pmang_common_module.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {E54DDB88-2583-4834-9E2D-E1B9A2C36AD9} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3GZ5O2F\common_module.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {F371BB31-E624-41F6-AE16-2CD04A1EA4BA} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\Desktop\SOR_EP2downloadstart.exe" -d "C:\Users\taku nishiguchi\Desktop"

　（コンテキストメニュー）
有効 Directory duba_32bit Kingsoft Corporation C:\Program Files\Kingsoft\Kingsoft AntiVirus\kavmenu.dll
有効 Drive duba_32bit Kingsoft Corporation C:\Program Files\Kingsoft\Kingsoft AntiVirus\kavmenu.dll
有効 File duba_32bit Kingsoft Corporation C:\Program Files\Kingsoft\Kingsoft AntiVirus\kavmenu.dll

　追伸・・・内容が様子見前と同じだったみたいで、重複投稿になって書けなくなってましたｗ。改行で１行あけたら書けました。ご確認お願いします。

　さらに追伸・・・削除指示に「Daum ｽｺﾅｩｸｰｼｼﾀﾌｹ・ｰ柀ｭﾁ彧・ Daum Communications Corp. 2011/02/08 」
がありましたが、これは少女時代のスクリーンセーバーになりますｗｗｗｗ。
　出来たら消したくないので残してありますが、消さないとダメでしょうか？！(;_;)
　ご検討くださいm(__)m

　状態報告忘れてましたｗ。状態としては、ＭＰＣに関してデスクトップ上のショートカット有り。右下のバー内にも表示有り。
ＩＥのホームページ画面もＭＰＣのまま。最初と同じ症状のままですね。
　画面右下と左下に出ていた広告が出なくなりました。ｋｉｎｇｓｏｆｔをいじっている時、当初は2012年版だったのですが、
ＵＰデートの案内があったので、2015年版にＶｅｒＵＰしました。その際スキャン指示があったため、スキャンをかけました。
　その際のログも以下に張っておきます。

ステータス：[2016-01-10 23:42:58]
時間：[00:16:00]
スキャン種類：クラウドスキャン
スキャン件数：18545
スキャンスピード：19ファイル/秒
リスク発見：32件
リスク除外：31件
=============================================
[2016-01-10 23:59:30]
リスク：related page
セキュリティレベル：危険
処理方式：削除

[2016-01-10 23:59:30]
リスク：httpの関連が壊れた
セキュリティレベル：脅威
処理方式：修復

[2016-01-10 23:59:30]
リスク：不審なホームページ設定
セキュリティレベル：脅威
処理方式：修復

[2016-01-10 23:59:30]
リスク：c:\programdata\microsoft\windows\start menu\programs\benesse\bego_ff\bego_firstfriends.lnk
種類：スタートアップに登録する必要の無いプログラム
セキュリティレベル：不明
処理方式：削除

[2016-01-10 23:59:30]
リスク：c:\programdata\microsoft\windows\start menu\programs\browse2save\uninstall.lnk
種類：スタートアップに登録する必要の無いプログラム
セキュリティレベル：不明
処理方式：削除

[2016-01-10 23:59:30]
リスク：c:\programdata\microsoft\windows\start menu\programs\illumiaknights\アンインストール.lnk
種類：スタートアップに登録する必要の無いプログラム
セキュリティレベル：不明
処理方式：削除

[2016-01-10 23:59:30]
リスク：c:\programdata\microsoft\windows\start menu\programs\joymax\silkroad\silkroad.lnk
種類：スタートアップに登録する必要の無いプログラム
セキュリティレベル：不明
処理方式：削除

[2016-01-10 23:59:30]
リスク：c:\programdata\microsoft\windows\start menu\programs\joymax\silkroad\uninstall.lnk
種類：スタートアップに登録する必要の無いプログラム
セキュリティレベル：不明
処理方式：削除

[2016-01-10 23:59:30]
リスク：c:\programdata\microsoft\windows\start menu\programs\keyholetv\keyholetv.lnk
種類：スタートアップに登録する必要の無いプログラム
セキュリティレベル：不明
処理方式：削除

[2016-01-10 23:59:30]
リスク：c:\programdata\microsoft\windows\start menu\programs\keyholetv\uninstall.lnk
種類：スタートアップに登録する必要の無いプログラム
セキュリティレベル：不明
処理方式：削除

[2016-01-10 23:59:30]
リスク：c:\programdata\microsoft\windows\start menu\programs\sdgo\アンインストール.lnk
種類：スタートアップに登録する必要の無いプログラム
セキュリティレベル：不明
処理方式：削除

[2016-01-10 23:59:30]
リスク：c:\programdata\microsoft\windows\start menu\プログラム\benesse\bego_ff\bego_firstfriends.lnk
種類：スタートアップに登録する必要の無いプログラム
セキュリティレベル：不明
処理方式：削除

[2016-01-10 23:59:30]
リスク：c:\programdata\microsoft\windows\start menu\プログラム\browse2save\uninstall.lnk
種類：スタートアップに登録する必要の無いプログラム
セキュリティレベル：不明
処理方式：削除

[2016-01-10 23:59:30]
リスク：c:\programdata\microsoft\windows\start menu\プログラム\illumiaknights\アンインストール.lnk
種類：スタートアップに登録する必要の無いプログラム
セキュリティレベル：不明
処理方式：削除

[2016-01-10 23:59:30]
リスク：c:\programdata\microsoft\windows\start menu\プログラム\joymax\silkroad\silkroad.lnk
種類：スタートアップに登録する必要の無いプログラム
セキュリティレベル：不明
処理方式：削除

[2016-01-10 23:59:30]
リスク：c:\programdata\microsoft\windows\start menu\プログラム\joymax\silkroad\uninstall.lnk
種類：スタートアップに登録する必要の無いプログラム
セキュリティレベル：不明
処理方式：削除

[2016-01-10 23:59:30]
リスク：c:\programdata\microsoft\windows\start menu\プログラム\keyholetv\keyholetv.lnk
種類：スタートアップに登録する必要の無いプログラム
セキュリティレベル：不明
処理方式：削除

[2016-01-10 23:59:30]
リスク：c:\programdata\microsoft\windows\start menu\プログラム\keyholetv\uninstall.lnk
種類：スタートアップに登録する必要の無いプログラム
セキュリティレベル：不明
処理方式：削除

[2016-01-10 23:59:30]
リスク：c:\programdata\microsoft\windows\start menu\プログラム\sdgo\アンインストール.lnk
種類：スタートアップに登録する必要の無いプログラム
セキュリティレベル：不明
処理方式：削除

[2016-01-10 23:59:30]
リスク：レジストリに残留の悪意アプリ修正
セキュリティレベル：危険
処理方式：修復

[2016-01-10 23:59:30]
リスク：c:\users\taku nishiguchi\appdata\roaming\microsoft\windows\start menu\programs\joymax\silk-r\uninstall.lnk
種類：スタートアップに登録する必要の無いプログラム
セキュリティレベル：不明
処理方式：削除

[2016-01-10 23:59:30]
リスク：c:\users\taku nishiguchi\appdata\roaming\microsoft\windows\start menu\programs\mpc adcleaner\mpc adcleaner.lnk
種類：スタートアップに登録する必要の無いプログラム
セキュリティレベル：不明
処理方式：削除

[2016-01-10 23:59:30]
リスク：c:\users\taku nishiguchi\appdata\roaming\microsoft\windows\start menu\programs\ゲームで遊ぶ (easybits go).lnk
種類：スタートアップに登録する必要の無いプログラム
セキュリティレベル：不明
処理方式：削除

[2016-01-10 23:59:30]
リスク：c:\users\taku nishiguchi\appdata\roaming\microsoft\windows\start menu\プログラム\joymax\silk-r\uninstall.lnk
種類：スタートアップに登録する必要の無いプログラム
セキュリティレベル：不明
処理方式：削除

[2016-01-10 23:59:30]
リスク：c:\users\taku nishiguchi\appdata\roaming\microsoft\windows\start menu\プログラム\mpc adcleaner\mpc adcleaner.lnk
種類：スタートアップに登録する必要の無いプログラム
セキュリティレベル：不明
処理方式：削除

[2016-01-10 23:59:30]
リスク：c:\users\taku nishiguchi\appdata\roaming\microsoft\windows\start menu\プログラム\ゲームで遊ぶ (easybits go).lnk
種類：スタートアップに登録する必要の無いプログラム
セキュリティレベル：不明
処理方式：削除

[2016-01-10 23:59:30]
リスク：c:\program files\java\jre1.8.0_60\bin\npjpi180_60.dll
種類：スタートアップに登録する必要の無いプログラム
セキュリティレベル：不明
処理方式：削除

[2016-01-10 23:59:30]
リスク：c:\windows\system32\deployjava1.dll
種類：スタートアップに登録する必要の無いプログラム
セキュリティレベル：不明
処理方式：削除

[2016-01-10 23:59:30]
リスク：伪装hijackthis杀毒文件
種類：win32.heurc.kvm099.a.(クラウド検証)
セキュリティレベル：危険
処理方式：未処理

[2016-01-10 23:59:30]
リスク：c:\program files\jword_pino\cnsminsetup_pino.exe
種類：win32.heurc.kvm017.a.(クラウド検証)
セキュリティレベル：危険
処理方式：削除

[2016-01-10 23:59:30]
リスク：c:\program files\mpck_en_004090200\predm.exe
種類：win32.troj.eorezo.fb.(クラウド検証)
セキュリティレベル：危険
処理方式：削除

[2016-01-10 23:59:30]
リスク：c:\users\taku nishiguchi\appdata\roaming\msiql.exe
種類：win32.troj.generic_a.a.(クラウド検証)
セキュリティレベル：危険
処理方式：削除

レスが遅くなってすみません。
本日また、うちのネット回線障害がひどくなってて、何とかつながっている間に可能な分だけでもレスします。

スクリーンセーバーは残したいとのことですか。
ではとりあえずこれは置いて進めます。

Kingの過剰反応はうまく臨機応変に対処されましたね。ご苦労様です。
ではまた説明に沿って次の作業です。

先の要領でまたCCを起動して「スケジュール」タブ内の下記を右クリックから「無効」にしたあと「エントリの削除」してください。無効化できないときはそのまま削除でもいいです。

有効 Task 0 Microsoft Corporation c:\program files\internet explorer\iexplore.exe

有効 Task 4816 Microsoft Corporation wscript.exe C:\Users\TAKUNI~1\AppData\Local\Temp\launchie.vbs //B

有効 Task DealPly C:\Users\TAKUNI~1\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE /Check

有効 Task DSite C:\Users\TAKUNI~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE /Check

有効 Task MPC AdCleaner C:\Program Files\MPC AdCleaner\AdCleaner.exe /autostart

有効 Task svchost C:\Users\TAKUNI~1\AppData\Local\Temp\is-N9HJF.tmp\716.exe

CCを終了したら今度は下記のツールを準備してください。
「AdwCleaner」（通称：AC）
http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
ファイル直リンです。アクセスしてファイルをデスクトップにでも保存しておいてください。
片付けるときは起動後に「uninstall」ボタンを押せば自動で削除されます。
使い方は下記サイト様に詳しい説明があるのでサンショウウオ↓
http://www.japan-secure.com/entry/adwcleaner.html

Malwarebytes' Anti-Malware（通称・MBAM）
本家サイト
http://www.malwarebytes.org/

ですが、MBAMは現在安定性や動作でかなり難が出ており、普通に使っても正常にスキャンができないバグまで多発中です。
そのため本家サイトから最新版のダウンロードせず、ここではあえて旧バージョンで作業します。

旧バージョンの説明サイト↓
http://www.japan-secure.com/entry/blog-entry-7.html

以下のURLからMBAMの旧バージョンをダウンロードしてください。
http://www.oldapps.com/malwarebytes.php?old_malwarebytes=12090?download
ファイル直リンです。保存しておいてください。

注）インストール時に日本語でインストールすると文字化けすることがあります。英語でインストール後に日本語化してください。
MBAM起動して「Settings」タブ→「Language」→「Japanese」で日本語化できます。

準備できたらMBAMをインストールとアップデートまでしておいてください。
ただし、ここではまだスキャンはしないように。
なお、ここでMBAMの更新で「プログラム」自体は更新せず、定義だけ更新しておいてください。
プログラム本体を更新すると、バグ多発中の最新版になってしまうので、せっかく旧バージョンでインストールした意味がなくなります。

続いてここで一度ACを起動してください。
起動するとまず定義の更新が行われるはずなので、更新だけしてから、それができたらACは一旦終了してください。
ここではスキャンもしなくていいです。

両ツールのアップデートができたらPCをセーフモードで再起動してから、ディスククリーンアップを使ってゴミファイルの掃除してください。

続いてPCをセーフモード起動してから、先に一度起動したACを再度起動してください。
起動したら今度は「スキャン」したあと、そのスキャン終了後に検出されたものがあったら「除去」を押してください。
表示された画面で「はい」を選択すると処置開始されます。

処置完了したらそこでPCを通常モードで再起動してください。

再起動後にACのあらたなログが出るので、それをデスクトップにでも保存しておいてください。
ですが、もし作業後にログが出ないorわからない場合はマイコンピュータのCドライブを開くとその直下に以下のような名前のファイルが作成されているので、それがACのログです。
>AdwCleaner[英数字].txt
同じような名前のログが複数ある時は、作成日時が作業処置時のファイルが対象のログです。

ACでの作業ができたら次はMBAMの作業です。
セーフモードのままMBAM起動してスキャンしてください。
MBAM起動したら「スキャナー」タブから「フルスキャン」です。
対象ドライブはCを含めて全ドライブを選択してください。
ですが、もし「フルスキャン」というボタンが表示されない場合はMBAMを最新版に更新してしまった可能性があるので、この時は「カスタムスキャン」を選択してください。
この操作が最新版MBAMでのフルスキャンにあたります。
スキャン対象は全ドライブを選択（チェック）してください。時間はかかりますができるだけ細かくスキャンするためです。
順番はどちらからでもいいですが、なにか検出されたらそれを選択して「remove」（隔離）したあと、再起動を促す表示が出たらそこで一度PCを再起動してください。
もし再起動表示が出ないときは手動で再起動してください。

またMBAMスキャン終了後、「詳細を表示」を押すとその結果が表示されるはずなので、そこで「ログを保存」を押すとそのログが保存可能になります。
そのログをデスクトップにでも保存しておいてください。
このログ確認が特に重要なので、忘れないようにお願いします。

このあとしばらくPC状態を様子見後、作業後に保存したACとMBAMのログを返信に貼り付けて、それを状態報告とともにレスで見せてください。

　いつもありがとうございます。早速報告させて頂きます。状態報告としては、前回右下と左下の広告が
出なくなったとお伝えしましたが、右下に広告がまた出るようになりました。ただし、ＭＢＡＭをかけて
からは、出なくなったようです。

　あと、ＭＰＣ　Ｃｌｅａｎｅｒがショートカットおよび右下のインジケーターおよびＩＥのホームペー
ジ設定より消えました。

　以下ご指示の通りログを張ります。

　（ＡＣログ）
# AdwCleaner v5.028 - ログファイルの作成日 12/01/2016 作成時間 00:13:17
# 更新日 04/01/2016 作成元 Xplode
# データベース : 2016-01-04.2 [サーバー]
# オペレーティングシステム : Windows 7 Home Premium Service Pack 1 (x86)
# ユーザー名 : taku nishiguchi - TAKUNISHIGUCHI
# 実行場所 : C:\Users\taku nishiguchi\Desktop\AdwCleaner.exe
# オプション : 削除
# サポート : http://toolslib.net/forum

***** [ サービス ] *****

[-] サービス 削除済み項目 : MPCProtectService
[-] サービス 削除済み項目 : tcfd_vt_1_10_0_21

***** [ フォルダ ] *****

[-] フォルダ 削除済み項目 : C:\Program Files\Conduit
[-] フォルダ 削除済み項目 : C:\Program Files\Tuneup Pro
[-] フォルダ 削除済み項目 : C:\Program Files\Solution Real
[-] フォルダ 削除済み項目 : C:\Program Files\foxtabvideoconverter
[-] フォルダ 削除済み項目 : C:\Program Files\WeatherTool
[#] フォルダ 削除済み項目 : C:\Program Files\MPC Cleaner
[!] フォルダ ノット 削除済み項目 : C:\Program Files\Solution Real
[-] フォルダ 削除済み項目 : C:\Program Files\mpck_en_004090200
[!] フォルダ ノット 削除済み項目 : C:\Program Files\mpck_en_004090200
[-] フォルダ 削除済み項目 : C:\ProgramData\Browse2Save
[-] フォルダ 削除済み項目 : C:\ProgramData\Conduit
[-] フォルダ 削除済み項目 : C:\ProgramData\Tarma Installer
[-] フォルダ 削除済み項目 : C:\ProgramData\Uniblue
[!] フォルダ ノット 削除済み項目 : C:\ProgramData\Browse2save
[-] フォルダ 削除済み項目 : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browse2Save
[-] フォルダ 削除済み項目 : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MOBILEPCSTARTERKIT
[!] フォルダ ノット 削除済み項目 : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browse2save
[-] フォルダ 削除済み項目 : C:\Users\Public\Documents\Guid
[-] フォルダ 削除済み項目 : C:\Users\Public\Documents\ShopperPro3
[-] フォルダ 削除済み項目 : C:\Users\taku nishiguchi\AppData\Local\SwvUpdater
[-] フォルダ 削除済み項目 : C:\Users\taku nishiguchi\AppData\Local\BrowserHelper
[-] フォルダ 削除済み項目 : C:\Users\taku nishiguchi\AppData\Local\mpck_en_004090200
[!] フォルダ ノット 削除済み項目 : C:\Users\taku nishiguchi\AppData\Local\mpck_en_004090200
[-] フォルダ 削除済み項目 : C:\Users\taku nishiguchi\AppData\Local\Installer\Install_163
[-] フォルダ 削除済み項目 : C:\Users\taku nishiguchi\AppData\Local\Installer\Install_16697
[-] フォルダ 削除済み項目 : C:\Users\taku nishiguchi\AppData\LocalLow\Browse2Save
[-] フォルダ 削除済み項目 : C:\Users\taku nishiguchi\AppData\LocalLow\Conduit
[-] フォルダ 削除済み項目 : C:\Users\taku nishiguchi\AppData\LocalLow\Delta
[-] フォルダ 削除済み項目 : C:\Users\taku nishiguchi\AppData\LocalLow\PriceGong
[!] フォルダ ノット 削除済み項目 : C:\Users\taku nishiguchi\AppData\LocalLow\Browse2save
[-] フォルダ 削除済み項目 : C:\Users\taku nishiguchi\AppData\Roaming\DealPly
[-] フォルダ 削除済み項目 : C:\Users\taku nishiguchi\AppData\Roaming\DSite
[-] フォルダ 削除済み項目 : C:\Users\taku nishiguchi\AppData\Roaming\Systweak
[-] フォルダ 削除済み項目 : C:\Users\taku nishiguchi\AppData\Roaming\RHEng
[-] フォルダ 削除済み項目 : C:\Windows\system32\config\systemprofile\AppData\Roaming\DealPly
[-] フォルダ 削除済み項目 : C:\Windows\system32\config\systemprofile\AppData\Roaming\WeatherTool
[-] フォルダ 削除済み項目 : C:\Windows\system32\config\systemprofile\AppData\Roaming\CalendarTool

***** [ ファイル ] *****

[-] ファイル 削除済み項目 : C:\Windows\system32\drivers\MPCBase.sys
[-] ファイル 削除済み項目 : C:\Windows\system32\drivers\MPCKpt.sys

***** [ DLLs ] *****


***** [ ショートカット ] *****


***** [ スケジュールタスク ] *****


***** [ レジストリ ] *****

[-] キー 削除済み項目 : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
[-] キー 削除済み項目 : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
[-] キー 削除済み項目 : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
[-] キー 削除済み項目 : HKLM\SOFTWARE\Classes\Conduit.Engine
[-] キー 削除済み項目 : HKLM\SOFTWARE\Classes\Prod.cap
[-] キー 削除済み項目 : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] キー 削除済み項目 : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] キー 削除済み項目 : HKLM\SOFTWARE\Classes\Toolbar.CT2794535
[-] キー 削除済み項目 : HKLM\SOFTWARE\Classes\Toolbar.CT3297269
[-] キー 削除済み項目 : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
[!] キー ノット 削除済み項目 : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
[-] キー 削除済み項目 : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] キー 削除済み項目 : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] キー 削除済み項目 : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
[-] キー 削除済み項目 : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] キー 削除済み項目 : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] キー 削除済み項目 : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
[-] 値 削除済み項目 : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] キー 削除済み項目 : HKCU\Software\Conduit
[-] キー 削除済み項目 : HKCU\Software\dsiteproducts
[-] キー 削除済み項目 : HKCU\Software\InstallCore
[-] キー 削除済み項目 : HKCU\Software\Softonic
[-] キー 削除済み項目 : HKCU\Software\Tune
[-] キー 削除済み項目 : HKCU\Software\Tutorials
[-] キー 削除済み項目 : HKCU\Software\TutoTag
[-] キー 削除済み項目 : HKCU\Software\PRODUCTSETUP
[-] キー 削除済み項目 : HKCU\Software\Reg\Clean
[-] キー 削除済み項目 : HKCU\Software\Microsoft\Tinstalls
[-] キー 削除済み項目 : HKCU\Software\ForumerIT
[-] キー 削除済み項目 : HKCU\Software\AppDataLow\Software\Conduit
[-] キー 削除済み項目 : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[-] キー 削除済み項目 : HKCU\Software\AppDataLow\Software\PriceGong
[-] キー 削除済み項目 : HKLM\SOFTWARE\Conduit
[-] キー 削除済み項目 : HKLM\SOFTWARE\InstallCore
[-] キー 削除済み項目 : HKLM\SOFTWARE\Tarma Installer
[-] キー 削除済み項目 : HKLM\SOFTWARE\Tune
[-] キー 削除済み項目 : HKLM\SOFTWARE\Tutorials
[-] キー 削除済み項目 : HKLM\SOFTWARE\Uniblue
[-] キー 削除済み項目 : HKLM\SOFTWARE\Reg\Clean
[-] キー 削除済み項目 : HKLM\SOFTWARE\MOBILEPCSTARTERKIT
[-] キー 削除済み項目 : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5384CED3-CA47-9EEE-7C05-82658867EC25}
[-] キー 削除済み項目 : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{79CC2ED7-2D37-49F2-91A8-82A8B1666FD3}
[-] キー 削除済み項目 : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] キー 削除済み項目 : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\freeradiocast.dl.tb.ask.com
[-] キー 削除済み項目 : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hao123.com
[-] キー 削除済み項目 : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\jp.hao123.com

***** [ Webブラウザ ] *****


*************************

:: "Tracing"キーは削除します
:: Winsock設定を初期化しました

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [8038 バイト] ##########

　（ＭＢＡＭログ）
<?xml version="1.0" encoding="UTF-16"?>

-<mbam-log>


-<header>

<date>2016/01/12 00:33:55 +0900</date>

<logfile>mbam-log-2016-01-12 (00-33-29).xml</logfile>

<isadmin>yes</isadmin>

</header>


-<engine>

<version>2.2.0.1024</version>

<malware-database>v2016.01.11.03</malware-database>

<rootkit-database>v2016.01.09.01</rootkit-database>

<license>free</license>

<file-protection>disabled</file-protection>

<web-protection>disabled</web-protection>

<self-protection>disabled</self-protection>

</engine>


-<system>

<hostname>TAKUNISHIGUCHI</hostname>

<ip>192.168.0.3</ip>

<osversion>Windows 7 Service Pack 1</osversion>

<arch>x86</arch>

<username>taku nishiguchi</username>

<filesys>NTFS</filesys>

</system>


-<summary>

<type>custom</type>

<result>completed</result>

<objects>548552</objects>

<time>6044</time>

<processes>0</processes>

<modules>0</modules>

<keys>7</keys>

<values>1</values>

<datas>0</datas>

<folders>1</folders>

<files>15</files>

<sectors>0</sectors>

</summary>


-<options>

<memory>enabled</memory>

<startup>enabled</startup>

<filesystem>enabled</filesystem>

<archives>enabled</archives>

<rootkits>disabled</rootkits>

<deeprootkit>disabled</deeprootkit>

<heuristics>enabled</heuristics>

<pup>enabled</pup>

<pum>enabled</pum>

</options>


-<items>


-<key>

<path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}</path>

<vendor>PUP.Optional.Babylon</vendor>

<action>success</action>

<hash>72ede6522e6b4aec84a6cf9f44be0af6</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\TermCoach_1.10.0.21</path>

<vendor>PUP.Optional.TermCoach</vendor>

<action>success</action>

<hash>a8b766d2badff83e081c9c3d13f09d63</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\SYSTWEAK\ssd</path>

<vendor>PUP.Optional.SystemSpeedup</vendor>

<action>success</action>

<hash>6bf4c177e0b9e74f73dd8b51a55d8b75</hash>

</key>


-<key>

<path>HKU\S-1-5-21-916220575-3393262939-3838177276-1001\SOFTWARE\APPDATALOW\SOFTWARE\Softonic_Japan</path>

<vendor>PUP.Optional.SofTonic</vendor>

<action>success</action>

<hash>95cafb3d5f3a12249da49a3acc3707f9</hash>

</key>


-<key>

<path>HKU\S-1-5-21-916220575-3393262939-3838177276-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje</path>

<vendor>PUP.Optional.DealPly</vendor>

<action>success</action>

<hash>adb2c6721a7fd85e6bf63778e221dd23</hash>

</key>


-<key>

<path>HKU\S-1-5-21-916220575-3393262939-3838177276-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\2DD51DAE_0</path>

<vendor>PUP.Optional.PCMechanic</vendor>

<action>success</action>

<hash>233c60d83861aa8c5d0a022245bfca36</hash>

</key>


-<key>

<path>HKU\S-1-5-21-916220575-3393262939-3838177276-1001\SOFTWARE\SYSTWEAK\ssd</path>

<vendor>PUP.Optional.SystemSpeedup</vendor>

<action>success</action>

<hash>f16e96a24a4f290dada2f4e8da28e41c</hash>

</key>


-<value>

<path>HKU\S-1-5-21-916220575-3393262939-3838177276-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\2dd51dae_0</path>

<valuename/>

<vendor>PUP.Optional.PCMechanic</vendor>

<action>success</action>

<valuedata>{0.0.0.00000000}.{c508ee26-57ae-4c16-bc96-f7cb11ecbaba}|\Device\HarddiskVolume2\Program Files\Uniblue\PC-Mechanic\pc-mechanic.exe%b{00000000-0000-0000-0000-000000000000}</valuedata>

<hash>233c60d83861aa8c5d0a022245bfca36</hash>

</value>


-<folder>

<path>C:\Users\taku nishiguchi\AppData\LocalLow\Softonic_Japan</path>

<vendor>PUP.Optional.SofTonic</vendor>

<action>success</action>

<hash>79e6ce6a138696a041d09325ed15d32d</hash>

</folder>


-<file>

<path>C:\Users\taku nishiguchi\AppData\Local\Setup Wizard\2e260ca0-98fe-4031-bd6f-2a6b62bb3b06\setup_mpck_en.exe</path>

<vendor>Adware.EoRezo</vendor>

<action>success</action>

<hash>83dc71c7900944f252659e2a936e738d</hash>

</file>


-<file>

<path>C:\Users\taku nishiguchi\Downloads\ZipOpenerSetup (1).exe</path>

<vendor>PUP.Optional.InstallCore</vendor>

<action>success</action>

<hash>035c81b7b5e435019bef05965da338c8</hash>

</file>


-<file>

<path>C:\Users\taku nishiguchi\Downloads\ZipOpenerSetup (2).exe</path>

<vendor>PUP.Optional.InstallCore</vendor>

<action>success</action>

<hash>fb649e9a950457df4446623918e86b95</hash>

</file>


-<file>

<path>C:\Users\taku nishiguchi\Downloads\ZipOpenerSetup (3).exe</path>

<vendor>PUP.Optional.InstallCore</vendor>

<action>success</action>

<hash>0956df596336cd694941e2b98080a15f</hash>

</file>


-<file>

<path>C:\Users\taku nishiguchi\Downloads\ZipOpenerSetup.exe</path>

<vendor>PUP.Optional.InstallCore</vendor>

<action>success</action>

<hash>e9762f09d3c6f3436d1d613a19e7d828</hash>

</file>


-<file>

<path>C:\AdwCleaner\Quarantine\C\Program Files\mpck_en_004090200\mobilepcstarterkit_widget.exe.vir</path>

<vendor>PUP.Optional.Tuto4PC</vendor>

<action>success</action>

<hash>95ca3afeb9e0d95d874add766e92a25e</hash>

</file>


-<file>

<path>C:\AdwCleaner\Quarantine\C\Program Files\mpck_en_004090200\mpck_en_004090200 - uninstall.exe.vir</path>

<vendor>PUP.Optional.Tuto4PC</vendor>

<action>success</action>

<hash>2e31a494badf2115e20ad6f94cb547b9</hash>

</file>


-<file>

<path>C:\AdwCleaner\Quarantine\C\Users\taku nishiguchi\AppData\Local\mpck_en_004090200\upmpck_en_004090200.exe.vir</path>

<vendor>Adware.EoRezo</vendor>

<action>success</action>

<hash>3e217fb9afea3600edf8229fa65b16ea</hash>

</file>


-<file>

<path>C:\AdwCleaner\Quarantine\C\Users\taku nishiguchi\AppData\Local\mpck_en_004090200\Download\majmp_gentlerow.exe.vir</path>

<vendor>PUP.Optional.Tuto4PC</vendor>

<action>success</action>

<hash>2a3535035445a98d1455287ceb1614ec</hash>

</file>


-<file>

<path>C:\AdwCleaner\Quarantine\C\Users\taku nishiguchi\AppData\Roaming\RHEng\5720035BDF7F45228B2F559BD49337FA\PCM_JP.exe.vir</path>

<vendor>PUP.Optional.PCMechanic</vendor>

<action>success</action>

<hash>6df2380082172115de6758ca02ff33cd</hash>

</file>


-<file>

<path>C:\AdwCleaner\Quarantine\C\Users\taku nishiguchi\AppData\Roaming\RHEng\6D5D6D155606494C95044C4201E979FE\pcm_jp_p1v7.exe.vir</path>

<vendor>PUP.Optional.PCMechanic</vendor>

<action>success</action>

<hash>015ee850c8d1fc3a0b3a42e09d64b54b</hash>

</file>


-<file>

<path>C:\AdwCleaner\Quarantine\C\Users\taku nishiguchi\AppData\Roaming\RHEng\88EBE81519E948F9A9F2CA5E99E907A5\PCM_JP_p1v5.exe.vir</path>

<vendor>PUP.Optional.PCMechanic</vendor>

<action>success</action>

<hash>c59a69cfcacf12248cb96fb3c8393ac6</hash>

</file>


-<file>

<path>C:\AdwCleaner\Quarantine\C\Users\taku nishiguchi\AppData\Roaming\RHEng\E225D05BFAE64AD6A5CA5A072EA52E08\PCM_JP_p1v5.exe.vir</path>

<vendor>PUP.Optional.PCMechanic</vendor>

<action>success</action>

<hash>0a557abe5049a78f1530ec36f809f808</hash>

</file>


-<file>

<path>C:\AdwCleaner\Quarantine\C\Users\taku nishiguchi\AppData\Roaming\RHEng\EA4D6B302CFD48459D9FDC2267C4EEE1\PCM_JP_p1v5.exe.vir</path>

<vendor>PUP.Optional.PCMechanic</vendor>

<action>success</action>

<hash>e27deb4d4f4a89adaf968b971ae706fa</hash>

</file>


-<file>

<path>C:\Program Files\JWord_pino\CnsMin.dll</path>

<vendor>Adware.CnsMin</vendor>

<action>success</action>

<hash>372859df2d6cda5c74a93b7848bcc838</hash>

</file>

</items>

</mbam-log>

　以上ご指南よろしくお願いします。

作業と報告、ご苦労様です。

>状態報告としては、前回右下と左下の広告が出なくなったとお伝えしましたが、
>右下に広告がまた出るようになりました。
>ただし、ＭＢＡＭをかけてからは、出なくなったようです。

それもそのはずですね。
ACとMBAMでかなり検出処置されてます。
全部処置もできているならそこはいいでしょう。

では今度は大詰めの解析にかかります。まだ隠れているモノもあるはずですし。

以下のツールを準備してください。
OTL(OldTimer Listit)
「Download」ボタンからDLしたら保存しておいてください。
http://oldtimer.geekstogo.com/OTL.exe
片付けるときは起動後に「Cleanup」ボタンを押せば自動で削除されます。

他のプログラムを起動しない状態でOTLを起動してください。
起動したら、ウィンドウの上の方にある「Scan All Users」にチェックを入れ、以下のコマンドを「Custom Scan/Fixes」にコピペしてください。

SHOWHIDDEN
%windir%\tasks\*.job
DRIVES
BASESERVICES
%SYSTEMDRIVE%\*.exe
ACTIVEX
CREATERESTOREPOINT

その後、左上の「Run Scan」を押すとスキャン開始されます。
スキャン開始後、PC環境にもよりますが数分ほどすると、「OTL.txt」と「Extras.txt」がOTL.exeと同じ場所に作成されるはずなので、この2つのファイルをデスクトップあたりに保存しておいてください。
なお、Extras.txtは出ないこともありますが、その場合はOTL.txtだけでもいいです。

このあとOTLログを丸ごと返信に貼り付けてレスで見せてください。
ただしOTLログはかなり長くなるため、一度に送信してもfc2の文字数制限で途切れます。
なのでログも適当なところで分割して、複数回に分けてレス送信してください。

OTLでスキャンしただけでは何も変化は起きません。
この結果を見て、検出されたものを次回以降の作業で処置することになるはずです

　いつもご対応ありがとうございます。早速ですがＯＴＬログとＥｘｔｒａｓログを
張りますので、ご指南のほどよろしくお願い申し上げます。

　（ＯＴＬログ）
OTL logfile created on: 2016/01/12 23:39:39 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\taku nishiguchi\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18124)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

2.99 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 62.91% Memory free
5.98 Gb Paging File | 4.49 Gb Available in Paging File | 75.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 786.07 Gb Free Space | 84.40% Space Free | Partition Type: NTFS

Computer Name: TAKUNISHIGUCHI | User Name: taku nishiguchi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2016/01/12 23:37:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\taku nishiguchi\Desktop\OTL.exe
PRC - [2016/01/10 23:30:43 | 002,255,792 | ---- | M] (Kingsoft Corporation) -- c:\Program Files\Kingsoft\kingsoft internet security 2015\kxetray.exe
PRC - [2016/01/10 23:24:29 | 000,267,632 | ---- | M] (Kingsoft Corporation) -- c:\Program Files\Kingsoft\kingsoft internet security 2015\kxescore.exe
PRC - [2015/12/09 10:53:02 | 002,771,576 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2015/12/09 10:52:59 | 001,872,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2015/12/09 10:52:58 | 020,032,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
PRC - [2015/12/09 10:52:58 | 006,443,128 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
PRC - [2015/12/09 10:52:58 | 005,119,096 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
PRC - [2015/12/09 06:53:17 | 000,443,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\GWX\GWX.exe
PRC - [2015/12/09 04:23:58 | 006,602,152 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2015/10/14 22:52:00 | 000,069,448 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe
PRC - [2015/10/12 09:28:44 | 001,433,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2015/10/12 09:28:42 | 001,773,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2015/06/16 22:33:36 | 000,413,304 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe
PRC - [2015/05/09 12:12:59 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2014/05/22 01:14:30 | 000,549,144 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
PRC - [2014/05/22 01:14:28 | 008,444,184 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
PRC - [2014/05/22 01:14:28 | 004,228,888 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
PRC - [2014/05/22 01:14:28 | 001,531,160 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
PRC - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012/11/23 11:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/09 08:15:50 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Wacom\WacomHost.exe
PRC - [2011/02/25 14:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/06/03 20:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 23:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2007/04/04 10:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2015/12/09 10:53:02 | 000,011,896 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
MOD - [2015/12/09 04:25:38 | 000,030,720 | ---- | M] () -- C:\Program Files\CCleaner\Lang\lang-1041.dll
MOD - [2014/05/22 01:14:30 | 001,019,672 | ---- | M] () -- C:\Program Files\Tablet\Wacom\libxml2.dll
MOD - [2009/06/03 20:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 20:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- C:\Program Files\MPC Cleaner\MPCProtectService.exe -- (MPCProtectService)
SRV - [2016/01/10 23:24:29 | 000,267,632 | ---- | M] (Kingsoft Corporation) [Auto | Running] -- c:\program files\kingsoft\kingsoft internet security 2015\kxescore.exe -- (kxescore)
SRV - [2016/01/09 10:13:54 | 002,786,816 | ---- | M] (TODO: ) [Auto | Stopped] -- C:\ProgramData\Windows Update\upgsvr.exe -- (GoogleChromeUpServlce)
SRV - [2016/01/08 00:51:03 | 002,786,816 | ---- | M] (TODO: ) [Auto | Stopped] -- C:\ProgramData\Windows Update\svrupg.exe -- (GoogleChromeUpSvc)
SRV - [2016/01/03 02:37:12 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/12/16 23:55:23 | 000,417,400 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2015/12/09 10:52:59 | 001,872,504 | ---- | M] (NVIDIA Corporation) [On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2015/12/09 10:52:58 | 006,443,128 | ---- | M] (NVIDIA Corporation) [On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe -- (NvStreamNetworkSvc)
SRV - [2015/12/09 10:52:58 | 005,119,096 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe -- (NvStreamSvc)
SRV - [2015/12/09 10:52:58 | 000,922,744 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV - [2015/11/10 09:03:07 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2015/10/28 18:49:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/10/14 22:52:00 | 000,069,448 | ---- | M] (Google Inc.) [Auto | Running] -- C:\Program Files\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe -- (chromoting)
SRV - [2015/10/12 09:28:44 | 001,433,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2015/10/12 09:28:42 | 001,773,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2015/07/23 02:53:34 | 000,937,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\diagtrack.dll -- (DiagTrack)
SRV - [2015/07/21 20:23:32 | 000,831,096 | ---- | M] (BlueStack Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\BlueStacks\HD-UpdaterService.exe -- (BstHdUpdaterSvc)
SRV - [2015/07/09 12:14:04 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2015/06/16 22:33:36 | 000,413,304 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2015/06/16 22:33:14 | 000,433,784 | ---- | M] (BlueStack Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2014/05/22 01:14:30 | 000,549,144 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\WTabletServicePro.exe -- (WTabletServicePro)
SRV - [2013/09/26 12:07:40 | 000,131,608 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeService2.exe -- (SonicStage Back-End Service2)
SRV - [2013/09/20 00:48:34 | 000,167,208 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\OpenMG\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2013/05/27 13:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/09/15 20:48:53 | 000,678,416 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\xsherlock.xem -- (xsherlock)
SRV - [2010/03/12 01:01:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 10:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\xhunter1.sys -- (xhunter1)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva410.sys -- (XDva410)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva401.sys -- (XDva401)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva365.sys -- (XDva365)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva351.sys -- (XDva351)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva347.sys -- (XDva347)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\vtany.sys -- (vtany)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\npkakl.sys -- (npkakl)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\CDriver.sys -- (MSICDSetup)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2016/01/10 23:24:34 | 000,222,544 | ---- | M] (Kingsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\kisknl.sys -- (kisknl)
DRV - [2016/01/10 23:24:34 | 000,140,088 | ---- | M] (Kingsoft Corporation) [Kernel | System | Running] -- c:\Program Files\Kingsoft\kingsoft internet security 2015\security\kxescan\kdhacker.sys -- (KDHacker)
DRV - [2016/01/10 23:24:34 | 000,113,464 | ---- | M] (Kingsoft Corporation) [Kernel | System | Running] -- c:\Program Files\Kingsoft\kingsoft internet security 2015\security\ksnetm\kisnetm.sys -- (kisnetm)
DRV - [2016/01/10 23:24:34 | 000,080,744 | ---- | M] (Kingsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ksapi.sys -- (ksapi)
DRV - [2016/01/10 23:24:34 | 000,028,520 | ---- | M] (Kingsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kavbootc.sys -- (KAVBootC)
DRV - [2016/01/09 01:48:58 | 000,019,984 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\EsgScanner.sys -- (EsgScanner)
DRV - [2016/01/08 00:40:10 | 000,048,872 | ---- | M] (DotCash) [File_System | System | Running] -- C:\Windows\System32\drivers\MPCKpt.sys -- (MPCKpt)
DRV - [2016/01/08 00:40:10 | 000,028,648 | ---- | M] (DotCash) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\MPCBase.sys -- (MPCBase)
DRV - [2015/12/17 02:04:32 | 010,493,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2015/12/17 02:04:32 | 000,170,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2015/12/09 10:52:58 | 000,018,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV - [2015/08/11 13:55:08 | 000,044,840 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvvad32v.sys -- (nvvad_WaveExtensible)
DRV - [2015/06/16 22:33:22 | 000,131,704 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys -- (BstHdDrv)
DRV - [2014/03/18 01:13:36 | 000,080,696 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wachidrouter.sys -- (WacHidRouter)
DRV - [2014/03/18 01:13:36 | 000,013,112 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV - [2014/03/18 01:13:36 | 000,012,088 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf)
DRV - [2013/12/31 18:22:18 | 000,014,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\apf005.sys -- (apf005)
DRV - [2013/10/02 09:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013/07/26 21:23:52 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/01/25 17:44:26 | 000,027,496 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VirtualAudio5.sys -- (WsAudio_Device(5)
DRV - [2013/01/25 17:44:26 | 000,027,496 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VirtualAudio4.sys -- (WsAudio_Device(4)
DRV - [2013/01/25 17:44:26 | 000,027,496 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VirtualAudio3.sys -- (WsAudio_Device(3)
DRV - [2013/01/25 17:44:26 | 000,027,496 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VirtualAudio2.sys -- (WsAudio_Device(2)
DRV - [2013/01/25 17:44:26 | 000,027,496 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VirtualAudio1.sys -- (WsAudio_Device(1)
DRV - [2012/08/23 23:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/07/04 13:47:00 | 000,073,728 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetndis.sys -- (andnetndis)
DRV - [2012/07/03 11:56:00 | 000,025,856 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetadb.sys -- (andnetadb)
DRV - [2012/07/03 11:43:00 | 000,027,776 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetmodem.sys -- (ANDNetModem)
DRV - [2012/07/03 11:43:00 | 000,023,040 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetdiag2.sys -- (AndNetDiag2)
DRV - [2012/07/03 11:43:00 | 000,023,040 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetdiag.sys -- (AndNetDiag)
DRV - [2011/12/14 01:00:08 | 000,010,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\apf001.sys -- (apf001)
DRV - [2011/05/18 08:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/11/20 18:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/10/26 23:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/07/14 08:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2001/11/27 11:29:52 | 000,966,784 | ---- | M] (YAMAHA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sxgxgwdm.sys -- (SOFTXG)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.jword.jp/jwd_sb_srchcust.htm?ielang={SUB_RFC1766}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,OCustomizeSearch = http://search.jword.jp/jwd_sb_srchcust.htm?ielang={SUB_RFC1766}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,OSearchAssistant = http://search.jword.jp/jwd_sb_srchasst.htm?ielang={SUB_RFC1766}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.jword.jp/jwd_sb_srchasst.htm?ielang={SUB_RFC1766}
IE - HKLM\..\SearchScopes,DefaultScope = {0644EE93-D778-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{36668FFD-7809-43FB-A609-999C5A7AB5FE}: "URL" = http://search.foxtab.com/?q={searchTerms}&s=1&chnl=irn&cd=2XzutCtN2Y1L1QzuyEtDyCtCzzyCtB0C0EtAyB0FtN0C0Czu0J0PtN0D0TzutBtDtCtCtDtBtByE&cr=1488083865
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-916220575-3393262939-3838177276-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am
IE - HKU\S-1-5-21-916220575-3393262939-3838177276-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKU\S-1-5-21-916220575-3393262939-3838177276-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-916220575-3393262939-3838177276-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-916220575-3393262939-3838177276-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.jp/?gfe_rd=cr&ei=p06SVtbqPOqN8QeF8qeABA
IE - HKU\S-1-5-21-916220575-3393262939-3838177276-1001\..\SearchScopes,DefaultScope = {0644EE93-D778-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-916220575-3393262939-3838177276-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-916220575-3393262939-3838177276-1001\..\SearchScopes\{0644EE93-D778-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.mpc.am?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968
IE - HKU\S-1-5-21-916220575-3393262939-3838177276-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-916220575-3393262939-3838177276-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-916220575-3393262939-3838177276-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-916220575-3393262939-3838177276-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 184.73.188.73:80


[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@gamechu.jp/gamechusupport-4: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre1.8.0_60\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.co.jp/NxGame: C:\ProgramData\NexonJP\NGM\npNxGameJP.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\pmang.jp/pmangdiagnostic-1: C:\GameOn\Common files\nppmangdiagnostic.dll File not found
FF - HKLM\Software\MozillaPlugins\pmang.jp/pmangsupport-1: C:\GameOn\Common files\nppmangsupport.dll File not found
FF - HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)


[2013/06/14 23:42:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2016/01/09 22:32:48 | 000,450,774 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15471 more lines...
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-916220575-3393262939-3838177276-1001\..\Toolbar\WebBrowser: (no name) - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No CLSID value found.
O3 - HKU\S-1-5-21-916220575-3393262939-3838177276-1001\..\Toolbar\WebBrowser: (no name) - {AEF44653-C059-42CB-A5B7-41C640DA4A67} - No CLSID value found.
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [kssetup] C:\Program Files\Kingsoft\Kssetup\starthome.exe (www.kingsoft.jp)
O4 - HKLM..\Run: [kxesc] c:\program files\kingsoft\kingsoft internet security 2015\kxetray.exe (Kingsoft Corporation)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ShadowPlay] C:\Windows\System32\nvspcap.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-916220575-3393262939-3838177276-1001..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-916220575-3393262939-3838177276-1001..\Run: [taskhost] C:\ProgramData\WindowsMsg\E65602AFF61208B55B30B58739BDA171.dll ()
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer File not found
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer File not found
O4 - HKU\.DEFAULT..\RunOnce: [Del16514531] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [Del25027895] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [Del8498684] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [KAV7NEEDREBOOT] File not found
O4 - HKU\.DEFAULT..\RunOnce: [KISINSTALL] File not found
O4 - HKU\S-1-5-18..\RunOnce: [Del16514531] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [Del25027895] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [Del8498684] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [KAV7NEEDREBOOT] File not found
O4 - HKU\S-1-5-18..\RunOnce: [KISINSTALL] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-916220575-3393262939-3838177276-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutorun = 181
O7 - HKU\S-1-5-21-916220575-3393262939-3838177276-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9 - Extra Button: starthome - {06926B30-424E-4f1c-8EE3-543CD96573DF} - C:\Program Files\Kingsoft\Kssetup\starthome.exe (www.kingsoft.jp)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0172828C-CB7D-4C10-AF96-0ED9B52DCFDC} http://update.g2gcdn.com/g2g/g2gdownloader/GameOnG2G.cab (GameOnG2GCtrl Class)
O16 - DPF: {134DD8EF-7716-4538-A430-EFEB7517E6E7} http://icarus.gamecom.jp/Common/cab/WebLauncher.cab (WebLauncher Control)
O16 - DPF: {145C073F-9098-41CA-81E1-295D17CDFD55} https://ta-online.jp/weblauncher/common/CnCGameLauncher.cab (TTS Launcher Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {31EE92CA-C0F5-48F7-AE60-B54CDF3BB76C} http://202.95.222.164/player/AcqVPlayerX_2_0_3_9.cab (AcqVPlayer Control)
O16 - DPF: {416A7570-8626-4935-B4AC-F7712B909FFE} http://210.136.222.73/kamuse/kcsjpdownload/activex/KCSActiveXJPv3_1002.cab (KCSActiveXJPv3Ctrl Class)
O16 - DPF: {5082D9B5-5538-4C50-BDB1-C5F44BFB98CC} http://down.hangame.co.jp/jp/installer/HgRunPub.cab (HgRunPub Class)
O16 - DPF: {5EBC1E61-6BD1-4FBC-AB60-744144EA615D} http://karos.oge.jp/html/cab/ver4/AtlAX.cab (AtlAXCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivX Web Player Object)
O16 - DPF: {6FC19219-C47E-4880-9A70-D218A1C374F9} http://www.sdgundamcfo.jp/common/CJIJTransX.cab (CJIJTransX Control)
O16 - DPF: {7216BF69-1FB3-438C-9A51-9DA82B676BC0} http://stonline.arario.jp/activeX/AraGameStarterW6.cab (ArarioGameStarter6 Class)
O16 - DPF: {785287DD-2A28-4558-BC5C-4F8D1350631D} https://sys.ixion-saga.jp/auth/login/pannel/CapcomLoader32.cab (CapcomLoaderObject Class)
O16 - DPF: {865C98C4-E909-44DF-B2A1-C659E6C2AF47} http://dragonsprophet.aeriagames.jp/files/cab/DP_GameStarter.cab (DragonsProphetGameStarter Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8C2E6E01-D1F6-4A94-B314-7C5DF4EE1853} http://down.hangame.co.jp/jp/dist/hgstart/HGReport.cab (SpecAnalyzer Class)
O16 - DPF: {9BEEA7FF-FF76-403C-B124-86D9835435F0} https://file.gamechu.net/dl/download/sessionctrl.cab (GameChu Login Control)
O16 - DPF: {A1A81C4D-C5FB-40C7-98F0-308516A67693} http://ge.hanbitstation.jp/launcher/HUELauncher.cab (HLauncher Control)
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} http://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher.cab_1.0.1.8 (NeffyLauncherCtl Class)
O16 - DPF: {B0B7F252-5B1D-4F56-9172-29AD9F62537E} http://tartaros.gamescampus.co.jp/activex/GamesCampus.cab (GamesCampus Control)
O16 - DPF: {BBA1ABFD-C9A1-41E8-959A-161F17E145D4} http://update.g2gcdn.com/g2g/g2gdownloader/G2GDownloader.cab (G2GDownloaderCtrl Class)
O16 - DPF: {C299BD0C-F41B-4A8B-8D05-964A141D8C28} https://grandfantasia.aeriagames.jp/files/gf/GrandFantasia.cab (GameStarter Control)
O16 - DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} https://gash.gamania.co.jp/acxauth/cab/2.0.1/lcjggame.cab (Game Starter Control)
O16 - DPF: {CAFEEFAC-0018-0000-0060-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab (Java Plug-in 1.8.0_60)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab (Java Plug-in 1.8.0_60)
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} https://nprotect.gameon.co.jp/keycrypt_20101021/npkcx_10021.cab (Reg Error: Key error.)
O16 - DPF: {E2729F99-A050-4F4D-AE9F-7492C5532F49} http://down.hangame.co.jp/jp/dist/hgtagent2/hgtagent2.cab (HgTAgent2 Extension Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E4FC78EE-7DB9-444B-AF43-DB5F48E29D60} http://plugins.mk-style.com/ccmedia_launcher_vov.cab (ccmedia_launcher Control)
O16 - DPF: {F2A8D14C-33BE-4E6E-B4B3-67F4062428A9} http://update.g2gcdn.com/g2g/g2gdownloader/G2GDownloader2.cab (G2GDownloader2Ctrl Class)
O16 - DPF: {F4C75105-84BB-414D-AE37-4F0EEEEDE881} https://genshin.x-legend.co.jp/X-LegendGameStarter.cab (X-Legend GameStarter Control)
O16 - DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} http://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab (PubPlugin Class)
O16 - DPF: {FFF7D8B7-A5EA-4270-8F68-140CE3F8F117} http://support.eonet.jp/download/eo_tool/dldata/kantan_tool/32/eomcfgax.cab (ｅｏかんたんメール設定ツール)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 59.190.147.17 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FFBDE0E-7B4C-454A-B3C7-00F917C7CA41}: DhcpNameServer = 59.190.147.17 192.168.0.1
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 06:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{04ac323c-5e18-11e2-8cf9-4061862ce37f}\Shell - "" = AutoRun
O33 - MountPoints2\{04ac323c-5e18-11e2-8cf9-4061862ce37f}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{91550ef1-38dd-11e4-87a0-4061862ce37f}\Shell - "" = AutoRun
O33 - MountPoints2\{91550ef1-38dd-11e4-87a0-4061862ce37f}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O33 - MountPoints2\{b15ea447-c5b2-11e2-87f1-4061862ce37f}\Shell - "" = AutoRun
O33 - MountPoints2\{b15ea447-c5b2-11e2-87f1-4061862ce37f}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{c8d777ae-4196-11e2-bf7d-4061862ce37f}\Shell - "" = AutoRun
O33 - MountPoints2\{c8d777ae-4196-11e2-bf7d-4061862ce37f}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O33 - MountPoints2\{c8d778de-4196-11e2-bf7d-4061862ce37f}\Shell - "" = AutoRun
O33 - MountPoints2\{c8d778de-4196-11e2-bf7d-4061862ce37f}\Shell\AutoRun\command - "" = HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{c8d77910-4196-11e2-bf7d-4061862ce37f}\Shell - "" = AutoRun
O33 - MountPoints2\{c8d77910-4196-11e2-bf7d-4061862ce37f}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SBBD.exe /d \Device\HarddiskVolume2\Program Files\Ad-Aware Antivirus\Definitions)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {23A20C3C-2ADD-4A80-AFB4-C146F8847D79} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3911CF56-9EF2-39BA-846A-C27BD3CD0685} - .NET Framework
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4903D172-DCCB-392F-93A3-34CA9D47FE3D} - .NET Framework
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {66C64F22-FC60-4E6C-A6B5-F0D580E680CE} - C:\Windows\System32\ie4uinit.exe -EnableTLS
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7D715857-A67C-4C2F-A929-038448584D63} - C:\Windows\System32\ie4uinit.exe -DisableSSL3
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A1A81C4D-C5FB-40c7-98F0-308516A67693} - HUELauncher1_1_0_3
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

　（ＯＴＬログ続き）
CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2016/01/12 23:37:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\taku nishiguchi\Desktop\OTL.exe
[2016/01/11 23:38:30 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2016/01/11 23:23:42 | 000,170,200 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2016/01/11 23:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2016/01/11 23:23:18 | 000,094,936 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2016/01/11 23:23:18 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2016/01/11 23:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2016/01/11 23:18:28 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\AppData\Roaming\Malwarebytes
[2016/01/11 23:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2016/01/11 23:18:18 | 000,023,256 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbam.sys
[2016/01/11 10:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
[2016/01/10 23:24:34 | 000,224,592 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisknl64.sys
[2016/01/10 23:24:34 | 000,222,544 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisknl_del.sys
[2016/01/10 23:24:34 | 000,222,544 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisknl.sys
[2016/01/10 23:24:34 | 000,180,024 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kdhacker64.sys
[2016/01/10 23:24:34 | 000,140,088 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kdhacker.sys
[2016/01/10 23:24:34 | 000,115,000 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisnetmxp.sys
[2016/01/10 23:24:34 | 000,113,464 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisnetm.sys
[2016/01/10 23:24:34 | 000,109,880 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisnetm64.sys
[2016/01/10 23:24:34 | 000,080,744 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\ksapi.sys
[2016/01/10 23:24:34 | 000,056,680 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\ksapi64.sys
[2016/01/10 23:24:34 | 000,037,736 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\bootsafe64.sys
[2016/01/10 23:24:34 | 000,031,848 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kavbootc64.sys
[2016/01/10 23:24:34 | 000,028,520 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kavbootc.sys
[2016/01/10 23:24:34 | 000,026,472 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\bootsafe.sys
[2016/01/10 23:24:34 | 000,024,472 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\bc.sys
[2016/01/10 23:24:34 | 000,019,352 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\ksskrpr.sys
[2016/01/10 23:24:34 | 000,018,296 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kusbquery64.sys
[2016/01/10 23:24:34 | 000,014,200 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kusbquery.sys
[2016/01/10 23:02:45 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\Desktop\HJT
[2016/01/10 16:01:46 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\Desktop\backups
[2016/01/10 15:29:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2016/01/10 15:26:28 | 006,340,384 | ---- | C] (Geek Uninstaller) -- C:\Users\taku nishiguchi\Desktop\geek.exe
[2016/01/10 09:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2016/01/10 09:33:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2016/01/09 22:41:24 | 000,000,000 | ---D | C] -- C:\KVRT_Data
[2016/01/09 01:49:11 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\Start Menu
[2016/01/09 01:22:58 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\AppData\Roaming\Geek Uninstaller
[2016/01/08 16:39:10 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MPC AdCleaner
[2016/01/08 16:23:29 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\AppData\Local\{7F568093-1816-4CE4-A990-1CAC949AF54A}
[2016/01/08 00:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsMsg
[2016/01/08 00:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\osTip
[2016/01/08 00:51:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Update
[2016/01/08 00:48:53 | 001,114,160 | ---- | C] (Baidu.com) -- C:\Users\taku nishiguchi\AppData\Roaming\hao123inst-Japan_cdit_pay_hp_03_hao123_jp.exe
[2016/01/08 00:48:25 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\AppData\Roaming\LightGate
[2016/01/08 00:43:46 | 000,048,872 | ---- | C] (DotCash) -- C:\Windows\System32\drivers\MPCKpt.sys
[2016/01/08 00:40:53 | 000,028,648 | ---- | C] (DotCash) -- C:\Windows\System32\drivers\MPCBase.sys
[2016/01/08 00:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\MPC Cleaner
[2016/01/08 00:39:19 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\AppData\Local\Installer
[2016/01/08 00:39:18 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\AppData\Local\Setup Wizard
[2016/01/05 19:52:26 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\AppData\Local\{D701BD39-1E49-44A7-901D-ECE85711B5A7}
[2016/01/01 18:06:18 | 000,796,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2016/01/01 18:06:18 | 000,142,528 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2015/12/31 15:29:30 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\AppData\Local\CrashDumps
[2015/12/30 18:48:26 | 000,103,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvStreaming.exe
[2015/12/30 18:47:36 | 000,075,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nv3dappshextr.dll
[2015/12/30 18:47:35 | 000,429,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nv3dappshext.dll
[2015/12/30 18:45:08 | 000,170,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2015/12/30 18:45:08 | 000,035,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll
[2015/12/30 18:45:07 | 024,895,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2015/12/30 18:45:07 | 017,157,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2015/12/30 18:45:07 | 010,493,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2015/12/30 18:45:07 | 002,755,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2015/12/30 18:45:07 | 001,060,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3236143.dll
[2015/12/30 18:45:07 | 000,917,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3236143.dll
[2015/12/30 18:45:07 | 000,734,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll
[2015/12/30 18:45:07 | 000,681,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll
[2015/12/30 18:45:07 | 000,423,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvEncodeAPI.dll
[2015/12/30 18:45:07 | 000,388,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvumdshim.dll
[2015/12/30 18:45:07 | 000,370,808 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvIFROpenGL.dll
[2015/12/30 18:45:07 | 000,153,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll
[2015/12/30 18:45:07 | 000,128,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglshim32.dll
[2015/12/28 20:25:05 | 000,000,000 | ---D | C] -- C:\Program Files\はがきデザインキット
[2015/12/28 18:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2015/12/28 18:18:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2015/12/17 21:18:37 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\AppData\Local\{48920041-5E4A-4A2B-8C24-ECAE53BEBB40}
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2016/01/12 23:41:56 | 000,022,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016/01/12 23:41:56 | 000,022,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016/01/12 23:37:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\taku nishiguchi\Desktop\OTL.exe
[2016/01/12 23:37:00 | 000,000,626 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/01/12 23:19:38 | 000,000,094 | ---- | M] () -- C:\Windows\System32\cookies
[2016/01/12 23:19:36 | 000,000,674 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/01/12 23:19:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/01/12 23:19:21 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys
[2016/01/12 02:32:52 | 000,170,200 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2016/01/11 23:23:21 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/01/11 23:12:33 | 001,749,504 | ---- | M] () -- C:\Users\taku nishiguchi\Desktop\AdwCleaner.exe
[2016/01/11 23:05:00 | 000,000,678 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016/01/11 14:20:23 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\不要ファイル.lnk
[2016/01/11 10:50:07 | 000,001,687 | ---- | M] () -- C:\Users\Public\Desktop\MPC Cleaner.lnk
[2016/01/10 23:43:49 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2016/01/10 23:24:34 | 000,224,592 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisknl64.sys
[2016/01/10 23:24:34 | 000,222,544 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisknl_del.sys
[2016/01/10 23:24:34 | 000,222,544 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisknl.sys
[2016/01/10 23:24:34 | 000,180,024 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kdhacker64.sys
[2016/01/10 23:24:34 | 000,140,088 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kdhacker.sys
[2016/01/10 23:24:34 | 000,115,000 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisnetmxp.sys
[2016/01/10 23:24:34 | 000,113,464 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisnetm.sys
[2016/01/10 23:24:34 | 000,109,880 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisnetm64.sys
[2016/01/10 23:24:34 | 000,080,744 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\ksapi.sys
[2016/01/10 23:24:34 | 000,056,680 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\ksapi64.sys
[2016/01/10 23:24:34 | 000,037,736 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\bootsafe64.sys
[2016/01/10 23:24:34 | 000,031,848 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kavbootc64.sys
[2016/01/10 23:24:34 | 000,028,520 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kavbootc.sys
[2016/01/10 23:24:34 | 000,026,472 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\bootsafe.sys
[2016/01/10 23:24:34 | 000,024,472 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\bc.sys
[2016/01/10 23:24:34 | 000,019,352 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\ksskrpr.sys
[2016/01/10 23:24:34 | 000,018,296 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kusbquery64.sys
[2016/01/10 23:24:34 | 000,014,200 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kusbquery.sys
[2016/01/10 23:19:58 | 000,000,000 | ---- | M] () -- C:\Windows\1
[2016/01/10 09:33:24 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2016/01/09 22:32:48 | 000,450,774 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2016/01/09 22:00:20 | 000,004,782 | ---- | M] () -- C:\Users\taku nishiguchi\AppData\Roaming\webad.xml
[2016/01/09 01:48:58 | 000,019,984 | ---- | M] () -- C:\Windows\System32\drivers\EsgScanner.sys
[2016/01/09 00:06:01 | 001,736,192 | ---- | M] () -- C:\ProgramData\upgsvr.exe
[2016/01/08 16:38:58 | 000,002,157 | ---- | M] () -- C:\user.js
[2016/01/08 16:22:57 | 000,000,000 | ---- | M] () -- C:\Users\taku nishiguchi\AppData\Roaming\svrupg.exe
[2016/01/08 02:34:23 | 002,417,664 | ---- | M] () -- C:\ProgramData\msdtc.exe
[2016/01/08 00:49:16 | 000,004,782 | ---- | M] () -- C:\ProgramData\webad.xml
[2016/01/08 00:40:38 | 000,631,808 | ---- | M] () -- C:\Windows\rbc.dat
[2016/01/08 00:40:10 | 000,048,872 | ---- | M] (DotCash) -- C:\Windows\System32\drivers\MPCKpt.sys
[2016/01/08 00:40:10 | 000,028,648 | ---- | M] (DotCash) -- C:\Windows\System32\drivers\MPCBase.sys
[2016/01/07 18:26:59 | 001,737,216 | ---- | M] () -- C:\Users\taku nishiguchi\AppData\Roaming\upgsvr.exe
[2016/01/03 02:37:09 | 000,796,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2016/01/03 02:37:09 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2015/12/28 20:24:05 | 005,670,002 | ---- | M] () -- C:\Users\taku nishiguchi\Documents\design_kit.air
[2015/12/17 02:04:32 | 037,608,752 | ---- | M] () -- C:\Windows\System32\nvcompiler.dll
[2015/12/17 02:04:32 | 024,895,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2015/12/17 02:04:32 | 017,561,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2015/12/17 02:04:32 | 017,157,160 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2015/12/17 02:04:32 | 016,286,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2015/12/17 02:04:32 | 014,005,408 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2015/12/17 02:04:32 | 010,493,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2015/12/17 02:04:32 | 003,211,760 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2015/12/17 02:04:32 | 002,755,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2015/12/17 02:04:32 | 001,060,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3236143.dll
[2015/12/17 02:04:32 | 000,926,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvhdagenco3220103.dll
[2015/12/17 02:04:32 | 000,917,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3236143.dll
[2015/12/17 02:04:32 | 000,734,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll
[2015/12/17 02:04:32 | 000,681,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll
[2015/12/17 02:04:32 | 000,423,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvEncodeAPI.dll
[2015/12/17 02:04:32 | 000,388,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvumdshim.dll
[2015/12/17 02:04:32 | 000,370,808 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NvIFROpenGL.dll
[2015/12/17 02:04:32 | 000,194,680 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2015/12/17 02:04:32 | 000,170,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2015/12/17 02:04:32 | 000,153,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll
[2015/12/17 02:04:32 | 000,128,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglshim32.dll
[2015/12/17 02:04:32 | 000,035,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll
[2015/12/17 02:04:32 | 000,029,787 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2015/12/16 23:55:24 | 000,103,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvStreaming.exe
[2015/12/16 23:49:10 | 003,939,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2015/12/16 23:49:10 | 002,582,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2015/12/16 23:49:09 | 002,554,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2015/12/16 23:49:09 | 000,375,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2015/12/16 23:49:09 | 000,061,744 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2015/12/16 23:49:08 | 000,429,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nv3dappshext.dll
[2015/12/16 23:49:08 | 000,075,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nv3dappshextr.dll
[2015/12/16 23:49:04 | 006,090,019 | ---- | M] () -- C:\Windows\System32\nvcoproc.bin
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2016/01/11 23:18:19 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/01/11 23:12:33 | 001,749,504 | ---- | C] () -- C:\Users\taku nishiguchi\Desktop\AdwCleaner.exe
[2016/01/11 14:20:23 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\不要ファイル.lnk
[2016/01/10 23:19:58 | 000,000,000 | ---- | C] () -- C:\Windows\1
[2016/01/10 15:01:02 | 001,736,192 | ---- | C] () -- C:\ProgramData\upgsvr.exe
[2016/01/10 09:33:24 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2016/01/09 22:55:41 | 000,001,687 | ---- | C] () -- C:\Users\Public\Desktop\MPC Cleaner.lnk
[2016/01/09 01:48:58 | 000,019,984 | ---- | C] () -- C:\Windows\System32\drivers\EsgScanner.sys
[2016/01/08 16:10:23 | 000,000,000 | ---- | C] () -- C:\Users\taku nishiguchi\AppData\Roaming\svrupg.exe
[2016/01/08 00:51:21 | 000,004,782 | ---- | C] () -- C:\Users\taku nishiguchi\AppData\Roaming\webad.xml
[2016/01/08 00:49:54 | 000,600,312 | ---- | C] () -- C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
[2016/01/08 00:49:26 | 001,081,344 | ---- | C] () -- C:\ProgramData\LightGate.exe
[2016/01/08 00:49:16 | 000,004,782 | ---- | C] () -- C:\ProgramData\webad.xml
[2016/01/08 00:49:14 | 002,417,664 | ---- | C] () -- C:\ProgramData\msdtc.exe
[2016/01/08 00:49:11 | 000,590,424 | ---- | C] () -- C:\Users\taku nishiguchi\AppData\Roaming\toolmini_jp[2015-12-08.17.00].exe
[2016/01/08 00:48:22 | 001,081,344 | ---- | C] () -- C:\Users\taku nishiguchi\AppData\Roaming\LightGate.exe
[2016/01/08 00:48:22 | 000,000,094 | ---- | C] () -- C:\Windows\System32\cookies
[2016/01/08 00:48:14 | 001,737,216 | ---- | C] () -- C:\Users\taku nishiguchi\AppData\Roaming\upgsvr.exe
[2016/01/08 00:40:32 | 000,631,808 | ---- | C] () -- C:\Windows\rbc.dat
[2016/01/02 00:07:11 | 000,000,626 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/12/30 18:45:07 | 037,608,752 | ---- | C] () -- C:\Windows\System32\nvcompiler.dll
[2015/12/30 18:34:01 | 000,091,384 | ---- | C] () -- C:\Windows\System32\NvRtmpStreamer32.dll
[2015/12/28 20:24:11 | 005,670,002 | ---- | C] () -- C:\Users\taku nishiguchi\Documents\design_kit.air
[2015/11/10 21:24:50 | 000,601,632 | ---- | C] () -- C:\Windows\System32\MdpThumb32.dll
[2015/01/27 22:35:32 | 000,151,612 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/02/18 13:57:11 | 000,007,598 | ---- | C] () -- C:\Users\taku nishiguchi\AppData\Local\Resmon.ResmonCfg
[2011/09/18 15:31:32 | 000,000,054 | ---- | C] () -- C:\Users\taku nishiguchi\AppData\Roaming\sg2.xml
[2009/11/12 15:49:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 13:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/08/07 02:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 10:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== Custom Scans ==========[/color]
[2016/01/10 22:57:20 | 000,000,000 | RH-D | M] -- C:\KRECYCLE
[2012/07/22 12:43:46 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012/10/20 23:26:03 | 000,000,000 | -H-D | M] -- C:\SafeRecycle
[2011/11/05 13:32:45 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2015/01/18 14:46:44 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/09/17 12:12:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Temp
[2011/11/05 13:32:45 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ\IJPrinter
[2011/11/05 13:33:15 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ\IJPrinter\Canon iP4500 series
[2016/01/10 23:20:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Common Files\nsklog
[2015/07/02 20:05:17 | 000,000,000 | -H-D | M] -- C:\Program Files\Common Files\Sony Shared\OpenMG\OMGRIGHT
[2011/11/04 16:38:40 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2014/12/24 13:28:11 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ\IJPrinter
[2011/11/05 13:33:19 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows
[2011/11/04 16:38:41 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon Inkjet iP4500 series
[2011/11/05 13:56:15 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon iP4500 series
[2015/09/19 16:59:43 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser
[2012/01/27 23:17:02 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CLUpdater\Power2Go\6.0
[2012/01/08 13:48:31 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CLUpdater\PowerDVD\8.00
[2009/11/12 15:42:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\Power2Go\6.0
[2009/11/12 15:42:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\PowerBackup\2.50
[2009/11/12 15:42:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\POWERDVD\8.00
[2009/11/12 15:42:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\PowerProducer\5.0
[2009/11/12 15:42:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\PowerStarter\6.00
[2009/07/14 13:52:30 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc
[2009/07/15 00:50:31 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2009/07/14 13:52:30 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\Profiles
[2015/08/19 23:23:36 | 000,000,000 | -H-D | M] -- C:\ProgramData\Wondershare\Dr.Fone\DBCache
[2012/10/20 23:26:03 | 000,000,000 | -H-D | M] -- C:\SafeRecycle\update
[2012/10/20 23:26:12 | 000,000,000 | -H-D | M] -- C:\SafeRecycle\update\ksafe
[2009/11/12 15:25:50 | 000,000,000 | RH-D | M] -- C:\Users\Default
[2015/08/19 23:26:45 | 000,000,000 | RH-D | M] -- C:\Users\Administrator\AppData\Roaming
[2011/11/04 16:38:40 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ
[2014/12/24 13:28:11 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ\IJPrinter
[2011/11/05 13:33:19 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows
[2011/11/04 16:38:41 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows\Canon Inkjet iP4500 series
[2011/11/05 13:56:15 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows\Canon iP4500 series
[2015/09/19 16:59:43 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser
[2012/01/27 23:17:02 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CLUpdater\Power2Go\6.0
[2012/01/08 13:48:31 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CLUpdater\PowerDVD\8.00
[2009/11/12 15:42:28 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\Power2Go\6.0
[2009/11/12 15:42:29 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\PowerBackup\2.50
[2009/11/12 15:42:28 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\POWERDVD\8.00
[2009/11/12 15:42:28 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\PowerProducer\5.0
[2009/11/12 15:42:28 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\PowerStarter\6.00
[2009/07/14 13:52:30 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc
[2009/07/15 00:50:31 | 000,000,000 | RH-D | M] -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2009/07/14 13:52:30 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\Profiles
[2015/08/19 23:23:36 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Wondershare\Dr.Fone\DBCache
[2009/07/14 11:37:05 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2016/01/11 23:23:21 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2009/09/25 17:26:08 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2015/06/20 00:58:12 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2012/01/27 23:16:55 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\Power2Go
[2012/11/07 21:54:40 | 000,000,000 | -H-D | M] -- C:\Users\Public\Music\Sony MediaPlayerX\Shared\Fringe
[2011/10/15 13:12:28 | 000,000,000 | -H-D | M] -- C:\Users\Public\Pictures\Sony MediaPlayerX\Fringe
[2009/11/19 01:06:23 | 000,000,000 | -H-D | M] -- C:\Users\Public\Recorded TV\TempRec
[2012/06/27 12:35:37 | 000,000,000 | -H-D | M] -- C:\Users\Public\Videos\Sony MediaPlayerX\Fringe
[2009/12/25 10:28:23 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData
[2015/01/06 19:48:03 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
[2009/11/12 15:31:25 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2015/08/09 21:58:44 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
[2009/11/12 18:23:04 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Local\Microsoft\Media Player\アート キャッシュ
[2011/01/12 23:01:58 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Local\Microsoft\Media Player\ダウンロード ファイルの同期
[2012/09/20 19:53:56 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Local\Microsoft\Media Player\生成された再生リストの同期
[2015/11/23 08:34:25 | 000,000,000 | RH-D | M] -- C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Burn\Burn
[2012/12/09 10:24:24 | 000,000,000 | RH-D | M] -- C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Burn\Burn1
[2015/09/02 21:38:11 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Local\NVIDIA Corporation\Shield Apps\StreamingAssets
[2014/05/28 21:15:24 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Local\Temp\FreemakeVideoConverterTemp
[2014/05/28 23:05:13 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Local\Temp\FreemakeVideoConverterTemp\Freemake_do_not_remove_this_folder
[2011/12/26 11:17:07 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Local\VirtualStore\ProgramData
[2012/01/27 23:16:56 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Roaming\CyberLink\MediaCache\Power2Go
[2012/12/04 01:08:37 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2015/07/05 23:11:34 | 000,000,000 | -H-D | M] -- C:\Windows\msdownld.tmp
[2009/11/12 15:27:27 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
[2009/11/19 01:06:33 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData
[2009/11/12 15:31:31 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\アート キャッシュ
[2011/11/05 13:33:15 | 000,000,000 | -H-D | M] -- C:\Windows\System32\CanonIJ Uninstaller Information
[2016/01/08 01:07:59 | 000,000,000 | -H-D | M] -- C:\Windows\System32\GroupPolicy
[2011/11/05 13:33:15 | 000,000,000 | -H-D | M] -- C:\Windows\System32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series
[2009/10/21 09:10:35 | 000,000,000 | -H-D | M] -- C:\Windows\System32\sysprep\s_test

[color=#A23BEC]< %windir%\tasks\*.job >[/color]
[2016/01/12 23:37:00 | 000,000,626 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/01/12 23:19:36 | 000,000,674 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/01/11 23:05:00 | 000,000,678 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[color=#E56717]========== Drive Information ==========[/color]

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD10EADS-00M2B0 ATA Device
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 931.00GB
Starting Offset: 105906176
Hidden sectors: 0


[color=#E56717]========== Base Services ==========[/color]
SRV - [2015/10/30 02:49:57 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2015/06/25 18:44:11 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/14 10:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 21:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 21:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2015/10/20 09:44:53 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/14 10:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/05 06:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2015/04/28 04:04:37 | 000,143,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 21:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 21:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/03 14:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/14 10:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/14 10:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/14 10:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 21:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/14 10:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/14 10:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/14 10:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/14 10:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2014/12/06 12:50:19 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/14 10:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 19:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/11 14:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2015/10/20 09:44:53 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/14 10:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 21:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 21:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/14 10:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2015/10/20 09:44:53 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/14 10:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 21:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 21:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2015/08/06 02:41:00 | 000,751,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 21:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/14 10:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2014/12/19 11:43:00 | 000,164,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 21:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2015/02/03 12:12:12 | 000,475,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2015/02/03 12:12:12 | 000,475,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 21:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2013/05/27 13:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 21:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 21:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 21:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2015/06/16 06:42:49 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/14 10:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2015/11/21 03:34:36 | 002,062,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 21:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/14 10:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 21:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

< End of report >

　（ＥＸＴＲＡＳログ）
OTL Extras logfile created on: 2016/01/12 23:39:39 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\taku nishiguchi\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18124)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

2.99 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 62.91% Memory free
5.98 Gb Paging File | 4.49 Gb Available in Paging File | 75.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 786.07 Gb Free Space | 84.40% Space Free | Partition Type: NTFS

Computer Name: TAKUNISHIGUCHI | User Name: taku nishiguchi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{052526EB-AD4D-4CA6-94F2-C9A25174364F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0E742C4C-B854-434F-8FE8-DF81CDB5B721}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{0FC7CE58-3E35-4312-89D8-A07816221B24}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{0FE45EA5-EBCB-49DE-83D6-7C2D0D416835}" = lport=47998 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamuseragent.exe |
"{32543666-5B1A-4F9B-94EE-EA3F93C22929}" = lport=138 | protocol=17 | dir=in | app=system |
"{35C26AFE-D03D-4979-8B2C-202CD45649B8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{36DA4D7F-57A0-4887-AEB1-836B8A246B7C}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{3E62130A-331E-46B9-BEA0-D374C99E829C}" = lport=443 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\netservice\nvnetworkservice.exe |
"{45DFDB00-3694-41C4-8FDE-5065378317A8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B144FF2-1318-4C65-92BB-E1FDFC6D6387}" = lport=445 | protocol=6 | dir=in | app=system |
"{60DE764F-B21B-4E1E-BB80-052593E407B9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{69FDAD81-E859-4855-8757-49C98ACB949F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{71553077-5BFF-4D8E-AB36-9ECA0DC5DEF3}" = lport=47995 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{724E132D-E369-437D-A5F2-4753DDEDDF03}" = lport=139 | protocol=6 | dir=in | app=system |
"{7581F39B-3CD1-4A53-A40F-91055F1BB7C2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7D62D4B4-4988-4D2A-9551-5FB5627A61A9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{92413D33-441F-4C77-989B-F80DFE0B66E7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9EA8277C-65F6-4E47-9249-AEDE459199FF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A5103D88-F73E-4BCC-9D0F-C2F514634A27}" = rport=445 | protocol=6 | dir=out | app=system |
"{A774B0B4-F362-45E9-B104-733B0ACA1A0E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B06BD6BA-41D6-4495-B6E2-0922535852EC}" = lport=80 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\netservice\nvnetworkservice.exe |
"{B239771C-444E-4656-9924-EF9C502A7FEB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C3D5A033-7EB7-4D68-BC50-18E3A9785FF2}" = rport=139 | protocol=6 | dir=out | app=system |
"{C616AD6D-482E-45CB-A774-AB33222691E0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C95BE516-96EA-492C-94E7-FF3B0431253B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CB670950-EB37-4826-98F4-D039F8EE4E5D}" = lport=137 | protocol=17 | dir=in | app=system |
"{D62BD0DC-F800-46FF-945F-B00911FA6E35}" = rport=138 | protocol=17 | dir=out | app=system |
"{DA68E978-F890-4261-90B9-8D78BD03F7A1}" = rport=137 | protocol=17 | dir=out | app=system |
"{DAD4218B-394B-420C-B91E-417ECEA9B8DF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DB1A06FA-2EEB-4782-B892-1B792FD72C96}" = lport=35043 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{DD9707D1-14C4-4FFC-9BA9-9D5C1E7D8892}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DE03064B-68D0-41BA-BFD8-9B426CDEC141}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{ED33E2C5-3DFB-4B20-A41D-70ACC11369B0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F08B698C-F39D-4D15-8448-F48901FFF080}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FDFD95B5-78DC-48E0-966E-683702F8BB85}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C024BA8-696E-4E5F-9698-DEAF0ED1E932}" = dir=in | app=c:\program files\google\chrome remote desktop\47.0.2526.18\remoting_host.exe |
"{0DA38E16-0553-46F9-BD3F-ECD9260C8A2A}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{135A83D3-40EB-462B-AE11-50BABEB37644}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{167F9A69-021E-4C01-A004-4EA73196A808}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{18F059E7-C923-49BF-AB5F-E7F0D0A77309}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1A1CC157-17FF-4463-AC10-D32886D94DF5}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{1A567257-E11B-470C-9CB6-524C502F60E3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{23521DBF-AC7D-43F8-8FDF-2A69B1B5BD8A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{23F3DC18-2407-479E-BA37-82F7DEBC65B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2B3F6260-0EB0-46F6-8885-8BC7AE70D87A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3BC669A7-DE65-4A44-8188-931E3F7772E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3C3EF1BF-12DD-40CF-899C-AB12E719EB0D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3D34A92D-C2C5-4CEC-8A37-9D703F46F826}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4011C62C-4017-4EE2-964C-422096EACE8C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4644514E-08ED-4DC4-B0D3-8FB466BBD3C9}" = protocol=6 | dir=in | app=c:\users\taku nishiguchi\appdata\roaming\xlgames\xlkcsdownload_jp\xlkcsdownload_jp.exe |
"{4937F60A-3E3E-49EF-BDF1-ED88E31C55A0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4FB12881-047E-4305-8975-6BA63C81B66D}" = protocol=58 | dir=in | app=system |
"{58A90A84-220A-465E-A01F-609B1B696F11}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{67B465FB-66FC-435C-9DBB-0E041E08AC54}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
"{7293473B-2E4B-49A5-BA57-62B08E45607E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{734851E4-C94C-4F1A-BB81-4926E477FC39}" = protocol=6 | dir=in | app=c:\programdata\nexonjp\ngm\ngm.exe |
"{743C4611-ADB1-4C54-B93B-CA607906A4DC}" = protocol=6 | dir=out | app=system |
"{83FD5619-D114-4B79-9F38-A10FCA9CCE09}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{96DB99C4-89CB-47CE-9150-9FDD535E257B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{BF09D32F-E847-473B-9F64-4BEFE591B0BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C786A933-B882-44EE-8D49-0CAF07C9BF36}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CD325245-18CC-459A-AE0A-586616C9EB56}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D6F5BADC-35F9-441A-8D0F-0DCE3CF5D8C6}" = protocol=17 | dir=in | app=c:\programdata\nexonjp\ngm\ngm.exe |
"{E260BF78-BACB-4F42-94BC-FF20FFF7418C}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{E3EC4818-258F-464E-8D37-371DF4570AF5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E5C6C5C2-8169-4204-9C3B-18CC92139CF9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EB041561-EBF9-4EE1-8C36-3F3EED993583}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F9FED4D3-98AE-489D-A2F0-A01F414A5520}" = protocol=17 | dir=in | app=c:\users\taku nishiguchi\appdata\roaming\xlgames\xlkcsdownload_jp\xlkcsdownload_jp.exe |
"{FB996813-BA42-422B-B5EA-2CB6A376F16F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{2FBF14E5-1C04-4DDF-AD67-B905CE0F66C5}C:\program files\g2g\g2gdownloader\g2gdownloader_engine.exe" = protocol=6 | dir=in | app=c:\program files\g2g\g2gdownloader\g2gdownloader_engine.exe |
"TCP Query User{529B65A5-11DD-43F9-8635-45AF46ED005A}C:\program files\g2g\g2gdownloader\gameon\gameong2g_engine.exe" = protocol=6 | dir=in | app=c:\program files\g2g\g2gdownloader\gameon\gameong2g_engine.exe |
"TCP Query User{6CC3CD83-3D74-41AF-A152-BCF98358A1F9}C:\program files\kamuse\kcsjpdownload\kcsjpdownload.exe" = protocol=6 | dir=in | app=c:\program files\kamuse\kcsjpdownload\kcsjpdownload.exe |
"TCP Query User{C3D8CFD2-699B-4A5C-8AD7-C692A92687D3}C:\program files\g2g\g2gdownloader2\g2gdownloader_engine2.exe" = protocol=6 | dir=in | app=c:\program files\g2g\g2gdownloader2\g2gdownloader_engine2.exe |
"TCP Query User{D8D377CC-0B39-45FC-AE6A-F83EA651C7CF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{19078595-1467-4D4B-B09D-B4C33CE27C95}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4D0EE0D3-09C2-43ED-B32D-D5572B4BD733}C:\program files\g2g\g2gdownloader\g2gdownloader_engine.exe" = protocol=17 | dir=in | app=c:\program files\g2g\g2gdownloader\g2gdownloader_engine.exe |
"UDP Query User{5801A681-9351-471B-B3C6-873C1FD68453}C:\program files\g2g\g2gdownloader2\g2gdownloader_engine2.exe" = protocol=17 | dir=in | app=c:\program files\g2g\g2gdownloader2\g2gdownloader_engine2.exe |
"UDP Query User{69ED2D29-B84A-40F0-8FBF-C0A955C0355D}C:\program files\g2g\g2gdownloader\gameon\gameong2g_engine.exe" = protocol=17 | dir=in | app=c:\program files\g2g\g2gdownloader\gameon\gameong2g_engine.exe |
"UDP Query User{C90EE11D-7F3D-4E40-ADD8-BE2CCB86BC47}C:\program files\kamuse\kcsjpdownload\kcsjpdownload.exe" = protocol=17 | dir=in | app=c:\program files\kamuse\kcsjpdownload\kcsjpdownload.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{019EF473-6D0A-415C-9A2E-1AF5F66AC60F}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E0CA282-7F32-4B0D-B427-78B9A3CBC42F}" = Messenger Companion
"{10AB1F40-BDEC-4A8D-B427-30F9429378B0}" = Windows Live Movie Maker
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{13922019-A4D1-3FA6-891D-EA7B608D5DA3}" = Microsoft .NET Framework 4.5.2 (JPN)
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{15D95497-8F76-41E5-8894-EDDB59E39BD9}" = Windows Live メール
"{17b12e02-9e0f-435b-a641-6fa68bb60b6d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F34FCDE-AD22-4733-BFCD-2A30D6AB9856}" = Windows Live Family Safety
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{223469C7-3B3F-4D18-AB4A-4F4B298D0DB2}" = x-APPLICATION Components
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3792811C-832F-4392-B44A-24092901EDDC}" = BlueStacks Notification Center
"{3911CF56-9EF2-39BA-846A-C27BD3CD0685}" = Microsoft .NET Framework 4.5.2
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3EABDB76-D290-4640-8D38-1077EAD855C2}" = Windows Live Remote Client Resources
"{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}" = Microsoft ASP.NET MVC 4 Runtime
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D5EF092-01A6-490D-82CC-5D5D8C8EA4A0}" = Windows Live Remote Service Resources
"{5DB849D6-9392-4FB7-9ABB-87ED433152E5}" = LG United Mobile Drivers
"{5E152A6D-4395-4A77-8524-92B4DC638576}" = x-アプリ
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6158789A-C219-20CD-F354-60F34CDE0DCF}" = はがきデザインキット
"{675D8E1E-2388-4718-902C-E5FC4888AC0E}" = Windows Live Essentials
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C3F8916-D6A5-4A31-9DA8-80C973CE437F}" = Windows Live Writer
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7134EF35-DA07-41F8-A71F-66709E194BB5}" = Windows Live Mesh
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{88A686A9-D687-4295-B633-50D8A4B88371}" = Windows Live Writer Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A0DE29F-7D38-4BDE-AECD-D9F36DB2ED86}_is1" = ECHO OF SOUL
"{8A66A2C8-0032-4949-8D99-C293A3EACF79}" = Windows Live Photo Common
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D59BE38-3A4F-4525-AD0D-8980E9E31EFA}" = Windows Live フォト ギャラリー
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E379288-A3B6-4237-B42A-B261621DFCE3}" = Sony Media Library Earth 9.0.00
"{90120000-0016-0411-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Japanese) 2007
"{90120000-0016-0411-0000-0000000FF1CE}_PERSONALR_{209FA1DF-E70E-436A-BB71-9ECB81FC3776}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0411-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Japanese) 2007
"{90120000-001A-0411-0000-0000000FF1CE}_PERSONALR_{209FA1DF-E70E-436A-BB71-9ECB81FC3776}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0411-0000-0000000FF1CE}" = Microsoft Office Word MUI (Japanese) 2007
"{90120000-001B-0411-0000-0000000FF1CE}_PERSONALR_{209FA1DF-E70E-436A-BB71-9ECB81FC3776}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PERSONALR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0411-0000-0000000FF1CE}" = Microsoft Office Proof (Japanese) 2007
"{90120000-001F-0411-0000-0000000FF1CE}_PERSONALR_{8B0BBAAA-BB10-41E1-B27E-24CF08CBB253}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0028-0411-0000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2007
"{90120000-0028-0411-0000-0000000FF1CE}_PERSONALR_{277B1BCF-97A7-40F2-87A5-3CACB0E9714B}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0411-0000-0000000FF1CE}" = Microsoft Office Proofing (Japanese) 2007
"{90120000-006E-0411-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Japanese) 2007
"{90120000-006E-0411-0000-0000000FF1CE}_PERSONALR_{84C84010-F698-443E-84B4-A82DD01A17FE}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0033-0000-0000-0000000FF1CE}" = Microsoft Office Personal 2007
"{91120000-0033-0000-0000-0000000FF1CE}_PERSONALR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1041" = Microsoft .NET Framework 4.5.2 (日本語)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A629DCB-415D-4A50-85B9-5C2E4F8F74A8}" = Apple Mobile Device Support
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-0804-1033-1959-001824161310}" = Adobe Refresh Manager
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{AEDA8B17-9571-4839-9240-F93E41198E19}" = Windows Live Sync
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1" = xrecode II 1.0.0.192
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision ドライバー 361.43
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA グラフィックス ドライバー 361.43
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.8.1.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision コントローラー ドライバー 352.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX システム ソフトウェア 9.15.0428
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD オーディオ ドライバー 1.3.34.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"{BAF0CA91-4642-46C8-9BCD-C93B61508701}" = リモート接続用の Windows Live Mesh ActiveX コントロール (日本語)
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C5815ACF-FD34-4553-8A22-C7411B7E662B}" = Apple Application Support（32 ビット）
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CDF9E1C8-4B97-4F8B-A848-7DD0E8BEB89F}" = Chrome Remote Desktop Host
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D168AAD0-6686-47C1-B599-CDD4888B9D1A}" = Bonjour
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6D425D2-803F-40E8-9D65-3DC00D577C11}" = NavyFIELD NorthAmerica
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE408577-9C0E-4E5F-BCB2-DB5B3A220958}" = Windows Live UX Platform Language Pack
"{EF47455E-86A0-4320-A269-52B753627244}" = x-APPLICATION NetMD Driver for x86
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16EA575-26A5-4DAD-A800-95267BE02C12}" = iTunes
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FC965A47-4839-40CA-B618-18F486F042C6}" = Skype(TM) 7.17
"{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}" = Apple Software Update
"Adobe Flash Player ActiveX" = Adobe Flash Player 20 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 20 NPAPI
"Baby-G" = Baby-G
"BlueStacks App Player" = BlueStacks App Player
"CanonMyPrinter" = Canon マイ プリンタ
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Daum Screensaver High" = Daum ｽｺﾅｩｸｰｼｼﾀﾌｹ・ｰ柀ｭﾁ彧・
"DivX Setup" = DivXセットアップ
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"E-girlsA" = E-girlsA
"FreeStyle_ScreenSaver_KARACAT Screensaver" = FreeStyle_ScreenSaver_KARACAT Screensaver
"Gamechu_" =
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"InstallShield_{5E152A6D-4395-4A77-8524-92B4DC638576}" = x-アプリ 5.1
"InstallShield_{8E379288-A3B6-4237-B42A-B261621DFCE3}" = Sony Media Library Earth 9.0.00
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"Kingsoft Internet Security" = KINGSOFT Internet Security
"Kingsoft Office" = Kingsoft Office 2010 (6.6.0.2724)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware バージョン 2.2.0.1024
"MediaNavigation.CDDirectPrint" = らくちんCDダイレクトプリント for Canon
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PERSONALR" = Microsoft Office Personal 2007
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Wacom Tablet Driver" = ワコム タブレット
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit
"WinLiveSuite" = Windows Live Essentials
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 5.93
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.9.4
"宛名職人MOOK版10" = 宛名職人MOOK版10

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-916220575-3393262939-3838177276-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2016/01/07 12:06:20 | Computer Name = takunishiguchi | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: Calendar.exe、バージョン: 2.0.0.11153、タイム スタンプ: 0x566934b5
障害が発生しているモジュール名:
ole32.dll、バージョン: 6.1.7601.18915、タイム スタンプ: 0x55981b9e 例外コード: 0xc0000005 障害オフセット: 0x0004ea5c
障害が発生しているプロセス
ID: 0xd90 障害が発生しているアプリケーションの開始時刻: 0x01d149655726bc86 障害が発生しているアプリケーション パス: C:\Program
Files\CalendarTool\2.0.0.11153\Calendar.exe 障害が発生しているモジュール パス: C:\Windows\system32\ole32.dll
レポート
ID: 96d7d202-b558-11e5-b965-4061862ce37f

Error - 2016/01/08 11:32:00 | Computer Name = takunishiguchi | Source = SideBySide | ID = 16842815
Description = "c:\program files\spybot - search & destroy\DelZip179.dll" のアクティブ化コンテキストの生成に失敗しました。マニフェストまたはポリシー
ファイル "c:\program files\spybot - search & destroy\DelZip179.dll" 行 8 のエラーです。 要素 "assemblyIdentity"
の属性 "language" に無効な値 "*" が指定されています。

Error - 2016/01/08 11:35:05 | Computer Name = takunishiguchi | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: AitStatic.exe、バージョン: 10.0.10004.0、タイム スタンプ: 0x54c64d23
障害が発生しているモジュール名:
KERNELBASE.dll、バージョン: 6.1.7601.18847、タイム スタンプ: 0x554d7b00 例外コード: 0xc000000d 障害オフセット:
0x0000812f 障害が発生しているプロセス ID: 0x1e90 障害が発生しているアプリケーションの開始時刻: 0x01d14a2a2514ba74 障害が発生しているアプリケーション
パス: C:\Windows\system32\AitStatic.exe 障害が発生しているモジュール パス: C:\Windows\system32\KERNELBASE.dll
レポート
ID: 635bfec6-b61d-11e5-bc20-4061862ce37f

Error - 2016/01/08 12:43:19 | Computer Name = takunishiguchi | Source = SideBySide | ID = 16842787
Description = "C:\Program Files\MPC Cleaner\MPCTray64.exe" のアクティブ化コンテキストの生成に失敗しました。マニフェストまたはポリシー
ファイル "C:\Program Files\MPC Cleaner\Microsoft.VC90.CRT.MANIFEST" 行 4 のエラーです。 マニフェスト内のコンポーネント
ID が要求されたコンポーネントの ID と一致しません。 参照は Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
です。 定義は Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
です。 詳細な診断を行うには sxstrace.exe を実行してください。

Error - 2016/01/09 11:53:02 | Computer Name = takunishiguchi | Source = Windows Search Service | ID = 3100
Description =

Error - 2016/01/09 12:29:41 | Computer Name = takunishiguchi | Source = SideBySide | ID = 16842815
Description = "c:\program files\spybot - search & destroy\DelZip179.dll" のアクティブ化コンテキストの生成に失敗しました。マニフェストまたはポリシー
ファイル "c:\program files\spybot - search & destroy\DelZip179.dll" 行 8 のエラーです。 要素 "assemblyIdentity"
の属性 "language" に無効な値 "*" が指定されています。

Error - 2016/01/09 16:18:23 | Computer Name = takunishiguchi | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: rundll32.exe、バージョン: 6.1.7600.16385、タイム スタンプ: 0x4a5bc637
障害が発生しているモジュール名:
E65602AFF61208B55B30B58739BDA171.dll、バージョン: 1.0.0.29、タイム スタンプ: 0x568fed04 例外コード:
0xc0000005 障害オフセット: 0x000166d7 障害が発生しているプロセス ID: 0x12f4 障害が発生しているアプリケーションの開始時刻: 0x01d14af6ae8c4b66
障害が発生しているアプリケーション
パス: C:\Windows\System32\rundll32.exe 障害が発生しているモジュール パス: C:\ProgramData\WindowsMsg\E65602AFF61208B55B30B58739BDA171.dll
レポート
ID: 21587c09-b70e-11e5-8355-4061862ce37f

Error - 2016/01/10 8:31:02 | Computer Name = takunishiguchi | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: iexplore.exe、バージョン: 11.0.9600.18124、タイム スタンプ:
0x5641278d 障害が発生しているモジュール名: MSHTML.dll、バージョン: 11.0.9600.18125、タイム スタンプ: 0x56436160
例外コード:
0xc0000005 障害オフセット: 0x000a3618 障害が発生しているプロセス ID: 0x184c 障害が発生しているアプリケーションの開始時刻: 0x01d14ba294b299dc
障害が発生しているアプリケーション
パス: C:\Program Files\Internet Explorer\iexplore.exe 障害が発生しているモジュール パス: C:\Windows\system32\MSHTML.dll
レポート
ID: 023d56ca-b796-11e5-bff0-4061862ce37f

Error - 2016/01/10 9:04:04 | Computer Name = takunishiguchi | Source = SideBySide | ID = 16842787
Description = "C:\Program Files\MPC Cleaner\MPCTray64.exe" のアクティブ化コンテキストの生成に失敗しました。マニフェストまたはポリシー
ファイル "C:\Program Files\MPC Cleaner\Microsoft.VC90.CRT.MANIFEST" 行 4 のエラーです。 マニフェスト内のコンポーネント
ID が要求されたコンポーネントの ID と一致しません。 参照は Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
です。 定義は Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
です。 詳細な診断を行うには sxstrace.exe を実行してください。

Error - 2016/01/10 10:25:34 | Computer Name = takunishiguchi | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: kxetray.exe、バージョン: 2015.7.30.300、タイム スタンプ: 0x55b9e217
障害が発生しているモジュール名:
ntdll.dll、バージョン: 6.1.7601.19045、タイム スタンプ: 0x56258dbb 例外コード: 0xc0000374 障害オフセット: 0x000c3f83
障害が発生しているプロセス
ID: 0x108c 障害が発生しているアプリケーションの開始時刻: 0x01d14bb2a8337e47 障害が発生しているアプリケーション パス: c:\program
files\kingsoft\kingsoft internet security 2015\kxetray.exe 障害が発生しているモジュール パス: C:\Windows\SYSTEM32\ntdll.dll
レポート
ID: ff7d3cc2-b7a5-11e5-b6b7-4061862ce37f

[ System Events ]
Error - 2016/01/11 13:26:29 | Computer Name = takunishiguchi | Source = Service Control Manager | ID = 7001
Description = Computer Browser サービスは、次のエラーが原因で開始できなかった Server サービスに依存しています: %%1068

Error - 2016/01/11 13:27:47 | Computer Name = takunishiguchi | Source = Service Control Manager | ID = 7009
Description = GoogleChromeUpSvc サービスの接続を待機中にタイムアウト (30000 ミリ秒) になりました。

Error - 2016/01/11 13:27:47 | Computer Name = takunishiguchi | Source = Service Control Manager | ID = 7000
Description = GoogleChromeUpSvc サービスを、次のエラーが原因で開始できませんでした: %%1053

Error - 2016/01/11 13:27:47 | Computer Name = takunishiguchi | Source = Service Control Manager | ID = 7000
Description = MPC Core Protect Service サービスを、次のエラーが原因で開始できませんでした: %%5

Error - 2016/01/11 13:27:47 | Computer Name = takunishiguchi | Source = Service Control Manager | ID = 7000
Description = npkakl サービスを、次のエラーが原因で開始できませんでした: %%2

Error - 2016/01/12 10:19:37 | Computer Name = takunishiguchi | Source = Service Control Manager | ID = 7009
Description = GoogleChromeUpSvc サービスの接続を待機中にタイムアウト (30000 ミリ秒) になりました。

Error - 2016/01/12 10:19:37 | Computer Name = takunishiguchi | Source = Service Control Manager | ID = 7000
Description = GoogleChromeUpSvc サービスを、次のエラーが原因で開始できませんでした: %%1053

Error - 2016/01/12 10:19:38 | Computer Name = takunishiguchi | Source = Service Control Manager | ID = 7000
Description = MPC Core Protect Service サービスを、次のエラーが原因で開始できませんでした: %%5

Error - 2016/01/12 10:19:38 | Computer Name = takunishiguchi | Source = Service Control Manager | ID = 7000
Description = npkakl サービスを、次のエラーが原因で開始できませんでした: %%2

Error - 2016/01/12 10:19:41 | Computer Name = takunishiguchi | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = プログラム互換性アシスタント サービスはフェーズ 2 の初期化に失敗しました。


< End of report >

作業と報告、ご苦労様です。
OTLスキャンログを見せていただきました。

予想はしてましたが、MPCを含めて隠れていたものがぞろぞろ見つかってます。
今度はそれをOTL上から掃除にかかります。

このレスの最後にスクリプトを貼っておくので、それを丸ごとコピーして、それをWindowsのメモ帳ファイルに貼り付けて保存しておいてください。

用意できたらPCをまたセーフモードで再起動してOTL起動してください。
起動したらOTLのウインドウ下部にスクリプトを貼り付けて、今度は「Run fix」（赤字のボタン）を押してください。
これでOTLでの処置が開始されます。

しばらく待って処置ができたらPCを通常モードで再起動すると、またOTLのログが出るはずなので、それを保存してから、しばらく様子見の後、OTLのログとともに状態報告をレスください。
OTLのスクリプトは以下になります。破線(-----)を含まない箇所を丸ごとコピーして、それをOTLに貼って作業してください
------------------------------------------
:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\MPC Cleaner\MPCProtectService.exe -- (MPCProtectService)
DRV - [2016/01/08 00:40:10 | 000,048,872 | ---- | M] (DotCash) [File_System | System | Running] -- C:\Windows\System32\drivers\MPCKpt.sys -- (MPCKpt)
DRV - [2016/01/08 00:40:10 | 000,028,648 | ---- | M] (DotCash) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\MPCBase.sys -- (MPCBase)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.jword.jp/jwd_sb_srchcust.htm?ielang={SUB_RFC1766}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,OCustomizeSearch = http://search.jword.jp/jwd_sb_srchcust.htm?ielang={SUB_RFC1766}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,OSearchAssistant = http://search.jword.jp/jwd_sb_srchasst.htm?ielang={SUB_RFC1766}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.jword.jp/jwd_sb_srchasst.htm?ielang={SUB_RFC1766}
IE - HKLM\..\SearchScopes\{36668FFD-7809-43FB-A609-999C5A7AB5FE}: "URL" = http://search.foxtab.com/?q={searchTerms}&s=1&chnl=irn&cd=2XzutCtN2Y1L1QzuyEtDyCtCzzyCtB0C0EtAyB0FtN0C0Czu0J0PtN0D0TzutBtDtCtCtDtBtByE&cr=1488083865
IE - HKU\S-1-5-21-916220575-3393262939-3838177276-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am
IE - HKU\S-1-5-21-916220575-3393262939-3838177276-1001\..\SearchScopes\{0644EE93-D778-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.mpc.am?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968
IE - HKU\S-1-5-21-916220575-3393262939-3838177276-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 184.73.188.73:80
[2016/01/11 10:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
[2016/01/08 00:48:53 | 001,114,160 | ---- | C] (Baidu.com) -- C:\Users\taku nishiguchi\AppData\Roaming\hao123inst-Japan_cdit_pay_hp_03_hao123_jp.exe
[2016/01/08 00:43:46 | 000,048,872 | ---- | C] (DotCash) -- C:\Windows\System32\drivers\MPCKpt.sys
[2016/01/08 00:40:53 | 000,028,648 | ---- | C] (DotCash) -- C:\Windows\System32\drivers\MPCBase.sys
[2016/01/08 00:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\MPC Cleaner
[2015/12/17 21:18:37 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\AppData\Local\{48920041-5E4A-4A2B-8C24-ECAE53BEBB40}
[2016/01/09 22:55:41 | 000,001,687 | ---- | C] () -- C:\Users\Public\Desktop\MPC Cleaner.lnk
[2014/05/28 21:15:24 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Local\Temp\FreemakeVideoConverterTemp
[2014/05/28 23:05:13 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Local\Temp\FreemakeVideoConverterTemp\Freemake_do_not_remove_this_folder

:Files
C:\Program Files\MPC Cleaner
C:\Windows\System32\drivers\MPCKpt.sys
C:\Windows\System32\drivers\MPCBase.sys
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
C:\Users\taku nishiguchi\AppData\Roaming\hao123inst-Japan_cdit_pay_hp_03_hao123_jp.exe
C:\Users\taku nishiguchi\AppData\Local\{48920041-5E4A-4A2B-8C24-ECAE53BEBB40}
C:\Users\Public\Desktop\MPC Cleaner.lnk
C:\Users\taku nishiguchi\AppData\Local\Temp\FreemakeVideoConverterTemp
C:\Users\taku nishiguchi\AppData\Local\Temp\FreemakeVideoConverterTemp\Freemake_do_not_remove_this_folder

:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]
[reboot]
------------------------------------------

　いつもありがとうございます。ここにきて状況が悪化しました。ＭＰＣ　Ｃｌｅａｎｅｒが復活しました。

　デスクトップ上のショートカットの復活、ＩＥのホームページ設定がｇｏｏｇｌｅ設定しても起動のたびに
違うところに飛びます。

　右下のインジケーターにも復活しました。振り出しに戻ったようです。右下と左下の広告バナーだけは復活
してません。

　以下ＯＴＬログ張ります。何卒ご指南のほどよろしくお願い申し上げます。

　（ＯＴＬログ）
All processes killed
========== OTL ==========
Service MPCProtectService stopped successfully!
Service MPCProtectService deleted successfully!
File C:\Program Files\MPC Cleaner\MPCProtectService.exe not found.
Error: Unable to stop service MPCKpt!
Unable to delete service\driver key MPCKpt.
File move failed. C:\Windows\System32\drivers\MPCKpt.sys scheduled to be moved on reboot.
Error: Unable to stop service MPCBase!
Unable to delete service\driver key MPCBase.
File move failed. C:\Windows\System32\drivers\MPCBase.sys scheduled to be moved on reboot.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\OCustomizeSearch| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\OSearchAssistant| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{36668FFD-7809-43FB-A609-999C5A7AB5FE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36668FFD-7809-43FB-A609-999C5A7AB5FE}\ not found.
HKU\S-1-5-21-916220575-3393262939-3838177276-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-916220575-3393262939-3838177276-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0644EE93-D778-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0644EE93-D778-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-916220575-3393262939-3838177276-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC folder moved successfully.
C:\Users\taku nishiguchi\AppData\Roaming\hao123inst-Japan_cdit_pay_hp_03_hao123_jp.exe moved successfully.
File move failed. C:\Windows\System32\drivers\MPCKpt.sys scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\MPCBase.sys scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner scheduled to be moved on reboot.
C:\Users\taku nishiguchi\AppData\Local\{48920041-5E4A-4A2B-8C24-ECAE53BEBB40} folder moved successfully.
File C:\Users\Public\Desktop\MPC Cleaner.lnk not found.
C:\Users\taku nishiguchi\AppData\Local\Temp\FreemakeVideoConverterTemp\Freemake_do_not_remove_this_folder folder moved successfully.
C:\Users\taku nishiguchi\AppData\Local\Temp\FreemakeVideoConverterTemp folder moved successfully.
Folder C:\Users\taku nishiguchi\AppData\Local\Temp\FreemakeVideoConverterTemp\Freemake_do_not_remove_this_folder\ not found.
File rity] not found.
File sethosts] not found.
File ptytemp] not found.
File eaterestorepoint] not found.
File boot] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 01132016_223050

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\MPCKpt.sys scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\MPCBase.sys scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\Uninstall scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\Tray scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\CrashReport scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\Cleaner scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\ntkrpamp.pdb\25E1DE8C6EA8429C860449F918E14F2C2 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\ntkrpamp.pdb scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Microsoft.VC90.CRT scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image\SoIcon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image\SgIcon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image\SearchIcon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Exe scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Drivers scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Config\DB scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Config scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

作業と報告、ご苦労様です。
OTL処置後にまたMPCが復活しましたか。
他の方の相談でも起きている症状ですね。
ログも見せてもらいましたが、確かに一部エントリが処置できていない状態です。

それでも一部は処置できているので、ここから先の解析と処置で何とか掃除できる望みもまだあります。

では以下の説明に沿って確認と作業をお願いします。
なお、今回の作業で見つからないor処置できないものは飛ばして、その旨を次回レスで教えてください。

まずCドライブ内のProgram Files (x86)フォルダを見てください。
そこにMPCフォルダがあればそれを手動で削除です。

次にWindows\System32\driversフォルダも開いてください。
そこに「MPCKpt.sys」というファイルが見つかればそれも削除です。

次にWindows\infフォルダを見て、今度は「setupapi.app.log」というファイルがあればそれも削除です。

次にUsers\ユーザー名\AppData\Local\Tempフォルダも見てください。
そこに「MPC」フォルダが見つかったらそれも削除です。

ここまでできたら念のため一度PC再起動後に、先の要領で再度OTLで「Run scan」してから、そのログをレスで見せてください。

なお、上記の確認処置作業後に何か変化があれば、それも教えてください

SHOWHIDDEN
%windir%\tasks\*.job
DRIVES
BASESERVICES
%SYSTEMDRIVE%\*.exe
ACTIVEX

　いつもありがとうございます。早速報告させて頂きます。最初にprogram filesフォルダの「ＭＰＣ」フォルダ
についてですが、「ＭＰＣ　Ｃｌｅａｎｅｒ」フォルダがありました。

　手動削除を試みましたが、管理者の権限が必要と拒否されました。

　次に、windows/system32/driversフォルダ内の「MPCKpt.sys」ファイルについてです。

　手動削除を試みましたが、こちらも同様に管理者の権限が必要と拒否されました。

　次に、windows/infフォルダ内の「setupapi.app.log」ファイルについてです。

　同様の名前のファイルはありませんでしたが、「setupapi.app」ファイルというのがあったので、そちらを削除しました。

　それ以外に「setupadi.」以下パスが「dev」「ev1」「ev2」「ev3」というファイルも存在していました。こちらは触れていません。

　次に、users/ユーザー名/以下フォルダに関してです。

　ユーザー名の中にappdataフォルダが存在しませんでしたので、スルーしました。

　状況としては前回投稿時と変わりありません。

　以上の処置後ＯＴＬにてスキャンをかけました。以下にログを貼り付けます。

　（ＯＴＬログ）
OTL logfile created on: 2016/01/14 23:23:24 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\taku nishiguchi\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18163)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

2.99 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 57.86% Memory free
5.98 Gb Paging File | 4.60 Gb Available in Paging File | 76.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 786.82 Gb Free Space | 84.48% Space Free | Partition Type: NTFS

Computer Name: TAKUNISHIGUCHI | User Name: taku nishiguchi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2016/01/12 23:37:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\taku nishiguchi\Desktop\OTL.exe
PRC - [2016/01/10 23:30:43 | 002,255,792 | ---- | M] (Kingsoft Corporation) -- c:\Program Files\Kingsoft\kingsoft internet security 2015\kxetray.exe
PRC - [2016/01/10 23:24:29 | 000,267,632 | ---- | M] (Kingsoft Corporation) -- c:\Program Files\Kingsoft\kingsoft internet security 2015\kxescore.exe
PRC - [2016/01/08 00:40:07 | 000,349,152 | ---- | M] (DotCash Limited) -- C:\Program Files\MPC Cleaner\MPCProtectService.exe
PRC - [2016/01/08 00:40:07 | 000,166,880 | ---- | M] (DotCash Limited) -- C:\Program Files\MPC Cleaner\MPCTray.exe
PRC - [2015/12/09 10:53:02 | 002,771,576 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2015/12/09 10:53:01 | 006,585,976 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps.exe
PRC - [2015/12/09 10:52:58 | 020,032,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
PRC - [2015/12/09 10:52:58 | 006,443,128 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
PRC - [2015/12/09 10:52:58 | 005,119,096 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
PRC - [2015/12/09 04:23:58 | 006,602,152 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2015/10/14 22:52:00 | 000,069,448 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe
PRC - [2015/10/12 09:28:44 | 001,433,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2015/10/12 09:28:42 | 001,773,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2015/06/16 22:33:36 | 000,413,304 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe
PRC - [2015/05/09 12:12:59 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2014/05/22 01:14:30 | 000,549,144 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
PRC - [2014/05/22 01:14:28 | 008,444,184 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
PRC - [2014/05/22 01:14:28 | 004,228,888 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
PRC - [2014/05/22 01:14:28 | 001,531,160 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
PRC - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012/11/23 11:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/09 08:15:50 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Wacom\WacomHost.exe
PRC - [2011/02/25 14:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/06/03 20:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 23:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2007/04/04 10:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2015/12/09 10:53:02 | 000,011,896 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
MOD - [2015/12/09 10:53:01 | 000,735,864 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk32.dll
MOD - [2015/12/09 10:53:00 | 000,635,512 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster32.dll
MOD - [2015/12/09 04:25:38 | 000,030,720 | ---- | M] () -- C:\Program Files\CCleaner\Lang\lang-1041.dll
MOD - [2014/05/22 01:14:30 | 001,019,672 | ---- | M] () -- C:\Program Files\Tablet\Wacom\libxml2.dll
MOD - [2009/06/03 20:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 20:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - [2016/01/10 23:24:29 | 000,267,632 | ---- | M] (Kingsoft Corporation) [Auto | Running] -- c:\program files\kingsoft\kingsoft internet security 2015\kxescore.exe -- (kxescore)
SRV - [2016/01/09 10:13:54 | 002,786,816 | ---- | M] (TODO: ) [Auto | Stopped] -- C:\ProgramData\Windows Update\upgsvr.exe -- (GoogleChromeUpServlce)
SRV - [2016/01/08 00:51:03 | 002,786,816 | ---- | M] (TODO: ) [Auto | Stopped] -- C:\ProgramData\Windows Update\svrupg.exe -- (GoogleChromeUpSvc)
SRV - [2016/01/08 00:40:07 | 000,349,152 | ---- | M] (DotCash Limited) [Auto | Running] -- C:\Program Files\MPC Cleaner\MPCProtectService.exe -- (MPCProtectService)
SRV - [2016/01/03 02:37:12 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/12/16 23:55:23 | 000,417,400 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2015/12/13 02:27:29 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2015/12/09 10:52:59 | 001,872,504 | ---- | M] (NVIDIA Corporation) [On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2015/12/09 10:52:58 | 006,443,128 | ---- | M] (NVIDIA Corporation) [On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe -- (NvStreamNetworkSvc)
SRV - [2015/12/09 10:52:58 | 005,119,096 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe -- (NvStreamSvc)
SRV - [2015/12/09 10:52:58 | 000,922,744 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV - [2015/10/28 18:49:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/10/14 22:52:00 | 000,069,448 | ---- | M] (Google Inc.) [Auto | Running] -- C:\Program Files\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe -- (chromoting)
SRV - [2015/10/12 09:28:44 | 001,433,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2015/10/12 09:28:42 | 001,773,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2015/07/23 02:53:34 | 000,937,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\diagtrack.dll -- (DiagTrack)
SRV - [2015/07/21 20:23:32 | 000,831,096 | ---- | M] (BlueStack Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\BlueStacks\HD-UpdaterService.exe -- (BstHdUpdaterSvc)
SRV - [2015/07/09 12:14:04 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2015/06/16 22:33:36 | 000,413,304 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2015/06/16 22:33:14 | 000,433,784 | ---- | M] (BlueStack Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2014/05/22 01:14:30 | 000,549,144 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\WTabletServicePro.exe -- (WTabletServicePro)
SRV - [2013/09/26 12:07:40 | 000,131,608 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeService2.exe -- (SonicStage Back-End Service2)
SRV - [2013/09/20 00:48:34 | 000,167,208 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\OpenMG\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2013/05/27 13:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/09/15 20:48:53 | 000,678,416 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\xsherlock.xem -- (xsherlock)
SRV - [2010/03/12 01:01:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 10:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\xhunter1.sys -- (xhunter1)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva410.sys -- (XDva410)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva401.sys -- (XDva401)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva365.sys -- (XDva365)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva351.sys -- (XDva351)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva347.sys -- (XDva347)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\vtany.sys -- (vtany)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\npkakl.sys -- (npkakl)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\CDriver.sys -- (MSICDSetup)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2016/01/10 23:24:34 | 000,222,544 | ---- | M] (Kingsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\kisknl.sys -- (kisknl)
DRV - [2016/01/10 23:24:34 | 000,140,088 | ---- | M] (Kingsoft Corporation) [Kernel | System | Running] -- c:\Program Files\Kingsoft\kingsoft internet security 2015\security\kxescan\kdhacker.sys -- (KDHacker)
DRV - [2016/01/10 23:24:34 | 000,113,464 | ---- | M] (Kingsoft Corporation) [Kernel | System | Running] -- c:\Program Files\Kingsoft\kingsoft internet security 2015\security\ksnetm\kisnetm.sys -- (kisnetm)
DRV - [2016/01/10 23:24:34 | 000,080,744 | ---- | M] (Kingsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ksapi.sys -- (ksapi)
DRV - [2016/01/10 23:24:34 | 000,028,520 | ---- | M] (Kingsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kavbootc.sys -- (KAVBootC)
DRV - [2016/01/09 01:48:58 | 000,019,984 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\EsgScanner.sys -- (EsgScanner)
DRV - [2016/01/08 00:40:10 | 000,048,872 | ---- | M] (DotCash) [File_System | System | Running] -- C:\Windows\System32\drivers\MPCKpt.sys -- (MPCKpt)
DRV - [2016/01/08 00:40:10 | 000,028,648 | ---- | M] (DotCash) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\MPCBase.sys -- (MPCBase)
DRV - [2015/12/17 02:04:32 | 010,493,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2015/12/17 02:04:32 | 000,170,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2015/12/09 10:52:58 | 000,018,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV - [2015/08/11 13:55:08 | 000,044,840 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvvad32v.sys -- (nvvad_WaveExtensible)
DRV - [2015/06/16 22:33:22 | 000,131,704 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys -- (BstHdDrv)
DRV - [2014/03/18 01:13:36 | 000,080,696 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wachidrouter.sys -- (WacHidRouter)
DRV - [2014/03/18 01:13:36 | 000,013,112 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV - [2014/03/18 01:13:36 | 000,012,088 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf)
DRV - [2013/12/31 18:22:18 | 000,014,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\apf005.sys -- (apf005)
DRV - [2013/10/02 09:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013/07/26 21:23:52 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/01/25 17:44:26 | 000,027,496 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VirtualAudio5.sys -- (WsAudio_Device(5)
DRV - [2013/01/25 17:44:26 | 000,027,496 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VirtualAudio4.sys -- (WsAudio_Device(4)
DRV - [2013/01/25 17:44:26 | 000,027,496 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VirtualAudio3.sys -- (WsAudio_Device(3)
DRV - [2013/01/25 17:44:26 | 000,027,496 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VirtualAudio2.sys -- (WsAudio_Device(2)
DRV - [2013/01/25 17:44:26 | 000,027,496 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VirtualAudio1.sys -- (WsAudio_Device(1)
DRV - [2012/08/23 23:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/07/04 13:47:00 | 000,073,728 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetndis.sys -- (andnetndis)
DRV - [2012/07/03 11:56:00 | 000,025,856 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetadb.sys -- (andnetadb)
DRV - [2012/07/03 11:43:00 | 000,027,776 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetmodem.sys -- (ANDNetModem)
DRV - [2012/07/03 11:43:00 | 000,023,040 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetdiag2.sys -- (AndNetDiag2)
DRV - [2012/07/03 11:43:00 | 000,023,040 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetdiag.sys -- (AndNetDiag)
DRV - [2011/12/14 01:00:08 | 000,010,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\apf001.sys -- (apf001)
DRV - [2011/05/18 08:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/11/20 18:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/10/26 23:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2001/11/27 11:29:52 | 000,966,784 | ---- | M] (YAMAHA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sxgxgwdm.sys -- (SOFTXG)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ????
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ????
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,OCustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,OSearchAssistant =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0644EE93-D778-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ????
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ????
IE - HKCU\..\SearchScopes,DefaultScope = {0644EE93-D778-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@gamechu.jp/gamechusupport-4: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre1.8.0_60\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.co.jp/NxGame: C:\ProgramData\NexonJP\NGM\npNxGameJP.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\pmang.jp/pmangdiagnostic-1: C:\GameOn\Common files\nppmangdiagnostic.dll File not found
FF - HKLM\Software\MozillaPlugins\pmang.jp/pmangsupport-1: C:\GameOn\Common files\nppmangsupport.dll File not found
FF - HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)


[2013/06/14 23:42:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2016/01/09 22:32:48 | 000,450,774 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15471 more lines...
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {AEF44653-C059-42CB-A5B7-41C640DA4A67} - No CLSID value found.
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [kssetup] C:\Program Files\Kingsoft\Kssetup\starthome.exe (www.kingsoft.jp)
O4 - HKLM..\Run: [kxesc] c:\program files\kingsoft\kingsoft internet security 2015\kxetray.exe (Kingsoft Corporation)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ShadowPlay] C:\Windows\System32\nvspcap.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [taskhost] C:\ProgramData\WindowsMsg\E65602AFF61208B55B30B58739BDA171.dll ()
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer File not found
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutorun = 181
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9 - Extra Button: starthome - {06926B30-424E-4f1c-8EE3-543CD96573DF} - C:\Program Files\Kingsoft\Kssetup\starthome.exe (www.kingsoft.jp)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0172828C-CB7D-4C10-AF96-0ED9B52DCFDC} http://update.g2gcdn.com/g2g/g2gdownloader/GameOnG2G.cab (GameOnG2GCtrl Class)
O16 - DPF: {134DD8EF-7716-4538-A430-EFEB7517E6E7} http://icarus.gamecom.jp/Common/cab/WebLauncher.cab (WebLauncher Control)
O16 - DPF: {145C073F-9098-41CA-81E1-295D17CDFD55} https://ta-online.jp/weblauncher/common/CnCGameLauncher.cab (TTS Launcher Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {31EE92CA-C0F5-48F7-AE60-B54CDF3BB76C} http://202.95.222.164/player/AcqVPlayerX_2_0_3_9.cab (AcqVPlayer Control)
O16 - DPF: {416A7570-8626-4935-B4AC-F7712B909FFE} http://210.136.222.73/kamuse/kcsjpdownload/activex/KCSActiveXJPv3_1002.cab (KCSActiveXJPv3Ctrl Class)
O16 - DPF: {5082D9B5-5538-4C50-BDB1-C5F44BFB98CC} http://down.hangame.co.jp/jp/installer/HgRunPub.cab (HgRunPub Class)
O16 - DPF: {5EBC1E61-6BD1-4FBC-AB60-744144EA615D} http://karos.oge.jp/html/cab/ver4/AtlAX.cab (AtlAXCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivX Web Player Object)
O16 - DPF: {6FC19219-C47E-4880-9A70-D218A1C374F9} http://www.sdgundamcfo.jp/common/CJIJTransX.cab (CJIJTransX Control)
O16 - DPF: {7216BF69-1FB3-438C-9A51-9DA82B676BC0} http://stonline.arario.jp/activeX/AraGameStarterW6.cab (ArarioGameStarter6 Class)
O16 - DPF: {785287DD-2A28-4558-BC5C-4F8D1350631D} https://sys.ixion-saga.jp/auth/login/pannel/CapcomLoader32.cab (CapcomLoaderObject Class)
O16 - DPF: {865C98C4-E909-44DF-B2A1-C659E6C2AF47} http://dragonsprophet.aeriagames.jp/files/cab/DP_GameStarter.cab (DragonsProphetGameStarter Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8C2E6E01-D1F6-4A94-B314-7C5DF4EE1853} http://down.hangame.co.jp/jp/dist/hgstart/HGReport.cab (SpecAnalyzer Class)
O16 - DPF: {9BEEA7FF-FF76-403C-B124-86D9835435F0} https://file.gamechu.net/dl/download/sessionctrl.cab (GameChu Login Control)
O16 - DPF: {A1A81C4D-C5FB-40C7-98F0-308516A67693} http://ge.hanbitstation.jp/launcher/HUELauncher.cab (HLauncher Control)
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} http://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher.cab_1.0.1.8 (NeffyLauncherCtl Class)
O16 - DPF: {B0B7F252-5B1D-4F56-9172-29AD9F62537E} http://tartaros.gamescampus.co.jp/activex/GamesCampus.cab (GamesCampus Control)
O16 - DPF: {BBA1ABFD-C9A1-41E8-959A-161F17E145D4} http://update.g2gcdn.com/g2g/g2gdownloader/G2GDownloader.cab (G2GDownloaderCtrl Class)
O16 - DPF: {C299BD0C-F41B-4A8B-8D05-964A141D8C28} https://grandfantasia.aeriagames.jp/files/gf/GrandFantasia.cab (GameStarter Control)
O16 - DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} https://gash.gamania.co.jp/acxauth/cab/2.0.1/lcjggame.cab (Game Starter Control)
O16 - DPF: {CAFEEFAC-0018-0000-0060-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab (Java Plug-in 1.8.0_60)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab (Java Plug-in 1.8.0_60)
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} https://nprotect.gameon.co.jp/keycrypt_20101021/npkcx_10021.cab (Reg Error: Key error.)
O16 - DPF: {E2729F99-A050-4F4D-AE9F-7492C5532F49} http://down.hangame.co.jp/jp/dist/hgtagent2/hgtagent2.cab (HgTAgent2 Extension Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E4FC78EE-7DB9-444B-AF43-DB5F48E29D60} http://plugins.mk-style.com/ccmedia_launcher_vov.cab (ccmedia_launcher Control)
O16 - DPF: {F2A8D14C-33BE-4E6E-B4B3-67F4062428A9} http://update.g2gcdn.com/g2g/g2gdownloader/G2GDownloader2.cab (G2GDownloader2Ctrl Class)
O16 - DPF: {F4C75105-84BB-414D-AE37-4F0EEEEDE881} https://genshin.x-legend.co.jp/X-LegendGameStarter.cab (X-Legend GameStarter Control)
O16 - DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} http://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab (PubPlugin Class)
O16 - DPF: {FFF7D8B7-A5EA-4270-8F68-140CE3F8F117} http://support.eonet.jp/download/eo_tool/dldata/kantan_tool/32/eomcfgax.cab (ｅｏかんたんメール設定ツール)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 59.190.147.17 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FFBDE0E-7B4C-454A-B3C7-00F917C7CA41}: DhcpNameServer = 59.190.147.17 192.168.0.1
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 06:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{04ac323c-5e18-11e2-8cf9-4061862ce37f}\Shell - "" = AutoRun
O33 - MountPoints2\{04ac323c-5e18-11e2-8cf9-4061862ce37f}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{91550ef1-38dd-11e4-87a0-4061862ce37f}\Shell - "" = AutoRun
O33 - MountPoints2\{91550ef1-38dd-11e4-87a0-4061862ce37f}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O33 - MountPoints2\{b15ea447-c5b2-11e2-87f1-4061862ce37f}\Shell - "" = AutoRun
O33 - MountPoints2\{b15ea447-c5b2-11e2-87f1-4061862ce37f}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{c8d777ae-4196-11e2-bf7d-4061862ce37f}\Shell - "" = AutoRun
O33 - MountPoints2\{c8d777ae-4196-11e2-bf7d-4061862ce37f}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O33 - MountPoints2\{c8d778de-4196-11e2-bf7d-4061862ce37f}\Shell - "" = AutoRun
O33 - MountPoints2\{c8d778de-4196-11e2-bf7d-4061862ce37f}\Shell\AutoRun\command - "" = HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{c8d77910-4196-11e2-bf7d-4061862ce37f}\Shell - "" = AutoRun
O33 - MountPoints2\{c8d77910-4196-11e2-bf7d-4061862ce37f}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SBBD.exe /d \Device\HarddiskVolume2\Program Files\Ad-Aware Antivirus\Definitions)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {23A20C3C-2ADD-4A80-AFB4-C146F8847D79} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3911CF56-9EF2-39BA-846A-C27BD3CD0685} - .NET Framework
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4903D172-DCCB-392F-93A3-34CA9D47FE3D} - .NET Framework
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {66C64F22-FC60-4E6C-A6B5-F0D580E680CE} - C:\Windows\System32\ie4uinit.exe -EnableTLS
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7D715857-A67C-4C2F-A929-038448584D63} - C:\Windows\System32\ie4uinit.exe -DisableSSL3
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A1A81C4D-C5FB-40c7-98F0-308516A67693} - HUELauncher1_1_0_3
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2016/01/14 23:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
[2016/01/13 22:30:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2016/01/13 20:17:12 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2016/01/13 20:17:12 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2016/01/13 20:17:12 | 000,341,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2016/01/13 20:17:12 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2016/01/13 20:17:12 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2016/01/13 20:17:12 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2016/01/13 20:17:12 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2016/01/13 20:17:12 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2016/01/13 20:17:11 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2016/01/13 20:17:11 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2016/01/13 20:17:11 | 000,687,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2016/01/13 20:17:11 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2016/01/13 20:17:11 | 000,416,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2016/01/13 20:17:11 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2016/01/13 20:17:10 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2016/01/13 20:17:10 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2016/01/13 20:17:10 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2016/01/13 20:17:10 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2016/01/13 20:17:09 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2016/01/13 20:17:08 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2016/01/13 20:17:07 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2016/01/13 20:17:07 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2016/01/13 20:17:06 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2016/01/13 20:17:04 | 004,610,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2016/01/13 20:16:55 | 001,230,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appraiser.dll
[2016/01/13 20:16:54 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll
[2016/01/13 20:16:54 | 000,591,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\invagent.dll
[2016/01/13 20:16:54 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devinv.dll
[2016/01/13 20:16:53 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acmigration.dll
[2016/01/13 20:16:53 | 000,022,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CompatTelRunner.exe
[2016/01/13 20:16:45 | 003,938,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2016/01/13 20:16:44 | 003,993,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2016/01/13 20:16:44 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2016/01/13 20:16:44 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2016/01/13 20:16:44 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2016/01/13 20:16:44 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2016/01/13 20:16:43 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2016/01/13 20:16:43 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaudite.dll
[2016/01/13 20:16:43 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll
[2016/01/13 20:16:43 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2016/01/13 20:16:43 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2016/01/13 20:16:43 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apisetschema.dll
[2016/01/13 20:16:30 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2016/01/13 20:16:30 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepic.dll
[2016/01/13 20:16:27 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2016/01/13 20:16:26 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2016/01/13 20:16:24 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapistub.dll
[2016/01/13 20:16:24 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapi32.dll
[2016/01/13 20:16:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fixmapi.exe
[2016/01/13 20:16:22 | 003,209,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2016/01/13 20:16:22 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2016/01/13 20:16:22 | 001,568,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2016/01/13 20:16:22 | 001,329,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2016/01/13 20:16:22 | 000,970,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2adec.dll
[2016/01/13 20:16:22 | 000,902,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL
[2016/01/13 20:16:22 | 000,829,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL
[2016/01/13 20:16:22 | 000,815,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOE.DLL
[2016/01/13 20:16:22 | 000,740,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2016/01/13 20:16:22 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2016/01/13 20:16:22 | 000,728,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2016/01/13 20:16:22 | 000,665,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2016/01/13 20:16:22 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2016/01/13 20:16:22 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2016/01/13 20:16:22 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COLORCNV.DLL
[2016/01/13 20:16:22 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devenum.dll
[2016/01/13 20:16:21 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2016/01/13 20:16:21 | 001,325,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOE.DLL
[2016/01/13 20:16:21 | 001,202,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMALFXGFXDSP.dll
[2016/01/13 20:16:21 | 000,609,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFWMAAEC.DLL
[2016/01/13 20:16:21 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2016/01/13 20:16:21 | 000,415,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2016/01/13 20:16:21 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSENCD.DLL
[2016/01/13 20:16:21 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2016/01/13 20:16:21 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
[2016/01/13 20:16:21 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPG4DECD.DLL
[2016/01/13 20:16:21 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP43DECD.DLL
[2016/01/13 20:16:21 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RESAMPLEDMO.DLL
[2016/01/13 20:16:21 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qasf.dll
[2016/01/13 20:16:21 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksproxy.ax
[2016/01/13 20:16:21 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2016/01/13 20:16:21 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VIDRESZR.DLL
[2016/01/13 20:16:21 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2016/01/13 20:16:21 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2016/01/13 20:16:21 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP3DMOD.DLL
[2016/01/13 20:16:21 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfvdsp.dll
[2016/01/13 20:16:21 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2016/01/13 20:16:21 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2016/01/13 20:16:21 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksuser.dll
[2016/01/13 20:16:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2016/01/12 23:37:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\taku nishiguchi\Desktop\OTL.exe
[2016/01/11 23:38:30 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2016/01/11 23:23:42 | 000,170,200 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2016/01/11 23:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2016/01/11 23:23:18 | 000,094,936 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2016/01/11 23:23:18 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2016/01/11 23:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2016/01/11 23:18:28 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\AppData\Roaming\Malwarebytes
[2016/01/11 23:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2016/01/11 23:18:18 | 000,023,256 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbam.sys
[2016/01/10 23:24:34 | 000,224,592 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisknl64.sys
[2016/01/10 23:24:34 | 000,222,544 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisknl_del.sys
[2016/01/10 23:24:34 | 000,222,544 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisknl.sys
[2016/01/10 23:24:34 | 000,180,024 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kdhacker64.sys
[2016/01/10 23:24:34 | 000,140,088 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kdhacker.sys
[2016/01/10 23:24:34 | 000,115,000 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisnetmxp.sys
[2016/01/10 23:24:34 | 000,113,464 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisnetm.sys
[2016/01/10 23:24:34 | 000,109,880 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisnetm64.sys
[2016/01/10 23:24:34 | 000,080,744 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\ksapi.sys
[2016/01/10 23:24:34 | 000,056,680 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\ksapi64.sys
[2016/01/10 23:24:34 | 000,037,736 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\bootsafe64.sys
[2016/01/10 23:24:34 | 000,031,848 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kavbootc64.sys
[2016/01/10 23:24:34 | 000,028,520 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kavbootc.sys
[2016/01/10 23:24:34 | 000,026,472 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\bootsafe.sys
[2016/01/10 23:24:34 | 000,024,472 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\bc.sys
[2016/01/10 23:24:34 | 000,019,352 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\ksskrpr.sys
[2016/01/10 23:24:34 | 000,018,296 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kusbquery64.sys
[2016/01/10 23:24:34 | 000,014,200 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kusbquery.sys
[2016/01/10 23:02:45 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\Desktop\HJT
[2016/01/10 16:01:46 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\Desktop\backups
[2016/01/10 15:26:28 | 006,340,384 | ---- | C] (Geek Uninstaller) -- C:\Users\taku nishiguchi\Desktop\geek.exe
[2016/01/10 09:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2016/01/10 09:33:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2016/01/09 22:41:24 | 000,000,000 | ---D | C] -- C:\KVRT_Data
[2016/01/09 01:49:11 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\Start Menu
[2016/01/09 01:22:58 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\AppData\Roaming\Geek Uninstaller
[2016/01/08 16:23:29 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\AppData\Local\{7F568093-1816-4CE4-A990-1CAC949AF54A}
[2016/01/08 00:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsMsg
[2016/01/08 00:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\osTip
[2016/01/08 00:51:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Update
[2016/01/08 00:48:25 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\AppData\Roaming\LightGate
[2016/01/08 00:43:46 | 000,048,872 | ---- | C] (DotCash) -- C:\Windows\System32\drivers\MPCKpt.sys
[2016/01/08 00:40:53 | 000,028,648 | ---- | C] (DotCash) -- C:\Windows\System32\drivers\MPCBase.sys
[2016/01/08 00:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\MPC Cleaner
[2016/01/08 00:39:19 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\AppData\Local\Installer
[2016/01/08 00:39:18 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\AppData\Local\Setup Wizard
[2016/01/05 19:52:26 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\AppData\Local\{D701BD39-1E49-44A7-901D-ECE85711B5A7}
[2016/01/01 18:06:18 | 000,796,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2016/01/01 18:06:18 | 000,142,528 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2015/12/31 15:29:30 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\AppData\Local\CrashDumps
[2015/12/30 18:48:26 | 000,103,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvStreaming.exe
[2015/12/30 18:47:36 | 000,075,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nv3dappshextr.dll
[2015/12/30 18:47:35 | 000,429,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nv3dappshext.dll
[2015/12/30 18:45:08 | 000,170,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2015/12/30 18:45:08 | 000,035,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll
[2015/12/30 18:45:07 | 024,895,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2015/12/30 18:45:07 | 017,157,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2015/12/30 18:45:07 | 010,493,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2015/12/30 18:45:07 | 002,755,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2015/12/30 18:45:07 | 001,060,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3236143.dll
[2015/12/30 18:45:07 | 000,917,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3236143.dll
[2015/12/30 18:45:07 | 000,734,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll
[2015/12/30 18:45:07 | 000,681,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll
[2015/12/30 18:45:07 | 000,423,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvEncodeAPI.dll
[2015/12/30 18:45:07 | 000,388,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvumdshim.dll
[2015/12/30 18:45:07 | 000,370,808 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvIFROpenGL.dll
[2015/12/30 18:45:07 | 000,153,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll
[2015/12/30 18:45:07 | 000,128,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglshim32.dll
[2015/12/28 20:25:05 | 000,000,000 | ---D | C] -- C:\Program Files\はがきデザインキット
[2015/12/28 18:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2015/12/28 18:18:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2016/01/14 23:21:17 | 000,342,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2016/01/14 23:21:06 | 000,000,674 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/01/14 23:21:05 | 000,000,094 | ---- | M] () -- C:\Windows\System32\cookies
[2016/01/14 23:21:03 | 000,001,687 | ---- | M] () -- C:\Users\Public\Desktop\MPC Cleaner.lnk
[2016/01/14 23:20:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/01/14 23:20:47 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys
[2016/01/14 23:05:22 | 000,000,678 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016/01/14 23:03:01 | 000,022,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016/01/14 23:03:01 | 000,022,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016/01/14 22:59:40 | 000,654,270 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2016/01/14 22:59:40 | 000,411,178 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2016/01/14 22:59:40 | 000,122,224 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2016/01/14 22:59:40 | 000,122,142 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2016/01/14 00:37:00 | 000,000,626 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/01/12 23:37:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\taku nishiguchi\Desktop\OTL.exe
[2016/01/12 02:32:52 | 000,170,200 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2016/01/11 23:23:21 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/01/11 23:12:33 | 001,749,504 | ---- | M] () -- C:\Users\taku nishiguchi\Desktop\AdwCleaner.exe
[2016/01/11 14:20:23 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\不要ファイル.lnk
[2016/01/10 23:43:49 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2016/01/10 23:24:34 | 000,224,592 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisknl64.sys
[2016/01/10 23:24:34 | 000,222,544 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisknl_del.sys
[2016/01/10 23:24:34 | 000,222,544 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisknl.sys
[2016/01/10 23:24:34 | 000,180,024 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kdhacker64.sys
[2016/01/10 23:24:34 | 000,140,088 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kdhacker.sys
[2016/01/10 23:24:34 | 000,115,000 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisnetmxp.sys
[2016/01/10 23:24:34 | 000,113,464 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisnetm.sys
[2016/01/10 23:24:34 | 000,109,880 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisnetm64.sys
[2016/01/10 23:24:34 | 000,080,744 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\ksapi.sys
[2016/01/10 23:24:34 | 000,056,680 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\ksapi64.sys
[2016/01/10 23:24:34 | 000,037,736 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\bootsafe64.sys
[2016/01/10 23:24:34 | 000,031,848 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kavbootc64.sys
[2016/01/10 23:24:34 | 000,028,520 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kavbootc.sys
[2016/01/10 23:24:34 | 000,026,472 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\bootsafe.sys
[2016/01/10 23:24:34 | 000,024,472 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\bc.sys
[2016/01/10 23:24:34 | 000,019,352 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\ksskrpr.sys
[2016/01/10 23:24:34 | 000,018,296 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kusbquery64.sys
[2016/01/10 23:24:34 | 000,014,200 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kusbquery.sys
[2016/01/10 23:19:58 | 000,000,000 | ---- | M] () -- C:\Windows\1
[2016/01/10 09:33:24 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2016/01/09 22:32:48 | 000,450,774 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2016/01/09 22:00:20 | 000,004,782 | ---- | M] () -- C:\Users\taku nishiguchi\AppData\Roaming\webad.xml
[2016/01/09 01:48:58 | 000,019,984 | ---- | M] () -- C:\Windows\System32\drivers\EsgScanner.sys
[2016/01/09 00:06:01 | 001,736,192 | ---- | M] () -- C:\ProgramData\upgsvr.exe
[2016/01/08 16:38:58 | 000,002,157 | ---- | M] () -- C:\user.js
[2016/01/08 16:22:57 | 000,000,000 | ---- | M] () -- C:\Users\taku nishiguchi\AppData\Roaming\svrupg.exe
[2016/01/08 02:34:23 | 002,417,664 | ---- | M] () -- C:\ProgramData\msdtc.exe
[2016/01/08 00:49:16 | 000,004,782 | ---- | M] () -- C:\ProgramData\webad.xml
[2016/01/08 00:40:38 | 000,631,808 | ---- | M] () -- C:\Windows\rbc.dat
[2016/01/08 00:40:10 | 000,048,872 | ---- | M] (DotCash) -- C:\Windows\System32\drivers\MPCKpt.sys
[2016/01/08 00:40:10 | 000,028,648 | ---- | M] (DotCash) -- C:\Windows\System32\drivers\MPCBase.sys
[2016/01/07 18:26:59 | 001,737,216 | ---- | M] () -- C:\Users\taku nishiguchi\AppData\Roaming\upgsvr.exe
[2016/01/03 02:37:09 | 000,796,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2016/01/03 02:37:09 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2015/12/31 03:47:23 | 003,993,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2015/12/31 03:47:23 | 003,938,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2015/12/31 03:41:03 | 000,400,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2015/12/31 03:39:38 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2015/12/31 03:39:32 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll
[2015/12/31 03:39:17 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msaudite.dll
[2015/12/31 03:38:12 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2015/12/31 03:37:35 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apisetschema.dll
[2015/12/31 03:37:30 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2015/12/31 02:44:49 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2015/12/31 02:38:31 | 000,262,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2015/12/31 02:30:51 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2015/12/28 20:24:05 | 005,670,002 | ---- | M] () -- C:\Users\taku nishiguchi\Documents\design_kit.air
[2015/12/24 07:52:08 | 000,341,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2015/12/17 02:04:32 | 037,608,752 | ---- | M] () -- C:\Windows\System32\nvcompiler.dll
[2015/12/17 02:04:32 | 024,895,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2015/12/17 02:04:32 | 017,561,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2015/12/17 02:04:32 | 017,157,160 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2015/12/17 02:04:32 | 016,286,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2015/12/17 02:04:32 | 014,005,408 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2015/12/17 02:04:32 | 010,493,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2015/12/17 02:04:32 | 003,211,760 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2015/12/17 02:04:32 | 002,755,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2015/12/17 02:04:32 | 001,060,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3236143.dll
[2015/12/17 02:04:32 | 000,926,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvhdagenco3220103.dll
[2015/12/17 02:04:32 | 000,917,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3236143.dll
[2015/12/17 02:04:32 | 000,734,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll
[2015/12/17 02:04:32 | 000,681,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll
[2015/12/17 02:04:32 | 000,423,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvEncodeAPI.dll
[2015/12/17 02:04:32 | 000,388,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvumdshim.dll
[2015/12/17 02:04:32 | 000,370,808 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NvIFROpenGL.dll
[2015/12/17 02:04:32 | 000,194,680 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2015/12/17 02:04:32 | 000,170,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2015/12/17 02:04:32 | 000,153,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll
[2015/12/17 02:04:32 | 000,128,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglshim32.dll
[2015/12/17 02:04:32 | 000,035,984 | ---- | M] (NVIDIA Corpor

　途中で途切れた分続きから張ります。

[2015/12/17 02:04:32 | 000,035,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll
[2015/12/17 02:04:32 | 000,029,787 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2015/12/16 23:55:24 | 000,103,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvStreaming.exe
[2015/12/16 23:49:10 | 003,939,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2015/12/16 23:49:10 | 002,582,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2015/12/16 23:49:09 | 002,554,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2015/12/16 23:49:09 | 000,375,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2015/12/16 23:49:09 | 000,061,744 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2015/12/16 23:49:08 | 000,429,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nv3dappshext.dll
[2015/12/16 23:49:08 | 000,075,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nv3dappshextr.dll
[2015/12/16 23:49:04 | 006,090,019 | ---- | M] () -- C:\Windows\System32\nvcoproc.bin
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2016/01/14 23:20:52 | 000,342,072 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2016/01/13 22:34:00 | 000,001,687 | ---- | C] () -- C:\Users\Public\Desktop\MPC Cleaner.lnk
[2016/01/11 23:18:19 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/01/11 23:12:33 | 001,749,504 | ---- | C] () -- C:\Users\taku nishiguchi\Desktop\AdwCleaner.exe
[2016/01/11 14:20:23 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\不要ファイル.lnk
[2016/01/10 23:19:58 | 000,000,000 | ---- | C] () -- C:\Windows\1
[2016/01/10 15:01:02 | 001,736,192 | ---- | C] () -- C:\ProgramData\upgsvr.exe
[2016/01/10 09:33:24 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2016/01/09 01:48:58 | 000,019,984 | ---- | C] () -- C:\Windows\System32\drivers\EsgScanner.sys
[2016/01/08 16:10:23 | 000,000,000 | ---- | C] () -- C:\Users\taku nishiguchi\AppData\Roaming\svrupg.exe
[2016/01/08 00:51:21 | 000,004,782 | ---- | C] () -- C:\Users\taku nishiguchi\AppData\Roaming\webad.xml
[2016/01/08 00:49:54 | 000,600,312 | ---- | C] () -- C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
[2016/01/08 00:49:26 | 001,081,344 | ---- | C] () -- C:\ProgramData\LightGate.exe
[2016/01/08 00:49:16 | 000,004,782 | ---- | C] () -- C:\ProgramData\webad.xml
[2016/01/08 00:49:14 | 002,417,664 | ---- | C] () -- C:\ProgramData\msdtc.exe
[2016/01/08 00:49:11 | 000,590,424 | ---- | C] () -- C:\Users\taku nishiguchi\AppData\Roaming\toolmini_jp[2015-12-08.17.00].exe
[2016/01/08 00:48:22 | 001,081,344 | ---- | C] () -- C:\Users\taku nishiguchi\AppData\Roaming\LightGate.exe
[2016/01/08 00:48:22 | 000,000,094 | ---- | C] () -- C:\Windows\System32\cookies
[2016/01/08 00:48:14 | 001,737,216 | ---- | C] () -- C:\Users\taku nishiguchi\AppData\Roaming\upgsvr.exe
[2016/01/08 00:40:32 | 000,631,808 | ---- | C] () -- C:\Windows\rbc.dat
[2016/01/02 00:07:11 | 000,000,626 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/12/30 18:45:07 | 037,608,752 | ---- | C] () -- C:\Windows\System32\nvcompiler.dll
[2015/12/30 18:34:01 | 000,091,384 | ---- | C] () -- C:\Windows\System32\NvRtmpStreamer32.dll
[2015/12/28 20:24:11 | 005,670,002 | ---- | C] () -- C:\Users\taku nishiguchi\Documents\design_kit.air
[2015/11/10 21:24:50 | 000,601,632 | ---- | C] () -- C:\Windows\System32\MdpThumb32.dll
[2015/01/27 22:35:32 | 000,151,612 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/02/18 13:57:11 | 000,007,598 | ---- | C] () -- C:\Users\taku nishiguchi\AppData\Local\Resmon.ResmonCfg
[2011/09/18 15:31:32 | 000,000,054 | ---- | C] () -- C:\Users\taku nishiguchi\AppData\Roaming\sg2.xml
[2009/11/12 15:49:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 13:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/08/07 02:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 10:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== Custom Scans ==========[/color]
[2016/01/10 22:57:20 | 000,000,000 | RH-D | M] -- C:\KRECYCLE
[2012/07/22 12:43:46 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012/10/20 23:26:03 | 000,000,000 | -H-D | M] -- C:\SafeRecycle
[2014/05/28 23:05:13 | 000,000,000 | -H-D | M] -- C:\_OTL\MovedFiles\01132016_223050\C_Users\taku nishiguchi\AppData\Local\Temp\FreemakeVideoConverterTemp\Freemake_do_not_remove_this_folder
[2011/11/05 13:32:45 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2015/01/18 14:46:44 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/09/17 12:12:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Temp
[2011/11/05 13:32:45 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ\IJPrinter
[2011/11/05 13:33:15 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ\IJPrinter\Canon iP4500 series
[2016/01/10 23:20:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Common Files\nsklog
[2015/07/02 20:05:17 | 000,000,000 | -H-D | M] -- C:\Program Files\Common Files\Sony Shared\OpenMG\OMGRIGHT
[2011/11/04 16:38:40 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2014/12/24 13:28:11 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ\IJPrinter
[2011/11/05 13:33:19 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows
[2011/11/04 16:38:41 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon Inkjet iP4500 series
[2011/11/05 13:56:15 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon iP4500 series
[2015/09/19 16:59:43 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser
[2012/01/27 23:17:02 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CLUpdater\Power2Go\6.0
[2012/01/08 13:48:31 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CLUpdater\PowerDVD\8.00
[2009/11/12 15:42:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\Power2Go\6.0
[2009/11/12 15:42:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\PowerBackup\2.50
[2009/11/12 15:42:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\POWERDVD\8.00
[2009/11/12 15:42:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\PowerProducer\5.0
[2009/11/12 15:42:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\PowerStarter\6.00
[2009/07/14 13:52:30 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc
[2009/07/15 00:50:31 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2009/07/14 13:52:30 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\Profiles
[2015/08/19 23:23:36 | 000,000,000 | -H-D | M] -- C:\ProgramData\Wondershare\Dr.Fone\DBCache
[2012/10/20 23:26:03 | 000,000,000 | -H-D | M] -- C:\SafeRecycle\update
[2012/10/20 23:26:12 | 000,000,000 | -H-D | M] -- C:\SafeRecycle\update\ksafe
[2009/11/12 15:25:50 | 000,000,000 | RH-D | M] -- C:\Users\Default
[2015/08/19 23:26:45 | 000,000,000 | RH-D | M] -- C:\Users\Administrator\AppData\Roaming
[2011/11/04 16:38:40 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ
[2014/12/24 13:28:11 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ\IJPrinter
[2011/11/05 13:33:19 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows
[2011/11/04 16:38:41 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows\Canon Inkjet iP4500 series
[2011/11/05 13:56:15 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows\Canon iP4500 series
[2015/09/19 16:59:43 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser
[2012/01/27 23:17:02 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CLUpdater\Power2Go\6.0
[2012/01/08 13:48:31 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CLUpdater\PowerDVD\8.00
[2009/11/12 15:42:28 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\Power2Go\6.0
[2009/11/12 15:42:29 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\PowerBackup\2.50
[2009/11/12 15:42:28 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\POWERDVD\8.00
[2009/11/12 15:42:28 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\PowerProducer\5.0
[2009/11/12 15:42:28 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\PowerStarter\6.00
[2009/07/14 13:52:30 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc
[2009/07/15 00:50:31 | 000,000,000 | RH-D | M] -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2009/07/14 13:52:30 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\Profiles
[2015/08/19 23:23:36 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Wondershare\Dr.Fone\DBCache
[2009/07/14 11:37:05 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2016/01/14 23:21:03 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2009/09/25 17:26:08 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2015/06/20 00:58:12 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2012/01/27 23:16:55 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\Power2Go
[2012/11/07 21:54:40 | 000,000,000 | -H-D | M] -- C:\Users\Public\Music\Sony MediaPlayerX\Shared\Fringe
[2011/10/15 13:12:28 | 000,000,000 | -H-D | M] -- C:\Users\Public\Pictures\Sony MediaPlayerX\Fringe
[2009/11/19 01:06:23 | 000,000,000 | -H-D | M] -- C:\Users\Public\Recorded TV\TempRec
[2012/06/27 12:35:37 | 000,000,000 | -H-D | M] -- C:\Users\Public\Videos\Sony MediaPlayerX\Fringe
[2009/12/25 10:28:23 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData
[2015/01/06 19:48:03 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
[2009/11/12 15:31:25 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2015/08/09 21:58:44 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
[2009/11/12 18:23:04 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Local\Microsoft\Media Player\アート キャッシュ
[2011/01/12 23:01:58 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Local\Microsoft\Media Player\ダウンロード ファイルの同期
[2012/09/20 19:53:56 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Local\Microsoft\Media Player\生成された再生リストの同期
[2015/11/23 08:34:25 | 000,000,000 | RH-D | M] -- C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Burn\Burn
[2012/12/09 10:24:24 | 000,000,000 | RH-D | M] -- C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Burn\Burn1
[2015/09/02 21:38:11 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Local\NVIDIA Corporation\Shield Apps\StreamingAssets
[2011/12/26 11:17:07 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Local\VirtualStore\ProgramData
[2012/01/27 23:16:56 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Roaming\CyberLink\MediaCache\Power2Go
[2012/12/04 01:08:37 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2015/07/05 23:11:34 | 000,000,000 | -H-D | M] -- C:\Windows\msdownld.tmp
[2009/11/12 15:27:27 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
[2009/11/19 01:06:33 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData
[2009/11/12 15:31:31 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\アート キャッシュ
[2011/11/05 13:33:15 | 000,000,000 | -H-D | M] -- C:\Windows\System32\CanonIJ Uninstaller Information
[2016/01/08 01:07:59 | 000,000,000 | -H-D | M] -- C:\Windows\System32\GroupPolicy
[2011/11/05 13:33:15 | 000,000,000 | -H-D | M] -- C:\Windows\System32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series
[2009/10/21 09:10:35 | 000,000,000 | -H-D | M] -- C:\Windows\System32\sysprep\s_test

[color=#A23BEC]< %windir%\tasks\*.job >[/color]
[2016/01/14 23:37:03 | 000,000,626 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/01/14 23:21:06 | 000,000,674 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/01/14 23:05:22 | 000,000,678 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[color=#E56717]========== Drive Information ==========[/color]

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD10EADS-00M2B0 ATA Device
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 931.00GB
Starting Offset: 105906176
Hidden sectors: 0


[color=#E56717]========== Base Services ==========[/color]
SRV - [2015/10/30 02:49:57 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2015/06/25 18:44:11 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/14 10:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 21:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 21:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2015/12/31 02:30:51 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/14 10:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/05 06:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2015/04/28 04:04:37 | 000,143,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 21:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 21:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/03 14:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/14 10:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/14 10:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/14 10:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 21:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/14 10:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/14 10:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/14 10:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/14 10:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2014/12/06 12:50:19 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/14 10:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 19:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/11 14:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2015/12/31 02:30:51 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/14 10:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 21:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 21:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/14 10:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2015/12/31 02:30:51 | 000,022,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/14 10:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 21:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 21:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2015/08/06 02:41:00 | 000,751,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 21:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/14 10:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2014/12/19 11:43:00 | 000,164,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 21:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2015/02/03 12:12:12 | 000,475,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2015/02/03 12:12:12 | 000,475,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 21:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2013/05/27 13:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 21:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 21:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 21:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2015/06/16 06:42:49 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/14 10:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2015/11/21 03:34:36 | 002,062,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 21:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/14 10:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 21:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

< End of report >

作業と報告、ご苦労様です。

今回の確認作業でも直接は改善なかったようですね。

ですが先のOTL処置時にはなかったもの、逆に先の処置後に消えているものも見えたので、これを含めて再度OTLで処置しましょう。

先にOTLで処置したときの要領でまたセーフモードでOTLで「Run fix」してみてください。
下記のスクリプトを使っての作業です。
作業後にPC再起動後、またしばらく様子見してから、処置後のOTLログとともに状態報告をお願いします
------------------------------------------
:OTL
PRC - [2016/01/08 00:40:07 | 000,349,152 | ---- | M] (DotCash Limited) -- C:\Program Files\MPC Cleaner\MPCProtectService.exe
PRC - [2016/01/08 00:40:07 | 000,166,880 | ---- | M] (DotCash Limited) -- C:\Program Files\MPC Cleaner\MPCTray.exe
SRV - [2016/01/08 00:40:07 | 000,349,152 | ---- | M] (DotCash Limited) [Auto | Running] -- C:\Program Files\MPC Cleaner\MPCProtectService.exe -- (MPCProtectService)
DRV - [2016/01/08 00:40:10 | 000,048,872 | ---- | M] (DotCash) [File_System | System | Running] -- C:\Windows\System32\drivers\MPCKpt.sys -- (MPCKpt)
DRV - [2016/01/08 00:40:10 | 000,028,648 | ---- | M] (DotCash) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\MPCBase.sys -- (MPCBase)
DRV - [2013/01/25 17:44:26 | 000,027,496 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VirtualAudio5.sys -- (WsAudio_Device(5)
DRV - [2013/01/25 17:44:26 | 000,027,496 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VirtualAudio4.sys -- (WsAudio_Device(4)
DRV - [2013/01/25 17:44:26 | 000,027,496 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VirtualAudio3.sys -- (WsAudio_Device(3)
DRV - [2013/01/25 17:44:26 | 000,027,496 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VirtualAudio2.sys -- (WsAudio_Device(2)
DRV - [2013/01/25 17:44:26 | 000,027,496 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VirtualAudio1.sys -- (WsAudio_Device(1)
[2016/01/14 23:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
[2016/01/08 00:43:46 | 000,048,872 | ---- | C] (DotCash) -- C:\Windows\System32\drivers\MPCKpt.sys
[2016/01/08 00:40:53 | 000,028,648 | ---- | C] (DotCash) -- C:\Windows\System32\drivers\MPCBase.sys
[2016/01/08 00:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\MPC Cleaner
[2016/01/14 23:21:03 | 000,001,687 | ---- | M] () -- C:\Users\Public\Desktop\MPC Cleaner.lnk
[2016/01/08 00:40:10 | 000,048,872 | ---- | M] (DotCash) -- C:\Windows\System32\drivers\MPCKpt.sys
[2016/01/08 00:40:10 | 000,028,648 | ---- | M] (DotCash) -- C:\Windows\System32\drivers\MPCBase.sys
[2016/01/08 00:49:54 | 000,600,312 | ---- | C] () -- C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe

:Files
C:\Program Files\MPC Cleaner\MPCProtectService.exe
C:\Program Files\MPC Cleaner\MPCTray.exe
C:\Program Files\MPC Cleaner\MPCProtectService.exe
C:\Windows\System32\drivers\MPCKpt.sys
C:\Windows\System32\drivers\MPCBase.sys
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe

:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]
[reboot]
------------------------------------------

　いつも御苦労さまです。早速報告させて頂きます。状況としては前回と変わりなしです。
以下ＯＴＬログ張るので、ご指南のほどよろしくお願いいたします。

　（ＯＴＬログ）
All processes killed
========== OTL ==========
No active process named MPCProtectService.exe was found!
No active process named MPCTray.exe was found!
Service MPCProtectService stopped successfully!
Service MPCProtectService deleted successfully!
File move failed. C:\Program Files\MPC Cleaner\MPCProtectService.exe scheduled to be moved on reboot.
Error: Unable to stop service MPCKpt!
Unable to delete service\driver key MPCKpt.
File move failed. C:\Windows\System32\drivers\MPCKpt.sys scheduled to be moved on reboot.
Error: Unable to stop service MPCBase!
Unable to delete service\driver key MPCBase.
File move failed. C:\Windows\System32\drivers\MPCBase.sys scheduled to be moved on reboot.
Error: No service named WsAudio_Device(5 was found to stop!
Service\Driver key WsAudio_Device(5 not found.
C:\Windows\System32\drivers\VirtualAudio5.sys moved successfully.
Error: No service named WsAudio_Device(4 was found to stop!
Service\Driver key WsAudio_Device(4 not found.
C:\Windows\System32\drivers\VirtualAudio4.sys moved successfully.
Error: No service named WsAudio_Device(3 was found to stop!
Service\Driver key WsAudio_Device(3 not found.
C:\Windows\System32\drivers\VirtualAudio3.sys moved successfully.
Error: No service named WsAudio_Device(2 was found to stop!
Service\Driver key WsAudio_Device(2 not found.
C:\Windows\System32\drivers\VirtualAudio2.sys moved successfully.
Error: No service named WsAudio_Device(1 was found to stop!
Service\Driver key WsAudio_Device(1 not found.
C:\Windows\System32\drivers\VirtualAudio1.sys moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC folder moved successfully.
File move failed. C:\Windows\System32\drivers\MPCKpt.sys scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\MPCBase.sys scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\Uninstall scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\Tray scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\CrashReport scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\Cleaner scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\ntkrpamp.pdb\25E1DE8C6EA8429C860449F918E14F2C2 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\ntkrpamp.pdb\2433B0130808417BA7B195E35AA980B82 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\ntkrpamp.pdb scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Microsoft.VC90.CRT scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image\SoIcon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image\SgIcon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image\SearchIcon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Exe scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Drivers scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Config\DB scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Config scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner scheduled to be moved on reboot.
C:\Users\Public\Desktop\MPC Cleaner.lnk moved successfully.
File move failed. C:\Windows\System32\drivers\MPCKpt.sys scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\MPCBase.sys scheduled to be moved on reboot.
C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe moved successfully.
File rity] not found.
File sethosts] not found.
File ptytemp] not found.
File eaterestorepoint] not found.
File boot] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 01152016_233531

Files\Folders moved on Reboot...
File move failed. C:\Program Files\MPC Cleaner\MPCProtectService.exe scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\MPCKpt.sys scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\MPCBase.sys scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\Uninstall scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\Tray scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\CrashReport scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\Cleaner scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\Uninstall scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\Tray scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\CrashReport scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\Cleaner scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\ntkrpamp.pdb\25E1DE8C6EA8429C860449F918E14F2C2 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\ntkrpamp.pdb\2433B0130808417BA7B195E35AA980B82 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\ntkrpamp.pdb\25E1DE8C6EA8429C860449F918E14F2C2 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\ntkrpamp.pdb\2433B0130808417BA7B195E35AA980B82 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\ntkrpamp.pdb scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Microsoft.VC90.CRT scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image\SoIcon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image\SgIcon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image\SearchIcon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image\SoIcon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image\SgIcon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image\SearchIcon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Exe scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Drivers scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Config\DB scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Config\DB scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Config scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\Uninstall scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\Tray scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\CrashReport scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\Cleaner scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\ntkrpamp.pdb\25E1DE8C6EA8429C860449F918E14F2C2 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\ntkrpamp.pdb\2433B0130808417BA7B195E35AA980B82 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\ntkrpamp.pdb scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Microsoft.VC90.CRT scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image\SoIcon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image\SgIcon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image\SearchIcon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Exe scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Drivers scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Config\DB scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Config scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

作業と報告、ご苦労様です。

>状況としては前回と変わりなしです。

はい、ログも見せていただきましたが、いくつかは処置できてますが、まだ処置できない部分もありましたね。

何度もお手数ばかりかけながら改善できなくて申し訳ありません。

他の方のMPC事例でもわかってはいたことですが、やはり同じMPCの名前でも中身はかなり別物と見ざるを得ません。
これまで他の方の事例で対処に有効だった手順が、今回のウィッチさん事例ではことごとく効かないようです。
解析処置逃れに、多数の改変版をばらまくのは過去の悪質プログラムでも多用されていた手口ですが、今回のMPCは更にその手口も巧妙化してます。

こうなると手詰まり感が強まっているので、安全最優先で考えればリカバリを推奨するところですが、その前にあとひとつ悪あがきの作業してみますか？
悪あがきは悪代官のお約束なので（←努力の方向が違う

ですがこれ以上時間と手間をかけるのを避けたいなら、このあと案内する作業はしなくていいので、リカバリ選択の判断をレスください。その場合はリカバリの手順を案内します。

----------------------------------------

作業にかかるなら以下の手順でお願いします。
おそらく今回の解析作業が最後の賭けになるかと思います。

以下のアプリを用意してください。
「HerdProtect」（通称：HP）
説明サイト様↓
http://www.gigafree.net/security/antivirus/herdProtect.html
ダウンロード↓
http://www.herdprotect.com/installers/herdProtectScan_Setup.exe
ファイル直リンです。保存しておいてください。

準備できたら説明ページの手順に沿ってHPを起動してください。

起動したら「scan」で開始です。

しばらく待ってスキャン終了したら、「Save result」を押してそのログを表示させてから、それをデスクトップに保存してください。

保存したらHPは終了してください。
ここでは検出されたものは一切いじらないように。

このあとHPのログを返信で見せてください。

　いつもありがとうございます。悪あがきわたしも好きですｗ。最後までお伴させてください。
ＨＰやってみましたので、ログを以下に張ります。よろしくお願いします。

　（ＨＰログ）
Saved date: 2016/01/17 9:00:50
Files detected: 102
Files scanned: 8,507
Processes scanned: 74
Modules scanned: 689
ASEPs scanned: 536
Downloads scanned: 0
Deep analysis: 15/2
---------------------------------------------------------------------------------

Files

---------------------------------------------------------------------------------

File path: c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
Publisher: Microsoft Corporation
MD5: 885e18b2d0a445fb637850282530eb72
SHA-1: 002cadf453b02628d9eee81c8509edcdd17543b1
Created: 2015/06/10 16:44:59
Detections: 1
Determination: Inconclusive
- Avira AntiVirus as W32/Sality.AT (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\kingsoft\kingsoft internet security 2015\ktrashmon.dll
Publisher: Kingsoft Corporation
Signer: KINGSOFT JAPAN, INC.
MD5: c84959e5b73798aa56e7f9f2a10421dc
SHA-1: 2374e1b6f0b8847f4737e239aaf897ae4534c3c7
Created: 2016/01/10 23:24:34
Detections: 1
Determination: Ignore detections (false positive)
- Avira AntiVirus as TR/Crypt.XPACK.Gen

---------------------------------------------------------------------------------

File path: c:\program files\common files\microsoft shared\vs7debug\mdm.exe
Publisher: Microsoft Corporation
MD5: 7cf1b716372b89568ae4c0fe769f5869
SHA-1: 85b15a1b69dbbb2a39ce2b2cb6d8209e300f8065
Created: 2006/10/26 13:40:34
Detections: 1
Determination: Ignore detections (false positive)
- Boost by Reason as Optional.Service.MicrosoftCorporation.D

---------------------------------------------------------------------------------

File path: c:\program files\kingsoft\kingsoft internet security 2015\security\ksde\ksdecs.dll
Publisher: Kingsoft Corporation
Signer: Beijing Kingsoft Security software Co.,Ltd
MD5: 5ec7d8ed32bedf4dcff5db839954c02a
SHA-1: 4d323c3c7a4599056da0bab35b538454e762627c
Created: 2016/01/10 23:24:33
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Stealer.QQpass!1.648C (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\windows update\upgsvr.exe
Publisher: TODO:
MD5: 1df50529e2ef5a200b6cd791955b302c
SHA-1: fa90a68d2bc1a51ef47aa377ba1847d092b40750
Created: 2016/01/10 0:59:03
Detections: 4
Determination: UndefinedMalware
- avast! as Win32:PzBot-C [Trj] (Undefined)
- IKARUS anti.virus as Trojan-Downloader.Win32.Agent (Undefined)
- Qihoo 360 Security as HEUR/QVM10.1.Malware.Gen (Undefined)
- Avira AntiVirus as TR/Dropper.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\windows update\svrupg.exe
Publisher: TODO:
MD5: 078feff8b80a7eb4b46b7364023c86b7
SHA-1: 38817647d28f7e959617903059b69ac03a291be0
Created: 2016/01/08 0:51:03
Detections: 1
Determination: Ignore detections (false positive)
- IKARUS anti.virus as Trojan-Downloader.Win32.Agent (Undefined)

---------------------------------------------------------------------------------

File path: c:\windows\system32\sppsvc.exe
Publisher: Microsoft Corporation
MD5: cf87a1de791347e75b98885214ced2b8
SHA-1: e37c4d715a3a6ae877e001ada718d98d963bc5de
Created: 2011/07/07 21:30:51
Detections: 1
Determination: Inconclusive
- Avira AntiVirus as W32/Ramnit.A (Malware)

---------------------------------------------------------------------------------

File path: c:\windows\system32\drivers\kisknl.sys
Publisher: Kingsoft Corporation
Signer: Beijing Kingsoft Security software Co.,Ltd
MD5: bc218e8e0d300f92e7a4de42cae003ae
SHA-1: 08fa0ab1ac2546411ceff96fd68479b07a1dbeac
Created: 2016/01/10 23:24:34
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAdware (Adware)

---------------------------------------------------------------------------------

File path: c:\windows\system32\drivers\usbcir.sys
Publisher: Microsoft Corporation
MD5: 2352ab5f9f8f097bf9d41d5a4718a041
SHA-1: 4e58c07158e142d801ba8639819380b1d737642f
Created: 2013/10/11 16:35:02
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Nonim (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\kingsoft\kssetup\starthome.exe
Publisher: www.kingsoft.jp
MD5: 7009d17cd4f178d83f0e23b9963b8a45
SHA-1: 878366b5e8f40a88da16159db27922ff70b9124a
Created: 2009/09/24 15:31:34
Detections: 4
Determination: Adware
- avast! as Win32:Adware-gen [Adw] (Adware)
- Avira AntiVirus as Adware/Adware.172032.4 (Adware)
- G Data as Win32.Trojan.Agent.17D8ZS (Undefined)
- IKARUS anti.virus as Win32.AdWare (Adware)

---------------------------------------------------------------------------------

File path: c:\program files\sd enternet\navyfield\navyfield launcher.exe
Publisher:
Signer: yessign
MD5: 2ce797e3d974345cf3263e71a63cdd5a
SHA-1: 974ce9aa0b7b22836b55ae06f8a24519f6926710
Created: 2014/05/02 0:04:48
Detections: 1
Determination: Ignore detections (false positive)
- AegisLab AV Signature as Troj.Downloader.W32.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\windows\downloaded program files\tgamelauncher.dll
Publisher: C&C Media Co., Ltd.
Signer: C and C Media Co.,Ltd
MD5: b86278cf56f707b153a07ef7fdd52f57
SHA-1: 3dd7a91ecc3c93da81240586be63e79a967faea0
Created: 2010/01/06 15:10:00
Detections: 1
Determination: Ignore detections (false positive)
- eSafe as Undefined

---------------------------------------------------------------------------------

File path: c:\windows\system32\sessionctrl.dll
Publisher: GameOn
Signer: GameOn Co., Ltd
MD5: df8591d7bb2887298f453d116195a4b2
SHA-1: 59165cd1c8fbfbeeda97d08244a9987628917380
Created: 2009/07/14 16:07:54
Detections: 1
Determination: Ignore detections (false positive)
- Panda Antivirus as Suspicious file

---------------------------------------------------------------------------------

File path: c:\users\taku nishiguchi\desktop\adwcleaner.exe
Publisher:
MD5: c8f33b42e71e993ebed5f5d7a0368f6e
SHA-1: e07fe9fc8b62ee0ccecfe50b02f0b92f7490970b
Created: 2016/01/11 23:12:33
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAtITA (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\taku nishiguchi\desktop\otl.exe
Publisher: OldTimer Tools
MD5: 4adcfee16ee9978f06157634669d36fb
SHA-1: 30b37076552e49276836d02dd73d038c27dbbee9
Created: 2016/01/12 23:37:32
Detections: 2
Determination: Ignore detections (false positive)
- Agnitum Outpost as Packed/PECompact
- Bkav FE as HW32.CDB (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\taku nishiguchi\desktop\hjt\hijackthis.exe
Publisher: Trend Micro Inc.
MD5: 47811d50390a86a17102d7496e6eabb9
SHA-1: 2623749cdb27887f6746acdee7e8065475f8b541
Created: 2016/01/10 23:01:52
Detections: 2
Determination: Ignore detections (false positive)
- Kingsoft AntiVirus as Win32.HeurC.KVM099.a.(kcloud) (Undefined)
- Rising Antivirus as PE:Trojan.VBInject!1.6546 (Undefined)

---------------------------------------------------------------------------------

File path: c:\windows\system32\apl005.sys
Publisher:
Signer: Beijing Apex Weifeng Technology Co.,Ltd.
MD5: e5f1ca5815a2ede5f42f87891b831852
SHA-1: e7ce036092dfdc23f56f6c12b20b3e050ffbc0ab
Created: 2013/12/31 18:22:18
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as Suspicious

---------------------------------------------------------------------------------

File path: c:\windows\system32\atspy.sys
Publisher: Kingsoft Corporation
MD5: 35c799abb3573963bad30ea8c2f80c00
SHA-1: 0591205001ec582abd60267303952f8dc0ab77ad
Created: 2009/11/12 15:41:05
Detections: 2
Determination: Ignore detections (false positive)
- nProtect as Trojan/W32.Agent.17920.LS (Undefined)
- eSafe as Win32.Hacktool.Rootk (Undefined)

---------------------------------------------------------------------------------

File path: c:\windows\system32\divx.dll
Publisher: DivX, Inc.
MD5: f42e95bfb193754e9148db6434d2e88e
SHA-1: f7e2bbebb5efee13b3c8df04d4983a089abf011d
Created: 2010/02/20 4:27:36
Detections: 1
Determination: Ignore detections (false positive)
- CMC Antivirus as Packed.Win32.PolyCrypt.2!O

---------------------------------------------------------------------------------

File path: c:\windows\system32\gamemon.des
Publisher: INCA Internet Co., Ltd.
Signer: INCA Internet Co.,Ltd.
MD5: 8b528f0697680a130412bea51dd9e98a
SHA-1: 81362c76aee00ba29a9f1503790066a3dcabcc0b
Created: 2010/05/15 11:51:02
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1

---------------------------------------------------------------------------------

File path: c:\windows\system32\lttwn12n.dll
Publisher: LEAD Technologies, Inc.
MD5: 6b5c6c5fe1199ca803a75511b02d0183
SHA-1: 13a046ef221ae5969010dbb5428945f1fa35dde7
Created: 2003/06/30 0:00:02
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Gen:Variant.Strictor.46875 (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\lightgate.exe
Publisher:
MD5: 120a59091daf18133817bea81809e98a
SHA-1: 79bf1aa78b0841c7c7582fadf9b44f22303ccd98
Created: 2016/01/08 0:49:26
Detections: 1
Determination: Ignore detections (false positive)
- McAfee Web Gateway as BehavesLike.Win32.CryptVittalia.tm (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\msdtc.exe
Publisher:
MD5: a5ba4f4d5cc4405a992881b4b016419d
SHA-1: 4ecf7fde12ae8e027f0cf84424431f69fba1bedd
Created: 2016/01/08 0:49:14
Detections: 4
Determination: UndefinedMalware
- Emsisoft Anti-Malware as Gen:Variant.Graftor.262369 (Undefined)
- Lavasoft Ad-Aware as Gen:Variant.Graftor.262369 (Undefined)
- F-Secure as Gen:Variant.Graftor.262369 (Undefined)
- Norman as Gen:Variant.Graftor.262369 (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\upgsvr.exe
Publisher:
MD5: a9e0b59be5f565eca483c271dfc0f7dc
SHA-1: cd1cfa35446143f5654b45ee87b74a2a75044d85
Created: 2016/01/10 15:01:02
Detections: 2
Determination: Inconclusive
- avast! as Win32:PzBot-C [Trj] (Undefined)
- F-Secure as Gen:Variant.Kazy.766245 (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\application data\lightgate.exe
Publisher:
MD5: 120a59091daf18133817bea81809e98a
SHA-1: 79bf1aa78b0841c7c7582fadf9b44f22303ccd98
Created: 2016/01/08 0:49:26
Detections: 1
Determination: Ignore detections (false positive)
- McAfee Web Gateway as BehavesLike.Win32.CryptVittalia.tm (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\application data\msdtc.exe
Publisher:
MD5: a5ba4f4d5cc4405a992881b4b016419d
SHA-1: 4ecf7fde12ae8e027f0cf84424431f69fba1bedd
Created: 2016/01/08 0:49:14
Detections: 4
Determination: UndefinedMalware
- Emsisoft Anti-Malware as Gen:Variant.Graftor.262369 (Undefined)
- Lavasoft Ad-Aware as Gen:Variant.Graftor.262369 (Undefined)
- F-Secure as Gen:Variant.Graftor.262369 (Undefined)
- Norman as Gen:Variant.Graftor.262369 (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\application data\upgsvr.exe
Publisher:
MD5: a9e0b59be5f565eca483c271dfc0f7dc
SHA-1: cd1cfa35446143f5654b45ee87b74a2a75044d85
Created: 2016/01/10 15:01:02
Detections: 2
Determination: Inconclusive
- avast! as Win32:PzBot-C [Trj] (Undefined)
- F-Secure as Gen:Variant.Kazy.766245 (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\application data\installmate\{5384ced3-ca47-9eee-7c05-82658867ec25}\_setup.dll
Publisher:
MD5: 8108241278134263e0de157d1dd9fbc0
SHA-1: 7ee7c91a35adda4dd897b4b3f93edd8df5082d0e
Created: 2012/12/15 10:18:40
Detections: 1
Determination: Ignore detections (false positive)
- SUPERAntiSpyware as Trojan.Agent/Gen-Sefnit (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\application data\installmate\{9e77acf4-48b5-4937-abdc-009745948e02}\setup.exe
Publisher: Tarma Software Research Pty Ltd
Signer: Tarma Software Research Pty Ltd
MD5: df81be0582a7f860eeffdb0a86dedf73
SHA-1: 5856ce893ea3d045adad86475775f4955886f18d
Created: 2012/12/15 10:19:51
Detections: 3
Determination: Inconclusive
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1
- Emsisoft Anti-Malware as Gen:Variant.Symmi.36268 (Undefined)
- XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\application data\installmate\{9e77acf4-48b5-4937-abdc-009745948e02}\tsudll.dll
Publisher: Tarma Software Research Pty Ltd
Signer: Tarma Software Research Pty Ltd
MD5: d1ddd2bed23dd1e6a70855f5f7ba3e7b
SHA-1: 7c75eacc13fc2f225dfa9820ea306f6bbc891516
Created: 2012/12/15 10:19:51
Detections: 2
Determination: Ignore detections (false positive)
- Trend Micro House Call as TROJ_GEN.F47V0622 (Undefined)
- XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\application data\installmate\{9e77acf4-48b5-4937-abdc-009745948e02}\_setup.dll
Publisher:
MD5: 0595b68ce45072abc41889cf9fa2c234
SHA-1: 9b06214823db11b2e43f6c51787fe244daae609b
Created: 2012/12/15 10:17:32
Detections: 1
Determination: Ignore detections (false positive)
- XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\application data\installmate\{9e77acf4-48b5-4937-abdc-009745948e02}\_setupx.dll
Publisher:
MD5: 3dcd34c76ece9df5d90dc8133caaa9ae
SHA-1: 6f88b7346ae8bf469c785e2dbcadc17248f88faf
Created: 2012/12/15 10:19:51
Detections: 3
Determination: Inconclusive
- McAfee as RDN/Generic PUP.x!yk (Undefined)
- McAfee Web Gateway as RDN/Generic PUP.x!yk (Undefined)
- XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\application data\nexonjp\ngm\ngm.exe
Publisher: Nexon
Signer: NEXON Corporation
MD5: 8f91a059d9e866d822b412b56ba7159f
SHA-1: 4b095aaa5b328e25b4739304be73b1eb177c9908
Created: 2012/03/23 0:08:49
Detections: 2
Determination: Ignore detections (false positive)
- Norman as W32/Downloader.GFIP (Undefined)
- Comodo Security as UnclassifiedMalware (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\application data\nvidia corporation\geforce experience\update\gfexperience.nvstreamsrv\amd64\server\nvinject.dll
Publisher: NVIDIA Corporation
Signer: NVIDIA Corporation PE Sign v2014
MD5: 90b167b0c03680683cf789bba403358d
SHA-1: fe112aa846013bba676cbf9833f3403c9a443a4d
Created: 2015/12/17 21:07:57
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Trojan.Kuluoz!6.1EFA (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\application data\nvidia corporation\geforce experience\update\gfexperience.nvstreamsrv\x86\server\nvinject.dll
Publisher: NVIDIA Corporation
Signer: NVIDIA Corporation PE Sign v2014
MD5: 113d75a309c0170445cfc9917c391c6c
SHA-1: 27aa1f54d228caaaad1b08371509134f471cb1ca
Created: 2015/12/17 21:07:57
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Trojan.Kuluoz!6.1EFA (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\application data\windows update\svrupg.exe
Publisher: TODO:
MD5: 078feff8b80a7eb4b46b7364023c86b7
SHA-1: 38817647d28f7e959617903059b69ac03a291be0
Created: 2016/01/08 0:51:03
Detections: 1
Determination: Ignore detections (false positive)
- IKARUS anti.virus as Trojan-Downloader.Win32.Agent (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\application data\windows update\upgsvr.exe
Publisher: TODO:
MD5: 1df50529e2ef5a200b6cd791955b302c
SHA-1: fa90a68d2bc1a51ef47aa377ba1847d092b40750
Created: 2016/01/10 0:59:03
Detections: 4
Determination: UndefinedMalware
- avast! as Win32:PzBot-C [Trj] (Undefined)
- IKARUS anti.virus as Trojan-Downloader.Win32.Agent (Undefined)
- Qihoo 360 Security as HEUR/QVM10.1.Malware.Gen (Undefined)
- Avira AntiVirus as TR/Dropper.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\application data\windows update\tmp\carssn---.exe
Publisher:
MD5: 9b2996a1d932daf4641113990ef0a83e
SHA-1: c597941e47b8ae5943a352c9883ae72190da818e
Created: 2016/01/08 0:51:24
Detections: 1
Determination: Inconclusive
- Kaspersky as UDS:DangerousObject.Multi.Generic (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\application data\windows update\tmp\msdtc-.exe
Publisher: VLOME
MD5: 5e078fa4edfc19524a558fc8b770117d
SHA-1: 4999fc5a214ce92c16252fbd123bd1f18dd8ad87
Created: 2016/01/09 1:58:01
Detections: 5
Determination: UndefinedMalware
- Emsisoft Anti-Malware as Gen:Variant.Graftor.253986 (Undefined)
- Lavasoft Ad-Aware as Gen:Variant.Graftor.253986 (Undefined)
- ESET NOD32 as Win32/TrojanDownloader.Agent.BWM trojan (Undefined)
- F-Secure as Gen:Variant.Graftor.253986 (Undefined)
- Norman as Gen:Variant.Graftor.253986 (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\application data\windows update\tmp\upgsvr.exe
Publisher:
MD5: a9e0b59be5f565eca483c271dfc0f7dc
SHA-1: cd1cfa35446143f5654b45ee87b74a2a75044d85
Created: 2016/01/09 13:18:00
Detections: 2
Determination: Inconclusive
- avast! as Win32:PzBot-C [Trj] (Undefined)
- F-Secure as Gen:Variant.Kazy.766245 (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\installmate\{5384ced3-ca47-9eee-7c05-82658867ec25}\_setup.dll
Publisher:
MD5: 8108241278134263e0de157d1dd9fbc0
SHA-1: 7ee7c91a35adda4dd897b4b3f93edd8df5082d0e
Created: 2012/12/15 10:18:40
Detections: 1
Determination: Ignore detections (false positive)
- SUPERAntiSpyware as Trojan.Agent/Gen-Sefnit (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\installmate\{9e77acf4-48b5-4937-abdc-009745948e02}\setup.exe
Publisher: Tarma Software Research Pty Ltd
Signer: Tarma Software Research Pty Ltd
MD5: df81be0582a7f860eeffdb0a86dedf73
SHA-1: 5856ce893ea3d045adad86475775f4955886f18d
Created: 2012/12/15 10:19:51
Detections: 3
Determination: Inconclusive
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1
- Emsisoft Anti-Malware as Gen:Variant.Symmi.36268 (Undefined)
- XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\installmate\{9e77acf4-48b5-4937-abdc-009745948e02}\tsudll.dll
Publisher: Tarma Software Research Pty Ltd
Signer: Tarma Software Research Pty Ltd
MD5: d1ddd2bed23dd1e6a70855f5f7ba3e7b
SHA-1: 7c75eacc13fc2f225dfa9820ea306f6bbc891516
Created: 2012/12/15 10:19:51
Detections: 2
Determination: Ignore detections (false positive)
- Trend Micro House Call as TROJ_GEN.F47V0622 (Undefined)
- XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\installmate\{9e77acf4-48b5-4937-abdc-009745948e02}\_setup.dll
Publisher:
MD5: 0595b68ce45072abc41889cf9fa2c234
SHA-1: 9b06214823db11b2e43f6c51787fe244daae609b
Created: 2012/12/15 10:17:32
Detections: 1
Determination: Ignore detections (false positive)
- XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\installmate\{9e77acf4-48b5-4937-abdc-009745948e02}\_setupx.dll
Publisher:
MD5: 3dcd34c76ece9df5d90dc8133caaa9ae
SHA-1: 6f88b7346ae8bf469c785e2dbcadc17248f88faf
Created: 2012/12/15 10:19:51
Detections: 3
Determination: Inconclusive
- McAfee as RDN/Generic PUP.x!yk (Undefined)
- McAfee Web Gateway as RDN/Generic PUP.x!yk (Undefined)
- XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\nexonjp\ngm\ngm.exe
Publisher: Nexon
Signer: NEXON Corporation
MD5: 8f91a059d9e866d822b412b56ba7159f
SHA-1: 4b095aaa5b328e25b4739304be73b1eb177c9908
Created: 2012/03/23 0:08:49
Detections: 2
Determination: Ignore detections (false positive)
- Norman as W32/Downloader.GFIP (Undefined)
- Comodo Security as UnclassifiedMalware (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\nvidia corporation\geforce experience\update\gfexperience.nvstreamsrv\amd64\server\nvinject.dll
Publisher: NVIDIA Corporation
Signer: NVIDIA Corporation PE Sign v2014
MD5: 90b167b0c03680683cf789bba403358d
SHA-1: fe112aa846013bba676cbf9833f3403c9a443a4d
Created: 2015/12/17 21:07:57
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Trojan.Kuluoz!6.1EFA (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\nvidia corporation\geforce experience\update\gfexperience.nvstreamsrv\x86\server\nvinject.dll
Publisher: NVIDIA Corporation
Signer: NVIDIA Corporation PE Sign v2014
MD5: 113d75a309c0170445cfc9917c391c6c
SHA-1: 27aa1f54d228caaaad1b08371509134f471cb1ca
Created: 2015/12/17 21:07:57
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Trojan.Kuluoz!6.1EFA (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\windows update\tmp\carssn---.exe
Publisher:
MD5: 9b2996a1d932daf4641113990ef0a83e
SHA-1: c597941e47b8ae5943a352c9883ae72190da818e
Created: 2016/01/08 0:51:24
Detections: 1
Determination: Inconclusive
- Kaspersky as UDS:DangerousObject.Multi.Generic (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\windows update\tmp\msdtc-.exe
Publisher: VLOME
MD5: 5e078fa4edfc19524a558fc8b770117d
SHA-1: 4999fc5a214ce92c16252fbd123bd1f18dd8ad87
Created: 2016/01/09 1:58:01
Detections: 5
Determination: UndefinedMalware
- Emsisoft Anti-Malware as Gen:Variant.Graftor.253986 (Undefined)
- Lavasoft Ad-Aware as Gen:Variant.Graftor.253986 (Undefined)
- ESET NOD32 as Win32/TrojanDownloader.Agent.BWM trojan (Undefined)
- F-Secure as Gen:Variant.Graftor.253986 (Undefined)
- Norman as Gen:Variant.Graftor.253986 (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\windows update\tmp\upgsvr.exe
Publisher:
MD5: a9e0b59be5f565eca483c271dfc0f7dc
SHA-1: cd1cfa35446143f5654b45ee87b74a2a75044d85
Created: 2016/01/09 13:18:00
Detections: 2
Determination: Inconclusive
- avast! as Win32:PzBot-C [Trj] (Undefined)
- F-Secure as Gen:Variant.Kazy.766245 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\taku nishiguchi\appdata\local\setup wizard\159648ec-5536-4952-b1ba-89a12250b09a\driverscanner.exe
Publisher: Uniblue Systems Ltd
Signer: Uniblue Systems
MD5: 6e7933c7ae9fe934399e15f0c78b4050
SHA-1: 97bb9da9550c0edb26258e1abc453777c36e25b8
Created: 2016/01/08 0:39:19
Detections: 18
Determination: Adware
- Bkav FE as W32.HfsAdware (Adware)
- McAfee as Artemis!21C1A16D9D6F (Undefined)
- K7 Gateway Antivirus as Adware (Adware)
- K7 AntiVirus as Adware (Adware)
- Agnitum Outpost as Trojan.DR.Agent (Undefined)
- Trend Micro House Call as Suspicious_GEN.F47V0607 (Undefined)
- Dr.Web as riskware program Program.Unwanted.544 (Undefined)
- VIPRE Antivirus as Trojan.Win32.Generic (Undefined)
- McAfee Web Gateway as Artemis (Undefined)
- Sophos as Generic PUA MN (Undefined)
- G Data as Win32.Application.Agent.2WVTWI (Undefined)
- ESET NOD32 as Win32/UniBlue.F potentially unwanted application (Adware)
- Fortinet FortiGate as Riskware/UniBlue (Undefined)
- AVG as Uniblue (Undefined)
- Panda Antivirus as Generic Suspicious (Undefined)
- Rising Antivirus as PE:Trojan.Win32.FakeAV.bsj!1075358218 (Undefined)
- IKARUS anti.virus as PUA.Uniblue (Adware)
- Clam AntiVirus as Win.Adware.Optimizerpro-2 (Adware)

---------------------------------------------------------------------------------

File path: c:\users\taku nishiguchi\appdata\roaming\lightgate.exe
Publisher:
MD5: 120a59091daf18133817bea81809e98a
SHA-1: 79bf1aa78b0841c7c7582fadf9b44f22303ccd98
Created: 2016/01/08 0:48:22
Detections: 1
Determination: Ignore detections (false positive)
- McAfee Web Gateway as BehavesLike.Win32.CryptVittalia.tm (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\taku nishiguchi\appdata\roaming\svrupg.exe
Publisher:
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA-1: da39a3ee5e6b4b0d3255bfef95601890afd80709
Created: 2016/01/08 16:10:23
Detections: 5
Determination: Ignore detections (false positive)
- Avira AntiVirus as W32/Virut.Gen (Undefined)
- Dr.Web as Win32.Virut.56 (Undefined)
- F-Prot as W32/SuspPack.AA.gen (Undefined)
- F-Secure as Win32.Sality.3 (Undefined)
- Microsoft Security Essentials as Threat.Undefined (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\taku nishiguchi\appdata\roaming\upgsvr.exe
Publisher:
MD5: 7e93487f34b876c5e9c749c82ddef074
SHA-1: fe59f66d01b341aaf88f02bf14da907456172d8f
Created: 2016/01/08 0:48:14
Detections: 3
Determination: Inconclusive
- F-Secure as Gen:Variant.Kazy.766245 (Undefined)
- IKARUS anti.virus as Trojan-Downloader.Win32.Agent (Undefined)
- Qihoo 360 Security as QVM10.1.Malware.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\taku nishiguchi\appdata\roaming\xlgames\xlkcsdownload_jp\xlkcsdownload_jp.exe
Publisher: Kamuse, Incorporated
Signer: Kamuse Co.,Ltd
MD5: 590cc4923dfdfbe33ae7f901b599ceb2
SHA-1: 398c7918b775b2af424e28f5f42b5e7d73376392
Created: 2013/07/19 21:12:04
Detections: 3
Determination: Ignore detections (false positive)
- Trend Micro House Call as TROJ_GEN.F47V0322 (Undefined)
- Comodo Security as Heur.Suspicious
- Dr.Web as DLOADER.Trojan (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\ad-aware antivirus\definitions\kbu.dll
Publisher: GFI Software
Signer: GFI Software Development Ltd.
MD5: 6b59e42d12d76455e1657df2bfd47c90
SHA-1: 268713c57871cba2396fc97400fb0313cecc5654
Created: 2013/07/26 21:32:35
Detections: 1
Determination: Ignore detections (false positive)
- Jiangmin as Win32/Virut.bn

---------------------------------------------------------------------------------

File path: c:\program files\ad-aware antivirus\definitions\libnsis.dll
Publisher: ThreatTrack Security, Inc.
Signer: GFI Software (Florida) Inc.
MD5: c3d0db2b67e8e77ca5de82cc5a044b38
SHA-1: beedc27dc9e99bfe2f390222ed6f9c7b40991a9c
Created: 2013/07/26 21:32:36
Detections: 1
Determination: Ignore detections (false positive)
- Clam AntiVirus as PUA.Win32.Packer.Armadillo-8

---------------------------------------------------------------------------------

File path: c:\program files\bego_ff_go1\main\pelh\support\install flash player 6 ax.exe
Publisher: Microsoft Corporation
MD5: 6e233b6151fd3e9858e168eb07896ffa
SHA-1: 9e854a227b6a93c9d0965067da743fb97e94a518
Created: 2013/02/13 15:23:40
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.Cloda73.Trojan (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\bego_ff_go1\main\pelh\support\install flash player 7 ax.exe
Publisher: Microsoft Corporation
MD5: 6e233b6151fd3e9858e168eb07896ffa
SHA-1: 9e854a227b6a93c9d0965067da743fb97e94a518
Created: 2013/02/13 15:23:41
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.Cloda73.Trojan (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\bego_ff_go1\main\pelh\support\installflashplayerax.exe
Publisher: Microsoft Corporation
MD5: 6e233b6151fd3e9858e168eb07896ffa
SHA-1: 9e854a227b6a93c9d0965067da743fb97e94a518
Created: 2013/02/13 15:23:42
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.Cloda73.Trojan (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\bluestacks\hd-optipng.exe
Publisher:
MD5: 293e26924a274c6185a06226619d8e02
SHA-1: 6e993ae03b1dd44e4aa22a9feab836e91e611e3c
Created: 2014/03/04 13:44:04
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Posible_Worm32 (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\bluestacks\hd-unzip.exe
Publisher: Info-ZIP
MD5: 2df7bba7319548bc008d3471b96fa9cc
SHA-1: 4884de67bcd58e42df1974d70d1217a8c0cf38ed
Created: 2011/12/15 23:00:36
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Trojan/Win32.Generic.gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\bluestacks\hd-zip.exe
Publisher:
MD5: 5e832f4faf5f481f2eaf3b3a48f603b8
SHA-1: 1d83497f04247bc095ddc1ccd0fef0c029f0ae8d
Created: 2011/12/15 23:00:36
Detections: 2
Determination: Ignore detections (false positive)
- Bkav FE as W32.Clod7f4.Trojan (Undefined)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1

---------------------------------------------------------------------------------

File path: c:\program files\common files\inca shared\onlineengine\tyav32.dll
Publisher: INCA Internet Co., Ltd.
MD5: 865430a7718ba9f8dd93de6ebacd7661
SHA-1: 8dbd84efa84906736057a2f1bf9710ad886a5478
Created: 2009/10/12 4:54:19
Detections: 3
Determination: Ignore detections (false positive)
- F-Prot as W32/Heuristic-KPP (Undefined)
- Sophos as Sus/VB-AM (Undefined)
- SafeCentral as W32/Heuristic-KPP!Eldorado (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\common files\installshield\updateservice\issch.exe
Publisher: InstallShield Software Corporation
MD5: 51f3c4fbeef66ceba7abe43f4f5c1b69
SHA-1: 3b2cefc3f2497803f1b8751da37c3bd7a3c3f572
Created: 2011/06/11 20:45:59
Detections: 1
Determination: Ignore detections (false positive)
- Boost by Reason as Optional.Startup.InstallShieldSoftwareCorporation.F

---------------------------------------------------------------------------------

File path: c:\program files\common files\microsoft shared\ime12\imejp\msvcr80.dll
Publisher: Microsoft Corporation
MD5: 16d7ddf3b659f7cf1cb9f4dcff4219f0
SHA-1: a61454131940799f01c26943f1594ee6e7409d11
Created: 2005/09/22 23:44:38
Detections: 1
Determination: Ignore detections (false positive)
- Avira AntiVirus as W32/Ramnit.A (Malware)

---------------------------------------------------------------------------------

File path: c:\program files\common files\wondershare\wondershare helper compact\wondershare helper compact.exe
Publisher:
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA-1: da39a3ee5e6b4b0d3255bfef95601890afd80709
Created: 2015/08/19 23:02:05
Detections: 5
Determination: Ignore detections (false positive)
- Avira AntiVirus as W32/Virut.Gen (Undefined)
- Dr.Web as Win32.Virut.56 (Undefined)
- F-Prot as W32/SuspPack.AA.gen (Undefined)
- F-Secure as Win32.Sality.3 (Undefined)
- Microsoft Security Essentials as Threat.Undefined (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\cremore\freestyle_screensaver_karacat\uninstall.exe
Publisher: Axialis Software
MD5: 745d553c48e05ae624d07e138095ee65
SHA-1: daf9d5d850197f72e7e1bf6094ad853be299a07f
Created: 2012/10/06 1:27:21
Detections: 3
Determination: Ignore detections (false positive)
- VirusBuster as Packed/PECompact
- eSafe as Suspicious File
- Clam AntiVirus as PUA.Packed.PECompact-1

---------------------------------------------------------------------------------

File path: c:\program files\cyberlink\powerdvd8\audiofilter\dolbyhph.dll
Publisher: Lake Technology Limited, http://www.lake.com.au
MD5: 442b5be8aa79b0496c5d0234b78e20ce
SHA-1: 9956235bf6fe3a3220c73a84c8f57c951226655a
Created: 2009/04/10 20:18:58
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\divx\codecs\omxil_demuxpush_mp4.dll
Publisher:
MD5: 33882e05d33c9ee69c64921ca5b3cbbf
SHA-1: 591d8ff196f6255493bcfd273fec4f7adb9c3af3
Created: 2015/11/11 16:04:26
Detections: 1
Determination: Inconclusive
- F-Secure as Riskware.Application.Agent.KI (Adware)

---------------------------------------------------------------------------------

File path: c:\program files\freemake\com\1.1\avfilter-3.dll
Publisher:
MD5: 0c5fc515f50d9b4ea14a2c612e33d1e5
SHA-1: 80cb94c9209f8e021baa6ec664eb0b4098e48904
Created: 2014/05/28 21:08:46
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoA (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\freemake\com\1.1\xvidcore.dll
Publisher:
MD5: eaaa841ed3c3df66aba354852d2c7baa
SHA-1: 55e4707d4b66086da1595a93dcc02c6b62affb40
Created: 2014/05/28 21:08:46
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\g2g\g2gdownloader\g2gdownloader_engine.exe
Publisher:
MD5: 9db246d9fc30e62db63c997a2311f138
SHA-1: 8076e69d50a1fa8315f0edc027d1d72c4ceecc3b
Created: 2010/09/14 21:36:26
Detections: 2
Determination: Inconclusive
- Comodo Security as Heur.Suspicious
- Dr.Web as DLOADER.Trojan (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\g2g\g2gdownloader\gameon\gameong2g_engine.exe
Publisher:
MD5: f11bb5a63306243ab8a94d0142e0fc1c
SHA-1: 8fa2a9a51a92641135ebc511521857a221b4ea58
Created: 2010/07/08 11:10:51
Detections: 3
Determination: Inconclusive
- Norman as W32/Malware.MIWU (Undefined)
- Comodo Security as Heur.Suspicious
- Dr.Web as DLOADER.Trojan (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\g2g\g2gdownloader2\g2gdownloader_engine2.exe
Publisher:
MD5: f492cd6c26ef4d9aede51a2d873732c6
SHA-1: eeaa9ec89baa6cdd439b08e6ef2bd8e899d30069
Created: 2010/12/05 0:15:00
Detections: 3
Determination: UndefinedMalware
- Norman as W32/Malware.ORBA (Undefined)
- Trend Micro House Call as TROJ_GEN.R3EH1K4 (Undefined)
- Dr.Web as DLOADER.Trojan (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\google\update\1.3.29.1\googleupdatesetup.exe
Publisher: Google Inc.
Signer: Google Inc
MD5: 1d652959033b873b77b8d5a12011fd85
SHA-1: 13f7d25f80abd0de9978865d55c339213b936054
Created: 2015/12/02 22:00:18
Detections: 1
Determination: Ignore detections (false positive)
- ESET NOD32 as Detection.Undefined (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\htc\htc driver\driver files\win7_x86\htcnprot.sys
Publisher: Windows (R) Win 7 DDK provider
MD5: 339adefad60353f960e3ca67ce468c24
SHA-1: 30614da854c909d3e6ce2bb3ce9b235260ca8d81
Created: 2012/09/25 22:46:20
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Trojan.Generic.8296329 (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\installshield installation information\{0cd617af-d206-4e95-a763-0e0b3a171555}\issetup.dll
Publisher: Acresso Software Inc.
MD5: 13b10329ec0dadc6b1fdb1ae8daa944c
SHA-1: 4a44595d0dbf0840e658f229c05af19b79be1ea4
Created: 2011/10/13 12:11:22
Detections: 1
Determination: Ignore detections (false positive)
- Clam AntiVirus as PUA.Packed.PECompact-1

---------------------------------------------------------------------------------

File path: c:\program files\installshield installation information\{4c912254-a084-4dbd-9bd1-2bb899e91c5a}\issetup.dll
Publisher: Acresso Software Inc.
MD5: 1d3e0140a30fd4ebff79c9ff6e1c80ff
SHA-1: 87bdf23afb7b489257155ef91bcd73014de1235b
Created: 2011/05/21 13:37:01
Detections: 1
Determination: Ignore detections (false positive)
- Clam AntiVirus as PUA.Packed.PECompact-1

---------------------------------------------------------------------------------

File path: c:\program files\installshield installation information\{5db1df0c-aabc-4362-8a6d-cefdfb036e41}\setup.exe
Publisher: CyberLink Corp.
MD5: de0c395b7db33dbe98ef1dae6e204675
SHA-1: 2c27c06475a26a46da516a6f336e150bfdbe320c
Created: 2009/09/25 17:23:12
Detections: 1
Determination: Ignore detections (false positive)
- Agnitum Outpost as Trojan.Genome (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\installshield installation information\{5e152a6d-4395-4a77-8524-92b4dc638576}\issetup.dll
Publisher: Flexera Software, Inc.
MD5: a71b6be75c0fe68f6c591a870a622c90
SHA-1: f5959460ff586bff4a510f9b5624ab3dc2278ba6
Created: 2014/03/24 14:06:09
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\installshield installation information\{637c8a01-0b47-4ae8-94f6-a2abb8a0775a}\issetup.dll
Publisher: Acresso Software Inc.
MD5: 8bc13259a18feaa2ae77b27728ffc325
SHA-1: fa0fc7ac937fa7b45a7286e3650e127fe916bf71
Created: 2012/01/10 22:16:12
Detections: 1
Determination: Ignore detections (false positive)
- Clam AntiVirus as PUA.Packed.PECompact-1

---------------------------------------------------------------------------------

File path: c:\program files\installshield installation information\{8e379288-a3b6-4237-b42a-b261621dfce3}\is_setup.exe
Publisher: Sony Corporation
MD5: 6cb3faca0ec575703f31b2d9dba1f836
SHA-1: a72a0c41e9a66c4f26f361b95473084a4979b3f5
Created: 2014/03/24 14:05:09
Detections: 3
Determination: Inconclusive
- Agnitum Outpost as Trojan.Genome (Undefined)
- VIPRE Antivirus as Trojan.Win32.Generic (Undefined)
- Sunbelt AntiMalware as Porn-Dialer.Win32.CapreDeam.N (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\installshield installation information\{ba0b4781-7874-49cf-bf45-d83dab54888c}\issetup.dll
Publisher: Flexera Software, Inc.
MD5: 67146591c62bf7ef6fecc9e96cd1ebd0
SHA-1: d06e5bf8f6e05fe579c4ad71eb4ac8e8ad5e5adf
Created: 2012/11/07 22:03:03
Detections: 1
Determination: Ignore detections (false positive)
- Trend Micro House Call as TROJ_GEN.RCBH1D1 (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\installshield installation information\{d8fa2a48-a1e8-432e-ae96-5276d9e6a50f}\is_setup.exe
Publisher: Sony Corporation
MD5: 259fc055e688fb6730fad269084fb27b
SHA-1: 30a306d1a723d4f50c95d655352e24b1167ae6a0
Created: 2012/11/07 22:01:38
Detections: 3
Determination: Inconclusive
- Agnitum Outpost as Trojan.Genome (Undefined)
- VIPRE Antivirus as Trojan.Win32.Generic (Undefined)
- Sunbelt AntiMalware as Porn-Dialer.Win32.CapreDeam.N (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\kamuse\kcsjpdownload\kcsjpdownload.exe
Publisher: Kamuse, Incorporated
MD5: e1c94b999b71dec39f01453c716fd7e9
SHA-1: 5d1a48cb3594e76ff77492ab9fd90d02278938e8
Created: 2011/04/07 22:49:52
Detections: 2
Determination: Ignore detections (false positive)
- Norman as W32/Malware.UMTS (Undefined)
- Comodo Security as Heur.Suspicious

---------------------------------------------------------------------------------

File path: c:\program files\kingsoft\kingsoft internet security 2015\bootsafe.sys
Publisher: Kingsoft Corporation
Signer: Beijing Kingsoft Security software Co.,Ltd
MD5: 731e012811acf2d672231a92c1d99c7c
SHA-1: 347afc27482171fd58c9231e4d8f303ec3e17d54
Created: 2016/01/10 23:24:34
Detections: 1
Determination: Ignore detections (false positive)
- Dr.Web as Trojan.Packed.580 (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\kingsoft\kingsoft internet security 2015\kdrvmgr.exe
Publisher: Kingsoft Corporation
Signer: Beijing Kingsoft Security software Co.,Ltd
MD5: 2a5732a626177990bbc1f816d3c7a85a
SHA-1: c92574956c1b2be83399fad21c717d80a33537c8
Created: 2016/01/10 23:24:29
Detections: 1
Determination: Ignore detections (false positive)
- NANO AntiVirus as Trojan.Win32.IframeExec.crgqbi (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\kingsoft\kingsoft internet security 2015\kpacket.exe
Publisher: Kingsoft Corporation
MD5: 7ea8fb00da82e59847e12b73148f1369
SHA-1: 040050501e282689af7e61a814ef09c0359905d6
Created: 2016/01/10 23:24:29
Detections: 1
Determination: Ignore detections (false positive)
- McAfee Web Gateway as BehavesLike.Win32.Backdoor.tc (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\kingsoft\kingsoft internet security 2015\krepair.exe
Publisher: Kingsoft Corporation
Signer: Beijing Kingsoft Security software Co.,Ltd
MD5: 946dda295ea6112cb2d28d9ecbd7c9b4
SHA-1: 4910e4d739313b641b3f89c9489062b903c6ec4e
Created: 2016/01/10 23:24:29
Detections: 1
Determination: Ignore detections (false positive)
- Comodo Security as TrojWare.Win32.Trojan.Agent.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\kingsoft\kingsoft internet security 2015\security\ksde\kisknl.sys
Publisher: Kingsoft Corporation
Signer: Beijing Kingsoft Security software Co.,Ltd
MD5: bc218e8e0d300f92e7a4de42cae003ae
SHA-1: 08fa0ab1ac2546411ceff96fd68479b07a1dbeac
Created: 2016/01/10 23:24:34
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAdware (Adware)

---------------------------------------------------------------------------------

File path: c:\program files\lg electronics\lg united mobile drivers\lgandnetgps.sys
Publisher: LG Electronics Inc.
MD5: 2c619c0eca7bc732edf43038c139868b
SHA-1: 5da4c3b45e273bea45271cbfa7da4d133215027d
Created: 2012/07/03 11:43:00
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Win32.Almanahe (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\nch software\components\mp3el\mp3enc.exe
Publisher:
MD5: 1f083f5a820468e5438c32419525b798
SHA-1: 600e5c224eda4bd6d9f07d84a7be32e42a28c097
Created: 2014/05/28 22:15:36
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Posible_Worm32 (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\nvidia corporation\nvstreamsrv\nvinject.dll
Publisher: NVIDIA Corporation
Signer: NVIDIA Corporation PE Sign v2014
MD5: 113d75a309c0170445cfc9917c391c6c
SHA-1: 27aa1f54d228caaaad1b08371509134f471cb1ca
Created: 2015/09/02 21:37:27
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Trojan.Kuluoz!6.1EFA (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\sony\walkman guide\nw-e050\backup\install\installerapp\x-application\x-application\japanese\issetup.dll
Publisher: Acresso Software Inc.
MD5: 1d3e0140a30fd4ebff79c9ff6e1c80ff
SHA-1: 87bdf23afb7b489257155ef91bcd73014de1235b
Created: 2011/05/21 13:31:41
Detections: 1
Determination: Ignore detections (false positive)
- Clam AntiVirus as PUA.Packed.PECompact-1

---------------------------------------------------------------------------------

File path: c:\program files\tablet\wacom\32\wacadb.exe
Publisher:
MD5: 65e1401fcec9a3c2e0849a374f345290
SHA-1: c6be15f3cfb577b78c6818bae0a0b26dad371f24
Created: 2015/01/06 19:00:44
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\wise disk cleaner\unins000.exe
Publisher:
MD5: 7955258ddacd4e94617b4b03f0d87edf
SHA-1: 26e6e0a22e70b7343035b5d765620b69e371ee47
Created: 2011/04/09 23:57:09
Detections: 1
Determination: Ignore detections (false positive)
- ByteHero BDV as Trojan.Malware.Obscu.Gen.001 (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\wise registry cleaner\unins000.exe
Publisher:
MD5: 9f86f7ec450959e0d8214a7a763d714d
SHA-1: a4c3d28562bac1094efb3b6a75140eac4fd0bc5f
Created: 2011/04/09 23:48:10
Detections: 1
Determination: Ignore detections (false positive)
- ByteHero BDV as Trojan.Malware.Obscu.Gen.001 (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\xrecode ii\bass.dll
Publisher: Un4seen Developments
MD5: d181b45c7213ac97d304c27f8d8c8933
SHA-1: 43eeb66cfe143f035a5b176e10391fdfdd3a0911
Created: 2013/05/20 23:36:39
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Worm/Win32.NetSky.gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\xrecode ii\bassflac.dll
Publisher: Un4seen Developments
MD5: 156beb14cedf222960cb5ea1e4f7e378
SHA-1: f50dcd16f0d777ad1c7bb41a76c56f081d3f3080
Created: 2013/05/20 23:36:39
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\xrecode ii\external\atomicparsley.exe
Publisher:
MD5: e6dfc4eccba4a708d17643a206ecd17c
SHA-1: 9497f29af420f0411d8a968785dc292ec5274b27
Created: 2013/05/20 23:36:40
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)

作業と報告、ご苦労様です。
HPログを見せてもらいましたが、そのログで少し怪しいものが見つかりました。

では以下の確認をお願いします。

まず隠しファイル表示設定はできていると思うので、その状態でCドライブ内の下記のフォルダを探してください。
>c:\programdata\application data\windows update

>c:\programdata\application data\windows update

自分の環境ではWin7内にこんなフォルダありません。
フォルダを見つけたらそれを右クリックから「プロパティ」を開いて、そのフォルダの「作成日時」を見てください。

見つけたらその日時をレスで教えてください。
正規のWindowsUpdate関連フォルダなら、今年1月8日や10日ごろに作成されているというのは考えられません。
>Created: 2016/01/08 0:51:03
>Created: 2016/01/10 0:59:03

他にもいくつか妙なところが見えてますが、とりあえず上記の確認を見てから次の対処をしましょう

　いつもありがとうございます。早速報告させて頂きます。ご指示にあるものの場所ですが、
c:/programdata/APPLICATION data/windows updateとありますが、実際の場所は、
c:/programdata/windows updateとなっています。

　作成日時は、2016/1/10 0：59となっております。その中は「tmp」というフォルダと、
svrupg.exeとupgsvr.exeという二つのファイルがあります。

　「tmp」フォルダの中はcarssn---.exeとMiniDownloader.exeとmsdtc-.exeとupg
svr.exeの4つのファイルがあります。

　いずれも、「windows update」フォルダの作成日時とは全て異なります。ただ、前後の
日時ではあります。

　念のためc:/programdata内のフォルダ画像を貼り付けておきますので参照ください。

　


　

　あらｗこれ画像貼れないパターンですかねｗ。まあ、作成日時は書いてある通りですので、
お願いします。

作業と報告、ご苦労様です。

>c:/programdata/APPLICATION data/windows updateとありますが、実際の場所は、
>c:/programdata/windows updateとなっています。

ということはc:/programdata/APPLICATION data/windows updateフォルダは探しても見つからなかったわけですか？
見つからないならここは置いときましょう。

>作成日時は、2016/1/10 0：59となっております。その中は「tmp」というフォルダと、
>svrupg.exeとupgsvr.exeという二つのファイルがあります。

>　「tmp」フォルダの中はcarssn---.exeとMiniDownloader.exeとmsdtc-.exeとupg
>svr.exeの4つのファイルがあります。

>　いずれも、「windows update」フォルダの作成日時とは全て異なります。ただ、前後の
>日時ではあります。

はい、報告ありがとうございます。
自分のほうで情報集めてみましたが、やはりそれらは正規とは見えないようです。

ではそれも含めて次の処置してみましょうか。

またCドライブを開いて、下記のフォルダとファイルを探してから、見つかれば手動で削除にかかってください。ですが削除できないものは無理に進めずキャンセルして、次回レスでそれを教えてください。

c:/programdata/windows update

c:\programdata\msdtc.exe

c:\programdata\upgsvr.exe

c:\programdata\application data\msdtc.exe

c:\programdata\application data\upgsvr.exe

c:\programdata\application data\installmate\{5384ced3-ca47-9eee-7c05-82658867ec25}

c:\programdata\application data\installmate\{9e77acf4-48b5-4937-abdc-009745948e02}

c:\programdata\application data\windows update

c:\users\taku nishiguchi\appdata\local\setup wizard\159648ec-5536-4952-b1ba-89a12250b09a

c:\users\taku nishiguchi\appdata\roaming\svrupg.exe

c:\users\taku nishiguchi\appdata\roaming\upgsvr.exe

c:\program files\ad-aware antivirus

c:\program files\bego_ff_go1

c:\program files\common files\wondershare

c:\program files\freemake

数が多いので対象外の物を間違って削除しないようによく見て作業をお願いします。

一通り削除できたらそこで一度PC再起動後、またしばらく様子見後に、HJTとCCの各タブログとインストール情報ログを取り直して、それらを状態報告とともにレスください。
また、上記作業で見つけて削除したファイルやフォルダがまた復活していないかを見直して、復活しているようならそれも教えてください。

ですがWindowsUpdateに偽装するようなマルウェアとしたら、その巧妙さから考えてもまったく油断できません。
この作業の結果次第では次回にでもリカバリの判断出す可能性も高いことを承知しておいてください

　いつもありがとうございます。早速報告させて頂きます。上記削除内容については、以下の通りです。

c:/programdata/windows update

c:\programdata\msdtc.exe

c:\programdata\upgsvr.exe

　上記３つは削除出来ました。復活もありません。

c:\programdata\application data\msdtc.exe

c:\programdata\application data\upgsvr.exe

c:\programdata\application data\installmate\{5384ced3-ca47-9eee-7c05-82658867ec25}

c:\programdata\application data\installmate\{9e77acf4-48b5-4937-abdc-009745948e02}

c:\programdata\application data\windows update

　上記５つは前回もご報告した通り、c:/program data/以下のapplication dataフォルダが存在しません
でしたので、スルーしました。

c:\users\taku nishiguchi\appdata\local\setup wizard\159648ec-5536-4952-b1ba-89a12250b09a

c:\users\taku nishiguchi\appdata\roaming\svrupg.exe

c:\users\taku nishiguchi\appdata\roaming\upgsvr.exe

c:\program files\ad-aware antivirus

c:\program files\bego_ff_go1

c:\program files\common files\wondershare

c:\program files\freemake

　上記７つは全て削除出来ました。復活もありません。

　以下ＨＪＴとＣＣの各タブログとインストール情報ログを張ります。ご確認のほど
よろしくお願いいたします。

　（ＨＪＴログ）
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 1:33:07, on 2016/01/19
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18163)


Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMNT.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Users\taku nishiguchi\Desktop\HJT\HijackThis.exe
C:\Windows\system32\GWX\GWX.exe

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [kssetup] C:\Program Files\Kingsoft\Kssetup\starthome.exe init
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [IME JPN 2007 Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload
O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKLM\..\Run: [kxesc] "c:\program files\kingsoft\kingsoft internet security 2015\kxetray.exe" -autorun
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-18\..\RunOnce: [KISINSTALL] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [KAV7NEEDREBOOT] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Del25027895] cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Del8498684] cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Del16514531] cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [KISINSTALL] (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: starthome - {06926B30-424E-4f1c-8EE3-543CD96573DF} - C:\Program Files\Kingsoft\Kssetup\starthome.exe
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: starthome - {06926B30-424E-4f1c-8EE3-543CD96573DF} - C:\Program Files\Kingsoft\Kssetup\starthome.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0172828C-CB7D-4C10-AF96-0ED9B52DCFDC} (GameOnG2GCtrl Class) - http://update.g2gcdn.com/g2g/g2gdownloader/GameOnG2G.cab
O16 - DPF: {134DD8EF-7716-4538-A430-EFEB7517E6E7} (WebLauncher Control) - http://icarus.gamecom.jp/Common/cab/WebLauncher.cab
O16 - DPF: {145C073F-9098-41CA-81E1-295D17CDFD55} (TTS Launcher Class) - https://ta-online.jp/weblauncher/common/CnCGameLauncher.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {31EE92CA-C0F5-48F7-AE60-B54CDF3BB76C} (AcqVPlayer Control) - http://202.95.222.164/player/AcqVPlayerX_2_0_3_9.cab
O16 - DPF: {416A7570-8626-4935-B4AC-F7712B909FFE} (KCSActiveXJPv3Ctrl Class) - http://210.136.222.73/kamuse/kcsjpdownload/activex/KCSActiveXJPv3_1002.cab
O16 - DPF: {5082D9B5-5538-4C50-BDB1-C5F44BFB98CC} (HgRunPub Class) - http://down.hangame.co.jp/jp/installer/HgRunPub.cab
O16 - DPF: {5EBC1E61-6BD1-4FBC-AB60-744144EA615D} (AtlAXCtrl Class) - http://karos.oge.jp/html/cab/ver4/AtlAX.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivX Web Player Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6FC19219-C47E-4880-9A70-D218A1C374F9} (CJIJTransX Control) - http://www.sdgundamcfo.jp/common/CJIJTransX.cab
O16 - DPF: {7216BF69-1FB3-438C-9A51-9DA82B676BC0} (ArarioGameStarter6 Class) - http://stonline.arario.jp/activeX/AraGameStarterW6.cab
O16 - DPF: {785287DD-2A28-4558-BC5C-4F8D1350631D} (CapcomLoaderObject Class) - https://sys.ixion-saga.jp/auth/login/pannel/CapcomLoader32.cab
O16 - DPF: {865C98C4-E909-44DF-B2A1-C659E6C2AF47} (DragonsProphetGameStarter Control) - http://dragonsprophet.aeriagames.jp/files/cab/DP_GameStarter.cab
O16 - DPF: {8C2E6E01-D1F6-4A94-B314-7C5DF4EE1853} (SpecAnalyzer Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGReport.cab
O16 - DPF: {9BEEA7FF-FF76-403C-B124-86D9835435F0} (GameChu Login Control) - https://file.gamechu.net/dl/download/sessionctrl.cab
O16 - DPF: {A1A81C4D-C5FB-40C7-98F0-308516A67693} (HLauncher Control) - http://ge.hanbitstation.jp/launcher/HUELauncher.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher.cab_1.0.1.8
O16 - DPF: {B0B7F252-5B1D-4F56-9172-29AD9F62537E} (GamesCampus Control) - http://tartaros.gamescampus.co.jp/activex/GamesCampus.cab
O16 - DPF: {BBA1ABFD-C9A1-41E8-959A-161F17E145D4} (G2GDownloaderCtrl Class) - http://update.g2gcdn.com/g2g/g2gdownloader/G2GDownloader.cab
O16 - DPF: {C299BD0C-F41B-4A8B-8D05-964A141D8C28} (GameStarter Control) - https://grandfantasia.aeriagames.jp/files/gf/GrandFantasia.cab
O16 - DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} (Game Starter Control) - https://gash.gamania.co.jp/acxauth/cab/2.0.1/lcjggame.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - https://nprotect.gameon.co.jp/keycrypt_20101021/npkcx_10021.cab
O16 - DPF: {E2729F99-A050-4F4D-AE9F-7492C5532F49} (HgTAgent2 Extension Class) - http://down.hangame.co.jp/jp/dist/hgtagent2/hgtagent2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E4FC78EE-7DB9-444B-AF43-DB5F48E29D60} (ccmedia_launcher Control) - http://plugins.mk-style.com/ccmedia_launcher_vov.cab
O16 - DPF: {F2A8D14C-33BE-4E6E-B4B3-67F4062428A9} (G2GDownloader2Ctrl Class) - http://update.g2gcdn.com/g2g/g2gdownloader/G2GDownloader2.cab
O16 - DPF: {F4C75105-84BB-414D-AE37-4F0EEEEDE881} (X-Legend GameStarter Control) - https://genshin.x-legend.co.jp/X-LegendGameStarter.cab
O16 - DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} (PubPlugin Class) - http://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
O16 - DPF: {FFF7D8B7-A5EA-4270-8F68-140CE3F8F117} (ｅｏかんたんメール設定ツール) - http://support.eonet.jp/download/eo_tool/dldata/kantan_tool/32/eomcfgax.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-UpdaterService.exe
O23 - Service: Chrome リモート デスクトップ サービス (chromoting) - Google Inc. - C:\Program Files\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: GoogleChromeUpServlce - Unknown owner - C:\ProgramData\Windows Update\upgsvr.exe (file missing)
O23 - Service: GoogleChromeUpSvc - Unknown owner - C:\ProgramData\Windows Update\svrupg.exe (file missing)
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kingsoft Core Service (kxescore) - Kingsoft Corporation - c:\program files\kingsoft\kingsoft internet security 2015\kxescore.exe
O23 - Service: MPC Core Protect Service (MPCProtectService) - DotCash Limited - C:\Program Files\MPC Cleaner\MPCProtectService.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\OpenMG\PACSPTISVR.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SonicStage Back-End Service2 - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeService2.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
O23 - Service: xsherlock - Wellbia.com Co., Ltd. - C:\Windows\xsherlock.xem

--
End of file - 13960 bytes

　（ＣＣインストールデータログ）
Adobe Flash Player 20 ActiveX Adobe Systems Incorporated 2016/01/03 17.6 MB 20.0.0.270
Adobe Flash Player 20 NPAPI Adobe Systems Incorporated 2016/01/02 18.1 MB 20.0.0.267
Apple Application Support（32 ビット） Apple Inc. 2015/12/12 114 MB 4.1.1
Apple Mobile Device Support Apple Inc. 2015/11/08 22.5 MB 9.1.0.6
Apple Software Update Apple Inc. 2015/09/27 2.39 MB 2.1.4.131
Baby-G 2012/11/03
BlueStacks App Player BlueStack Systems, Inc. 2015/07/24 0.9.30.9239
BlueStacks Notification Center BlueStack Systems, Inc. 2015/06/20 170 MB 0.9.30.9239
Bonjour Apple Inc. 2015/09/27 1.10 MB 3.1.0.1
Canon iP4500 series 2011/11/05
Canon Utilities Easy-PhotoPrint EX 2011/11/05
Canon Utilities Solution Menu 2011/11/05
Canon マイ プリンタ 2011/11/05
CCleaner Piriform 2016/01/10 5.13
Chrome Remote Desktop Host Google Inc. 2015/11/03 18.1 MB 47.0.2526.18
Daum ｽｺﾅｩｸｰｼｼﾀﾌｹ・ｰ柀ｭﾁ彧・ Daum Communications Corp. 2011/02/08
DivXセットアップ DivX, LLC 2015/12/26 2.8.0.13
E-girlsA 2015/01/04
ECHO OF SOUL HANGAME 2015/07/15 7.60 GB 03
FreeStyle_ScreenSaver_KARACAT Screensaver 2012/10/06
Google Toolbar for Internet Explorer Google Inc. 2015/12/19 7.5.7210.1528
herdProtect Anti-Malware Scanner Reason Company Software Inc. 2016/01/16 1.0
iTunes Apple Inc. 2015/12/12 202 MB 12.3.2.35
KINGSOFT Internet Security KINGSOFT Internet Security 2016/01/10 kis2015
Kingsoft Office 2010 (6.6.0.2724) Kingsoft Corp. 2012/06/17 6.6.0.2724
LG CyberLink Power2Go CyberLink Corp. 2009/09/25 108 MB 6.0.3203
LG CyberLink PowerBackup CyberLink Corp. 2009/09/25 2.5.5529
LG CyberLink PowerDVD CyberLink Corp. 2009/09/25 79.8 MB 8.0.2815d
LG CyberLink PowerProducer CyberLink Corp. 2009/09/25 323 MB 5.0.2.2028
LG Power Tools CyberLink Corp. 2009/09/25 14.4 MB 6.0.2806
LG United Mobile Drivers LG Electronics 2012/12/09 6.70 MB 3.8.1
Malwarebytes Anti-Malware バージョン 2.2.0.1024 Malwarebytes 2016/01/11 65.9 MB 2.2.0.1024
Microsoft .NET Framework 4.5.2 Microsoft Corporation 2015/02/02 38.8 MB 4.5.51209
Microsoft .NET Framework 4.5.2 (日本語) Microsoft Corporation 2015/05/10 2.93 MB 4.5.51209
Microsoft ASP.NET MVC 4 Runtime Microsoft Corporation 2015/09/26 1.59 MB 4.0.40804.0
Microsoft IntelliPoint 8.2 Microsoft Corporation 2012/01/26 8.20.468.0
Microsoft Office File Validation Add-In Microsoft Corporation 2014/05/15 10.9 MB 14.0.5130.5003
Microsoft Office Personal 2007 Microsoft Corporation 2012/07/23 12.0.6612.1000
Microsoft Silverlight Microsoft Corporation 2016/01/14 111 MB 5.1.41212.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2009/09/17 1.72 MB 3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 2012/01/25 252 KB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2011/06/18 300 KB 8.0.59193
Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Corporation 2013/12/22 2.64 MB 8.0.51011
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 2014/11/02 230 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2013/03/09 240 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 2009/09/25 596 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2011/06/18 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2015/04/19 4.61 MB 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 2015/04/18 17.1 MB 12.0.30501.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 2012/12/10 35.0 KB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 2012/12/10 1.33 MB 4.20.9876.0
NavyFIELD NorthAmerica SD EnterNET 2014/05/02 1.00.0000
NVIDIA 3D Vision コントローラー ドライバー 352.65 NVIDIA Corporation 2015/12/30 352.65
NVIDIA 3D Vision ドライバー 361.43 NVIDIA Corporation 2015/12/30 361.43
NVIDIA Display Control Panel NVIDIA Corporation 2010/08/21 129 MB 6.14.12.5896
NVIDIA GeForce Experience 2.8.1.21 NVIDIA Corporation 2015/12/30 2.8.1.21
NVIDIA HD オーディオ ドライバー 1.3.34.4 NVIDIA Corporation 2015/12/30 1.3.34.4
NVIDIA PhysX システム ソフトウェア 9.15.0428 NVIDIA Corporation 2015/09/02 9.15.0428
NVIDIA グラフィックス ドライバー 361.43 NVIDIA Corporation 2015/12/30 361.43
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2009/09/17 6.0.1.5898
Skype Click to Call Microsoft Corporation 2016/01/17 10.9 MB 8.0.0.9103
Skype(TM) 7.17 Skype Technologies S.A. 2015/12/28 79.2 MB 7.17.105
Sony Media Library Earth 9.0.00 Sony Corporation 2014/03/24 48.7 MB 9.0.00.09200
System Requirements Lab 2011/07/22
TeamSpeak 3 Client TeamSpeak Systems GmbH 2014/07/05 3.0.15
WebTablet FB Plugin 32 bit Wacom Technology Corp. 2015/01/06 2.1.0.7
Windows Live Essentials Microsoft Corporation 2011/08/08 15.4.3538.0513
Windows Live Sync Microsoft Corporation 2009/09/17 2.76 MB 14.0.8089.726
Wise Disk Cleaner 5.93 WiseCleaner.com 2011/04/09 3.40 MB
Wise Registry Cleaner 5.9.4 ZhiQing Soft, Inc. 2011/04/09 3.45 MB 5.9.4
x-アプリ 5.1 Sony Corporation 2014/03/24 88.7 MB 9.2
xrecode II 1.0.0.192 2013/05/20 23.0 MB
らくちんCDダイレクトプリント for Canon 2011/11/05
リモート接続用の Windows Live Mesh ActiveX コントロール (日本語) Microsoft Corporation 2010/10/20 5.57 MB 15.4.5722.2
ワコム タブレット Wacom Technology Corp. 2015/01/06 6.3.8-6
宛名職人MOOK版10 AGENDA Co.,Ltd. 2011/12/25

　（ＣＣタブログwindows）
有効 HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
有効 HKLM:Run CanonMyPrinter CANON INC. C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
有効 HKLM:Run CanonSolutionMenu CANON INC. C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
有効 HKLM:Run CLMLServer CyberLink "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
有効 HKLM:Run IME JPN 2007 Migration Microsoft Corporation C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload
有効 HKLM:Run IntelliPoint Microsoft Corporation "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
有効 HKLM:Run kssetup www.kingsoft.jp C:\Program Files\Kingsoft\Kssetup\starthome.exe init
有効 HKLM:Run kxesc Kingsoft Corporation "c:\program files\kingsoft\kingsoft internet security 2015\kxetray.exe" -autorun
有効 HKLM:Run RemoteControl8 CyberLink Corp. "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
有効 HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
有効 HKLM:Run ShadowPlay Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
有効 HKLM:Run UpdateP2GoShortCut CyberLink Corp. "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
有効 HKLM:Run UpdatePPShortCut CyberLink Corp. "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
有効 HKLM:Run UpdatePSTShortCut CyberLink Corp. "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
有効 HKLM:RunOnce B Register C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll Microsoft Corporation "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer
有効 HKLM:RunOnce B Register C:\Program Files\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax Microsoft Corporation "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer

　（ＣＣタブログＩＥ）
無効 Extension Messenger Companion (Ctrl+Shift+C) Microsoft Corporation C:\Program Files\Windows Live\Companion\companioncore.dll
有効 Extension Skype Click to Call settings Microsoft Corporation C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
無効 Extension このコンテンツを引用 Microsoft Corporation C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
無効 Helper Google Toolbar Helper Google Inc. C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
有効 Helper Skype Click to Call for Internet Explorer Microsoft Corporation C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
無効 Helper Windows Live ID Sign-in Helper Microsoft Corp. C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
無効 Helper Windows Live Messenger Companion Helper Microsoft Corporation C:\Program Files\Windows Live\Companion\companioncore.dll
無効 Toolbar Google Toolbar Google Inc. C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

（ＣＣタブログスケジュールされたタスク）
有効 Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task DivXUpdate DivX, LLC C:\Program Files\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe
有効 Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task {05ECFF6E-3107-4812-9472-D1B660AF352E} Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/4.2.0.155/ja/abandoninstall?page=tsChrome&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-installed
有効 Task {05F7C8E5-B819-4FD3-A504-2D891C6396A2} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Nexon\NAVYFIELD2\vcredist_x86.exe -d C:\Nexon\NAVYFIELD2
有効 Task {08163D3D-27F1-4A2B-8495-97D3AEF7028E} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Program Files\Silk-R\Remove.Exe"
有効 Task {08D269C3-F1E7-4CBF-9B59-FD841CCA1514} Microsoft Corporation C:\Windows\system32\pcalua.exe -a D:\kssetup_install\kssetup_install.exe -d D:\kssetup_install
有効 Task {0E3890F2-A308-4D25-A058-4365944803C7} SDEnterNET C:\Program Files\SD EnterNET\NavyFIELD\NavyFIELD Launcher.exe
有効 Task {14F7847B-FA90-458C-8F63-2E7E6EC212D8} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Program Files\Silk-R\Remove.Exe"
有効 Task {2375DA01-FD6C-4D7D-B2A4-65F947EBF02B} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\Desktop\ARKdownloadstart.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {2422AA9B-250A-4ED5-B2E4-07F5E23AB536} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WX55AC1A\pmang_common_module.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {2CF811CD-1D39-4516-B579-22FAB5045BF0} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Program Files\TeamSpeak 3 Client\package_inst.exe" -d "C:\Users\taku nishiguchi\Desktop" -c "C:\Users\taku nishiguchi\Desktop\130105_for_3092_rev1.ts3_translation"
有効 Task {31F2A8E6-1CF5-47C8-9FD3-E6F7D2B384C9} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\Desktop\Setup_SN_0422.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {36E6DA32-359B-4CE6-BB3B-8384DF9A9B63} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6A7TMPPA\SOR_EP2downloadstart.exe" -d "C:\Users\taku nishiguchi"
有効 Task {3A14BFA8-9382-4E90-8752-B4460CCAA4D5} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J298H6WF\common_module.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {3AFC55CF-6BB9-4D54-9F4E-903E4D37DA60} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Nexon\NAVYFIELD2\vcredist_x86.exe -d C:\Nexon\NAVYFIELD2
有効 Task {46DFC07F-EDB4-4C6C-8762-3FE043B95C46} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WX55AC1A\pmang_common_module.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {4B1B5F91-5A2D-477C-AC6B-F9905F5BA8F7} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\Desktop\PandoraSaga_install.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {5238B796-26A8-47A8-B44A-8A59EF8BE81A} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\Desktop\ddec3540inst_jp.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {690D2BDE-4929-470F-A1A8-D404186DA29E} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WX55AC1A\pmang_common_module.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {78CEC348-8669-4333-9F3D-6E0E45D7A7EC} Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/5.1.0.112.259/ar/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;alreadyoffered
有効 Task {81D483CF-0ED1-4172-AB3E-628116FE23C5} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\TAKUNI~1\AppData\Local\Temp\~pmangZip\Installer.exe -d C:\Users\TAKUNI~1\AppData\Local\Temp\NWZ6AB3.tmp
有効 Task {83A4F0CC-37F1-437A-8D90-F89A25F4B003} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\TAKUNI~1\AppData\Local\Temp\~pmangZip\setup.exe -d C:\Users\TAKUNI~1\AppData\Local\Temp\Low\NWZ6C5E.tmp
有効 Task {8942B346-CD5A-4575-817E-03B3EF21EC49} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\Desktop\Fantasy Earth Zero Client Installer\setup.exe" -d "C:\Users\taku nishiguchi\Desktop\Fantasy Earth Zero Client Installer"
有効 Task {946FAB7B-600E-496A-A787-2581B4667C31} Microsoft Corporation "c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/4.1.0.179/ja/go/help.faq.installer?LastError=1603
有効 Task {9831E48B-72ED-45DD-B472-B1892796682F} Skype Technologies S.A. C:\Program Files\Skype\Phone\Skype.exe
有効 Task {A2990A31-B7C8-4315-8A88-97D610AB6C3C} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5NTEXPJ\pmang_common_module.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {A6EB5F72-871D-4134-B89F-620D850B92B0} Skype Technologies S.A. C:\Program Files\Skype\Phone\Skype.exe
有効 Task {AFAAF2B3-65DB-4D2A-BC3F-91801F387DD9} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ANDPFQS\pmang_common_module.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {B703E6A1-86CB-4F56-B4D2-8505295E2BEB} Microsoft Corporation "c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/5.5.0.124.259/en/go/help.faq.installer?LastError=1618
有効 Task {BCE7938E-AFEE-4518-82D4-4C402AC8F26D} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ANDPFQS\pmang_common_module.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {C1571B46-E4EA-4AC5-A9EE-94EE140092BB} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\Desktop\3GP_Converter034\Setup.exe" -d "C:\Users\taku nishiguchi\Desktop\3GP_Converter034"
有効 Task {C8360997-FF9C-4596-8270-F19BED0990DF} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\Desktop\SORdownloadstart.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {D14AB51B-6680-415E-AD44-F8E5BD77E0C7} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\Desktop\fez_full_installer.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {D1E8582E-695C-4B59-8875-CAB855E6F5BF} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4W2D7GZB\pmang_common_module.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {D6237DF9-F239-4B91-BFD8-E162C7254F02} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CR87BM5X\pmang_common_module.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {E54DDB88-2583-4834-9E2D-E1B9A2C36AD9} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3GZ5O2F\common_module.exe" -d "C:\Users\taku nishiguchi\Desktop"
有効 Task {F371BB31-E624-41F6-AE16-2CD04A1EA4BA} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\taku nishiguchi\Desktop\SOR_EP2downloadstart.exe" -d "C:\Users\taku nishiguchi\Desktop"

　（ＣＣタブログコンテキストメニュー）
有効 Directory duba_32bit Kingsoft Corporation c:\program files\kingsoft\kingsoft internet security 2015\kavmenu.dll
有効 Drive duba_32bit Kingsoft Corporation c:\program files\kingsoft\kingsoft internet security 2015\kavmenu.dll
有効 File duba_32bit Kingsoft Corporation c:\program files\kingsoft\kingsoft internet security 2015\kavmenu.dll

　以上となります。

作業と報告、ご苦労様です。
見つかったものは削除後に復活もしてないようで、これはいいです。
各ログも見せていただきました。

ではまた説明に沿って作業してもらえますか。

セーフモードでHJTでスキャンして、表示された中に下記が見つかればそれをfixです。
O4 - HKUS\S-1-5-18\..\RunOnce: [Del25027895] cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [Del8498684] cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [Del16514531] cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" (User 'SYSTEM')

処置したらPCを通常モードで再起動後にディスククリーンアップです。

次にここでしばらく様子見してから、異常の有無を確認しておいてください。

そのあとにまたOTLで「Run scan」してください。
PCは通常モード状態でいいです。

スキャン後にまたそのログを、状態報告とともにレスください。

このスキャンログでまた見つかったものを次の作業で処置にかかりますが、万一上記作業で沈静化していても油断はしないでください
SHOWHIDDEN
%windir%\tasks\*.job
DRIVES
BASESERVICES
%SYSTEMDRIVE%\*.exe
ACTIVEX

　いつもありがとうございます。早速ですが、報告させていただきます。

　ご指示にあるセーフモードでＨＪＴでスキャンして、表示された中に描きが見つかればそれをfixです。

O4 - HKUS\S-1-5-18\..\RunOnce: [Del25027895] cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [Del8498684] cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [Del16514531] cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" (User 'SYSTEM')

　上記３行に関して、見つかりませんでした。念のためｓｃａｎ　ｌｏｇ貼っておきます。

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 0:10:17, on 2016/01/20
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18163)


Boot mode: Safe mode with network support

Running processes:
C:\Users\taku nishiguchi\Desktop\HJT\HijackThis.exe

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [kssetup] C:\Program Files\Kingsoft\Kssetup\starthome.exe init
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [IME JPN 2007 Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload
O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKLM\..\Run: [kxesc] "c:\program files\kingsoft\kingsoft internet security 2015\kxetray.exe" -autorun
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [KISINSTALL] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [KISINSTALL] (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: starthome - {06926B30-424E-4f1c-8EE3-543CD96573DF} - C:\Program Files\Kingsoft\Kssetup\starthome.exe
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: starthome - {06926B30-424E-4f1c-8EE3-543CD96573DF} - C:\Program Files\Kingsoft\Kssetup\starthome.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0172828C-CB7D-4C10-AF96-0ED9B52DCFDC} (GameOnG2GCtrl Class) - http://update.g2gcdn.com/g2g/g2gdownloader/GameOnG2G.cab
O16 - DPF: {134DD8EF-7716-4538-A430-EFEB7517E6E7} (WebLauncher Control) - http://icarus.gamecom.jp/Common/cab/WebLauncher.cab
O16 - DPF: {145C073F-9098-41CA-81E1-295D17CDFD55} (TTS Launcher Class) - https://ta-online.jp/weblauncher/common/CnCGameLauncher.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {31EE92CA-C0F5-48F7-AE60-B54CDF3BB76C} (AcqVPlayer Control) - http://202.95.222.164/player/AcqVPlayerX_2_0_3_9.cab
O16 - DPF: {416A7570-8626-4935-B4AC-F7712B909FFE} (KCSActiveXJPv3Ctrl Class) - http://210.136.222.73/kamuse/kcsjpdownload/activex/KCSActiveXJPv3_1002.cab
O16 - DPF: {5082D9B5-5538-4C50-BDB1-C5F44BFB98CC} (HgRunPub Class) - http://down.hangame.co.jp/jp/installer/HgRunPub.cab
O16 - DPF: {5EBC1E61-6BD1-4FBC-AB60-744144EA615D} (AtlAXCtrl Class) - http://karos.oge.jp/html/cab/ver4/AtlAX.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivX Web Player Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6FC19219-C47E-4880-9A70-D218A1C374F9} (CJIJTransX Control) - http://www.sdgundamcfo.jp/common/CJIJTransX.cab
O16 - DPF: {7216BF69-1FB3-438C-9A51-9DA82B676BC0} (ArarioGameStarter6 Class) - http://stonline.arario.jp/activeX/AraGameStarterW6.cab
O16 - DPF: {785287DD-2A28-4558-BC5C-4F8D1350631D} (CapcomLoaderObject Class) - https://sys.ixion-saga.jp/auth/login/pannel/CapcomLoader32.cab
O16 - DPF: {865C98C4-E909-44DF-B2A1-C659E6C2AF47} (DragonsProphetGameStarter Control) - http://dragonsprophet.aeriagames.jp/files/cab/DP_GameStarter.cab
O16 - DPF: {8C2E6E01-D1F6-4A94-B314-7C5DF4EE1853} (SpecAnalyzer Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGReport.cab
O16 - DPF: {9BEEA7FF-FF76-403C-B124-86D9835435F0} (GameChu Login Control) - https://file.gamechu.net/dl/download/sessionctrl.cab
O16 - DPF: {A1A81C4D-C5FB-40C7-98F0-308516A67693} (HLauncher Control) - http://ge.hanbitstation.jp/launcher/HUELauncher.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher.cab_1.0.1.8
O16 - DPF: {B0B7F252-5B1D-4F56-9172-29AD9F62537E} (GamesCampus Control) - http://tartaros.gamescampus.co.jp/activex/GamesCampus.cab
O16 - DPF: {BBA1ABFD-C9A1-41E8-959A-161F17E145D4} (G2GDownloaderCtrl Class) - http://update.g2gcdn.com/g2g/g2gdownloader/G2GDownloader.cab
O16 - DPF: {C299BD0C-F41B-4A8B-8D05-964A141D8C28} (GameStarter Control) - https://grandfantasia.aeriagames.jp/files/gf/GrandFantasia.cab
O16 - DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} (Game Starter Control) - https://gash.gamania.co.jp/acxauth/cab/2.0.1/lcjggame.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - https://nprotect.gameon.co.jp/keycrypt_20101021/npkcx_10021.cab
O16 - DPF: {E2729F99-A050-4F4D-AE9F-7492C5532F49} (HgTAgent2 Extension Class) - http://down.hangame.co.jp/jp/dist/hgtagent2/hgtagent2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E4FC78EE-7DB9-444B-AF43-DB5F48E29D60} (ccmedia_launcher Control) - http://plugins.mk-style.com/ccmedia_launcher_vov.cab
O16 - DPF: {F2A8D14C-33BE-4E6E-B4B3-67F4062428A9} (G2GDownloader2Ctrl Class) - http://update.g2gcdn.com/g2g/g2gdownloader/G2GDownloader2.cab
O16 - DPF: {F4C75105-84BB-414D-AE37-4F0EEEEDE881} (X-Legend GameStarter Control) - https://genshin.x-legend.co.jp/X-LegendGameStarter.cab
O16 - DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} (PubPlugin Class) - http://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
O16 - DPF: {FFF7D8B7-A5EA-4270-8F68-140CE3F8F117} (ｅｏかんたんメール設定ツール) - http://support.eonet.jp/download/eo_tool/dldata/kantan_tool/32/eomcfgax.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-UpdaterService.exe
O23 - Service: Chrome リモート デスクトップ サービス (chromoting) - Google Inc. - C:\Program Files\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: GoogleChromeUpServlce - Unknown owner - C:\ProgramData\Windows Update\upgsvr.exe (file missing)
O23 - Service: GoogleChromeUpSvc - Unknown owner - C:\ProgramData\Windows Update\svrupg.exe (file missing)
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kingsoft Core Service (kxescore) - Kingsoft Corporation - c:\program files\kingsoft\kingsoft internet security 2015\kxescore.exe
O23 - Service: MPC Core Protect Service (MPCProtectService) - DotCash Limited - C:\Program Files\MPC Cleaner\MPCProtectService.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\OpenMG\PACSPTISVR.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SonicStage Back-End Service2 - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeService2.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
O23 - Service: xsherlock - Wellbia.com Co., Ltd. - C:\Windows\xsherlock.xem

--
End of file - 13311 bytes

　以上ご確認のほどよろしくお願いいたします。
　

　どうやら、セーフモードでＨＪＴスキャンすると、指定の3行が消えていることが判明しました。

　通常モードでＨＪＴスキャンすると、ご指定の3行が出てきます。

　今後のご指示をいただければ幸いです。

レスが遅くなってすみません。

>どうやら、セーフモードでＨＪＴスキャンすると、指定の3行が消えていることが判明しました。

>通常モードでＨＪＴスキャンすると、ご指定の3行が出てきます。

はい、ではお手数ですが今度は通常モードでHJTでスキャンしてから、対処エントリが見つかればそれをfixしてください。
O4 - HKUS\S-1-5-18\..\RunOnce: [Del25027895] cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [Del8498684] cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [Del16514531] cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" (User 'SYSTEM')

これでfixの可否に関わらず、続いて指示したOTLのスキャンしてから、そのログもまた見せてください

　いつもありがとうございます。早速報告させて頂きます。ＯＴＬログを以下に張ります。

　（ＯＴＬログ）
OTL logfile created on: 2016/01/20 23:30:46 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\taku nishiguchi\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18163)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

2.99 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 48.47% Memory free
5.98 Gb Paging File | 4.08 Gb Available in Paging File | 68.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 784.48 Gb Free Space | 84.22% Space Free | Partition Type: NTFS

Computer Name: TAKUNISHIGUCHI | User Name: taku nishiguchi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2016/01/12 23:37:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\taku nishiguchi\Desktop\OTL.exe
PRC - [2016/01/10 23:30:43 | 002,255,792 | ---- | M] (Kingsoft Corporation) -- c:\Program Files\Kingsoft\kingsoft internet security 2015\kxetray.exe
PRC - [2016/01/10 23:24:29 | 000,267,632 | ---- | M] (Kingsoft Corporation) -- c:\Program Files\Kingsoft\kingsoft internet security 2015\kxescore.exe
PRC - [2016/01/08 10:47:10 | 001,433,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2016/01/08 10:44:00 | 001,773,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2016/01/08 00:40:07 | 000,349,152 | ---- | M] (DotCash Limited) -- C:\Program Files\MPC Cleaner\MPCProtectService.exe
PRC - [2016/01/08 00:40:07 | 000,166,880 | ---- | M] (DotCash Limited) -- C:\Program Files\MPC Cleaner\MPCTray.exe
PRC - [2015/12/09 10:53:02 | 002,771,576 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2015/12/09 10:52:58 | 020,032,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
PRC - [2015/12/09 10:52:58 | 006,443,128 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
PRC - [2015/12/09 10:52:58 | 005,119,096 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
PRC - [2015/12/09 06:53:17 | 000,443,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\GWX\GWX.exe
PRC - [2015/12/09 04:23:58 | 006,602,152 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2015/10/14 22:52:00 | 000,069,448 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe
PRC - [2015/06/16 22:33:36 | 000,413,304 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe
PRC - [2015/05/09 12:12:59 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2014/05/22 01:14:30 | 000,549,144 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
PRC - [2014/05/22 01:14:28 | 008,444,184 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
PRC - [2014/05/22 01:14:28 | 004,228,888 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
PRC - [2014/05/22 01:14:28 | 001,531,160 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
PRC - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012/11/23 11:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/09 08:15:50 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Wacom\WacomHost.exe
PRC - [2011/02/25 14:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/06/03 20:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 23:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2007/04/04 10:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2015/12/09 10:53:02 | 000,011,896 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
MOD - [2015/12/09 04:25:38 | 000,030,720 | ---- | M] () -- C:\Program Files\CCleaner\Lang\lang-1041.dll
MOD - [2015/12/05 10:21:48 | 000,933,056 | R--- | M] () -- C:\Program Files\Skype\Phone\ssScreenVVS2.dll
MOD - [2014/05/22 01:14:30 | 001,019,672 | ---- | M] () -- C:\Program Files\Tablet\Wacom\libxml2.dll
MOD - [2009/06/03 20:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 20:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- C:\ProgramData\Windows Update\svrupg.exe /s GoogleChromeUpSvc /uid:51384 /local:br -- (GoogleChromeUpSvc)
SRV - File not found [Auto | Stopped] -- C:\ProgramData\Windows Update\upgsvr.exe /s GoogleChromeUpServlce /uid:51384 /local:br -- (GoogleChromeUpServlce)
SRV - [2016/01/20 21:37:04 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/01/10 23:24:29 | 000,267,632 | ---- | M] (Kingsoft Corporation) [Auto | Running] -- c:\program files\kingsoft\kingsoft internet security 2015\kxescore.exe -- (kxescore)
SRV - [2016/01/08 10:47:10 | 001,433,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2016/01/08 10:44:00 | 001,773,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2016/01/08 00:40:07 | 000,349,152 | ---- | M] (DotCash Limited) [Auto | Running] -- C:\Program Files\MPC Cleaner\MPCProtectService.exe -- (MPCProtectService)
SRV - [2015/12/16 23:55:23 | 000,417,400 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2015/12/13 02:27:29 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2015/12/09 10:52:59 | 001,872,504 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2015/12/09 10:52:58 | 006,443,128 | ---- | M] (NVIDIA Corporation) [On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe -- (NvStreamNetworkSvc)
SRV - [2015/12/09 10:52:58 | 005,119,096 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe -- (NvStreamSvc)
SRV - [2015/12/09 10:52:58 | 000,922,744 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV - [2015/10/28 18:49:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/10/14 22:52:00 | 000,069,448 | ---- | M] (Google Inc.) [Auto | Running] -- C:\Program Files\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe -- (chromoting)
SRV - [2015/07/23 02:53:34 | 000,937,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\diagtrack.dll -- (DiagTrack)
SRV - [2015/07/21 20:23:32 | 000,831,096 | ---- | M] (BlueStack Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\BlueStacks\HD-UpdaterService.exe -- (BstHdUpdaterSvc)
SRV - [2015/07/09 12:14:04 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2015/06/16 22:33:36 | 000,413,304 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2015/06/16 22:33:14 | 000,433,784 | ---- | M] (BlueStack Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2014/05/22 01:14:30 | 000,549,144 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\WTabletServicePro.exe -- (WTabletServicePro)
SRV - [2013/09/26 12:07:40 | 000,131,608 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeService2.exe -- (SonicStage Back-End Service2)
SRV - [2013/09/20 00:48:34 | 000,167,208 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\OpenMG\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2013/05/27 13:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/07 18:27:50 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/09/15 20:48:53 | 000,678,416 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\xsherlock.xem -- (xsherlock)
SRV - [2010/03/12 01:01:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 10:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\xhunter1.sys -- (xhunter1)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva410.sys -- (XDva410)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva401.sys -- (XDva401)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva365.sys -- (XDva365)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva351.sys -- (XDva351)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva347.sys -- (XDva347)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\VirtualAudio5.sys -- (WsAudio_Device(5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\VirtualAudio4.sys -- (WsAudio_Device(4)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\VirtualAudio3.sys -- (WsAudio_Device(3)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\VirtualAudio2.sys -- (WsAudio_Device(2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\VirtualAudio1.sys -- (WsAudio_Device(1)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\vtany.sys -- (vtany)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\npkakl.sys -- (npkakl)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\CDriver.sys -- (MSICDSetup)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2016/01/10 23:24:34 | 000,222,544 | ---- | M] (Kingsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\kisknl.sys -- (kisknl)
DRV - [2016/01/10 23:24:34 | 000,140,088 | ---- | M] (Kingsoft Corporation) [Kernel | System | Running] -- c:\Program Files\Kingsoft\kingsoft internet security 2015\security\kxescan\kdhacker.sys -- (KDHacker)
DRV - [2016/01/10 23:24:34 | 000,113,464 | ---- | M] (Kingsoft Corporation) [Kernel | System | Running] -- c:\Program Files\Kingsoft\kingsoft internet security 2015\security\ksnetm\kisnetm.sys -- (kisnetm)
DRV - [2016/01/10 23:24:34 | 000,080,744 | ---- | M] (Kingsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ksapi.sys -- (ksapi)
DRV - [2016/01/10 23:24:34 | 000,028,520 | ---- | M] (Kingsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kavbootc.sys -- (KAVBootC)
DRV - [2016/01/09 01:48:58 | 000,019,984 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\EsgScanner.sys -- (EsgScanner)
DRV - [2016/01/08 00:40:10 | 000,048,872 | ---- | M] (DotCash) [File_System | System | Running] -- C:\Windows\System32\drivers\MPCKpt.sys -- (MPCKpt)
DRV - [2016/01/08 00:40:10 | 000,028,648 | ---- | M] (DotCash) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\MPCBase.sys -- (MPCBase)
DRV - [2015/12/17 02:04:32 | 010,493,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2015/12/17 02:04:32 | 000,170,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2015/12/09 10:52:58 | 000,018,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV - [2015/08/11 13:55:08 | 000,044,840 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvvad32v.sys -- (nvvad_WaveExtensible)
DRV - [2015/06/16 22:33:22 | 000,131,704 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys -- (BstHdDrv)
DRV - [2014/03/18 01:13:36 | 000,080,696 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wachidrouter.sys -- (WacHidRouter)
DRV - [2014/03/18 01:13:36 | 000,013,112 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV - [2014/03/18 01:13:36 | 000,012,088 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf)
DRV - [2013/12/31 18:22:18 | 000,014,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\apf005.sys -- (apf005)
DRV - [2013/10/02 09:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013/07/26 21:23:52 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2012/08/23 23:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/07/04 13:47:00 | 000,073,728 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetndis.sys -- (andnetndis)
DRV - [2012/07/03 11:56:00 | 000,025,856 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetadb.sys -- (andnetadb)
DRV - [2012/07/03 11:43:00 | 000,027,776 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetmodem.sys -- (ANDNetModem)
DRV - [2012/07/03 11:43:00 | 000,023,040 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetdiag2.sys -- (AndNetDiag2)
DRV - [2012/07/03 11:43:00 | 000,023,040 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetdiag.sys -- (AndNetDiag)
DRV - [2011/12/14 01:00:08 | 000,010,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\apf001.sys -- (apf001)
DRV - [2011/05/18 08:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/11/20 18:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/10/26 23:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/07/14 08:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2001/11/27 11:29:52 | 000,966,784 | ---- | M] (YAMAHA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sxgxgwdm.sys -- (SOFTXG)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ????
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ????
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,OCustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,OSearchAssistant =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ????
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ????
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_286.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@gamechu.jp/gamechusupport-4: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre1.8.0_60\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.co.jp/NxGame: C:\ProgramData\NexonJP\NGM\npNxGameJP.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\pmang.jp/pmangdiagnostic-1: C:\GameOn\Common files\nppmangdiagnostic.dll File not found
FF - HKLM\Software\MozillaPlugins\pmang.jp/pmangsupport-1: C:\GameOn\Common files\nppmangsupport.dll File not found
FF - HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)


[2013/06/14 23:42:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2016/01/09 22:32:48 | 000,450,774 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15471 more lines...
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {AEF44653-C059-42CB-A5B7-41C640DA4A67} - No CLSID value found.
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [kssetup] C:\Program Files\Kingsoft\Kssetup\starthome.exe (www.kingsoft.jp)
O4 - HKLM..\Run: [kxesc] c:\program files\kingsoft\kingsoft internet security 2015\kxetray.exe (Kingsoft Corporation)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ShadowPlay] C:\Windows\System32\nvspcap.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer File not found
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutorun = 181
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9 - Extra Button: starthome - {06926B30-424E-4f1c-8EE3-543CD96573DF} - C:\Program Files\Kingsoft\Kssetup\starthome.exe (www.kingsoft.jp)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0172828C-CB7D-4C10-AF96-0ED9B52DCFDC} http://update.g2gcdn.com/g2g/g2gdownloader/GameOnG2G.cab (GameOnG2GCtrl Class)
O16 - DPF: {134DD8EF-7716-4538-A430-EFEB7517E6E7} http://icarus.gamecom.jp/Common/cab/WebLauncher.cab (WebLauncher Control)
O16 - DPF: {145C073F-9098-41CA-81E1-295D17CDFD55} https://ta-online.jp/weblauncher/common/CnCGameLauncher.cab (TTS Launcher Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {31EE92CA-C0F5-48F7-AE60-B54CDF3BB76C} http://202.95.222.164/player/AcqVPlayerX_2_0_3_9.cab (AcqVPlayer Control)
O16 - DPF: {416A7570-8626-4935-B4AC-F7712B909FFE} http://210.136.222.73/kamuse/kcsjpdownload/activex/KCSActiveXJPv3_1002.cab (KCSActiveXJPv3Ctrl Class)
O16 - DPF: {5082D9B5-5538-4C50-BDB1-C5F44BFB98CC} http://down.hangame.co.jp/jp/installer/HgRunPub.cab (HgRunPub Class)
O16 - DPF: {5EBC1E61-6BD1-4FBC-AB60-744144EA615D} http://karos.oge.jp/html/cab/ver4/AtlAX.cab (AtlAXCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivX Web Player Object)
O16 - DPF: {6FC19219-C47E-4880-9A70-D218A1C374F9} http://www.sdgundamcfo.jp/common/CJIJTransX.cab (CJIJTransX Control)
O16 - DPF: {7216BF69-1FB3-438C-9A51-9DA82B676BC0} http://stonline.arario.jp/activeX/AraGameStarterW6.cab (ArarioGameStarter6 Class)
O16 - DPF: {785287DD-2A28-4558-BC5C-4F8D1350631D} https://sys.ixion-saga.jp/auth/login/pannel/CapcomLoader32.cab (CapcomLoaderObject Class)
O16 - DPF: {865C98C4-E909-44DF-B2A1-C659E6C2AF47} http://dragonsprophet.aeriagames.jp/files/cab/DP_GameStarter.cab (DragonsProphetGameStarter Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8C2E6E01-D1F6-4A94-B314-7C5DF4EE1853} http://down.hangame.co.jp/jp/dist/hgstart/HGReport.cab (SpecAnalyzer Class)
O16 - DPF: {9BEEA7FF-FF76-403C-B124-86D9835435F0} https://file.gamechu.net/dl/download/sessionctrl.cab (GameChu Login Control)
O16 - DPF: {A1A81C4D-C5FB-40C7-98F0-308516A67693} http://ge.hanbitstation.jp/launcher/HUELauncher.cab (HLauncher Control)
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} http://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher.cab_1.0.1.8 (NeffyLauncherCtl Class)
O16 - DPF: {B0B7F252-5B1D-4F56-9172-29AD9F62537E} http://tartaros.gamescampus.co.jp/activex/GamesCampus.cab (GamesCampus Control)
O16 - DPF: {BBA1ABFD-C9A1-41E8-959A-161F17E145D4} http://update.g2gcdn.com/g2g/g2gdownloader/G2GDownloader.cab (G2GDownloaderCtrl Class)
O16 - DPF: {C299BD0C-F41B-4A8B-8D05-964A141D8C28} https://grandfantasia.aeriagames.jp/files/gf/GrandFantasia.cab (GameStarter Control)
O16 - DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} https://gash.gamania.co.jp/acxauth/cab/2.0.1/lcjggame.cab (Game Starter Control)
O16 - DPF: {CAFEEFAC-0018-0000-0060-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab (Java Plug-in 1.8.0_60)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab (Java Plug-in 1.8.0_60)
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} https://nprotect.gameon.co.jp/keycrypt_20101021/npkcx_10021.cab (Reg Error: Key error.)
O16 - DPF: {E2729F99-A050-4F4D-AE9F-7492C5532F49} http://down.hangame.co.jp/jp/dist/hgtagent2/hgtagent2.cab (HgTAgent2 Extension Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E4FC78EE-7DB9-444B-AF43-DB5F48E29D60} http://plugins.mk-style.com/ccmedia_launcher_vov.cab (ccmedia_launcher Control)
O16 - DPF: {F2A8D14C-33BE-4E6E-B4B3-67F4062428A9} http://update.g2gcdn.com/g2g/g2gdownloader/G2GDownloader2.cab (G2GDownloader2Ctrl Class)
O16 - DPF: {F4C75105-84BB-414D-AE37-4F0EEEEDE881} https://genshin.x-legend.co.jp/X-LegendGameStarter.cab (X-Legend GameStarter Control)
O16 - DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} http://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab (PubPlugin Class)
O16 - DPF: {FFF7D8B7-A5EA-4270-8F68-140CE3F8F117} http://support.eonet.jp/download/eo_tool/dldata/kantan_tool/32/eomcfgax.cab (ｅｏかんたんメール設定ツール)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 59.190.147.17 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FFBDE0E-7B4C-454A-B3C7-00F917C7CA41}: DhcpNameServer = 59.190.147.17 192.168.0.1
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 06:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{04ac323c-5e18-11e2-8cf9-4061862ce37f}\Shell - "" = AutoRun
O33 - MountPoints2\{04ac323c-5e18-11e2-8cf9-4061862ce37f}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{91550ef1-38dd-11e4-87a0-4061862ce37f}\Shell - "" = AutoRun
O33 - MountPoints2\{91550ef1-38dd-11e4-87a0-4061862ce37f}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O33 - MountPoints2\{b15ea447-c5b2-11e2-87f1-4061862ce37f}\Shell - "" = AutoRun
O33 - MountPoints2\{b15ea447-c5b2-11e2-87f1-4061862ce37f}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{c8d777ae-4196-11e2-bf7d-4061862ce37f}\Shell - "" = AutoRun
O33 - MountPoints2\{c8d777ae-4196-11e2-bf7d-4061862ce37f}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O33 - MountPoints2\{c8d778de-4196-11e2-bf7d-4061862ce37f}\Shell - "" = AutoRun
O33 - MountPoints2\{c8d778de-4196-11e2-bf7d-4061862ce37f}\Shell\AutoRun\command - "" = HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{c8d77910-4196-11e2-bf7d-4061862ce37f}\Shell - "" = AutoRun
O33 - MountPoints2\{c8d77910-4196-11e2-bf7d-4061862ce37f}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SBBD.exe /d \Device\HarddiskVolume2\Program Files\Ad-Aware Antivirus\Definitions)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {23A20C3C-2ADD-4A80-AFB4-C146F8847D79} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3911CF56-9EF2-39BA-846A-C27BD3CD0685} - .NET Framework
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4903D172-DCCB-392F-93A3-34CA9D47FE3D} - .NET Framework
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {66C64F22-FC60-4E6C-A6B5-F0D580E680CE} - C:\Windows\System32\ie4uinit.exe -EnableTLS
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7D715857-A67C-4C2F-A929-038448584D63} - C:\Windows\System32\ie4uinit.exe -DisableSSL3
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A1A81C4D-C5FB-40c7-98F0-308516A67693} - HUELauncher1_1_0_3
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2016/01/20 19:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
[2016/01/16 23:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\herdProtect
[2016/01/16 23:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\Reason
[2016/01/13 22:30:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2016/01/13 20:17:12 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2016/01/13 20:17:12 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2016/01/13 20:17:12 | 000,341,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2016/01/13 20:17:12 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2016/01/13 20:17:12 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2016/01/13 20:17:12 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2016/01/13 20:17:12 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2016/01/13 20:17:12 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2016/01/13 20:17:11 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2016/01/13 20:17:11 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2016/01/13 20:17:11 | 000,687,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2016/01/13 20:17:11 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2016/01/13 20:17:11 | 000,416,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2016/01/13 20:17:11 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2016/01/13 20:17:10 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2016/01/13 20:17:10 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2016/01/13 20:17:10 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2016/01/13 20:17:10 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2016/01/13 20:17:09 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2016/01/13 20:17:08 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2016/01/13 20:17:07 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2016/01/13 20:17:07 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2016/01/13 20:17:06 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2016/01/13 20:17:04 | 004,610,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2016/01/13 20:16:55 | 001,230,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appraiser.dll
[2016/01/13 20:16:54 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll
[2016/01/13 20:16:54 | 000,591,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\invagent.dll
[2016/01/13 20:16:54 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devinv.dll
[2016/01/13 20:16:53 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acmigration.dll
[2016/01/13 20:16:53 | 000,022,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CompatTelRunner.exe
[2016/01/13 20:16:45 | 003,938,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2016/01/13 20:16:44 | 003,993,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2016/01/13 20:16:44 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2016/01/13 20:16:44 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2016/01/13 20:16:44 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2016/01/13 20:16:44 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2016/01/13 20:16:43 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2016/01/13 20:16:43 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaudite.dll
[2016/01/13 20:16:43 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll
[2016/01/13 20:16:43 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2016/01/13 20:16:43 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2016/01/13 20:16:43 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apisetschema.dll
[2016/01/13 20:16:30 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2016/01/13 20:16:30 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepic.dll
[2016/01/13 20:16:27 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2016/01/13 20:16:26 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2016/01/13 20:16:24 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapistub.dll
[2016/01/13 20:16:24 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapi32.dll
[2016/01/13 20:16:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fixmapi.exe
[2016/01/13 20:16:22 | 003,209,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2016/01/13 20:16:22 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2016/01/13 20:16:22 | 001,568,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2016/01/13 20:16:22 | 001,329,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2016/01/13 20:16:22 | 000,970,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2adec.dll
[2016/01/13 20:16:22 | 000,902,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL
[2016/01/13 20:16:22 | 000,829,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL
[2016/01/13 20:16:22 | 000,815,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOE.DLL
[2016/01/13 20:16:22 | 000,740,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2016/01/13 20:16:22 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2016/01/13 20:16:22 | 000,728,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2016/01/13 20:16:22 | 000,665,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2016/01/13 20:16:22 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2016/01/13 20:16:22 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2016/01/13 20:16:22 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COLORCNV.DLL
[2016/01/13 20:16:22 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devenum.dll
[2016/01/13 20:16:21 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2016/01/13 20:16:21 | 001,325,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOE.DLL
[2016/01/13 20:16:21 | 001,202,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMALFXGFXDSP.dll
[2016/01/13 20:16:21 | 000,609,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFWMAAEC.DLL
[2016/01/13 20:16:21 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2016/01/13 20:16:21 | 000,415,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2016/01/13 20:16:21 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSENCD.DLL
[2016/01/13 20:16:21 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2016/01/13 20:16:21 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
[2016/01/13 20:16:21 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPG4DECD.DLL
[2016/01/13 20:16:21 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP43DECD.DLL
[2016/01/13 20:16:21 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RESAMPLEDMO.DLL
[2016/01/13 20:16:21 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qasf.dll
[2016/01/13 20:16:21 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksproxy.ax
[2016/01/13 20:16:21 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2016/01/13 20:16:21 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VIDRESZR.DLL
[2016/01/13 20:16:21 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2016/01/13 20:16:21 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2016/01/13 20:16:21 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP3DMOD.DLL
[2016/01/13 20:16:21 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfvdsp.dll
[2016/01/13 20:16:21 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2016/01/13 20:16:21 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2016/01/13 20:16:21 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksuser.dll
[2016/01/13 20:16:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2016/01/12 23:37:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\taku nishiguchi\Desktop\OTL.exe
[2016/01/11 23:38:30 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2016/01/11 23:23:42 | 000,170,200 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2016/01/11 23:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2016/01/11 23:23:18 | 000,094,936 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2016/01/11 23:23:18 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2016/01/11 23:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2016/01/11 23:18:28 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\AppData\Roaming\Malwarebytes
[2016/01/11 23:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2016/01/11 23:18:18 | 000,023,256 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbam.sys
[2016/01/10 23:24:34 | 000,224,592 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisknl64.sys
[2016/01/10 23:24:34 | 000,222,544 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisknl_del.sys
[2016/01/10 23:24:34 | 000,222,544 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisknl.sys
[2016/01/10 23:24:34 | 000,180,024 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kdhacker64.sys
[2016/01/10 23:24:34 | 000,140,088 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kdhacker.sys
[2016/01/10 23:24:34 | 000,115,000 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisnetmxp.sys
[2016/01/10 23:24:34 | 000,113,464 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisnetm.sys
[2016/01/10 23:24:34 | 000,109,880 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisnetm64.sys
[2016/01/10 23:24:34 | 000,080,744 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\ksapi.sys
[2016/01/10 23:24:34 | 000,056,680 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\ksapi64.sys
[2016/01/10 23:24:34 | 000,037,736 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\bootsafe64.sys
[2016/01/10 23:24:34 | 000,031,848 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kavbootc64.sys
[2016/01/10 23:24:34 | 000,028,520 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kavbootc.sys
[2016/01/10 23:24:34 | 000,026,472 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\bootsafe.sys
[2016/01/10 23:24:34 | 000,024,472 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\bc.sys
[2016/01/10 23:24:34 | 000,019,352 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\ksskrpr.sys
[2016/01/10 23:24:34 | 000,018,296 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kusbquery64.sys
[2016/01/10 23:24:34 | 000,014,200 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kusbquery.sys
[2016/01/10 23:02:45 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\Desktop\HJT
[2016/01/10 15:26:28 | 006,340,384 | ---- | C] (Geek Uninstaller) -- C:\Users\taku nishiguchi\Desktop\geek.exe
[2016/01/10 09:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2016/01/10 09:33:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2016/01/09 22:41:24 | 000,000,000 | ---D | C] -- C:\KVRT_Data
[2016/01/09 01:49:11 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\Start Menu
[2016/01/09 01:22:58 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\AppData\Roaming\Geek Uninstaller
[2016/01/08 16:23:29 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\AppData\Local\{7F568093-1816-4CE4-A990-1CAC949AF54A}
[2016/01/08 00:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsMsg
[2016/01/08 00:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\osTip
[2016/01/08 00:48:25 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\AppData\Roaming\LightGate
[2016/01/08 00:43:46 | 000,048,872 | ---- | C] (DotCash) -- C:\Windows\System32\drivers\MPCKpt.sys
[2016/01/08 00:40:53 | 000,028,648 | ---- | C] (DotCash) -- C:\Windows\System32\drivers\MPCBase.sys
[2016/01/08 00:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\MPC Cleaner
[2016/01/08 00:39:19 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\AppData\Local\Installer
[2016/01/08 00:39:18 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\AppData\Local\Setup Wizard
[2016/01/05 19:52:26 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\AppData\Local\{D701BD39-1E49-44A7-901D-ECE85711B5A7}
[2016/01/01 18:06:18 | 000,796,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2016/01/01 18:06:18 | 000,142,528 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2015/12/31 15:29:30 | 000,000,000 | ---D | C] -- C:\Users\taku nishiguchi\AppData\Local\CrashDumps
[2015/12/30 18:48:26 | 000,103,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvStreaming.exe
[2015/12/30 18:47:36 | 000,075,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nv3dappshextr.dll
[2015/12/30 18:47:35 | 000,429,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nv3dappshext.dll
[2015/12/30 18:45:08 | 000,170,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2015/12/30 18:45:08 | 000,035,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll
[2015/12/30 18:45:07 | 024,895,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2015/12/30 18:45:07 | 017,157,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2015/12/30 18:45:07 | 010,493,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2015/12/30 18:45:07 | 002,755,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2015/12/30 18:45:07 | 001,060,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3236143.dll
[2015/12/30 18:45:07 | 000,917,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3236143.dll
[2015/12/30 18:45:07 | 000,734,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll
[2015/12/30 18:45:07 | 000,681,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll
[2015/12/30 18:45:07 | 000,423,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvEncodeAPI.dll
[2015/12/30 18:45:07 | 000,388,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvumdshim.dll
[2015/12/30 18:45:07 | 000,370,808 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvIFROpenGL.dll
[2015/12/30 18:45:07 | 000,153,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll
[2015/12/30 18:45:07 | 000,128,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglshim32.dll
[2015/12/28 20:25:05 | 000,000,000 | ---D | C] -- C:\Program Files\はがきデザインキット
[2015/12/28 18:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2015/12/28 18:18:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2016/01/20 23:05:00 | 000,000,678 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016/01/20 22:37:00 | 000,000,626 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/01/20 22:05:00 | 000,000,674 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/01/20 21:37:03 | 000,796,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2016/01/20 21:37:03 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2016/01/20 20:23:33 | 000,022,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016/01/20 20:23:33 | 000,022,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016/01/20 19:52:14 | 000,001,687 | ---- | M] () -- C:\Users\Public\Desktop\MPC Cleaner.lnk
[2016/01/20 19:51:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/01/20 19:51:53 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys
[2016/01/19 00:38:22 | 000,000,094 | ---- | M] () -- C:\Windows\System32\cookies
[2016/01/16 23:44:49 | 000,001,266 | ---- | M] () -- C:\Users\Public\Desktop\herdProtect.lnk
[2016/01/14 22:59:40 | 000,654,270 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2016/01/14 22:59:40 | 000,411,178 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2016/01/14 22:59:40 | 000,122,224 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2016/01/14 22:59:40 | 000,122,142 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2016/01/12 23:37:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\taku nishiguchi\Desktop\OTL.exe
[2016/01/12 02:32:52 | 000,170,200 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2016/01/11 23:23:21 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/01/11 23:12:33 | 001,749,504 | ---- | M] () -- C:\Users\taku nishiguchi\Desktop\AdwCleaner.exe
[2016/01/11 14:20:23 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\不要ファイル.lnk
[2016/01/10 23:43:49 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2016/01/10 23:24:34 | 000,224,592 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisknl64.sys
[2016/01/10 23:24:34 | 000,222,544 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisknl_del.sys
[2016/01/10 23:24:34 | 000,222,544 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisknl.sys
[2016/01/10 23:24:34 | 000,180,024 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kdhacker64.sys
[2016/01/10 23:24:34 | 000,140,088 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kdhacker.sys
[2016/01/10 23:24:34 | 000,115,000 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisnetmxp.sys
[2016/01/10 23:24:34 | 000,113,464 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisnetm.sys
[2016/01/10 23:24:34 | 000,109,880 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kisnetm64.sys
[2016/01/10 23:24:34 | 000,080,744 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\ksapi.sys
[2016/01/10 23:24:34 | 000,056,680 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\ksapi64.sys
[2016/01/10 23:24:34 | 000,037,736 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\bootsafe64.sys
[2016/01/10 23:24:34 | 000,031,848 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kavbootc64.sys
[2016/01/10 23:24:34 | 000,028,520 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kavbootc.sys
[2016/01/10 23:24:34 | 000,026,472 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\bootsafe.sys
[2016/01/10 23:24:34 | 000,024,472 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\bc.sys
[2016/01/10 23:24:34 | 000,019,352 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\ksskrpr.sys
[2016/01/10 23:24:34 | 000,018,296 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kusbquery64.sys
[2016/01/10 23:24:34 | 000,014,200 | ---- | M] (Kingsoft Corporation) -- C:\Windows\System32\drivers\kusbquery.sys
[2016/01/10 23:19:58 | 000,000,000 | ---- | M] () -- C:\Windows\1
[2016/01/10 09:33:24 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2016/01/09 22:32:48 | 000,450,774 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2016/01/09 22:00:20 | 000,004,782 | ---- | M] () -- C:\Users\taku nishiguchi\AppData\Roaming\webad.xml
[2016/01/09 01:48:58 | 000,019,984 | ---- | M] () -- C:\Windows\System32\drivers\EsgScanner.sys
[2016/01/08 16:38:58 | 000,002,157 | ---- | M] () -- C:\user.js
[2016/01/08 00:49:16 | 000,004,782 | ---- | M] () -- C:\ProgramData\webad.xml
[2016/01/08 00:40:38 | 000,631,808 | ---- | M] () -- C:\Windows\rbc.dat
[2016/01/08 00:40:10 | 000,048,872 | ---- | M] (DotCash) -- C:\Windows\System32\drivers\MPCKpt.sys
[2016/01/08 00:40:10 | 000,028,648 | ---- | M] (DotCash) -- C:\Windows\System32\drivers\MPCBase.sys
[2015/12/31 03:47:23 | 003,993,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2015/12/31 03:47:23 | 003,938,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2015/12/31 03:41:03 | 000,400,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2015/12/31 03:39:38 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2015/12/31 03:39:32 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll
[2015/12/31 03:39:17 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msaudite.dll
[2015/12/31 03:38:12 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2015/12/31 03:37:35 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apisetschema.dll
[2015/12/31 03:37:30 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2015/12/31 02:44:49 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2015/12/31 02:38:31 | 000,262,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2015/12/31 02:30:51 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2015/12/28 20:24:05 | 005,670,002 | ---- | M] () -- C:\Users\taku nishiguchi\Documents\design_kit.air
[2015/12/24 07:52:08 | 000,341,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2016/01/16 23:44:49 | 000,001,266 | ---- | C] () -- C:\Users\Public\Desktop\herdProtect.lnk
[2016/01/15 23:43:21 | 000,001,687 | ---- | C] () -- C:\Users\Public\Desktop\MPC Cleaner.lnk
[2016/01/11 23:18:19 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/01/11 23:12:33 | 001,749,504 | ---- | C] () -- C:\Users\taku nishiguchi\Desktop\AdwCleaner.exe
[2016/01/11 14:20:23 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\不要ファイル.lnk
[2016/01/10 23:19:58 | 000,000,000 | ---- | C] () -- C:\Windows\1
[2016/01/10 09:33:24 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2016/01/09 01:48:58 | 000,019,984 | ---- | C] () -- C:\Windows\System32\drivers\EsgScanner.sys
[2016/01/08 00:51:21 | 000,004,782 | ---- | C] () -- C:\Users\taku nishiguchi\AppData\Roaming\webad.xml
[2016/01/08 00:49:26 | 001,081,344 | ---- | C] () -- C:\ProgramData\LightGate.exe
[2016/01/08 00:49:16 | 000,004,782 | ---- | C] () -- C:\ProgramData\webad.xml
[2016/01/08 00:49:11 | 000,590,424 | ---- | C] () -- C:\Users\taku nishiguchi\AppData\Roaming\toolmini_jp[2015-12-08.17.00].exe
[2016/01/08 00:48:22 | 001,081,344 | ---- | C] () -- C:\Users\taku nishiguchi\AppData\Roaming\LightGate.exe
[2016/01/08 00:48:22 | 000,000,094 | ---- | C] () -- C:\Windows\System32\cookies
[2016/01/08 00:40:32 | 000,631,808 | ---- | C] () -- C:\Windows\rbc.dat
[2016/01/02 00:07:11 | 000,000,626 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/12/30 18:45:07 | 037,608,752 | ---- | C] () -- C:\Windows\System32\nvcompiler.dll
[2015/12/30 18:34:01 | 000,091,384 | ---- | C] () -- C:\Windows\System32\NvRtmpStreamer32.dll
[2015/12/28 20:24:11 | 005,670,002 | ---- | C] () -- C:\Users\taku nishiguchi\Documents\design_kit.air
[2015/11/10 21:24:50 | 000,601,632 | ---- | C] () -- C:\Windows\System32\MdpThumb32.dll
[2015/01/27 22:35:32 | 000,151,612 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/02/18 13:57:11 | 000,007,598 | ---- | C] () -- C:\Users\taku nishiguchi\AppData\Local\Resmon.ResmonCfg
[2011/09/18 15:31:32 | 000,000,054 | ---- | C] () -- C:\Users\taku nishiguchi\AppData\Roaming\sg2.xml
[2009/11/12 15:49:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 13:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/08/07 02:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 10:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== Custom Scans ==========[/color]
[2016/01/10 22:57:20 | 000,000,000 | RH-D | M] -- C:\KRECYCLE
[2012/07/22 12:43:46 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012/10/20 23:26:03 | 000,000,000 | -H-D | M] -- C:\SafeRecycle
[2014/05/28 23:05:13 | 000,000,000 | -H-D | M] -- C:\_OTL\MovedFiles\01132016_223050\C_Users\taku nishiguchi\AppData\Local\Temp\FreemakeVideoConverterTemp\Freemake_do_not_remove_this_folder
[2011/11/05 13:32:45 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2015/01/18 14:46:44 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installa

　途中で切れたところからの続き貼ります。

[2015/01/18 14:46:44 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/09/17 12:12:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Temp
[2011/11/05 13:32:45 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ\IJPrinter
[2011/11/05 13:33:15 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ\IJPrinter\Canon iP4500 series
[2016/01/10 23:20:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Common Files\nsklog
[2015/07/02 20:05:17 | 000,000,000 | -H-D | M] -- C:\Program Files\Common Files\Sony Shared\OpenMG\OMGRIGHT
[2011/11/04 16:38:40 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2014/12/24 13:28:11 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ\IJPrinter
[2011/11/05 13:33:19 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows
[2011/11/04 16:38:41 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon Inkjet iP4500 series
[2011/11/05 13:56:15 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon iP4500 series
[2015/09/19 16:59:43 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser
[2012/01/27 23:17:02 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CLUpdater\Power2Go\6.0
[2012/01/08 13:48:31 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CLUpdater\PowerDVD\8.00
[2009/11/12 15:42:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\Power2Go\6.0
[2009/11/12 15:42:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\PowerBackup\2.50
[2009/11/12 15:42:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\POWERDVD\8.00
[2009/11/12 15:42:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\PowerProducer\5.0
[2009/11/12 15:42:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\PowerStarter\6.00
[2009/07/14 13:52:30 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc
[2009/07/15 00:50:31 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2009/07/14 13:52:30 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\Profiles
[2015/08/19 23:23:36 | 000,000,000 | -H-D | M] -- C:\ProgramData\Wondershare\Dr.Fone\DBCache
[2012/10/20 23:26:03 | 000,000,000 | -H-D | M] -- C:\SafeRecycle\update
[2012/10/20 23:26:12 | 000,000,000 | -H-D | M] -- C:\SafeRecycle\update\ksafe
[2009/11/12 15:25:50 | 000,000,000 | RH-D | M] -- C:\Users\Default
[2015/08/19 23:26:45 | 000,000,000 | RH-D | M] -- C:\Users\Administrator\AppData\Roaming
[2011/11/04 16:38:40 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ
[2014/12/24 13:28:11 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ\IJPrinter
[2011/11/05 13:33:19 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows
[2011/11/04 16:38:41 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows\Canon Inkjet iP4500 series
[2011/11/05 13:56:15 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows\Canon iP4500 series
[2015/09/19 16:59:43 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser
[2012/01/27 23:17:02 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CLUpdater\Power2Go\6.0
[2012/01/08 13:48:31 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CLUpdater\PowerDVD\8.00
[2009/11/12 15:42:28 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\Power2Go\6.0
[2009/11/12 15:42:29 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\PowerBackup\2.50
[2009/11/12 15:42:28 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\POWERDVD\8.00
[2009/11/12 15:42:28 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\PowerProducer\5.0
[2009/11/12 15:42:28 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\PowerStarter\6.00
[2009/07/14 13:52:30 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc
[2009/07/15 00:50:31 | 000,000,000 | RH-D | M] -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2009/07/14 13:52:30 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\Profiles
[2015/08/19 23:23:36 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Wondershare\Dr.Fone\DBCache
[2009/07/14 11:37:05 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2016/01/20 19:52:14 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2009/09/25 17:26:08 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2015/06/20 00:58:12 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2012/01/27 23:16:55 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\Power2Go
[2012/11/07 21:54:40 | 000,000,000 | -H-D | M] -- C:\Users\Public\Music\Sony MediaPlayerX\Shared\Fringe
[2011/10/15 13:12:28 | 000,000,000 | -H-D | M] -- C:\Users\Public\Pictures\Sony MediaPlayerX\Fringe
[2009/11/19 01:06:23 | 000,000,000 | -H-D | M] -- C:\Users\Public\Recorded TV\TempRec
[2012/06/27 12:35:37 | 000,000,000 | -H-D | M] -- C:\Users\Public\Videos\Sony MediaPlayerX\Fringe
[2009/12/25 10:28:23 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData
[2015/01/06 19:48:03 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
[2009/11/12 15:31:25 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2015/08/09 21:58:44 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
[2009/11/12 18:23:04 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Local\Microsoft\Media Player\アート キャッシュ
[2011/01/12 23:01:58 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Local\Microsoft\Media Player\ダウンロード ファイルの同期
[2012/09/20 19:53:56 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Local\Microsoft\Media Player\生成された再生リストの同期
[2015/11/23 08:34:25 | 000,000,000 | RH-D | M] -- C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Burn\Burn
[2012/12/09 10:24:24 | 000,000,000 | RH-D | M] -- C:\Users\taku nishiguchi\AppData\Local\Microsoft\Windows\Burn\Burn1
[2015/09/02 21:38:11 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Local\NVIDIA Corporation\Shield Apps\StreamingAssets
[2011/12/26 11:17:07 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Local\VirtualStore\ProgramData
[2012/01/27 23:16:56 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Roaming\CyberLink\MediaCache\Power2Go
[2012/12/04 01:08:37 | 000,000,000 | -H-D | M] -- C:\Users\taku nishiguchi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2015/07/05 23:11:34 | 000,000,000 | -H-D | M] -- C:\Windows\msdownld.tmp
[2009/11/12 15:27:27 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
[2009/11/19 01:06:33 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData
[2009/11/12 15:31:31 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\アート キャッシュ
[2011/11/05 13:33:15 | 000,000,000 | -H-D | M] -- C:\Windows\System32\CanonIJ Uninstaller Information
[2016/01/08 01:07:59 | 000,000,000 | -H-D | M] -- C:\Windows\System32\GroupPolicy
[2011/11/05 13:33:15 | 000,000,000 | -H-D | M] -- C:\Windows\System32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series
[2009/10/21 09:10:35 | 000,000,000 | -H-D | M] -- C:\Windows\System32\sysprep\s_test

[color=#A23BEC]< %windir%\tasks\*.job >[/color]
[2016/01/20 23:37:00 | 000,000,626 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/01/20 22:05:00 | 000,000,674 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/01/20 23:05:00 | 000,000,678 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[color=#E56717]========== Drive Information ==========[/color]

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD10EADS-00M2B0 ATA Device
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 931.00GB
Starting Offset: 105906176
Hidden sectors: 0


[color=#E56717]========== Base Services ==========[/color]
SRV - [2015/10/30 02:49:57 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2015/06/25 18:44:11 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/14 10:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 21:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 21:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2015/12/31 02:30:51 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/14 10:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/05 06:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2015/04/28 04:04:37 | 000,143,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 21:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 21:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/03 14:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/14 10:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/14 10:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/14 10:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 21:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/14 10:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/14 10:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/14 10:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/14 10:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2014/12/06 12:50:19 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/14 10:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 19:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/11 14:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2015/12/31 02:30:51 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/14 10:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 21:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 21:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/14 10:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2015/12/31 02:30:51 | 000,022,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/14 10:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 21:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 21:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2015/08/06 02:41:00 | 000,751,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 21:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/14 10:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2014/12/19 11:43:00 | 000,164,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 21:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2015/02/03 12:12:12 | 000,475,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2015/02/03 12:12:12 | 000,475,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 21:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2013/05/27 13:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 21:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 21:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 21:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2015/06/16 06:42:49 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/14 10:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2015/11/21 03:34:36 | 002,062,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 21:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/14 10:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 21:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

< End of report >

作業と報告、ご苦労様です。
HJT作業後のOTLスキャンログも見せてもらいました。
やはり今度もまだMPCのエントリは残ってますね。

今度は最後の賭けとして、それらをOTLから処置にかかってみます。
今回の処置でも改善や糸口見えなければ、安全優先でリカバリ選択になると思っておいてください。

では以下のスクリプトを使ってセーフモード状態でまたOTLで「Run fix」作業してください。

作業後に処置後のOTLログを保存後、しばらく状態報告後にそれをOTLログとともにレスください
------------------------------------------
:OTL
PRC - [2016/01/08 00:40:07 | 000,349,152 | ---- | M] (DotCash Limited) -- C:\Program Files\MPC Cleaner\MPCProtectService.exe
PRC - [2016/01/08 00:40:07 | 000,166,880 | ---- | M] (DotCash Limited) -- C:\Program Files\MPC Cleaner\MPCTray.exe
SRV - [2016/01/08 00:40:07 | 000,349,152 | ---- | M] (DotCash Limited) [Auto | Running] -- C:\Program Files\MPC Cleaner\MPCProtectService.exe -- (MPCProtectService)
DRV - [2016/01/08 00:40:10 | 000,048,872 | ---- | M] (DotCash) [File_System | System | Running] -- C:\Windows\System32\drivers\MPCKpt.sys -- (MPCKpt)
DRV - [2016/01/08 00:40:10 | 000,028,648 | ---- | M] (DotCash) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\MPCBase.sys -- (MPCBase)
[2016/01/20 19:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
[2016/01/08 00:43:46 | 000,048,872 | ---- | C] (DotCash) -- C:\Windows\System32\drivers\MPCKpt.sys
[2016/01/08 00:40:53 | 000,028,648 | ---- | C] (DotCash) -- C:\Windows\System32\drivers\MPCBase.sys
[2016/01/08 00:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\MPC Cleaner
[2016/01/08 00:40:10 | 000,048,872 | ---- | M] (DotCash) -- C:\Windows\System32\drivers\MPCKpt.sys
[2016/01/08 00:40:10 | 000,028,648 | ---- | M] (DotCash) -- C:\Windows\System32\drivers\MPCBase.sys

:Files
C:\Program Files\MPC Cleaner
C:\Windows\System32\drivers\MPCKpt.sys
C:\Windows\System32\drivers\MPCBase.sys
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC

:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]
[reboot]
------------------------------------------

　いつもありがとうございます。早速ですが報告させて頂きます。

　状況はやはり何も変わりありませんでした。残念です。

　以下ＯＴＬログ張ります。

　（ＯＴＬログ）
All processes killed
========== OTL ==========
No active process named MPCProtectService.exe was found!
No active process named MPCTray.exe was found!
Service MPCProtectService stopped successfully!
Service MPCProtectService deleted successfully!
File move failed. C:\Program Files\MPC Cleaner\MPCProtectService.exe scheduled to be moved on reboot.
Error: Unable to stop service MPCKpt!
Unable to delete service\driver key MPCKpt.
File move failed. C:\Windows\System32\drivers\MPCKpt.sys scheduled to be moved on reboot.
Error: Unable to stop service MPCBase!
Unable to delete service\driver key MPCBase.
File move failed. C:\Windows\System32\drivers\MPCBase.sys scheduled to be moved on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC folder moved successfully.
File move failed. C:\Windows\System32\drivers\MPCKpt.sys scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\MPCBase.sys scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\Uninstall scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\Tray scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\CrashReport scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\Cleaner scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\ntkrpamp.pdb\25E1DE8C6EA8429C860449F918E14F2C2 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\ntkrpamp.pdb\2433B0130808417BA7B195E35AA980B82 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\ntkrpamp.pdb scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Microsoft.VC90.CRT scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image\SoIcon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image\SgIcon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image\SearchIcon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Exe scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Drivers scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Config\DB scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Config scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\MPCKpt.sys scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\MPCBase.sys scheduled to be moved on reboot.
File rity] not found.
File sethosts] not found.
File ptytemp] not found.
File eaterestorepoint] not found.
File boot] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 01222016_004437

Files\Folders moved on Reboot...
File move failed. C:\Program Files\MPC Cleaner\MPCProtectService.exe scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\MPCKpt.sys scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\MPCBase.sys scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\Uninstall scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\Tray scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\CrashReport scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\Cleaner scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\Uninstall scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\Tray scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\CrashReport scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\Cleaner scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\ntkrpamp.pdb\25E1DE8C6EA8429C860449F918E14F2C2 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\ntkrpamp.pdb\2433B0130808417BA7B195E35AA980B82 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\ntkrpamp.pdb\25E1DE8C6EA8429C860449F918E14F2C2 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\ntkrpamp.pdb\2433B0130808417BA7B195E35AA980B82 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\ntkrpamp.pdb scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Microsoft.VC90.CRT scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image\SoIcon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image\SgIcon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image\SearchIcon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image\SoIcon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image\SgIcon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image\SearchIcon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Exe scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Drivers scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Config\DB scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Config\DB scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Config scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\Uninstall scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\Tray scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\CrashReport scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin\Cleaner scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\ntkrpamp.pdb\25E1DE8C6EA8429C860449F918E14F2C2 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\ntkrpamp.pdb\2433B0130808417BA7B195E35AA980B82 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\ntkrpamp.pdb scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Microsoft.VC90.CRT scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image\SoIcon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image\SgIcon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image\SearchIcon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Image scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Exe scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Drivers scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Config\DB scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner\Config scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MPC Cleaner scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...