PDA

View Full Version : javaws.exe and 90-100% cpu usage and locking up



rockmypunkk
2015-11-13, 16:08
Hello, I recently updated java through the update checker on my windows toolbar and as soon as it finished the website couldn't verify it and thousands upon thousands of instances of javaws.exe ran in the task manager bogging down the cpu to a crawl, I did manage to remove it with javara, but there must be another infection as my cpu usage is still randomly hitting 90-100% and locking up for up to 30 seconds before it'll do anything even though I only have basic programs running that don't use more than 5% cpu

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by SnowSakura (administrator) on SNOWSAKURA-HP (13-11-2015 07:26:35)
Running from C:\Users\SnowSakura\Desktop
Loaded Profiles: SnowSakura (Available Profiles: SnowSakura)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Paltiosoft Inc.) C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Curse) C:\Users\SnowSakura\AppData\Local\Apps\2.0\N898JELC.NPN\GX4JT2NO.CQ4\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2013-12-06] (Hewlett-Packard )
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [XboxStat] => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-14] (InstallShield Software Corporation)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-10-01] (Raptr, Inc)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-16] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-10-26] (LogMeIn Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-09] (Valve Corporation)
HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632112 2015-07-19] (Electronic Arts)
HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd)
HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\Run: [aiko] => C:\Users\SnowSakura\AppData\Roaming\SexGameDevil\aiko.exe
HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48138880 2015-10-14] (Skype Technologies S.A.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-12-06]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\SnowSakura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2012-09-06] ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{12E83FDB-742F-4466-A24A-0515599F36B3}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{E535FD94-E79B-41BC-BA59-9BD9CB18B8E8}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3039731432-66134049-834813566-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-3039731432-66134049-834813566-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3039731432-66134049-834813566-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
SearchScopes: HKLM -> {5F49BBDD-B057-4C74-AFA8-D315F6E3E453} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {5F49BBDD-B057-4C74-AFA8-D315F6E3E453} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3039731432-66134049-834813566-1000 -> {5F49BBDD-B057-4C74-AFA8-D315F6E3E453} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3039731432-66134049-834813566-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\SnowSakura\AppData\Roaming\Mozilla\Firefox\Profiles\wk7cf222.default-1406918487978
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchEngine.US: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3039731432-66134049-834813566-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\SnowSakura\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-07-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-07-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-07-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-07-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-07-01] (Apple Inc.)
FF Extension: Adblock Plus - C:\Users\SnowSakura\AppData\Roaming\Mozilla\Firefox\Profiles\wk7cf222.default-1406918487978\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-24]

Chrome:
=======
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\SnowSakura\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\SnowSakura\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-28]
CHR Extension: (Google Docs) - C:\Users\SnowSakura\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-28]
CHR Extension: (Google Drive) - C:\Users\SnowSakura\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-17]
CHR Extension: (YouTube) - C:\Users\SnowSakura\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-14]
CHR Extension: (Google Search) - C:\Users\SnowSakura\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28]
CHR Extension: (Google Sheets) - C:\Users\SnowSakura\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-28]
CHR Extension: (Google Docs Offline) - C:\Users\SnowSakura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SnowSakura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-17]
CHR Extension: (Gmail) - C:\Users\SnowSakura\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-10-26] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-19] (Electronic Arts)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 UCManSvc; C:\Program Files (x86)\SoftDenchi\UCManSvc.exe [186512 2012-11-01] (Paltiosoft Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-11] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [21504 2010-06-24] (hxxp://libusb-win32.sourceforge.net) [File not signed]
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-11-13] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [115272 2012-03-25] (MotioninJoy) [File not signed]
S3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [12528 2015-10-15] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S2 STEC3; C:\windows\SysWOW64\STEC3.sys [2368 2014-10-04] (AntiCracking) [File not signed]
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 CTMOV2; \??\C:\Users\SnowSakura\Downloads\Engvn\RJ097320\星砕き-惑星少女は嗜虐に沈む-\ctmov64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
S3 XBCD; system32\DRIVERS\XBCD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-13 07:26 - 2015-11-13 07:26 - 00023213 _____ C:\Users\SnowSakura\Desktop\FRST.txt
2015-11-13 07:17 - 2015-11-13 07:17 - 00000000 ____D C:\Users\SnowSakura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-11-12 22:08 - 2015-10-20 12:42 - 03168768 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-11-12 22:08 - 2015-10-20 12:42 - 02608128 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-11-12 22:08 - 2015-10-20 12:42 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-11-12 22:08 - 2015-10-20 12:42 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-11-12 22:08 - 2015-10-20 12:42 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-11-12 22:08 - 2015-10-20 12:42 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-11-12 22:08 - 2015-10-20 12:42 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-11-12 22:08 - 2015-10-20 12:41 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-11-12 22:08 - 2015-10-20 12:41 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-11-12 22:08 - 2015-10-20 12:41 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-11-12 22:08 - 2015-10-20 12:41 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-11-12 22:08 - 2015-10-20 11:46 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-11-12 22:08 - 2015-10-20 11:46 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-11-12 22:08 - 2015-10-20 11:46 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-11-12 22:08 - 2015-10-20 11:46 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-11-12 22:08 - 2015-10-20 11:45 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-11-12 22:07 - 2015-11-03 16:10 - 00390344 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-11-12 22:07 - 2015-11-03 15:51 - 00342728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-11-12 22:07 - 2015-10-30 17:46 - 25818624 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-11-12 22:07 - 2015-10-30 17:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-11-12 22:07 - 2015-10-30 17:40 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-11-12 22:07 - 2015-10-30 17:25 - 02886656 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-11-12 22:07 - 2015-10-30 17:25 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-11-12 22:07 - 2015-10-30 17:25 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-11-12 22:07 - 2015-10-30 17:25 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-11-12 22:07 - 2015-10-30 17:24 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-11-12 22:07 - 2015-10-30 17:24 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-11-12 22:07 - 2015-10-30 17:17 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-11-12 22:07 - 2015-10-30 17:16 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-11-12 22:07 - 2015-10-30 17:13 - 00616960 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-11-12 22:07 - 2015-10-30 17:12 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-11-12 22:07 - 2015-10-30 17:12 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-11-12 22:07 - 2015-10-30 17:11 - 05990912 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-11-12 22:07 - 2015-10-30 17:11 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-11-12 22:07 - 2015-10-30 17:11 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-11-12 22:07 - 2015-10-30 17:04 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-11-12 22:07 - 2015-10-30 17:01 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-11-12 22:07 - 2015-10-30 16:58 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-11-12 22:07 - 2015-10-30 16:53 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-11-12 22:07 - 2015-10-30 16:52 - 20331520 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-11-12 22:07 - 2015-10-30 16:49 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-11-12 22:07 - 2015-10-30 16:49 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-11-12 22:07 - 2015-10-30 16:47 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-11-12 22:07 - 2015-10-30 16:46 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-11-12 22:07 - 2015-10-30 16:46 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-11-12 22:07 - 2015-10-30 16:45 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-11-12 22:07 - 2015-10-30 16:45 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-11-12 22:07 - 2015-10-30 16:44 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2015-11-12 22:07 - 2015-10-30 16:44 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-11-12 22:07 - 2015-10-30 16:42 - 02279936 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-11-12 22:07 - 2015-10-30 16:39 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-11-12 22:07 - 2015-10-30 16:39 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-11-12 22:07 - 2015-10-30 16:37 - 00480256 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-11-12 22:07 - 2015-10-30 16:36 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-11-12 22:07 - 2015-10-30 16:36 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-11-12 22:07 - 2015-10-30 16:36 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-11-12 22:07 - 2015-10-30 16:34 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-11-12 22:07 - 2015-10-30 16:32 - 00720896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-11-12 22:07 - 2015-10-30 16:31 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-11-12 22:07 - 2015-10-30 16:29 - 02126336 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-11-12 22:07 - 2015-10-30 16:29 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-11-12 22:07 - 2015-10-30 16:28 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-11-12 22:07 - 2015-10-30 16:23 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-12 22:07 - 2015-10-30 16:22 - 14457856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-11-12 22:07 - 2015-10-30 16:21 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-11-12 22:07 - 2015-10-30 16:19 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-11-12 22:07 - 2015-10-30 16:18 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-11-12 22:07 - 2015-10-30 16:17 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-11-12 22:07 - 2015-10-30 16:17 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2015-11-12 22:07 - 2015-10-30 16:16 - 04527616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-11-12 22:07 - 2015-10-30 16:11 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-11-12 22:07 - 2015-10-30 16:10 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-11-12 22:07 - 2015-10-30 16:09 - 12854272 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-11-12 22:07 - 2015-10-30 16:09 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-11-12 22:07 - 2015-10-30 16:09 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-11-12 22:07 - 2015-10-30 16:04 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-11-12 22:07 - 2015-10-30 15:53 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-11-12 22:07 - 2015-10-30 15:51 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-11-12 22:07 - 2015-10-30 15:48 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-11-12 22:07 - 2015-10-30 15:46 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-11-12 22:06 - 2015-10-29 11:50 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-11-12 22:06 - 2015-10-29 11:50 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-11-12 22:06 - 2015-10-29 11:50 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-11-12 22:06 - 2015-10-29 11:50 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-11-12 22:06 - 2015-10-29 11:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-11-12 22:06 - 2015-10-29 11:49 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-11-12 22:06 - 2015-10-29 11:49 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-11-12 22:06 - 2015-10-19 19:12 - 05570496 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-11-12 22:06 - 2015-10-19 19:12 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-11-12 22:06 - 2015-10-19 19:12 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-11-12 22:06 - 2015-10-19 19:09 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-11-12 22:06 - 2015-10-19 19:06 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-11-12 22:06 - 2015-10-19 19:06 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-11-12 22:06 - 2015-10-19 19:06 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-11-12 22:06 - 2015-10-19 19:06 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-11-12 22:06 - 2015-10-19 19:05 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-11-12 22:06 - 2015-10-19 19:05 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-11-12 22:06 - 2015-10-19 19:05 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-11-12 22:06 - 2015-10-19 19:05 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-11-12 22:06 - 2015-10-19 19:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-11-12 22:06 - 2015-10-19 19:05 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-11-12 22:06 - 2015-10-19 19:05 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-11-12 22:06 - 2015-10-19 19:05 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-11-12 22:06 - 2015-10-19 19:05 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-11-12 22:06 - 2015-10-19 19:05 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-11-12 22:06 - 2015-10-19 19:05 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-11-12 22:06 - 2015-10-19 19:05 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-11-12 22:06 - 2015-10-19 19:05 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-11-12 22:06 - 2015-10-19 19:05 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-11-12 22:06 - 2015-10-19 19:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-11-12 22:06 - 2015-10-19 19:05 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-11-12 22:06 - 2015-10-19 19:05 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-11-12 22:06 - 2015-10-19 19:05 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-11-12 22:06 - 2015-10-19 19:05 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-11-12 22:06 - 2015-10-19 19:05 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-11-12 22:06 - 2015-10-19 19:05 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-11-12 22:06 - 2015-10-19 19:04 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-11-12 22:06 - 2015-10-19 19:04 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-11-12 22:06 - 2015-10-19 19:04 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-11-12 22:06 - 2015-10-19 19:00 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-11-12 22:06 - 2015-10-19 18:59 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-11-12 22:06 - 2015-10-19 18:53 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-11-12 22:06 - 2015-10-19 18:53 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-11-12 22:06 - 2015-10-19 18:53 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:53 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:53 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:53 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:52 - 03991488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-11-12 22:06 - 2015-10-19 18:52 - 03935680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-11-12 22:06 - 2015-10-19 18:48 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-11-12 22:06 - 2015-10-19 18:45 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-11-12 22:06 - 2015-10-19 18:45 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-11-12 22:06 - 2015-10-19 18:45 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-11-12 22:06 - 2015-10-19 18:45 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-11-12 22:06 - 2015-10-19 18:45 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-11-12 22:06 - 2015-10-19 18:45 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-11-12 22:06 - 2015-10-19 18:45 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-11-12 22:06 - 2015-10-19 18:45 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-11-12 22:06 - 2015-10-19 18:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-11-12 22:06 - 2015-10-19 18:45 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-11-12 22:06 - 2015-10-19 18:45 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-11-12 22:06 - 2015-10-19 18:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-11-12 22:06 - 2015-10-19 18:44 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-11-12 22:06 - 2015-10-19 18:44 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-11-12 22:06 - 2015-10-19 18:44 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-11-12 22:06 - 2015-10-19 18:44 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-11-12 22:06 - 2015-10-19 18:44 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-11-12 22:06 - 2015-10-19 18:44 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-11-12 22:06 - 2015-10-19 18:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-11-12 22:06 - 2015-10-19 18:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-11-12 22:06 - 2015-10-19 18:35 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-11-12 22:06 - 2015-10-19 18:35 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-11-12 22:06 - 2015-10-19 18:35 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:35 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 17:41 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-11-12 22:06 - 2015-10-19 17:40 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-11-12 22:06 - 2015-10-19 17:40 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-11-12 22:06 - 2015-10-19 17:29 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-11-12 22:06 - 2015-10-19 17:29 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-11-12 22:06 - 2015-10-19 17:27 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 17:27 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 17:27 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-12 22:06 - 2015-10-19 17:27 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-12 22:06 - 2015-10-13 10:41 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2015-11-12 22:06 - 2015-10-13 10:40 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-11-12 22:06 - 2015-09-23 07:15 - 00460776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-11-12 22:06 - 2015-09-23 07:15 - 00299632 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2015-11-12 22:06 - 2015-09-23 07:09 - 00251000 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2015-11-12 22:05 - 2015-11-03 11:55 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-11-12 22:05 - 2015-10-12 22:57 - 00950720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2015-11-12 22:05 - 2015-10-01 12:00 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-11-12 22:05 - 2015-10-01 12:00 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-11-12 22:05 - 2015-10-01 11:50 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-11-12 21:03 - 2015-11-12 21:03 - 05198336 _____ (AVAST Software) C:\Users\SnowSakura\Desktop\aswMBR.exe
2015-11-12 20:58 - 2015-11-13 07:26 - 00000000 ____D C:\FRST
2015-11-12 20:58 - 2015-11-12 20:58 - 02198528 _____ (Farbar) C:\Users\SnowSakura\Desktop\FRST64.exe
2015-11-11 19:27 - 2015-11-12 20:57 - 00007597 _____ C:\Users\SnowSakura\AppData\Local\Resmon.ResmonCfg
2015-11-08 22:29 - 2015-11-08 22:29 - 00000000 ____D C:\Users\SnowSakura\Downloads\RJ165659_ana_trial
2015-11-08 22:22 - 2015-11-08 22:22 - 00000000 ____D C:\Users\SnowSakura\Downloads\RJ150996_ana_trial
2015-11-06 21:34 - 2015-11-07 10:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-31 20:08 - 2015-10-31 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-10-31 20:08 - 2015-10-31 20:08 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-10-24 14:03 - 2015-10-24 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-10-20 12:47 - 2015-10-20 14:44 - 00000000 ____D C:\Program Files (x86)\DVD Decrypter
2015-10-20 12:45 - 2015-10-20 12:45 - 00000000 ____D C:\Users\SnowSakura\AppData\Roaming\CyberLink
2015-10-20 12:45 - 2015-10-20 12:45 - 00000000 ____D C:\Users\Public\CyberLink
2015-10-20 12:15 - 2015-10-24 14:11 - 00000000 ____D C:\Users\SnowSakura\AppData\Roaming\FileZilla
2015-10-20 12:15 - 2015-10-24 14:03 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2015-10-20 12:13 - 2015-10-21 10:07 - 00000000 ____D C:\Users\SnowSakura\Desktop\xboxhdm
2015-10-15 18:14 - 2015-10-15 18:14 - 00003008 _____ C:\windows\System32\Tasks\{2EFBCF1A-8657-47DE-9221-8A2BDC69E859}
2015-10-15 18:13 - 2015-10-15 18:13 - 00003008 _____ C:\windows\System32\Tasks\{F0EFF1D0-D40F-42DF-8E63-E3098F058D1E}
2015-10-15 18:12 - 2015-10-15 18:12 - 00003008 _____ C:\windows\System32\Tasks\{9130AE0F-F672-4F9B-9A01-747C6D08D696}
2015-10-15 18:09 - 2015-10-15 18:09 - 00003008 _____ C:\windows\System32\Tasks\{D1FEEFBF-FEDC-40BD-A8A6-33F2A5598C71}
2015-10-15 18:05 - 2015-10-15 18:05 - 00003008 _____ C:\windows\System32\Tasks\{D8DBF007-02EA-49F8-9179-22AFC23B9CD5}
2015-10-15 18:04 - 2015-10-15 18:04 - 00003008 _____ C:\windows\System32\Tasks\{2793A04A-9BA5-470A-8684-90B071CB20B6}
2015-10-15 18:01 - 2015-10-15 18:01 - 00003008 _____ C:\windows\System32\Tasks\{02C0A8BC-2736-453E-AEDB-F60DA19ADC66}
2015-10-15 17:59 - 2015-10-15 17:59 - 00003008 _____ C:\windows\System32\Tasks\{F0F07C30-CB92-4568-B330-381DD866CA2C}
2015-10-15 17:58 - 2015-10-15 17:58 - 00003008 _____ C:\windows\System32\Tasks\{10B4A7A2-802C-4463-BB6A-40F9DDEB7133}
2015-10-15 17:56 - 2015-10-15 17:56 - 00003008 _____ C:\windows\System32\Tasks\{F1310D0F-BC39-4AB1-A90F-79C4CFA2DA30}
2015-10-15 17:37 - 2015-10-15 17:37 - 00000000 ____D C:\Users\SnowSakura\Desktop\copy
2015-10-15 16:44 - 2015-10-15 16:44 - 00003020 _____ C:\windows\System32\Tasks\{40168F36-F644-40BE-A0B8-90EBB248F9C1}
2015-10-15 15:59 - 2015-10-15 15:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActionReplay Xbox
2015-10-14 12:47 - 2015-09-18 13:22 - 00025432 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-10-14 12:47 - 2015-09-18 13:19 - 01291264 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-10-14 12:47 - 2015-09-18 13:19 - 00766464 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-10-14 12:47 - 2015-09-18 13:19 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-10-14 12:47 - 2015-09-18 13:19 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-10-14 12:47 - 2015-09-18 13:19 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-10-14 12:47 - 2015-09-18 13:09 - 01163776 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-10-14 10:00 - 2015-10-14 10:00 - 00000552 _____ C:\Users\SnowSakura\Downloads\gundam model kits.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-13 07:26 - 2009-07-13 22:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-13 07:26 - 2009-07-13 22:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-13 07:25 - 2012-08-27 07:41 - 01108465 _____ C:\windows\WindowsUpdate.log
2015-11-13 07:22 - 2014-08-02 09:16 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-13 07:22 - 2009-07-13 23:13 - 00782470 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-13 07:19 - 2014-04-10 21:27 - 00000000 ____D C:\Users\SnowSakura\AppData\Roaming\Raptr
2015-11-13 07:19 - 2012-09-12 02:01 - 00000000 ____D C:\Users\SnowSakura\AppData\Roaming\Skype
2015-11-13 07:17 - 2015-03-28 08:16 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-13 07:17 - 2014-07-18 22:31 - 00000000 ____D C:\Users\SnowSakura\AppData\Local\LogMeIn Hamachi
2015-11-13 07:17 - 2012-09-06 01:49 - 00000000 ____D C:\Users\SnowSakura\AppData\Local\Deployment
2015-11-13 07:17 - 2012-08-29 08:37 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-13 07:16 - 2012-06-14 16:04 - 00000000 ____D C:\ProgramData\PDFC
2015-11-13 07:16 - 2009-07-13 23:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-13 07:16 - 2009-07-13 22:51 - 00077685 _____ C:\windows\setupact.log
2015-11-13 07:16 - 2009-07-13 22:45 - 00475256 _____ C:\windows\system32\FNTCACHE.DAT
2015-11-13 07:14 - 2015-03-28 08:16 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-13 07:14 - 2012-08-28 08:24 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-11-13 03:01 - 2010-11-21 01:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-12 21:51 - 2009-07-13 21:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-11-12 21:50 - 2013-08-15 12:05 - 00000000 ____D C:\windows\system32\MRT
2015-11-12 21:44 - 2012-08-28 08:24 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-11-12 21:43 - 2012-08-28 17:23 - 145617392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-11-12 21:39 - 2012-08-28 08:24 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-11-12 21:39 - 2012-06-14 16:00 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-12 21:37 - 2011-02-11 11:15 - 00766336 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2015-11-12 20:52 - 2015-07-14 22:31 - 00000000 ____D C:\Program Files\Java
2015-11-12 20:39 - 2015-01-31 23:53 - 00000000 __SHD C:\Users\SnowSakura\AppData\Local\EmieUserList
2015-11-12 20:39 - 2015-01-31 23:53 - 00000000 __SHD C:\Users\SnowSakura\AppData\Local\EmieSiteList
2015-11-12 20:39 - 2015-01-31 23:53 - 00000000 __SHD C:\Users\SnowSakura\AppData\Local\EmieBrowserModeList
2015-11-12 20:36 - 2012-08-27 07:42 - 00000000 ____D C:\Users\SnowSakura
2015-11-12 20:35 - 2014-08-02 09:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-12 20:34 - 2015-10-11 18:03 - 00000000 ____D C:\Users\SnowSakura\AppData\Roaming\Battle.net
2015-11-12 20:34 - 2015-10-11 18:02 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-11-12 20:34 - 2015-05-18 09:50 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-11-12 20:34 - 2015-04-04 10:37 - 00000000 ___SD C:\windows\system32\GWX
2015-11-12 20:34 - 2015-03-28 08:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-12 20:34 - 2014-08-02 09:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-12 20:34 - 2013-04-05 16:06 - 00000000 ____D C:\ProgramData\Paltiosoft
2015-11-12 20:34 - 2012-08-27 09:03 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-11-12 20:34 - 2012-06-14 16:00 - 00000000 ____D C:\windows\SysWOW64\Macromed
2015-11-12 20:34 - 2012-06-14 16:00 - 00000000 ____D C:\windows\system32\Macromed
2015-11-12 20:34 - 2010-11-21 01:16 - 00000000 ____D C:\windows\ShellNew
2015-11-12 20:34 - 2009-07-13 21:20 - 00000000 ____D C:\windows\registration
2015-11-12 20:34 - 2009-07-13 21:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-11-12 20:33 - 2015-10-11 18:05 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2015-11-12 20:33 - 2013-10-16 07:28 - 00000000 ____D C:\ProgramData\Oracle
2015-11-11 19:14 - 2015-08-29 01:55 - 00000000 ____D C:\Users\SnowSakura\.oracle_jre_usage
2015-11-11 19:14 - 2013-10-16 07:27 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-11 19:09 - 2012-08-30 15:08 - 00000000 ____D C:\Users\SnowSakura\AppData\Local\CrashDumps
2015-11-10 20:14 - 2015-10-11 18:03 - 00000000 ____D C:\Users\SnowSakura\AppData\Local\Battle.net
2015-11-09 19:32 - 2012-08-27 08:46 - 00003966 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{745A860C-48EB-4DB7-8D73-8DDF7DE2E22E}
2015-11-07 10:05 - 2014-08-01 12:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-07 10:05 - 2010-11-20 21:47 - 00891136 _____ C:\windows\PFRO.log
2015-11-06 18:49 - 2012-09-28 17:19 - 00000000 ____D C:\Users\SnowSakura\Downloads\Engvn
2015-11-05 22:35 - 2015-03-17 16:50 - 00003216 _____ C:\windows\System32\Tasks\HPCeeScheduleForSnowSakura
2015-11-05 22:35 - 2015-03-17 16:50 - 00000352 _____ C:\windows\Tasks\HPCeeScheduleForSnowSakura.job
2015-11-04 10:36 - 2015-04-04 10:37 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-11-03 17:28 - 2012-08-28 14:22 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2015-11-02 09:10 - 2012-06-14 15:54 - 00000000 ____D C:\ProgramData\Skype
2015-10-31 11:16 - 2015-07-01 21:15 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-31 11:16 - 2015-01-01 18:37 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-26 10:15 - 2014-07-18 22:32 - 00034720 ____H (LogMeIn, Inc.) C:\windows\system32\hamachi.sys
2015-10-20 12:46 - 2014-01-05 08:11 - 00000000 ____D C:\Users\SnowSakura\AppData\Local\Wide Angle Software
2015-10-15 21:13 - 2013-01-04 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\リリス
2015-10-15 21:13 - 2013-01-04 11:31 - 00000000 ____D C:\Program Files (x86)\lilith
2015-10-15 20:59 - 2015-09-26 08:29 - 00012528 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\windows\SysWOW64\Drivers\SECDRV.SYS
2015-10-15 18:33 - 2015-09-10 00:58 - 00000000 ___HD C:\$Windows.~BT
2015-10-15 18:05 - 2011-02-11 11:00 - 00000000 ____D C:\windows\Panther
2015-10-15 11:45 - 2009-07-13 21:20 - 00000000 ____D C:\windows\rescache
2015-10-15 10:05 - 2015-10-08 21:16 - 00000000 ____D C:\Users\SnowSakura\Downloads\Rain's Rave Ver1.10
2015-10-14 23:31 - 2014-12-10 03:23 - 00000000 ____D C:\windows\system32\appraiser
2015-10-14 23:31 - 2014-04-29 20:06 - 00000000 ___SD C:\windows\system32\CompatTel
2015-10-14 00:20 - 2013-05-04 16:30 - 00000000 ____D C:\Users\SnowSakura\AppData\Local\Google

==================== Files in the root of some directories =======

2012-09-17 22:47 - 2013-05-29 08:49 - 0000080 _____ () C:\Users\SnowSakura\AppData\Roaming\krenvprf.kep
2013-12-12 13:26 - 2014-11-13 21:28 - 0000274 _____ () C:\Users\SnowSakura\AppData\Roaming\TriDLP.INI
2014-10-19 23:43 - 2014-10-19 23:43 - 0003584 _____ () C:\Users\SnowSakura\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-11 19:27 - 2015-11-12 20:57 - 0007597 _____ () C:\Users\SnowSakura\AppData\Local\Resmon.ResmonCfg
2007-04-24 01:00 - 2007-04-24 01:00 - 0176128 ____N () C:\Users\SnowSakura\AppData\Local\Tempals_inst.exe
2012-12-04 07:29 - 2012-12-04 07:29 - 0004145 _____ () C:\ProgramData\jbluqtre.ntu

Some files in TEMP:
====================
C:\Users\SnowSakura\AppData\Local\Temp\SkypeSetup.exe
C:\Users\SnowSakura\AppData\Local\Temp\sldlext.dll
C:\Users\SnowSakura\AppData\Local\Temp\SLDL_DLL.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-10 10:49

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by SnowSakura (2015-11-13 07:27:56)
Running from C:\Users\SnowSakura\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-08-27 13:42:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3039731432-66134049-834813566-500 - Administrator - Disabled)
Guest (S-1-5-21-3039731432-66134049-834813566-501 - Limited - Disabled)
SnowSakura (S-1-5-21-3039731432-66134049-834813566-1000 - Administrator - Enabled) => C:\Users\SnowSakura

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
ActionReplay Xbox (HKLM-x32\...\ActionReplay Xbox) (Version: - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{8DF1EF50-AEB6-902C-F68C-4683C45784E6}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bazooka Cafe (HKLM-x32\...\Bazooka Cafe) (Version: - )
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
BoneCraft (HKLM-x32\...\{001FD094-E6A3-483E-A699-05FD6D332D79}) (Version: 1.0.4 - D-Dub Software)
BoneTown (HKLM-x32\...\{5E7C721D-B008-4269-A1C4-2CE7E9757983}) (Version: 1.1.1 - DWC Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.0 - BOSS Development Team)
Broadcom Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation)
Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version: - Cheat Engine)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse Client (HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0316 - DT Soft Ltd)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.00 - Electronic Arts, Inc.)
DreadOut (HKLM-x32\...\Steam App 269790) (Version: - Digital Happiness)
Elgato Game Capture HD (HKLM-x32\...\{5601585A-83B1-41E0-B00C-CCBC4A4798AE}) (Version: 1.42.24.539 - Elgato Systems GmbH)
Epic Games Launcher (HKLM\...\{80B98173-8A92-4333-8AC1-46CEFF3562E5}) (Version: 1.1.33.0 - Epic Games, Inc.)
F.E.A.R.: Extraction Point (HKLM-x32\...\Steam App 21110) (Version: - Monolith )
F.E.A.R.: Perseus Mandate (HKLM-x32\...\Steam App 21120) (Version: - Monolith )
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Fighter Factory Ultimate (HKLM-x32\...\VirtuallTek Fighter Factory Ultimate_is1) (Version: 2.6.0.2010 - VirtuallTek Systems)
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FINAL FANTASY VII (HKLM-x32\...\{141B8BA9-BFFD-4635-AF64-078E31010EC3}_is1) (Version: 1.0 - Square Enix)
Game Capture v2.3.3.38 (HKLM-x32\...\Game Capture v2.3.3.38) (Version: 2.3.3.38 - )
Game Genie Save Editor for PS3 (US) (HKLM-x32\...\{59B1995D-81FD-4B78-A0BE-94A0E90B6AE8}) (Version: 1.1.0.0 - Game Genie)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Halo 2 for Windows Vista (HKLM-x32\...\Halo 2) (Version: - Microsoft Game Studios)
Halo 2 for Windows Vista (x32 Version: 1.0.0.0 - Microsoft Corporation) Hidden
Harem Party (HKLM-x32\...\{71A06EF1-7911-491C-ADC6-A245BA24651B}) (Version: 1.00.0000 - NEXTON)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6395.0 - IDT)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Imouto Paradise (HKLM-x32\...\Imouto Paradise!_is1) (Version: 1.00 - Mangagamer)
Indeoョ Software (HKLM-x32\...\Indeoョ Software) (Version: - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Jewel Knight Crusaders (HKLM-x32\...\Jewel Knight Crusaders) (Version: 1.1 - ZeroCool)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 2.0.3 - Kobo Inc.)
Koihime_Musou (HKLM-x32\...\{88C00DB8-B6DF-4D87-80AB-E0C821AEDFAE}) (Version: 1.00.0000 - NEXTON)
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Liquid Black Box (HKLM-x32\...\{CBB7F409-3D33-4901-B5D1-59ECD9DDAD35}) (Version: 1.00.0000 - 株式会社ネクストン)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.406 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.406 - LogMeIn, Inc.) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
MISAO~淫辱忍法伝~ (HKLM-x32\...\{6D8E0DB0-6E37-46D5-8AAF-65281A61D235}) (Version: 1.00.0000 - Infini Brain Inc.)
Monsters Survive ~負ければモンスターに生殖される~DL版 (HKLM-x32\...\{BB2D8D15-D222-4D7C-9CD8-03E3BDD140F0}) (Version: 1.00.0000 - Infini Brain Inc.)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.54.10 - Black Tree Gaming)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NVariety Tool version 4.63 (HKLM-x32\...\{96FDBE55-E86D-4E5A-90C7-344B8B59DB34}_is1) (Version: 4.63 - Oblivion_gallo)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5706 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5706 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 - NewspaperDirect Inc.)
PS3 Xploder Ultimate Edition (HKLM-x32\...\PS3Xploder) (Version: - )
PS3XploderPro (HKLM-x32\...\net.xploder.PS3XploderPro) (Version: 1.0.7 - UNKNOWN)
PS3XploderPro (x32 Version: 1.0.7 - UNKNOWN) Hidden
Python 2.7 comtypes-0.6.2 (HKLM-x32\...\comtypes-py2.7) (Version: - )
Python 2.7 pywin32-216 (HKLM-x32\...\pywin32-py2.7) (Version: - )
Python 2.7.2 (HKLM-x32\...\{2E295B5B-1AD4-4d36-97C2-A316084722CF}) (Version: 2.7.2150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RGSS-RTP Standard (HKLM-x32\...\{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}) (Version: 1.0.0 - Enterbrain)
RGSS-RTP Standard (HKLM-x32\...\RGSS-RTP Standard_is1) (Version: 1.03 - Enterbrain)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
RPG Maker 2000 1.05 (HKLM-x32\...\RPG Maker 2000 1.05) (Version: - )
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RPGXP (HKLM-x32\...\{9B34CAC6-738F-4A20-B428-A115C3E3474C}) (Version: 1.0.0 - Enterbrain)
RPGツクール2000 ランタイムパッケージ (HKLM-x32\...\{33F7A957-A66D-45A1-BADF-6576083B14E2}) (Version: - )
RPGツクールVX RTP (HKLM-x32\...\RPGツクールVX RTP_is1) (Version: 1.02 - Enterbrain)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version: - Volition)
sdrt(5.0, 64bit) (HKLM\...\{63A3DBCF-FB40-4398-9AE5-94EE6206CE12}) (Version: 5.0.3.0 - パルティオソフト株式会社)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Street Fighter X Tekken (x32 Version: 1.0.0004.130 - CAPCOM U.S.A., INC) Hidden
StWoN (HKLM-x32\...\{6DDF03A9-D7BE-4435-98FD-B98120D40B7A}) (Version: 1.0.4 - Kingdom Crafting Pte. Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TouchCopy 12 (HKLM-x32\...\{C569821B-6C32-4240-B0DE-88B017BCD247}) (Version: 12.35 - Wide Angle Software)
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
UE4 Prerequisites (x86) (HKLM-x32\...\{162863d7-4b83-429c-baa7-fcedd09f331f}) (Version: 1.0.8.0 - Epic Games, Inc.)
UE4 Prerequisites (x86) (x32 Version: 1.0.8.0 - Epic Games, Inc.) Hidden
Unity Web Player (HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Unreal Development Kit: 2012-10 (HKLM\...\UDK-a3a99dc9-41ef-4d74-b50b-5fef71691317) (Version: - Epic Games, Inc.)
Unreal Development Kit: 2012-10 (HKLM\...\UDK-aff96dea-251d-4086-bd63-47e0e0aea433) (Version: - Epic Games, Inc.)
Unreal Development Kit: 2012-10 (HKLM\...\UDK-d71d4a89-7649-4297-9bf2-a0f0ae0f01ce) (Version: - Epic Games, Inc.)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vampire - The Masquerade Bloodlines (HKLM-x32\...\InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}) (Version: 1.00.0000 - Activision)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Video Download Capture version 4.9.6 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.9.6 - APOWERSOFT LIMITED)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Driver Package - XBCD Project HID (16/05/2008 1.1.0) (HKLM\...\C6DCA6D8EFAB374E8F91A705567555FF4DAF025D) (Version: 16/05/2008 1.1.0 - XBCD Project)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 0.3.0.5 - Wrye & Wrye Bash Development Team)
wxPython 2.8.12.1 (ansi) for Python 2.7 (HKLM-x32\...\wxPython2.8-ansi-py27_is1) (Version: 2.8.12.1-ansi - Total Control Software)
X-Change 3 (HKLM-x32\...\X-Change 3) (Version: - )
Yin-Yang - X-Change Alternateive (HKLM-x32\...\Yin-Yang - X-Change Alternateive) (Version: - )
Yumina the Ethereal (HKLM-x32\...\Yumina) (Version: English 1.0 - JAST Densetsu)
Zero Infinity (HKLM-x32\...\InstallShield_{6335C7B1-99C9-4F8E-9EB6-F37B0359B817}) (Version: 1.00.0000 - 株式会社グリーンウッド)
Zero Infinity (x32 Version: 1.00.0000 - 株式会社グリーンウッド) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
ZOL-BOX (HKLM-x32\...\{A9E014FE-32DC-4766-B736-5E21035CE138}) (Version: 1.00.0000 - Infini Brain Inc.)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden


==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

11-11-2015 14:44:03 Restore Operation
11-11-2015 18:29:39 Windows Update
11-11-2015 18:43:00 Windows Update
11-11-2015 19:10:21 Removed Java 8 Update 60 (64-bit)
12-11-2015 20:29:12 Restore Operation
12-11-2015 20:42:37 Windows Update
12-11-2015 20:46:34 Removed Java 8 Update 60 (64-bit)
12-11-2015 21:00:15 Windows Modules Installer
12-11-2015 21:07:27 Windows Modules Installer
12-11-2015 21:11:45 Windows Modules Installer
12-11-2015 21:16:31 Windows Modules Installer
12-11-2015 21:21:13 Windows Modules Installer
12-11-2015 21:26:50 Windows Modules Installer
12-11-2015 21:32:43 Windows Modules Installer
12-11-2015 21:38:30 Windows Modules Installer
13-11-2015 03:00:38 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2015-10-15 18:53 - 00450892 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15464 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {012E08B6-3F92-446A-ACE4-A697A4A06132} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {021D14D9-01CB-401B-A038-09E29A2E20BF} - System32\Tasks\{4F99ED7D-002B-4481-A9B6-149F9F968EB5} => C:\WET\WET.EXE
Task: {02A71841-E0BB-4D22-85CF-517CB7B0565C} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {0591126B-0880-4A03-A10F-325DB213F487} - System32\Tasks\{93552713-43F8-4DEC-A569-066F8009C868} => C:\Users\SnowSakura\Downloads\パンデモニウムの調教師\パンデモニウムの調教師.exe
Task: {09EBA791-391F-4793-8500-326918CCF307} - System32\Tasks\{7285989A-D5E7-45DC-925D-AC9DAAB39C41} => J:\SETUP.EXE
Task: {0F9EF5DB-DB0B-4A27-8842-9D84B2B68A2B} - System32\Tasks\{5199E115-F885-4CE6-8F58-1A9DDB3CE1B4} => C:\Fallout 3\Fallout3.exe
Task: {0FCBCD40-1106-4A12-9D3C-4B0C55B5B8AE} - System32\Tasks\{3C253BEF-04F9-46D4-819B-8FEF0C7F63CD} => C:\Users\SnowSakura\Downloads\Engvn\RJ077247\パンデモニウムの調教師\パンデモニウムの調教師.exe
Task: {118D294F-5830-463D-B87A-60B0C6F1B9B4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-28] (Google Inc.)
Task: {1891F762-FA28-44D1-85D0-386BE727CC32} - System32\Tasks\{9130AE0F-F672-4F9B-9A01-747C6D08D696} => C:\Users\SnowSakura\Downloads\Xplorer360.beta6\Xplorer360.exe
Task: {19B4A3C8-E49E-4318-B233-2F604233C262} - System32\Tasks\{EE9830CD-3B18-4D56-8AD2-4078AAF8856B} => C:\Users\SnowSakura\Downloads\RM2K_105E.exe
Task: {1ED45968-8DBF-4B84-9D8E-8D3D742EC306} - System32\Tasks\{2793A04A-9BA5-470A-8684-90B071CB20B6} => C:\Users\SnowSakura\Downloads\Xplorer360.beta6\Xplorer360.exe
Task: {1FD8ACEA-A39A-4F3D-92A5-3AF1B1DF0607} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {222CD7AC-DAAF-4715-B323-CB18A3435E0B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-12] (Adobe Systems Incorporated)
Task: {23E381B0-E3E2-46C1-B363-9763CFAEF44E} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-08-23] (CyberLink)
Task: {24AF2F11-EC5D-4111-AA6A-C6509BCD6BB5} - System32\Tasks\{96B6A353-36DA-4F0C-B96C-2A8BE31F5837} => C:\Users\SnowSakura\Downloads\Engvn\パンデモニウムの調教師\パンデモニウムの調教師.exe
Task: {2596BB69-A9C9-4BE3-9F35-E01411998956} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {27001E4B-CB49-4237-AECE-A7164F068504} - System32\Tasks\{2EFBCF1A-8657-47DE-9221-8A2BDC69E859} => C:\Users\SnowSakura\Downloads\Xplorer360.beta6\Xplorer360.exe
Task: {347A4E2E-64C6-410B-B298-53574C27341F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {37192CA9-780B-4B0E-A583-52DF3F860507} - System32\Tasks\{F0EFF1D0-D40F-42DF-8E63-E3098F058D1E} => C:\Users\SnowSakura\Downloads\Xplorer360.beta6\Xplorer360.exe
Task: {412FBF21-072B-43FD-8D42-A438A12C7556} - System32\Tasks\{3E52626D-4882-438B-B9E9-62DA2076620D} => C:\Users\SnowSakura\Downloads\11679_Sixaxis_PS3_Win32_Driver_For_PC\ps3sixaxis_en.exe
Task: {41E534FD-D094-4A1D-96BF-15F906AE8C64} - System32\Tasks\stwonUpdater-SnowSakura => C:\Users\SnowSakura\AppData\Local\StWoN\content\stwonUpdater.exe [2015-04-06] ()
Task: {581CF07B-5C75-4430-81AD-BDBE9A877859} - System32\Tasks\{F1310D0F-BC39-4AB1-A90F-79C4CFA2DA30} => C:\Users\SnowSakura\Downloads\Xplorer360.beta6\Xplorer360.exe
Task: {585F7819-A8C6-46FF-97BE-3D55966EDF96} - System32\Tasks\{F36D0610-AEEC-49F6-82D9-3FD1C9013F91} => pcalua.exe -a J:\sclex_inst.exe -d J:\
Task: {5D820B89-FE75-4657-9A37-D9B631C8E872} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-10-20] (Hewlett-Packard)
Task: {5EBD61E4-F770-4377-877B-C4C8B4A090FB} - System32\Tasks\Halo 2 for Vista restart => C:\Program Files (x86)\Microsoft Games\Halo 2\startup.exe [2015-08-12] (Microsoft Corporation)
Task: {5F9ABA94-7BBA-4A9D-9A53-11AAC11A16DC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {64ABA19E-A7AD-44A2-8915-042947F018A0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {67A9A92E-1A3A-4F29-B3FB-E60365EE2C1D} - System32\Tasks\{624BD0FD-CC9B-4AE5-956F-91DDCDD3158D} => pcalua.exe -a E:\autorun.exe -d E:\
Task: {72A68235-1D34-4430-9BB8-077F636C540A} - System32\Tasks\{D1FEEFBF-FEDC-40BD-A8A6-33F2A5598C71} => C:\Users\SnowSakura\Downloads\Xplorer360.beta6\Xplorer360.exe
Task: {781EDEAC-8A81-430E-BF72-E6BDA7914311} - System32\Tasks\{3F9EC050-C6DF-4B01-A573-A0AE9262D366} => C:\Fallout 3\Fallout3.exe
Task: {7C549D30-D404-4EF9-81C0-E6E8FCC67F71} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {816C9F38-BB08-42C9-99BF-7DED78B07B45} - System32\Tasks\{D8DBF007-02EA-49F8-9179-22AFC23B9CD5} => C:\Users\SnowSakura\Downloads\Xplorer360.beta6\Xplorer360.exe
Task: {8B12AC43-CB96-4674-A951-238801D0EE89} - System32\Tasks\{2221FFE4-6BDA-4228-9C77-4A3236312F3C} => pcalua.exe -a J:\setup.exe -d J:\
Task: {8C1C0376-0852-4E4C-BC90-18DE187E095D} - System32\Tasks\HPCeeScheduleForSnowSakura => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {99E34EAF-743D-4382-B1D6-498BE63276DA} - System32\Tasks\{996E19DE-2558-419E-A2E8-76F821CB9511} => pcalua.exe -a J:\INSTALL.EXE -d J:\
Task: {9B0D22E5-2EEC-491E-95BF-F74730089D3E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {A159D8FC-DB52-4699-BFE6-291D0507A84F} - System32\Tasks\{ED30705D-46D2-4CFB-8842-0E2A09C13461} => C:\Users\SnowSakura\Downloads\パンデモニウムの調教師\パンデモニウムの調教師.exe
Task: {A296746F-5E96-4057-B0BF-881524BA7E3D} - System32\Tasks\{10B4A7A2-802C-4463-BB6A-40F9DDEB7133} => C:\Users\SnowSakura\Downloads\Xplorer360.beta6\Xplorer360.exe
Task: {A4D62F11-3A33-40EC-9DBB-8BB6579021D3} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {CE2031C8-D68A-485D-9082-C0EFB6503032} - System32\Tasks\{6DFF3D31-13E6-4251-929C-C9F2EB0A9B36} => C:\Users\SnowSakura\Desktop\jojo\setup.exe
Task: {D78FE1C2-A0C0-4CDF-B966-49C4E4782B36} - System32\Tasks\{A531E2B1-2730-4207-A42D-B894C1CB6B0D} => pcalua.exe -a C:\Users\SnowSakura\Desktop\val2_upd.exe -d C:\Users\SnowSakura\Desktop
Task: {E4715FE9-CB0F-4B7E-9E8E-35849D91C0DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-28] (Google Inc.)
Task: {E9F4B5C9-8509-4001-9AA7-40A8198DE70E} - System32\Tasks\{02C0A8BC-2736-453E-AEDB-F60DA19ADC66} => C:\Users\SnowSakura\Downloads\Xplorer360.beta6\Xplorer360.exe
Task: {EB07FABD-75F7-4377-AA6A-262622DE45BD} - System32\Tasks\{40168F36-F644-40BE-A0B8-90EBB248F9C1} => C:\Program Files (x86)\Datel\ActionReplay Xbox\ActionReplayXbox.exe
Task: {EEF247AD-1711-4C2B-AE9B-D2A35ED6E31E} - System32\Tasks\{F0F07C30-CB92-4568-B330-381DD866CA2C} => C:\Users\SnowSakura\Downloads\Xplorer360.beta6\Xplorer360.exe
Task: {FE24A651-B4D2-4AF7-AFA9-2AAAC883EB3C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForSnowSakura.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\stwonUpdater-SnowSakura.job => C:\Users\SnowSakura\AppData\Local\StWoN\content\stwonUpdater.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-15 20:38 - 2015-07-15 20:38 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-10-16 04:02 - 2015-10-16 04:02 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2015-06-16 07:38 - 2015-06-16 07:38 - 00016384 ____N () C:\Users\SnowSakura\AppData\Local\Apps\2.0\N898JELC.NPN\GX4JT2NO.CQ4\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\Curse.CurseClient.WowDb.dll
2015-06-16 07:38 - 2015-06-16 07:38 - 00035840 ____N () C:\Users\SnowSakura\AppData\Local\Apps\2.0\N898JELC.NPN\GX4JT2NO.CQ4\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\Curse.Advertising.dll
2015-06-16 07:38 - 2015-06-16 07:38 - 00099840 ____N () C:\Users\SnowSakura\AppData\Local\Apps\2.0\N898JELC.NPN\GX4JT2NO.CQ4\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\Curse.CurseClient.CMOD2.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-18 09:50 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-05-18 09:50 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-05-18 09:50 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-05-18 09:50 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-05-18 09:50 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-03-12 16:10 - 2015-10-05 10:18 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-25 19:48 - 2015-07-03 10:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-25 19:48 - 2015-07-03 10:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-25 19:48 - 2015-07-03 10:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-21 13:59 - 2015-11-09 20:44 - 02541648 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 07:46 - 2015-09-23 18:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 07:46 - 2015-09-23 18:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 07:46 - 2015-09-23 18:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 07:46 - 2015-09-23 18:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-29 07:46 - 2015-09-23 18:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2012-08-29 08:38 - 2015-11-09 20:44 - 00806992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-21 17:17 - 2015-11-03 16:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2010-11-22 16:56 - 2010-11-22 16:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 16:56 - 2010-11-22 16:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 16:56 - 2010-11-22 16:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 17:26 - 2014-05-13 17:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 17:26 - 2014-05-13 17:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 17:26 - 2014-05-13 17:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 17:26 - 2014-05-13 17:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 16:57 - 2010-11-22 16:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 16:56 - 2010-11-22 16:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 16:56 - 2010-11-22 16:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 16:56 - 2010-11-22 16:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 16:57 - 2010-11-22 16:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 16:57 - 2010-11-22 16:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 16:56 - 2010-11-22 16:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 12:17 - 2011-02-15 12:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 16:57 - 2010-11-22 16:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-13 17:26 - 2014-05-13 17:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 16:56 - 2010-11-22 16:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 16:56 - 2010-11-22 16:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2014-08-13 18:37 - 2014-08-13 18:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2014-08-13 18:37 - 2014-08-13 18:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2015-06-26 17:09 - 2015-06-26 17:09 - 00271872 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 16:56 - 2010-11-22 16:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 16:56 - 2010-11-22 16:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 16:57 - 2010-11-22 16:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 16:56 - 2010-11-22 16:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2010-11-22 16:57 - 2010-11-22 16:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-17 18:56 - 2014-06-17 18:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 12:17 - 2011-02-15 12:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 17:06 - 2010-11-22 17:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 17:52 - 2013-05-09 17:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 17:52 - 2013-05-09 17:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 17:52 - 2013-05-09 17:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 12:57 - 2013-05-03 12:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 12:56 - 2013-05-03 12:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 12:56 - 2013-05-03 12:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 12:57 - 2013-05-03 12:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 12:56 - 2013-05-03 12:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 12:57 - 2013-05-03 12:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 12:57 - 2013-05-03 12:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 12:57 - 2013-05-03 12:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 12:57 - 2013-05-03 12:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2012-08-29 08:38 - 2015-10-08 16:20 - 45010208 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:{994c8d26-29ed-48af-a647-94693033f5ee}
AlternateDataStreams: C:\windows\System32:{994c8d26-29ed-48af-a647-94693033f5ee}
AlternateDataStreams: C:\Users\All Users:{994c8d26-29ed-48af-a647-94693033f5ee}
AlternateDataStreams: C:\ProgramData\Application Data:{994c8d26-29ed-48af-a647-94693033f5ee}
AlternateDataStreams: C:\Users\SnowSakura\NetHood:{994c8d26-29ed-48af-a647-94693033f5ee}
AlternateDataStreams: C:\Users\SnowSakura\Templates:{994c8d26-29ed-48af-a647-94693033f5ee}

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.

IE restricted site: HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3039731432-66134049-834813566-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SnowSakura\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6719B72E-8DA6-4C6E-8B60-45930033A5DD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe
FirewallRules: [{C5608CFB-3A81-4231-BEB9-89002E79D60C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe
FirewallRules: [{648C0E94-7A76-4B26-AF71-3D88D64A4C05}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\IndivDRM.exe
FirewallRules: [{688697D6-9C9C-4156-AC7F-8B6C4A36D5F3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\IndivDRM.exe
FirewallRules: [{1AD7F86B-73C1-4615-BCAA-94E34AEA1F39}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8C088A8B-B3A9-4EAF-A99E-1ED237C701B5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{5900AC92-1C6E-4276-AE26-489443DB5DB5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{B7D4475C-7BCA-447B-B24D-0CA7286CE560}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{027E90ED-8918-432E-89B3-D3F3F3EC3019}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{813CA9A1-9EFA-456A-948F-A409D253907A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1CD6109D-104F-497E-9768-92EBC9303A85}] => (Allow) LPort=2869
FirewallRules: [{8F12CCB1-3812-4914-86A9-48F08107FE32}] => (Allow) LPort=1900
FirewallRules: [{A4C8F6E1-4589-4FB3-B870-DE7F49C4A4CF}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4B030A41-D4F8-4919-B369-44FC9B8EAB68}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.exe
FirewallRules: [{834A2359-CAEE-4F81-B6DF-FF0156943270}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.exe
FirewallRules: [{BE97FD34-A997-4DD7-BA6C-11A8D4709DA5}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe
FirewallRules: [{E132C244-D430-4950-A896-FEFCFDFE3960}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe
FirewallRules: [TCP Query User{76ADF15B-BE7F-4063-B7E2-056F5E283FDB}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe
FirewallRules: [UDP Query User{5F8DB876-8087-4581-87BE-9513BD5E147D}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe
FirewallRules: [TCP Query User{95204D32-3957-422B-B1F9-CD6FF1E5ED56}C:\program files (x86)\world of warcraft\backgrounddownloader.exe] => (Allow) C:\program files (x86)\world of warcraft\backgrounddownloader.exe
FirewallRules: [UDP Query User{D5BB996A-3FE5-45C5-83D0-3A288F04E07B}C:\program files (x86)\world of warcraft\backgrounddownloader.exe] => (Allow) C:\program files (x86)\world of warcraft\backgrounddownloader.exe
FirewallRules: [TCP Query User{D929F26A-0BEB-4CAC-A2E9-B4C355364D5D}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe
FirewallRules: [UDP Query User{B06D1E45-799D-4765-B5CC-FE60369F2A2B}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe
FirewallRules: [TCP Query User{5D9CE5F7-88A6-4FB0-A0EB-5726FC1E1DFC}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe
FirewallRules: [UDP Query User{DA3A12C3-34F3-456F-9551-59FB1C1474E9}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe
FirewallRules: [{CAC46851-D497-4A13-A8EB-2CEA5E13CB35}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{CBD62E26-43F6-434F-8BC4-690B2A484FBB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{7F6AA73C-9DD9-4EFB-B344-34D6DEB7B40E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{408795E8-EA8D-466A-9B5F-9C3F98AF43F8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{F7F0B6F3-DF18-4ABC-9DFF-565B9AFC264B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0F9DFADE-46DD-43B3-B5A8-20CD671C2424}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E3A8A133-D21B-402A-A371-6D451536D31D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7692C7E8-7E63-4BD8-9252-587C9EEC2B22}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3D6E58DA-B3AA-4819-A263-D59AFC868A23}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1F972D1D-B254-4320-BFEE-5CAE000E8685}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FB0524B6-D16F-44F4-BC4E-212CDDEFEE11}] => (Allow) C:\Program Files (x86)\Dragon Age 2\bin_ship\DragonAge2.exe
FirewallRules: [{38D43EF5-4FD2-409F-87CE-B772996D920D}] => (Allow) C:\Program Files (x86)\Dragon Age 2\bin_ship\DragonAge2.exe
FirewallRules: [{E3C06D48-825E-4029-9BEF-2EEC4DBA3EE5}] => (Allow) C:\Program Files (x86)\Dragon Age 2\DragonAge2Launcher.exe
FirewallRules: [{17DCA6C9-9034-45F9-846F-9B7A7C7B26E1}] => (Allow) C:\Program Files (x86)\Dragon Age 2\DragonAge2Launcher.exe
FirewallRules: [{01073F0C-8D71-4428-9AC5-C9738359FAD4}] => (Allow) C:\Program Files (x86)\Capcom\Street Fighter X Tekken\SFTK.exe
FirewallRules: [{9E012222-C563-4DDC-8517-F73C91F60D7B}] => (Allow) C:\Program Files (x86)\Capcom\Street Fighter X Tekken\SFTK.exe
FirewallRules: [{977088E9-38F6-4974-96DA-0BF04C9D8A21}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{8DA9A5AD-606A-4D82-B021-E672BDF9B12A}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{6C2B038E-DC4D-4CC2-A89E-C81EBA4562D1}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{1B5EDDA6-9368-45FD-966F-BF66ED282DA6}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{EE429D7E-C58F-4021-BB7B-62C7498D06A4}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe
FirewallRules: [{3FB899D9-0A23-4746-BDAA-840BC82DAD3C}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe
FirewallRules: [TCP Query User{1A5C8510-D3B9-40E5-8D99-38CF166105B2}C:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe] => (Allow) C:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe
FirewallRules: [UDP Query User{0F312649-BF60-4EE0-B222-362BDB1FD4DD}C:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe] => (Allow) C:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe
FirewallRules: [TCP Query User{12F58F70-58DA-41D6-A1E6-70D26D2F18FC}C:\fallout 3\fallout3.exe] => (Allow) C:\fallout 3\fallout3.exe
FirewallRules: [UDP Query User{20543777-68D7-44FC-8166-4EFE83BD188C}C:\fallout 3\fallout3.exe] => (Allow) C:\fallout 3\fallout3.exe
FirewallRules: [{668A4AF9-7B30-439D-B300-90D0F8912CA1}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{F97FE278-47C0-4449-889B-ED5DF3FFFD97}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{FEE800B7-B3EF-4175-8594-7C59D430765B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{0B9752B6-BD72-4B67-B472-4C549A437763}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{FEB39491-C20F-4ED9-B81C-274D6C1C366C}] => (Allow) C:\Program Files (x86)\Nakido\nakido.exe
FirewallRules: [{4E06C7A0-85ED-4D43-98F7-A7D093FCCD4B}] => (Allow) C:\Program Files (x86)\Nakido\nakido.exe
FirewallRules: [{D9D6C8B1-DACE-4321-A575-7DACA8241E47}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{201FFE32-0EC9-4E34-B518-470A2A9CCBCE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{18ED9DEB-930A-47C6-B848-703D870D50D1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{3AD4C842-C02A-4C54-BFA7-C3B03B0BBAE8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{A3C92390-BEA5-4248-92C3-F9A3DC7E67C0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher 2\BonusContent\launch.bat
FirewallRules: [{4534848B-994E-45BD-9160-408D786EE743}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher 2\BonusContent\launch.bat
FirewallRules: [{7FA86131-F58E-46A2-B29B-C3290D941A69}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{755851F5-B287-4CEB-AAB9-3126679DDFD4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{B0501F78-759E-4825-84B1-39BB0A154784}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher 2\launch.bat
FirewallRules: [{9C0BF12C-2395-4367-8137-5D08D5B01F00}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher 2\launch.bat
FirewallRules: [{BE6C3446-AE13-419F-ACDB-F866696213EA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{04583D8B-2D89-4E40-8BC2-888EA6D15DC1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{6E37C7B7-FFDF-4F53-861A-7002764F2E39}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{9AE24AD8-4038-43C2-810F-92EBBB5C9535}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{FF8EF293-C00B-4746-ACB2-088A87B5B71A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [TCP Query User{639B57C8-5EAC-490A-B840-96E236097266}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{0B57EA81-537C-46D9-AF69-02EA42B86364}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{B8E4E62E-AE39-4EC3-B37E-941A5F30A07D}] => (Allow) C:\UDK\EP2v1.4\Binaries\Win32\UDK.exe
FirewallRules: [{DDC66356-3393-49F6-B655-893263E31C47}] => (Allow) C:\UDK\EP2v1.4\Binaries\Win32\UDK.exe
FirewallRules: [TCP Query User{53B68BA2-C42A-4B01-9274-9E8F82E924C4}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{52446796-DAC8-4621-BC17-0F0F7F332395}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{D2EEC824-9573-418C-941B-487DC41554F1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{0763ABD7-F52D-4267-A9DF-573DB2F3A545}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{2188B6D0-EDA3-4D11-A8C9-C736DE5DD1AB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{14056092-578B-4498-B88D-C184A452D2A7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{96C37120-6DCA-4B64-80DC-477E7BA939F2}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{93A96BD3-673F-4BB9-BACA-95DBED1E1E05}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{15F1AD17-C4BF-485C-9B84-B75A464812E6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{243B9C17-DEE0-452F-9588-5F32539FB19D}] => (Allow) LPort=27666
FirewallRules: [{9968E6F1-72BA-4A62-B5BF-F1F75F0A2D1B}] => (Allow) LPort=27666
FirewallRules: [{8F719CD8-8639-41DA-BDAF-8138E7968932}] => (Allow) %ProgramFiles% (x86)\Doom 3\DOOM3.exe
FirewallRules: [{503E1EBD-253F-4AC6-9216-FB52F44AA44A}] => (Allow) %ProgramFiles% (x86)\Doom 3\DOOM3.exe
FirewallRules: [TCP Query User{9C7F8673-EFEC-4779-9D8A-F612E4C31972}C:\program files (x86)\microsoft games\halo\halo.exe] => (Allow) C:\program files (x86)\microsoft games\halo\halo.exe
FirewallRules: [UDP Query User{31C28199-8CBA-44C6-AC69-1CD8C3E9E573}C:\program files (x86)\microsoft games\halo\halo.exe] => (Allow) C:\program files (x86)\microsoft games\halo\halo.exe
FirewallRules: [{62164A12-FD51-4B1E-9BD0-05DD62A01BCF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SiN Episodes Emergence\SinEpisodes.exe
FirewallRules: [{E1CA384A-E881-41CC-B176-56056C6E89BB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SiN Episodes Emergence\SinEpisodes.exe
FirewallRules: [{D04895CE-F4D2-4A16-9CDE-AC75743C0C4C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\saints row the third\game_launcher.exe
FirewallRules: [{6CC6BD59-3C96-43E2-AC70-FE4D642564DB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\saints row the third\game_launcher.exe
FirewallRules: [{3A88E94F-4C87-4206-81FD-86EF109AA8B9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\saints row the third\SaintsRowTheThird.exe
FirewallRules: [{F7C285DB-2610-4E30-A69A-C1594ACEF15C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\saints row the third\SaintsRowTheThird.exe
FirewallRules: [{A6EA7BCF-4E37-4C50-9B86-69F654C16467}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\saints row the third\SaintsRowTheThird_DX11.exe
FirewallRules: [{5BCD448C-9214-4B2A-91F7-3F00CC4F840B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\saints row the third\SaintsRowTheThird_DX11.exe
FirewallRules: [{8B33BCFC-8DA2-4E7F-84DF-69FE91AD4535}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{8CE6D234-06B3-43A8-B70B-BA7811560254}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{B3D29493-5EAC-4D0C-ABE3-2DF04F0177EF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4046D372-FD8D-4721-BDC9-DBB5D5D41A96}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7B92451E-01C5-4E0B-8E6E-CAE6D5CFEFD3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3D05ED66-D0EE-43D3-A69F-3DAF25720D97}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{7CA412BD-59D9-478D-A613-4AF33855169C}C:\users\snowsakura\desktop\duke\eduke32.exe] => (Allow) C:\users\snowsakura\desktop\duke\eduke32.exe
FirewallRules: [UDP Query User{93811B15-4188-4A84-802E-B5B82E7E3255}C:\users\snowsakura\desktop\duke\eduke32.exe] => (Allow) C:\users\snowsakura\desktop\duke\eduke32.exe
FirewallRules: [{86AF7E27-E5AA-439C-B511-A6F9DB4A8B0D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{83C74A04-E02B-4D97-A7E5-18EBA91D6139}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ED471B64-BEAA-491E-A04F-F6CB2F5A3361}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{1E8EC039-911A-4A98-B18F-F680FA1A5971}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{E63B5743-F0F8-4AFD-850C-0B7D50B33D9E}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{661B3E99-4A40-481D-A8D5-D99DE16418AB}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{ACA64BAD-E9A1-48E5-A7F0-AA1FE9D2C742}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{A5E6D51D-F6A6-4B26-8DE7-2CCD0E6C932F}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{E6C3AB54-442B-479A-8F83-87EBE3130F0E}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{1628CD7F-9E10-4F5C-A47D-ED3D9B55C2E5}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{25440907-EBC6-42FA-8892-F59C22A3A7F2}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{91B91488-0F32-473C-A5D4-500606B6B1DA}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{588847BB-BA46-4669-BA2B-3F5B6162645E}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{7DD29625-2791-40C1-A24D-97FC9E415495}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{604C370D-5786-4CD5-8CC4-BA43EE6C43E4}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{349F8C5B-E6B7-406D-AA13-EB81AC84189E}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{B13A681F-F872-4008-8026-F8F25B42BD47}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{2A0E49B6-0A17-4922-A6DF-405332E2E2C1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [TCP Query User{971184E3-7920-4EF6-A244-8C7F5D1D510F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{703CCF9E-BBD1-4723-9754-26B642BBF0F8}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{6D8B05E0-C043-4930-ABE1-748287B826DF}] => (Allow) C:\Users\SnowSakura\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{444A9A39-8989-46EC-A8D8-5356D24B693B}] => (Allow) C:\Program Files (x86)\Microsoft Games\Halo 2\halo2.exe
FirewallRules: [{19EDBFDF-2614-479F-AEC1-696FC77833F7}] => (Allow) C:\Program Files (x86)\Microsoft Games\Halo 2\halo2.exe
FirewallRules: [{9C67552C-27ED-418C-A0E1-B5304EC052FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEAR Ultimate Shooter Edition\FEARXP\FEARXP.exe
FirewallRules: [{ABA6D0C8-BBC2-42F6-B257-DE7CB62B46DF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEAR Ultimate Shooter Edition\FEARXP\FEARXP.exe
FirewallRules: [{CC411A6E-43E9-40EC-A9D9-2B883559ADC3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEAR Ultimate Shooter Edition\FEARXP2\FEARXP2.exe
FirewallRules: [{5541ABF5-4F1D-476C-A463-3F0F69AD0BAD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEAR Ultimate Shooter Edition\FEARXP2\FEARXP2.exe
FirewallRules: [{7175714D-CCFB-434A-8ABA-9908C1E3366D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DreadOut\dreadout.exe
FirewallRules: [{6058D46C-2EDB-40B1-88FF-C2145A1395E7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DreadOut\dreadout.exe
FirewallRules: [{D48E2BF1-AF40-45D5-8BC2-8FC4AB51C00C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DreadOut\dreadout32.exe
FirewallRules: [{83AE8E1C-1619-4184-8E9A-DE0C44FF98DD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DreadOut\dreadout32.exe
FirewallRules: [{17E1352E-9A5F-4D78-BF0B-7556B3BEE0DB}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{68A02085-FA70-49DF-93F7-ABF0249760C0}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{F6EE61F4-140C-46F0-A3D3-4F0D42583813}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{E065E41D-1987-43DC-9C10-B3D23509D5CD}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{404DEC9E-214B-4F3D-B4F7-331DC5660964}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{D00A66C6-3AC3-4B3E-8FCE-93C49714ED7D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9C3048A8-0F75-4A03-A1F7-B36DD6A85DDB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FBD94990-52D2-4EB0-A60F-C223EFBEC8EE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{FF117F8D-BEF1-4A94-AF29-4F4EF1ABC765}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{0CB3A49E-A204-4B45-8692-9CE80DE9B695}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{429BF4C1-8A07-4742-A9E2-D4A21F66A960}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{F7D886C7-EC3B-482F-AC6D-899F8F7F2937}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{E2EF8197-66E3-4EB6-A329-4061B74F3AD0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{F3B7C8A4-AA9B-43D3-8B78-F3E8F2C15480}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: AODDriver4.2.0
Description: AODDriver4.2.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.2.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/13/2015 03:07:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15616

Error: (11/13/2015 03:07:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15616

Error: (11/13/2015 03:07:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/12/2015 10:28:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15585

Error: (11/12/2015 10:28:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15585

Error: (11/12/2015 10:28:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/12/2015 08:36:35 PM) (Source: UCManSvc) (EventID: 7008) (User: )
Description: CountID=0

Error: (11/12/2015 08:36:35 PM) (Source: UCManSvc) (EventID: 7008) (User: )
Description: CountID=0

Error: (11/12/2015 08:36:35 PM) (Source: UCManSvc) (EventID: 7008) (User: )
Description: CountID=0

Error: (11/12/2015 08:36:35 PM) (Source: UCManSvc) (EventID: 7008) (User: )
Description: CountID=0


System errors:
=============
Error: (11/13/2015 07:16:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The STEC3 service failed to start due to the following error:
%%2

Error: (11/13/2015 07:16:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%3

Error: (11/13/2015 07:14:01 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.

Error: (11/12/2015 09:51:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The STEC3 service failed to start due to the following error:
%%2

Error: (11/12/2015 09:50:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%3

Error: (11/12/2015 09:43:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB3081320).

Error: (11/12/2015 09:36:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB3102810).

Error: (11/12/2015 09:32:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB3101246).

Error: (11/12/2015 09:26:52 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB3100773).

Error: (11/12/2015 09:21:18 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB3101746).


==================== Memory info ===========================

Processor: AMD A8-5500 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 38%
Total physical RAM: 7606.94 MB
Available physical RAM: 4645.73 MB
Total Virtual: 14605.15 MB
Available Virtual: 11634.7 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.46 GB) (Free:160.46 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:16.83 GB) (Free:2.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 8308433B)

Partition: GPT.

==================== End of Addition.txt ============================

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-11-13 07:35:23
-----------------------------
07:35:23.812 OS Version: Windows x64 6.1.7601 Service Pack 1
07:35:23.812 Number of processors: 4 586 0x1001
07:35:23.812 ComputerName: SNOWSAKURA-HP UserName: SnowSakura
07:35:25.852 Initialize success
07:35:25.922 VM: initialized successfully
07:35:25.922 VM: Amd CPU BiosDisabled
07:35:31.283 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000062
07:35:31.293 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 11
07:35:31.393 Disk 0 MBR read successfully
07:35:31.393 Disk 0 MBR scan
07:35:31.403 Disk 0 unknown MBR code
07:35:31.403 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
07:35:31.433 Disk 0 scanning C:\windows\system32\drivers
07:35:38.624 Service scanning
07:35:53.247 Modules scanning
07:35:53.257 Disk 0 trace - called modules:
07:35:53.287 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
07:35:53.297 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b09060]
07:35:53.307 3 CLASSPNP.SYS[fffff880018b143f] -> nt!IofCallDriver -> [0xfffffa800786aac0]
07:35:53.317 5 amd_xata.sys[fffff880010a6d00] -> nt!IofCallDriver -> \Device\00000062[0xfffffa80078683a0]
07:35:53.317 Disk 0 statistics 97913/0/0 @ 7.10 MB/s
07:35:53.317 Scan finished successfully
07:36:11.939 Disk 0 MBR has been saved successfully to "C:\Users\SnowSakura\Desktop\MBR.dat"
07:36:11.939 The log file has been saved successfully to "C:\Users\SnowSakura\Desktop\aswMBR1.txt"

Juliet
2015-11-14, 15:36
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\Run: [aiko] => C:\Users\SnowSakura\AppData\Roaming\SexGameDevil\aiko.exe
C:\Users\SnowSakura\AppData\Roaming\SexGameDevil\aiko.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
C:\Users\SnowSakura\AppData\Local\Temp\SkypeSetup.exe
C:\Users\SnowSakura\AppData\Local\Temp\sldlext.dll
C:\Users\SnowSakura\AppData\Local\Temp\SLDL_DLL.dll
Task: {1FD8ACEA-A39A-4F3D-92A5-3AF1B1DF0607} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {A4D62F11-3A33-40EC-9DBB-8BB6579021D3} - \ProPCCleaner_Popup -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData:{994c8d26-29ed-48af-a647-94693033f5ee}
AlternateDataStreams: C:\windows\System32:{994c8d26-29ed-48af-a647-94693033f5ee}
AlternateDataStreams: C:\Users\All Users:{994c8d26-29ed-48af-a647-94693033f5ee}
AlternateDataStreams: C:\ProgramData\Application Data:{994c8d26-29ed-48af-a647-94693033f5ee}
AlternateDataStreams: C:\Users\SnowSakura\NetHood:{994c8d26-29ed-48af-a647-94693033f5ee}
AlternateDataStreams: C:\Users\SnowSakura\Templates:{994c8d26-29ed-48af-a647-94693033f5ee}
EmptyTemp:
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~`

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


~~~~~
please post
Fixlog.txt
AdwCleaner[CX].txt
JRT.txt

rockmypunkk
2015-11-15, 04:28
Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by SnowSakura (2015-11-14 20:01:17) Run:1
Running from C:\Users\SnowSakura\Desktop
Loaded Profiles: SnowSakura (Available Profiles: SnowSakura)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3039731432-66134049-834813566-1000\...\Run: [aiko] => C:\Users\SnowSakura\AppData\Roaming\SexGameDevil\aiko.exe
C:\Users\SnowSakura\AppData\Roaming\SexGameDevil\aiko.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
C:\Users\SnowSakura\AppData\Local\Temp\SkypeSetup.exe
C:\Users\SnowSakura\AppData\Local\Temp\sldlext.dll
C:\Users\SnowSakura\AppData\Local\Temp\SLDL_DLL.dll
Task: {1FD8ACEA-A39A-4F3D-92A5-3AF1B1DF0607} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {A4D62F11-3A33-40EC-9DBB-8BB6579021D3} - \ProPCCleaner_Popup -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData:{994c8d26-29ed-48af-a647-94693033f5ee}
AlternateDataStreams: C:\windows\System32:{994c8d26-29ed-48af-a647-94693033f5ee}
AlternateDataStreams: C:\Users\All Users:{994c8d26-29ed-48af-a647-94693033f5ee}
AlternateDataStreams: C:\ProgramData\Application Data:{994c8d26-29ed-48af-a647-94693033f5ee}
AlternateDataStreams: C:\Users\SnowSakura\NetHood:{994c8d26-29ed-48af-a647-94693033f5ee}
AlternateDataStreams: C:\Users\SnowSakura\Templates:{994c8d26-29ed-48af-a647-94693033f5ee}
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-3039731432-66134049-834813566-1000\Software\Microsoft\Windows\CurrentVersion\Run\\aiko => value removed successfully
"C:\Users\SnowSakura\AppData\Roaming\SexGameDevil\aiko.exe" => not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0" => key removed successfully
C:\Users\SnowSakura\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Users\SnowSakura\AppData\Local\Temp\sldlext.dll => moved successfully
C:\Users\SnowSakura\AppData\Local\Temp\SLDL_DLL.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1FD8ACEA-A39A-4F3D-92A5-3AF1B1DF0607}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FD8ACEA-A39A-4F3D-92A5-3AF1B1DF0607}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A4D62F11-3A33-40EC-9DBB-8BB6579021D3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4D62F11-3A33-40EC-9DBB-8BB6579021D3}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup => key not found.
C:\ProgramData => ":{994c8d26-29ed-48af-a647-94693033f5ee}" ADS removed successfully.
C:\windows\System32 => ":{994c8d26-29ed-48af-a647-94693033f5ee}" ADS removed successfully.
"C:\Users\All Users" => ":{994c8d26-29ed-48af-a647-94693033f5ee}" ADS not found.
"C:\ProgramData\Application Data" => ":{994c8d26-29ed-48af-a647-94693033f5ee}" ADS not found.
"C:\Users\SnowSakura\NetHood" => ":{994c8d26-29ed-48af-a647-94693033f5ee}" ADS not found.
"C:\Users\SnowSakura\Templates" => ":{994c8d26-29ed-48af-a647-94693033f5ee}" ADS not found.
EmptyTemp: => 1.3 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 20:03:32 ====

# AdwCleaner v5.021 - Logfile created 14/11/2015 at 20:12:01
# Updated 14/11/2015 by Xplode
# Database : 2015-11-13.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : SnowSakura - SNOWSAKURA-HP
# Running from : C:\Users\SnowSakura\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [689 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Home Premium x64
Ran by SnowSakura on 11/14/2015 Sat at 20:16:45.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5F49BBDD-B057-4C74-AFA8-D315F6E3E453}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{5F49BBDD-B057-4C74-AFA8-D315F6E3E453}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}



~~~ Files

Successfully deleted: [File] C:\windows\SysWOW64\REN7D0E.tmp



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{019C8488-AEAC-416E-A233-8F1B7089B714}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{038132B3-A46F-408E-8794-2D1B85A95F66}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{04D885EB-7ED4-445A-882D-A98139848F6F}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{050E8761-1F92-4A7D-AA11-EACBF2C09634}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{05757733-3386-492D-A288-1ECE1E719583}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{08928C1D-2D9B-4271-AE6F-8E9C5BFB8172}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{0916D4B7-6E04-453F-8553-6E2F848B6CD1}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{09CDDB3C-B81D-4931-A0AD-F497A61165C4}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{0A2FDBB1-B309-45A9-AB58-12CA1D357C4D}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{0A5A57AC-255D-4BA6-9972-518AE6109A79}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{0B57EA64-9D7E-47E0-9DF0-BA126068A482}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{0BF3A278-12CA-4C26-9AA3-CBABC812C2EE}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{1030F5ED-26A6-49D4-AEE1-C8595FA93979}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{10FEDAFF-865E-4D28-9BC0-0499077748C9}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{14B591E7-6E11-451E-BABE-3DA846063435}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{1595F3A3-D981-40A8-9B00-8FD6D049A725}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{175C0632-D8C1-4268-BA88-17B75D43F5CB}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{18A7C332-B2BE-461D-8B0C-B23EC9906F60}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{1A074C7A-F499-4140-95AC-4A323E13F3AB}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{1B1A5881-5279-4722-BECC-2B13D06E2E28}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{1B6ABDE0-EE93-49F3-B073-E7888A1C6C9D}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{1BC740C5-C4D6-4E38-BBC4-8147383474B9}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{1BF1A9F0-C3F7-4505-BCA5-F8CB8F8AFB80}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{1CF61660-B1C7-47BB-8D01-C312090FD222}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{1D4C50FB-1553-4DFB-B313-EB46B6CA95C4}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{204B23D9-590F-476E-859E-EFCC7FFDCEE4}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{22683290-1DB1-4A0D-9727-333B0058EB1E}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{23DA7B8A-A4B9-4B7F-85D2-76F00FDE741F}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{23DF025C-D2A1-42BD-AE3D-6930AEC17B30}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{24C52E55-43E5-4052-9D00-52EB7A2A3CD9}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{24CC1E39-E5CA-4F23-9838-56BF2835A326}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{24CE3B61-E5E6-4293-96F2-0BF7E076EFB4}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{25D6B2D4-5B37-4698-A8DD-E6E4CE5F0A45}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{26D4EF40-4F29-4B16-BC17-42736C34E73E}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{29486032-18E6-4A41-BBF2-EF7CFD19CFC6}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{2A2A3E00-9521-44A5-A9BE-34E7B9E28E88}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{2A596A05-A660-4B16-809A-BED9CE676C96}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{2CA91F24-E20B-4BF6-9C79-246C852CF0B4}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{2D46C092-5DEF-4F35-81DA-D7C90E3C32CD}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{2D707AE8-B29A-4D7D-8AFB-621352D0A9B8}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{2D7CE4FB-DB73-4943-8D74-5E5725EC01E4}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{2EC01BB7-ECDC-46F6-B136-6D5CDEE8957A}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{30087C2D-8C3C-4315-8BCE-C1D782D4358E}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{307B219A-19B7-4E11-A07A-C056F1E1FD61}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{31034545-8CB0-49BA-B129-605422532018}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{31C713C8-8BA3-409F-8093-52F3C97F4640}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{33898E5F-9AD8-4418-B43A-71F025D6CA3C}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{33B70D47-AD41-4A09-8D85-DA882608ACB4}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{33DC9F21-BF9A-4FC7-9B3D-DD57E0720885}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{35A4D60A-FEB9-44EE-84CA-339E31BEE31B}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{35DF2560-A2A4-4D0D-B14F-C4A0B302CC78}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{3B871945-C3EF-47AA-85FF-C560912F6CF6}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{3E0ABEA1-D4C8-49D9-998D-83C37E67B2D6}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{3E6BD503-7F46-4358-844F-1B18A7BB51BA}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{3F3A4B0D-8806-4BBA-8447-41C1AF1F8E13}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{4124E294-C081-48DE-8521-B827B08FDB9C}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{446C7819-95DD-491D-BED5-B651A8EE772F}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{44E160BC-2C7B-42BC-978B-F78C9AADF900}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{45A474F1-D768-4F8C-AA9F-681AD3CD399A}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{469C5962-32DD-4CAE-9057-CD78D338B160}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{49C06636-3A3B-4D17-8D09-634197CC4562}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{4AE34DDF-B4BE-4442-8DFD-4D2D67168F93}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{4BD65762-8DB0-41EC-A7A4-0CC5E1E97729}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{4CD0C25B-CA64-48EB-AA0E-D85FD43BA956}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{4CE60444-1912-457E-8726-0F08551D6717}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{4D78B827-BB83-4BF9-BE80-D405BF8FC7A4}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{4DE12A56-D511-4CC1-AF1F-420F0ED4AC48}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{517A6CFA-DDC0-496A-BBD9-370D5CCA255A}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{5266C582-0D09-4D53-B6A5-7131F0DA51C4}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{539BE8D7-2811-45E3-955F-220E291216F8}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{5608334C-F7E1-463C-9F81-57E5F2673FB2}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{5856A1C6-3B03-4AF3-B921-557219E8801F}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{588B8DF9-85F0-4DFA-900F-45525BFFEEAB}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{59D483D7-6558-4733-8FA0-E6A7DCAA3BE5}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{5C565D41-44AC-4CB3-B0DC-1E2B7385947E}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{5D25CBA6-0F03-4020-8A9C-14B4346C6625}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{6064D67C-2972-47BE-9712-713625750681}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{61CC14AB-E206-4F13-AA2F-1C1634EDA2F9}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{62880E10-AABF-43BA-A20D-31F74C2DAA47}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{63339DD4-4FE5-414D-BC26-BE62E2950AD3}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{6385D0AA-DB93-453F-9F04-AD96CA0C9EF8}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{63CA3806-C018-4C13-B6B9-A1134CA7C2D5}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{644A7B63-BF54-4BC1-A625-5199C0DA827C}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{6486ED0B-585D-454C-B5D9-9B834339EC92}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{648CF04A-5635-4D95-A2A9-537D2D25A64C}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{65B9589C-0EAF-41F3-B7E1-248007A21AE0}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{671E8758-71E1-4C40-9F61-F72388D1C685}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{67418FCE-41B8-46DD-839A-563016F8A7D0}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{67663A94-5C13-4E8E-8271-3C0EE9B77A6C}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{68523AA0-3F08-4FF5-B1FB-1DC91CC0AE0F}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{6973F3CF-165C-4B94-99AA-1F93E7EB9798}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{6992DFB5-3384-4ACE-A031-227367B87FAE}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{6AB4B3AE-DC76-4E68-8D50-F167C6248D64}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{6D40D23C-E79F-44D9-A3D8-3283F7FEEFE6}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{6D5E1E4D-481B-4806-8803-5B7A64ED1D1C}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{6DBB83C4-2170-4AB4-AA33-8EEB66403992}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{6F8AEAA9-DA71-45B4-9129-9A737D919BBA}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{71A59205-9402-4A64-B9A0-E5596B564E24}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{72D31B2D-C73A-4777-87DA-A559B3A109EA}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{73202C54-EF5F-4B74-BCDE-CAA4F1F3FA3D}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{735486EC-D27E-4D35-B50C-AA7042E76756}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{7438CD83-D018-4C94-A3B4-41CF0D811570}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{7471FF12-D969-4C9B-BC2C-54FDB24C75B8}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{748C6ADA-9512-4AA2-BDE7-CE0580C932C0}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{752027B5-4F69-4AEA-A228-3C90FFCC689A}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{75A3CC0F-47FD-4E28-839A-A6B4E89C3F56}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{77E33B0E-DEAF-4696-8109-CB41CE5633C6}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{784B15D3-FB45-4E1F-8535-580E1557DB22}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{784BF427-2877-4888-9E8D-5C4C6EC14195}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{78D6C18E-58DD-4552-B514-D8DB0E5528F2}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{7D8A4E00-3DB9-4030-AFE9-12A369DDA0E0}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{7ED85B09-CD3D-42F3-AE9A-D41BFF834C31}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{7F11BE60-7918-4821-AFC2-D825BF1E3E19}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{7FAF86F7-1E9D-4BEC-98B9-E4E42B74E229}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{80A5A7F8-E485-49E4-A42C-B9C401FE7966}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{80E76EB6-24C5-4E0E-8784-1552B98B6B3A}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{815EF5EB-53F9-40FE-8A15-10CB89BBE081}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{83DC3F2D-6C04-43C4-9356-90409EBF681C}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{84691ABD-FA82-4D86-AC0B-D84C39A229F4}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{850B3350-2FC4-4126-BB80-ABAF6571B8DA}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{86FB12DB-83A1-44A0-951D-73BB86068235}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{874E8755-4B84-4951-BED0-A90C925139A3}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{87D1FFC1-DE6A-4DEA-BD44-D7826B60B617}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{88CE449E-32AD-4EAC-AE9F-6C2D4EBC3BBB}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{8AB9C2F0-3D75-4DA0-A531-3890DD902138}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{8AD64CE3-F574-4C2D-899F-DEE5FBCAC841}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{8CB387EF-19B6-48E8-BDE8-FDD6CD623E3D}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{8DC6709A-DB8C-40E8-BB91-6AC93B07DA83}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{8F18DB38-055E-4E65-A921-FD4AAB5E8867}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{8F2CE051-83A7-4DF3-97E7-52E62C0F5742}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{8FABBBFC-5CF1-4DDD-8023-37F85529DED8}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{8FC06E9C-F1E9-441C-B5A6-F6D8D9C84D06}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{91AE39A6-9405-4DA8-9E89-DBEA91275AE5}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{927B3EA8-24AA-4279-A976-BC70C47E9171}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{92A45A3A-D11E-4923-88B8-C509CD865BC7}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{92D7B4E2-F87A-4C33-8C4F-C22F5E17B887}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{93AD433F-BD9B-484E-A919-81A1914364BF}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{94336043-FA9A-4030-A178-0EFDB32A2A5A}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{9464FD5A-BDAE-449F-A760-A3E6EB6E3290}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{94CE8389-4437-42B9-9910-64CB3EF6C3A8}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{94D4B4E3-C14D-4F7F-B43E-5D04D7E33C0E}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{9513887D-E2AA-4CB0-8BD4-F5A9002C451A}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{95A2D867-4297-412D-81D5-D1AA8CFF3F1E}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{961F2B17-750D-4F65-B4A2-80C769C80F83}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{9753AE8A-0E29-4C00-8D77-A32B038126D9}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{97755C3C-7ECF-4446-B272-3BA2A543719A}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{9896BB02-5CB7-4022-9820-DDBDC685E4E9}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{9A30A129-2242-43AA-AFF3-3B546D775252}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{9D0294B5-77DF-4437-9F19-27953F6F3D31}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{9E5CAD5E-31E3-4F91-B2F5-B63B3322F836}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{9F35ADDE-312D-4794-8EF3-2981C5A60263}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{A014E819-01C1-4E1A-AF12-92740DD3F215}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{A0736ED2-AD84-4C7B-B49E-D68B76601FE5}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{A12C2145-4177-4671-949A-EE8542C7796A}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{A1C339E1-44AC-46C4-A6E4-66BF01F8D196}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{A24A360D-079D-4309-B12D-F06E23738ECB}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{A2DE5CA9-A9B1-4772-9E19-E83B5DA037CA}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{A500EDB8-A49E-427A-B359-7011DEBC10F4}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{A5011630-E8BC-400B-A2D4-697016FFE872}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{A608AC63-102F-48A8-A212-D53778C7CEDD}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{A6733DA6-8B3D-40AD-BEED-81E2C7E87BF6}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{A77C9ACE-929E-4014-A632-F55E6CE3D926}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{A9068669-DE49-4B23-9642-49FAECDE6714}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{A96A98E2-8CCD-4972-8471-979FB3FBEE56}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{A9B3BA73-5CBA-4A92-860F-91AB6AA717C3}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{AA0644D0-BE83-4C9D-ABB4-2E6EEA8248D0}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{AA5E65E2-DF16-424F-A4C2-3466D3DA92B1}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{AB00B254-C6DE-43A7-A1A7-BB06006CA180}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{AB5ADFB3-BF64-4C42-B9B5-57F9E1C5E13F}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{AD7B177A-0AA3-4F84-968D-C71B014BB444}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{AE46745C-3795-40AB-A7BE-0E7655D23191}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{AF3BF109-3D57-42E3-9023-466C4AD6C77C}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{AFCEC9CD-9FF8-41BA-8E52-06252E934B8B}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{B208F068-644F-4374-95C7-767A01DC0071}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{B2099A50-6525-4392-B5E7-4F59E6346C2E}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{B27DE074-47CE-46A3-AF3E-DC734EEBE771}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{B41B18BC-0D7F-4BC7-AFBB-21BAFE472A68}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{B4D4DA71-5A62-4EDC-A146-471463A9BF22}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{B4D5118D-A0C7-43A7-B456-510845117525}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{B4E5D32C-415A-4B27-9041-823EDAEB946A}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{B5DB3EC2-56C8-4A39-9C78-6C36A0699B68}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{B6E6A654-379D-4423-9BBF-FD074DC0D0D2}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{B790C37A-8982-4F4B-AE14-D7751D96AEF5}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{B8F1FE12-21AC-4811-80D1-12E61FEEE600}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{BA173BE2-6695-4607-8D83-6CACE9417CA7}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{BAB1875C-EE7D-409F-BEF3-7239F352A656}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{BAB902B7-5A89-44CE-BA2A-D13C08857F85}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{BAE9D5E8-0C6D-4BA6-8422-C29DC7437760}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{BF37871A-37DE-4857-83D8-EE58804FE0A8}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{C0EC3353-6A1F-41FF-BBA8-0C6ADEA511C2}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{C11E3EFF-30E9-4993-B6F9-D34B48F42A21}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{C50C04DE-87F1-4268-9AA8-D6AE7892A69D}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{C516B96D-7959-4DBD-B08E-ECF2925DCB72}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{C6CB73FF-7452-4160-BA9E-5610ADB3B270}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{C7BD69DE-C6ED-40D4-A74C-DDC96CCF3D9F}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{CADEAC41-CC34-40B7-8FB6-1C52DD6B2911}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{CB7BB4D5-FECE-41AE-B423-A229822A2964}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{CC37295B-46EE-41F4-B10D-7A2595C58AD3}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{CD9D0DF5-FC13-4D7C-8C08-36D4B633F53E}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{CDA415C2-5BB5-400F-8D28-7ECB9866CC9F}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{CFCCD73C-EC1E-496C-B108-45075445BC4B}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{CFCD7F73-951B-445E-A34C-FC576DA07EE8}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{CFD68248-35F0-4AE2-A09B-F4D200FD6A06}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{D043353A-7370-48E6-883D-CA78C0164DBA}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{D1199740-1E6F-4311-BEA0-B8B7497294A6}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{D15EA85C-9E2E-4DB2-B7BB-FDC6966FDB06}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{D19EA287-79EF-4257-9973-B9056B955124}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{D677D1BE-4F1A-43C2-BE6F-1F4156A23D7D}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{D80647DC-365B-4F9A-863A-146E799EAA87}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{D9A81A67-CDBB-4F74-A78D-F7473451C4E3}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{DB1CB9F5-8FF7-4520-A450-8B708379F368}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{DB85B720-1B6D-41EA-A484-6FCD1678AA9D}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{DC616056-02F0-4257-8BCD-17D37C1798BF}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{DCC36452-53EA-4F78-BB64-B2F58F0309B9}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{DE9973CC-574A-40A0-B313-60D2F4C51F39}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{E0C9A233-918C-4E71-AD6C-A814B55C4DA9}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{E0E46B53-C584-48BB-8DDF-759243665294}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{E15F155C-8E2B-40CD-914E-40E851A7939F}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{E2D74363-08EE-4DA7-9AEC-411A60A1109B}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{E312B816-0BC9-4A16-B1C4-2055AD0A47A3}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{E31A9519-504C-48E8-9655-2748CA8B41D6}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{E43DA77F-8A65-4C2E-BFE6-A2D78FF66A28}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{E50AD7D2-FC31-4925-A7C6-86E6B53AAA01}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{E50ECF38-28A6-4EBB-B7A7-F47F0FB54542}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{E6A3ADE8-C0EB-4194-BA5F-1648CDDF05A1}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{E6CF64FA-4234-4648-84AF-F9C65F533A82}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{E7C3164D-4875-4E2C-9148-F706D82A974A}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{E9F153E2-03EF-4C72-9A9F-6D172DA62BBC}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{EA0AF6E6-00E2-4E22-9760-BA06F6F1E085}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{EAC79146-344B-4A5A-94F4-C0992B49631B}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{EAD12F37-9669-42F0-8575-633B40BAF1B6}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{EB1773CF-98A6-48CD-A132-DFE9F1B63CD2}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{EC917DE0-E653-4A4C-8496-B01D51DC8554}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{ED98DB45-5143-446F-91A6-0EFA9249C468}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{EDA4AC78-1BAA-49D3-B605-6948058F3626}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{EE3BEC61-BA49-4A1D-97D9-56DEC2175A9F}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{EE855AA5-3B3B-4976-B8E3-AF75CBFD606E}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{EEBBCCFA-3A7C-4532-8047-152AF0F2D940}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{EEEE2127-4D41-4350-B4B5-D05D28EEC8AC}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{EF22DD72-A134-42B1-ABDF-F855E8FCE718}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{F00EEB1B-3A58-4EBC-87A6-4E2F0E8817FC}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{F08A5697-0476-485E-A3E6-AD4CEAB357DD}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{F0B4B8E7-4DB6-47A8-8CDF-D735B4437552}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{F28E4D47-33CA-488C-9920-3F7037D22ED4}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{F309AA0D-09EE-4FC4-9F2E-608716E19A1D}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{F330AE14-A35C-416E-899E-E2711DC9FF79}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{F3830380-D191-4501-9994-7D30F2811635}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{F4270A3C-4A87-4E63-91F5-F88C954329EF}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{F429B5E3-1DE6-402E-AE09-2B99CDDB54C8}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{F595E9C0-DEF0-46C8-9347-21C258AAD934}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{F5E1A25A-927F-4BEA-8298-18DA7CC71E05}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{F7B0D6B7-FD23-4B1E-9189-138ECD697015}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{F8EE9E17-44AE-4A67-BED0-6BDE61D54A37}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{FA053E2B-718E-4A08-8BAF-B9F7FF44F517}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{FAB6280A-3BEF-485D-BF1F-2463F2CFDEBF}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{FCE9E7F5-EA7D-4A77-85FB-A02150EAF658}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{FD358A09-958B-4263-AC8A-71E80C4B7344}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{FD493520-8D17-4672-BA5A-7DD5089C7075}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{FD978DCA-2280-4A89-82F9-66F9A3A3B581}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{FDF2E2CB-4E82-44F6-9EF6-64654922E32E}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{FE3CC26B-092C-479E-9940-58218029CBF5}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{FF2809B9-531B-4948-86E1-2F388B890FCC}
Successfully deleted: [Empty Folder] C:\Users\SnowSakura\Appdata\Local\{FFF9A603-81FD-4E75-96E2-9A9B42A06DAC}
Successfully deleted: [Folder] C:\Users\SnowSakura\Appdata\Local\crashrpt
Successfully deleted: [Folder] C:\Users\SnowSakura\AppData\Roaming\getrighttogo



~~~ FireFox

Emptied folder: C:\Users\SnowSakura\AppData\Roaming\mozilla\firefox\profiles\wk7cf222.default-1406918487978\minidumps [56 files]



~~~ Chrome


[C:\Users\SnowSakura\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\SnowSakura\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\SnowSakura\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\SnowSakura\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/14/2015 Sat at 20:23:12.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Juliet
2015-11-15, 13:55
Tell me what the computer is doing now.


Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) TO YOUR DESKTOP




Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"




http://i24.photobucket.com/albums/c30/ken545/0841859c-1a35-4dbd-b41a-e720629e3e22_zpst0yckuua.png



On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

When the scan is finished and the log pops up...select Copy to Clipboard

Please paste the log back into this thread for review

Exit Malwarebytes


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply

rockmypunkk
2015-11-15, 16:17
Looks alright now

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/15/2015
Scan Time: 7:53 AM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.11.15.02
Rootkit Database: v2015.11.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: SnowSakura

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 361099
Time Elapsed: 21 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Juliet
2015-11-15, 16:27
Looks alright now
Good deal

Let's continue

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.



Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please download ESET Online Scan (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png. If no threats were found, skip the next two bullet points.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.

rockmypunkk
2015-11-15, 21:39
Push the Back button.
Place a checkmark next to and click .

Did that get cut off? Next to what?

Juliet
2015-11-15, 21:45
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png. If no threats were found, skip the next two bullet points.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.

these are the instructions to gather information found and how to copy and paste the results?

rockmypunkk
2015-11-16, 00:39
C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application
C:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
C:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave6.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave6.zip Win32/Bagle.gen.zip worm
C:\Users\SnowSakura\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\70829dcc-7c4c47ca multiple threats
C:\Users\SnowSakura\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\7a586c55-1634b9cd multiple threats
C:\Users\SnowSakura\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\3d5c4960-4dbda995 multiple threats
C:\Users\SnowSakura\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1793f924-68ba528c multiple threats
C:\Users\SnowSakura\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\370a6964-24c2197c Java/Agent.FH trojan
C:\Users\SnowSakura\Desktop\ScpServer\chiitrans2\agth\agth.dll a variant of Win32/AGTH.A potentially unwanted application
C:\Users\SnowSakura\Downloads\chiitrans2.16.4505.2364.zip a variant of Win32/AGTH.A potentially unwanted application
C:\Users\SnowSakura\Downloads\chiitrans2.16.4505.2364\chiitrans2\agth\agth.dll a variant of Win32/AGTH.A potentially unwanted application

Juliet
2015-11-16, 02:40
Cheatengine, it's used to hack games and can also used to hack your computer - thus the designation of potentially unsafe application. If you installed it yourself, then it is probably not being used to hack you.
Consider the information and use your judgement if you should keep it.

~~~~~~~~~~~~

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)



start
CreateRestorePoint:
CloseProcesses:
C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave6.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave6.zip
C:\Users\SnowSakura\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\70829dcc-7c4c47ca
C:\Users\SnowSakura\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\7a586c55-1634b9cd
C:\Users\SnowSakura\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\3d5c4960-4dbda995
C:\Users\SnowSakura\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1793f924-68ba528c
C:\Users\SnowSakura\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\370a6964-24c2197c
C:\Users\SnowSakura\Desktop\ScpServer\chiitrans2\agth\agth.dll
C:\Users\SnowSakura\Downloads\chiitrans2.16.4505.2364.zip
C:\Users\SnowSakura\Downloads\chiitrans2.16.4505.2364\chiitrans2\agth\agth.dll
EmptyTemp:
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Post this log when finished and also tell me how the computer is now.

rockmypunkk
2015-11-16, 03:09
Looking okay so far on the cpu usage, will need to monitor over the next few days.

Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by SnowSakura (2015-11-15 19:01:47) Run:2
Running from C:\Users\SnowSakura\Desktop
Loaded Profiles: SnowSakura (Available Profiles: SnowSakura)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave6.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave6.zip
C:\Users\SnowSakura\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\70829dcc-7c4c47ca
C:\Users\SnowSakura\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\7a586c55-1634b9cd
C:\Users\SnowSakura\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\3d5c4960-4dbda995
C:\Users\SnowSakura\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1793f924-68ba528c
C:\Users\SnowSakura\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\370a6964-24c2197c
C:\Users\SnowSakura\Desktop\ScpServer\chiitrans2\agth\agth.dll
C:\Users\SnowSakura\Downloads\chiitrans2.16.4505.2364.zip
C:\Users\SnowSakura\Downloads\chiitrans2.16.4505.2364\chiitrans2\agth\agth.dll
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave6.zip => moved successfully
"C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave6.zip" => not found.
C:\Users\SnowSakura\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\70829dcc-7c4c47ca => moved successfully
C:\Users\SnowSakura\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\7a586c55-1634b9cd => moved successfully
C:\Users\SnowSakura\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\3d5c4960-4dbda995 => moved successfully
C:\Users\SnowSakura\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1793f924-68ba528c => moved successfully
C:\Users\SnowSakura\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\370a6964-24c2197c => moved successfully
C:\Users\SnowSakura\Desktop\ScpServer\chiitrans2\agth\agth.dll => moved successfully
C:\Users\SnowSakura\Downloads\chiitrans2.16.4505.2364.zip => moved successfully
C:\Users\SnowSakura\Downloads\chiitrans2.16.4505.2364\chiitrans2\agth\agth.dll => moved successfully
EmptyTemp: => 880.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 19:02:23 ====

Juliet
2015-11-16, 04:00
will need to monitor over the next few days.

ok let me know

rockmypunkk
2015-11-17, 00:10
Everything is still looking fine, 1-3% cpu when doing nothing. I think we're nice and clean now

Juliet
2015-11-17, 00:46
http://i.imgur.com/AFZxnZc.jpg DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.

Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Activate UAC
Remove disinfection tools

Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


~~~~~~~~~~~~~`


Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP


The following programmes come highly recommended in the security community.

http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.


Want to help others? Join the ClassRoom (http://forums.whatthetech.com/What_the_Tech_Classroom_t80368.html) and learn how.

Juliet
2015-11-19, 19:51
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.