Dinklebird
Members-
Posts
3 -
Joined
-
Last visited
Reputation
0 Neutral-
Avast Antivirus 16 pop ups
Dinklebird replied to Dinklebird's topic in Resolved Malware Removal Logs
the first one is incorrect, sorry Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015 Ran by hugo (administrator) on DOGE on 02-06-2015 17:09:50 Running from C:\Users\hugo\Desktop Loaded Profiles: hugo (Available Profiles: hugo) Platform: Windows 8 (X64) OS Language: English (United States) Internet Explorer Version 10 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe () C:\Windows\KMS-QAD.exe (Dritek System INC.) C:\Windows\RfBtnSvc64.exe (Company) C:\Program Files (x86)\Popcorn Time\Updater.exe (Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Spotify Ltd) C:\Users\hugo\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.246\deploy\LoLLauncher.exe () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.30\deploy\LoLPatcher.exe () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.146\deploy\LolClient.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe () C:\Windows\QAD-Hook.exe (Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor) HKLM\...\Run: [btPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-11] () HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-26] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2015-05-26] (AVAST Software) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\Run: [spotify Web Helper] => C:\Users\hugo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-25] (Spotify Ltd) HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\Run: [spotify] => C:\Users\hugo\AppData\Roaming\Spotify\Spotify.exe [7298616 2015-05-25] (Spotify Ltd) HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\Run: [AceUpdater] => C:\Users\hugo\AppData\Roaming\ACEStream\updater\ace_update.exe [22824 2014-10-01] () HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\Run: [AceWebExtensionUpdater] => C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe [22824 2015-02-28] () HKU\S-1-5-18\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} IFEO\OSppSvc.exe: [Debugger] QAD-Hook.exe IFEO\SppExtComObj.exe: [Debugger] QAD-Hook.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-26] (AVAST Software) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/nl-nl/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2583284370-4071791723-3653827449-1001 -> {4CC4338D-BB15-48E3-9BC1-8246E85F24B7} URL = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-26] (AVAST Software) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-26] (AVAST Software) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\hugo\AppData\Roaming\Mozilla\Firefox\Profiles\womepcs4.default FF Homepage: https://www.google.nl/?gws_rd=ssl FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-20] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-20] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2583284370-4071791723-3653827449-1001: @acestream.net/acestreamplugin,version=3.0.12 -> C:\Users\hugo\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-12-03] (Innovative Digital Technologies) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.) FF Extension: AS Magic Player - C:\Users\hugo\AppData\Roaming\Mozilla\Firefox\Profiles\womepcs4.default\Extensions\magicplayer@acestream.org [2015-05-27] FF Extension: Adblock Plus - C:\Users\hugo\AppData\Roaming\Mozilla\Firefox\Profiles\womepcs4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-17] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-26] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-26] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-26] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-11] (Qualcomm Atheros Commnucations) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-05-26] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-05-26] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-05-26] (Avast Software) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [28560 2012-08-30] (ELAN Microelectronics Corp.) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R2 KMS-R@1n; C:\Windows\KMS-QAD.exe [22528 2015-05-18] () [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-11-13] (Dritek System INC.) R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-06-02] (Enigma Software Group USA, LLC.) R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [335360 2014-12-17] (Company) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-05-26] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2015-05-26] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-05-26] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2015-05-26] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-05-26] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-05-26] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-05-26] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-05-26] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-05-26] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-05-26] () R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-11] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) S3 esgiguard; C:\Users\hugo\AppData\Local\Temp\RarSFX0\esgiguard.sys [16432 2015-04-17] (Enigma Software Group USA, LLC.) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-06-02] () R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-02] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-11-13] (Dritek System Inc.) U0 ufvqkt; C:\Windows\System32\drivers\yysxn.sys [79064 2015-06-02] (Malwarebytes Corporation) R3 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [270728 2015-05-26] (Avast Software) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-02 17:09 - 2015-06-02 17:10 - 00015157 _____ () C:\Users\hugo\Desktop\FRST.txt 2015-06-02 17:09 - 2015-06-02 17:09 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\yysxn.sys 2015-06-02 17:09 - 2015-06-02 17:09 - 00000000 ____D () C:\FRST 2015-06-02 16:58 - 2015-06-02 16:58 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-06-02 16:57 - 2015-06-02 16:57 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-06-02 16:57 - 2015-06-02 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-06-02 16:57 - 2015-06-02 16:57 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-06-02 16:57 - 2015-06-02 16:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-06-02 16:57 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-06-02 16:57 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-06-02 16:57 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-06-02 16:52 - 2015-06-02 16:54 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\hugo\Desktop\mbam-setup-2.1.6.1022.exe 2015-06-02 16:52 - 2015-06-02 16:52 - 02108928 _____ (Farbar) C:\Users\hugo\Desktop\FRST64.exe 2015-06-02 15:53 - 2015-06-02 15:53 - 04798416 _____ (McAfee, Inc.) C:\Users\hugo\Downloads\MCPR.exe 2015-06-02 15:07 - 2015-06-02 15:07 - 46420165 ____R () C:\Users\hugo\Downloads\SpyHunter 4.19.13.4482 Portable.zip 2015-06-02 14:55 - 2015-06-02 14:55 - 00003314 _____ () C:\WINDOWS\System32\Tasks\SpyHunter4Startup 2015-06-02 14:55 - 2015-06-02 14:55 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2015-06-02 14:55 - 2015-06-02 14:55 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Enigma Software Group 2015-06-02 14:55 - 2015-06-02 14:55 - 00000000 ____D () C:\sh4ldr 2015-06-02 14:55 - 2015-06-02 14:55 - 00000000 _____ () C:\autoexec.bat 2015-06-02 14:54 - 2015-06-02 14:54 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\hugo\Downloads\SpyHunter-Installer.exe 2015-06-02 14:54 - 2015-06-02 14:54 - 00022704 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys 2015-06-02 14:54 - 2015-06-02 14:54 - 00000000 ____D () C:\Program Files\Enigma Software Group 2015-06-02 07:32 - 2015-06-02 07:32 - 02231296 _____ () C:\Users\hugo\Downloads\adwcleaner_4.206.exe 2015-06-01 17:47 - 2015-06-01 17:47 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2015-06-01 17:46 - 2015-06-01 17:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-06-01 17:46 - 2015-06-01 17:46 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-06-01 17:45 - 2015-06-01 17:47 - 00000000 ____D () C:\ProgramData\Adobe 2015-06-01 17:44 - 2015-06-01 17:44 - 00568767 _____ () C:\Users\hugo\Downloads\lemoulin.pdf.zip 2015-05-26 16:28 - 2015-05-26 16:28 - 00000247 _____ () C:\WINDOWS\system32\2015-05-26-14-28-19.054-aswFe.exe-5212.log 2015-05-26 16:28 - 2015-05-26 16:28 - 00000197 _____ () C:\WINDOWS\system32\2015-05-26-14-28-15.012-AvastVBoxSVC.exe-1956.log 2015-05-26 15:42 - 2015-05-26 15:42 - 00755216 _____ () C:\Users\hugo\Downloads\loldrophackv16__7934_il309(1).exe 2015-05-26 15:40 - 2015-05-26 15:40 - 00755216 _____ () C:\Users\hugo\Downloads\loldrophackv16__7934_il309.exe 2015-05-26 15:38 - 2015-05-26 16:17 - 00000247 _____ () C:\WINDOWS\system32\2015-05-26-13-38-56.028-aswFe.exe-6100.log 2015-05-26 15:38 - 2015-05-26 15:38 - 00000197 _____ () C:\WINDOWS\system32\2015-05-26-13-38-52.009-AvastVBoxSVC.exe-2384.log 2015-05-26 15:36 - 2015-05-26 15:36 - 02097629 _____ () C:\Users\hugo\Downloads\leagueoflegendsmultihack.zip.part 2015-05-26 15:29 - 2015-05-26 15:29 - 00001223 _____ () C:\WINDOWS\unins000.dat 2015-05-26 15:29 - 2015-05-26 15:28 - 01180529 _____ () C:\WINDOWS\unins000.exe 2015-05-26 15:25 - 2015-05-26 15:26 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox 2015-05-26 15:25 - 2015-05-26 15:26 - 00000000 ____D () C:\WINDOWS\system32\vbox 2015-05-26 15:25 - 2015-05-26 15:25 - 01853762 _____ () C:\Users\hugo\Downloads\AA By Onhax.rar 2015-05-26 15:24 - 2015-05-26 15:24 - 02053480 _____ () C:\Users\hugo\Downloads\Avast 2015 All Working Cracks Keys are Here ! [LATEST].exe 2015-05-26 15:22 - 2015-05-26 15:22 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\AVAST Software 2015-05-26 15:21 - 2015-05-26 15:21 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update 2015-05-26 15:21 - 2015-05-26 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-05-26 15:20 - 2015-05-26 15:21 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2015-05-26 15:20 - 2015-05-26 15:21 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys 2015-05-26 15:20 - 2015-05-26 15:20 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2015-05-26 15:20 - 2015-05-26 15:20 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2015-05-26 15:20 - 2015-05-26 15:20 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2015-05-26 15:20 - 2015-05-26 15:20 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2015-05-26 15:20 - 2015-05-26 15:20 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2015-05-26 15:20 - 2015-05-26 15:20 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2015-05-26 15:20 - 2015-05-26 15:20 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2015-05-26 15:20 - 2015-05-26 15:20 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2015-05-26 15:20 - 2015-05-26 15:20 - 00028184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2015-05-26 15:19 - 2015-05-26 15:19 - 00449936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys 2015-05-26 15:18 - 2015-05-26 15:18 - 00000000 ____D () C:\Program Files\AVAST Software 2015-05-26 15:17 - 2015-05-26 15:18 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-05-26 15:03 - 2015-05-26 15:16 - 182803088 _____ (AVAST Software) C:\Users\hugo\Downloads\avast--Premier-Antivirus-2015-10.0.2206-Final Trial.exe 2015-05-25 09:56 - 2015-05-25 09:57 - 02128667 _____ () C:\Users\hugo\Downloads\EaseUS Data Recovery Wizard 8.6 Keygen _5BOnhax_5D.rar 2015-05-25 09:54 - 2015-05-25 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard 8.8 2015-05-25 09:52 - 2015-05-25 09:52 - 10758512 _____ (EaseUS ) C:\Users\hugo\Downloads\drw_trial.exe 2015-05-24 19:33 - 2015-05-24 19:34 - 00000000 ____D () C:\Users\hugo\Downloads\THE BLACKLIST(2014) S02E22 H.264(WEB-DL)DD5.1 1080p NL Subs TBS 2015-05-24 19:28 - 2015-05-24 19:28 - 00018205 _____ () C:\Users\hugo\Downloads\[kat.cr]the.blacklist.2014.s02e22.h.264.web.dl.dd5.1.1080p.nl.subs.tbs.torrent 2015-05-24 19:26 - 2015-05-24 19:27 - 00000000 ____D () C:\Users\hugo\Downloads\The Blacklist S02 WEB-DL x264-FUM[ettv] 2015-05-24 18:20 - 2015-05-24 19:32 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\.ACEStream 2015-05-24 18:20 - 2015-05-24 19:14 - 00000000 ___HD () C:\_acestream_cache_ 2015-05-24 18:20 - 2015-05-24 18:20 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media 2015-05-24 18:19 - 2015-05-24 18:20 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\AceWebExtension 2015-05-24 18:19 - 2015-05-24 18:20 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\ACEStream 2015-05-24 18:18 - 2015-05-24 18:19 - 69574952 _____ () C:\Users\hugo\Downloads\Ace_Stream_Media_3.0.12.exe 2015-05-24 18:18 - 2015-05-24 18:18 - 00028102 _____ () C:\Users\hugo\Downloads\[kat.cr]game.of.thrones.s05e06.hdtv.x264.asap.ettv.torrent 2015-05-20 23:20 - 2015-05-21 08:48 - 00000020 _____ () C:\WINDOWS\capsys184523.log 2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Mirillis 2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\Users\hugo\AppData\Local\Mirillis 2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\ProgramData\Mirillis 2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis 2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\Program Files (x86)\Mirillis 2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\Action! 2015-05-20 23:17 - 2015-05-20 23:17 - 00000000 ____D () C:\Users\hugo\Downloads\Mirillis Action! 1.21.0.0 2015-05-20 23:15 - 2015-05-20 23:15 - 00000000 ____D () C:\Users\hugo\Downloads\Mirillis.Action!.v1.21.0.0.Thx-Acersoft 2015-05-20 23:11 - 2015-05-20 23:12 - 18829112 _____ (Mirillis Ltd.) C:\Users\hugo\Downloads\action_1_22_0_setup.exe 2015-05-20 23:11 - 2015-05-20 23:11 - 01122816 _____ (ONHAX.NET) C:\Users\hugo\Downloads\Mirillis Action! v1.22 Patch.exe 2015-05-20 07:32 - 2015-05-20 07:32 - 00000000 ____D () C:\Users\hugo\AppData\Local\Macromedia 2015-05-20 07:28 - 2015-06-01 17:47 - 00000000 ____D () C:\Users\hugo\AppData\Local\Adobe 2015-05-19 22:22 - 2015-05-19 22:22 - 00000000 ____D () C:\Users\hugo\AppData\Local\clear.fi 2015-05-19 16:32 - 2015-06-02 07:34 - 00000000 ____D () C:\AdwCleaner 2015-05-19 16:31 - 2015-05-19 16:32 - 02209792 _____ () C:\Users\hugo\Downloads\adwcleaner_4.204.exe 2015-05-19 16:30 - 2015-05-19 16:30 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\GlarySoft 2015-05-19 07:48 - 2015-06-02 15:59 - 00000000 ____D () C:\Users\hugo\AppData\Local\Spotify 2015-05-19 07:48 - 2015-06-02 15:58 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Spotify 2015-05-19 07:48 - 2015-05-19 07:48 - 00155296 _____ (Spotify Ltd) C:\Users\hugo\Downloads\SpotifySetup.exe 2015-05-19 07:48 - 2015-05-19 07:48 - 00001766 _____ () C:\Users\hugo\Desktop\Spotify.lnk 2015-05-19 07:48 - 2015-05-19 07:48 - 00001752 _____ () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2015-05-18 21:05 - 2015-05-18 21:05 - 00022474 _____ () C:\Users\hugo\Downloads\the.blacklist.karakurt.(2015).dut.1cd.(6173748).zip 2015-05-18 20:59 - 2015-05-30 15:23 - 00000000 ____D () C:\Users\hugo\Downloads\PopcornTime 2015-05-18 20:58 - 2015-05-18 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time 2015-05-18 20:57 - 2015-05-18 20:58 - 00000000 ____D () C:\Program Files (x86)\Popcorn Time 2015-05-18 20:57 - 2015-05-18 20:57 - 50764339 _____ (Popcorn Time ) C:\Users\hugo\Downloads\PopcornTime-latest.exe 2015-05-18 16:47 - 2015-05-18 16:47 - 00000000 ____D () C:\WINDOWS\System32\Tasks\R@1n-KMS 2015-05-18 16:46 - 2015-05-18 16:46 - 00022528 _____ () C:\WINDOWS\KMS-QAD.exe 2015-05-18 16:46 - 2015-05-18 16:46 - 00005120 _____ () C:\WINDOWS\QAD-Hook.exe 2015-05-18 16:46 - 2015-05-18 16:46 - 00003584 _____ () C:\WINDOWS\QAD-Hook.dll 2015-05-18 16:44 - 2015-05-18 16:44 - 00000000 _____ () C:\Users\hugo\AppData\Local\Temp.dat 2015-05-18 16:40 - 2015-05-18 16:40 - 02052456 _____ () C:\Users\hugo\Downloads\Re-Loader 1.2 Final All Windows And Office Activator Is Here![Latest].exe 2015-05-18 15:55 - 2015-05-18 15:55 - 00889416 _____ (Microsoft Corporation) C:\Users\hugo\Downloads\dotNetFx40_Full_setup.exe 2015-05-18 15:53 - 2015-05-18 15:53 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit 2015-05-18 15:48 - 2015-06-02 15:43 - 00000000 ____D () C:\Users\hugo\AppData\Local\Deployment 2015-05-18 15:48 - 2015-05-18 15:48 - 00000000 ____D () C:\Users\hugo\AppData\Local\Apps\2.0 2015-05-18 10:08 - 2015-05-18 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-05-18 10:06 - 2015-05-18 10:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server 2015-05-18 10:06 - 2015-05-18 10:06 - 00000000 ____D () C:\WINDOWS\PCHEALTH 2015-05-18 10:05 - 2015-05-18 10:08 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-05-18 10:05 - 2015-05-18 10:05 - 00000000 ____D () C:\Users\hugo\AppData\Local\Microsoft Help 2015-05-18 10:05 - 2015-05-18 10:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services 2015-05-18 10:04 - 2015-05-18 10:04 - 00000000 ____D () C:\Program Files\Microsoft Office 2015-05-18 10:02 - 2015-06-02 17:09 - 00000000 ____D () C:\Program Files (x86)\SharePoint Fix 2015-05-18 10:02 - 2015-05-18 16:41 - 00000000 ____D () C:\ProgramData\17676060002624468702 2015-05-18 10:02 - 2015-05-18 10:02 - 00000000 __RHD () C:\MSOCache 2015-05-18 10:01 - 2015-06-02 15:57 - 00000368 _____ () C:\WINDOWS\Tasks\Bidaily Synchronize Task[pr].job 2015-05-18 10:01 - 2015-05-18 10:01 - 00003254 _____ () C:\WINDOWS\System32\Tasks\Bidaily Synchronize Task[pr] 2015-05-18 09:57 - 2015-05-18 09:59 - 00000000 ____D () C:\Users\hugo\Downloads\Microsoft Office 2013 Professional Plus activation crack 2015-05-18 09:56 - 2015-06-02 15:11 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\uTorrent 2015-05-18 09:56 - 2015-05-18 09:56 - 02051944 _____ () C:\Users\hugo\Downloads\Re-Loader_1.2_Final.rar 2015-05-18 09:56 - 2015-05-18 09:56 - 00026057 _____ () C:\Users\hugo\Downloads\784_microsoft.offic.torrent 2015-05-18 09:55 - 2015-05-18 09:55 - 01998432 _____ (BitTorrent Inc.) C:\Users\hugo\Downloads\uTorrent.exe 2015-05-18 09:47 - 2015-05-22 07:40 - 00000000 ____D () C:\Users\hugo\Desktop\School 2015-05-18 09:07 - 2015-05-18 09:10 - 00000000 ____D () C:\Users\hugo\Documents\Revocer 2015-05-18 09:05 - 2015-05-18 09:05 - 02622696 _____ (Copyright © 2011 eSupport.com • All Rights Reserved ) C:\Users\hugo\Downloads\undeleteplus_setup.exe 2015-05-18 08:30 - 2015-05-18 08:30 - 00234966 _____ () C:\Users\hugo\Downloads\REST2514.exe 2015-05-18 08:30 - 2015-05-18 08:30 - 00000000 ____D () C:\Restoration 2015-05-18 08:29 - 2015-05-18 08:29 - 00707144 _____ (Generic Installer ) C:\Users\hugo\Downloads\Installer_Restoration.exe 2015-05-18 08:21 - 2015-05-18 08:21 - 04426120 _____ (Piriform Ltd) C:\Users\hugo\Downloads\rcsetup152.exe 2015-05-17 22:59 - 2015-05-17 22:59 - 00646538 _____ () C:\Users\hugo\Downloads\ThrottleStop_500a.zip 2015-05-17 22:59 - 2015-05-17 22:59 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\WinRAR 2015-05-17 22:37 - 2015-05-25 15:02 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\vlc 2015-05-17 22:37 - 2015-05-17 22:37 - 00001034 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2015-05-17 22:37 - 2015-05-17 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-05-17 22:37 - 2015-05-17 22:37 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2015-05-17 22:36 - 2015-05-17 22:36 - 28849904 _____ () C:\Users\hugo\Downloads\vlc-2.2.1-win32.exe 2015-05-17 20:22 - 2015-05-17 20:22 - 131104768 _____ (Intel Corporation) C:\Users\hugo\Downloads\win64_152823.exe 2015-05-17 19:46 - 2015-05-17 19:46 - 00231760 _____ () C:\Users\hugo\Downloads\CrucialEUScan.exe 2015-05-17 19:03 - 2015-05-17 19:03 - 01941064 _____ () C:\Users\hugo\Downloads\winrar-x64-520.exe 2015-05-17 19:03 - 2015-05-17 19:03 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-05-17 19:03 - 2015-05-17 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-05-17 19:03 - 2015-05-17 19:03 - 00000000 ____D () C:\Program Files\WinRAR 2015-05-17 19:02 - 2015-05-17 19:02 - 02233009 _____ () C:\Users\hugo\Downloads\RL16.rar 2015-05-17 18:57 - 2015-05-17 18:57 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2015-05-17 18:39 - 2015-06-01 19:02 - 00000000 ____D () C:\Users\hugo\Documents\Bluetooth Folder 2015-05-17 18:39 - 2015-05-17 18:39 - 00000000 ____D () C:\Users\hugo\AppData\Local\BMExplorer 2015-05-17 18:31 - 2015-06-01 21:26 - 00000000 ____D () C:\Users\hugo\AppData\Local\CrashDumps 2015-05-17 18:16 - 2015-05-17 18:16 - 04737952 _____ () C:\Users\hugo\Downloads\ausetup.exe 2015-05-17 18:16 - 2015-05-17 18:16 - 00001278 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk 2015-05-17 18:16 - 2015-05-17 18:16 - 00001266 _____ () C:\Users\Public\Desktop\Absolute Uninstaller.lnk 2015-05-17 18:16 - 2015-05-17 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft 2015-05-17 18:16 - 2015-05-17 18:16 - 00000000 ____D () C:\Program Files (x86)\Glarysoft 2015-05-17 18:11 - 2015-05-17 18:11 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\LolClient 2015-05-17 17:35 - 2015-05-17 17:35 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Macromedia 2015-05-17 17:32 - 2015-05-17 17:32 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\CyberLink 2015-05-17 17:30 - 2015-05-17 17:30 - 00000000 ____D () C:\Users\Public\CyberLink 2015-05-17 17:30 - 2015-05-17 17:30 - 00000000 ____D () C:\Users\hugo\AppData\Local\Cyberlink 2015-05-17 17:27 - 2015-05-17 17:27 - 00000000 ____D () C:\ProgramData\Riot Games 2015-05-17 17:27 - 2008-07-31 11:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll 2015-05-17 17:27 - 2008-07-31 11:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll 2015-05-17 17:27 - 2008-07-12 09:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll 2015-05-17 17:27 - 2008-07-12 09:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll 2015-05-17 17:27 - 2008-07-12 09:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll 2015-05-17 17:26 - 2015-05-17 17:26 - 00001613 _____ () C:\Users\Public\Desktop\League of Legends.lnk 2015-05-17 17:26 - 2015-05-17 17:26 - 00000000 ____D () C:\Riot Games 2015-05-17 17:26 - 2015-05-17 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends 2015-05-17 17:24 - 2015-05-17 17:27 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Riot Games 2015-05-17 17:24 - 2015-05-17 17:24 - 30993712 _____ (Riot Games) C:\Users\hugo\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014.exe 2015-05-17 17:23 - 2015-06-02 16:02 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2583284370-4071791723-3653827449-1001 2015-05-17 17:23 - 2015-05-17 17:23 - 00000000 ____D () C:\Users\hugo\AppData\Local\EgisTec IPS 2015-05-17 17:22 - 2015-05-17 17:23 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Mozilla 2015-05-17 17:22 - 2015-05-17 17:23 - 00000000 ____D () C:\Users\hugo\AppData\Local\Mozilla 2015-05-17 17:21 - 2015-05-18 10:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-05-17 17:21 - 2015-05-17 17:21 - 00001167 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-05-17 17:21 - 2015-05-17 17:21 - 00001155 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-05-17 17:21 - 2015-05-17 17:21 - 00000000 ____D () C:\ProgramData\Mozilla 2015-05-17 17:21 - 2015-05-17 17:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-05-17 17:17 - 2015-05-17 17:17 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Atheros 2015-05-17 17:15 - 2015-06-01 18:43 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Adobe 2015-05-17 17:15 - 2015-05-17 17:15 - 00001438 _____ () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-05-17 17:15 - 2015-05-17 17:15 - 00000000 ____D () C:\Program Files\Accessory Store 2015-05-17 17:13 - 2015-06-01 17:46 - 00000000 ____D () C:\Users\hugo\AppData\Local\Packages 2015-05-17 17:13 - 2015-05-18 20:58 - 00000000 ____D () C:\Users\hugo\AppData\Local\VirtualStore 2015-05-17 17:12 - 2015-06-02 07:39 - 01422734 _____ () C:\WINDOWS\WindowsUpdate.log 2015-05-17 17:11 - 2015-05-17 17:15 - 00000000 ____D () C:\Users\hugo 2015-05-17 17:11 - 2015-05-17 17:11 - 00000020 ___SH () C:\Users\hugo\ntuser.ini 2015-05-17 17:11 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-05-17 17:11 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-05-17 17:11 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-05-17 17:11 - 2012-07-26 10:13 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-02 17:09 - 2012-07-26 10:12 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages 2015-06-02 17:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-06-02 16:04 - 2012-07-26 09:28 - 00848230 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-06-02 15:57 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-06-02 15:56 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-06-01 19:03 - 2012-10-24 06:06 - 00032778 _____ () C:\WINDOWS\PFRO.log 2015-05-25 10:10 - 2012-07-26 09:21 - 00024747 _____ () C:\WINDOWS\setupact.log 2015-05-19 16:57 - 2012-10-24 06:34 - 00422024 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-05-19 14:59 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent 2015-05-18 14:14 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache 2015-05-18 14:13 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-05-18 14:12 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\WinStore 2015-05-18 14:12 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz 2015-05-18 14:12 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com 2015-05-18 14:12 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer 2015-05-18 14:12 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender 2015-05-18 14:12 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer 2015-05-18 14:12 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-05-18 14:12 - 2012-07-26 09:52 - 00000000 ____D () C:\Program Files\Windows Journal 2015-05-18 14:12 - 2012-07-26 09:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\winrm 2015-05-18 14:12 - 2012-07-26 09:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN 2015-05-18 14:12 - 2012-07-26 09:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep 2015-05-18 14:12 - 2012-07-26 09:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\slmgr 2015-05-18 14:12 - 2012-07-26 09:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\Printing_Admin_Scripts 2015-05-18 14:12 - 2012-07-26 07:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe 2015-05-18 14:12 - 2012-07-26 07:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism 2015-05-18 14:12 - 2012-07-26 07:37 - 00000000 ____D () C:\WINDOWS\servicing 2015-05-18 14:11 - 2012-07-26 10:12 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2015-05-18 14:11 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\migwiz 2015-05-18 14:11 - 2012-07-26 09:49 - 00000000 ____D () C:\WINDOWS\system32\winrm 2015-05-18 14:11 - 2012-07-26 09:49 - 00000000 ____D () C:\WINDOWS\system32\slmgr 2015-05-18 14:11 - 2012-07-26 07:38 - 00000000 ____D () C:\WINDOWS\system32\Sysprep 2015-05-18 14:11 - 2012-07-26 07:38 - 00000000 ____D () C:\WINDOWS\system32\oobe 2015-05-18 14:10 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform 2015-05-18 14:10 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\Com 2015-05-18 14:10 - 2012-07-26 09:49 - 00000000 ____D () C:\WINDOWS\system32\WCN 2015-05-18 14:10 - 2012-07-26 09:49 - 00000000 ____D () C:\WINDOWS\system32\Printing_Admin_Scripts 2015-05-18 14:10 - 2012-07-26 07:38 - 00000000 ____D () C:\WINDOWS\system32\Dism 2015-05-18 14:06 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI 2015-05-18 10:07 - 2012-07-26 09:52 - 00000000 ____D () C:\WINDOWS\ShellNew 2015-05-18 10:06 - 2012-11-13 20:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2015-05-18 10:05 - 2012-07-26 07:26 - 00000199 _____ () C:\WINDOWS\win.ini 2015-05-18 10:04 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-05-17 20:25 - 2012-11-13 19:31 - 00015758 _____ () C:\WINDOWS\system32\results.xml 2015-05-17 20:24 - 2012-11-13 19:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2015-05-17 20:24 - 2012-10-24 06:33 - 00000000 ____D () C:\Program Files (x86)\Intel 2015-05-17 19:20 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP 2015-05-17 18:39 - 2012-11-13 20:03 - 00000000 ____D () C:\ProgramData\Atheros 2015-05-17 18:35 - 2012-10-24 07:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-05-17 18:29 - 2012-11-13 20:17 - 00001024 ___RH () C:\Users\Public\Documents\NTIMMV9Acer.dll 2015-05-17 18:29 - 2012-10-24 07:15 - 00000000 ____D () C:\Program Files (x86)\NTI 2015-05-17 18:28 - 2012-10-24 07:13 - 00000000 ____D () C:\Program Files\Acer 2015-05-17 18:28 - 2012-10-24 07:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2015-05-17 18:27 - 2012-10-24 07:12 - 00000000 ____D () C:\ProgramData\Acer 2015-05-17 18:27 - 2012-10-24 07:11 - 00000000 ____D () C:\Program Files (x86)\Acer 2015-05-17 18:22 - 2012-10-24 07:11 - 00000000 ____D () C:\WINDOWS\oem 2015-05-17 18:19 - 2012-10-24 06:35 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-05-17 18:18 - 2012-10-24 06:35 - 00000000 ____D () C:\ProgramData\WildTangent 2015-05-17 18:16 - 2012-10-24 07:15 - 00000000 ____D () C:\ProgramData\BackupManager 2015-05-17 18:04 - 2012-07-26 10:13 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template 2015-05-17 17:25 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\restore 2015-05-17 17:21 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-05-17 17:16 - 2012-10-24 06:58 - 00000000 ___HD () C:\OEM 2015-05-17 17:15 - 2012-11-13 20:11 - 00000000 ____D () C:\ProgramData\OEM ==================== Files in the root of some directories ======= 2015-05-18 16:44 - 2015-05-18 16:44 - 0000000 _____ () C:\Users\hugo\AppData\Local\Temp.dat 2012-11-13 19:50 - 2012-11-13 19:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== C:\Users\hugo\AppData\Local\Temp\AcerCloudDocsSetup.exe C:\Users\hugo\AppData\Local\Temp\AcerCloudSetup.exe C:\Users\hugo\AppData\Local\Temp\ose00000.exe C:\Users\hugo\AppData\Local\Temp\Quarantine.exe C:\Users\hugo\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-01 17:52 ==================== End of log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015 Ran by hugo at 2015-06-02 17:10:53 Running from C:\Users\hugo\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2583284370-4071791723-3653827449-500 - Administrator - Disabled) Guest (S-1-5-21-2583284370-4071791723-3653827449-501 - Limited - Disabled) hugo (S-1-5-21-2583284370-4071791723-3653827449-1001 - Administrator - Enabled) => C:\Users\hugo ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Absolute Uninstaller 5.3.1.20 (HKLM-x32\...\Absolute Uninstaller) (Version: 5.3.1.20 - Glarysoft Ltd) Ace Stream Media 3.0.12 (HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\AceStream) (Version: 3.0.12 - Ace Stream Media) <==== ATTENTION! Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated) Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.4 - Atheros Communications Inc.) Avast Premier (HKLM-x32\...\Avast) (Version: 10.0.2206 - AVAST Software) Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc) EaseUS Data Recovery Wizard 8.8 (HKLM\...\EaseUS Data Recovery Wizard 8.8_is1) (Version: - EaseUS) ETDWare PS/2-X64 11.6.8.001_WHQL (HKLM\...\Elantech) (Version: 11.6.8.001 - ELAN Microelectronic Corp.) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4101 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation) Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 38.0.1 (x86 nl) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 nl)) (Version: 38.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla) Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer) Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 5.2.1 - Popcorn Time) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications) Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.05 - Qualcomm Atheros) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Spotify (HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\Spotify) (Version: 1.0.5.186.ga9c24d6a - Spotify AB) Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 17-05-2015 17:25:05 Installed Microsoft Visual C++ 2005 Redistributable (x64) 26-05-2015 15:18:12 avast! antivirus system restore point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 07:26 - 2015-05-20 23:18 - 00001001 ____N C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 thislineskipsanyemptylines 127.0.0.1 mirillis.com 127.0.0.1 www.mirillis.com 127.0.0.1 serwer2.paka-service.com 127.0.0.1 ns386119.ovh.net 127.0.0.1 mirillis.pl ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {13BEDC52-5356-41E4-A102-0B44F7E38165} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {16F58D1C-6B57-4750-B781-C836C9C5FE87} - System32\Tasks\R@1n-KMS\Office15x64ProP => wmic Task: {3C327C9E-7526-4E25-8ABD-9F7D6C93A8CE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated) Task: {3F9F3ECB-D53D-4068-AF34-F3C39D1A83D8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {895DA87E-805D-4C12-B1CB-FF34A015E750} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-06-02] (Enigma Software Group USA, LLC.) Task: {90BB94D8-B794-48CB-AA80-B6383E5B7B3D} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-23] (Acer Incorporated) Task: {9AEF8C1E-5CF1-4067-A98F-8865B31CEA86} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {A67A6EFB-2D9B-489D-B981-3429A2DEA768} - System32\Tasks\Bidaily Synchronize Task[pr] => c:\programdata\{10b7b995-cf23-ad39-10b7-7b995cf2e657}\re-loader_1.2_final.rar.exe <==== ATTENTION Task: {FD2CEA31-1CB8-4AD5-B9AC-273948F134FB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-26] (AVAST Software) Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task[pr].job => c:\programdata\{10b7b995-cf23-ad39-10b7-7b995cf2e657}\re-loader_1.2_final.rar.exe <==== ATTENTION ==================== Loaded Modules (Whitelisted) ============== 2015-05-18 16:46 - 2015-05-18 16:46 - 00022528 _____ () C:\Windows\KMS-QAD.exe 2012-10-01 20:34 - 2012-10-01 20:34 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2015-05-26 15:20 - 2015-05-26 15:20 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll 2015-05-26 15:20 - 2015-05-26 15:20 - 05846160 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll 2012-07-26 09:58 - 2012-07-26 09:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll 2012-10-29 06:16 - 2012-10-23 05:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2015-02-28 03:23 - 2015-02-28 03:23 - 00022824 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe 2012-08-11 04:28 - 2012-08-11 04:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll 2014-01-21 17:54 - 2015-05-17 17:27 - 01294336 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe 2015-05-28 21:36 - 2015-05-28 21:36 - 02362872 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.246\deploy\LoLLauncher.exe 2015-05-28 21:36 - 2015-05-28 21:36 - 03919864 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.30\deploy\LoLPatcher.exe 2015-05-17 17:36 - 2015-05-17 17:36 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.146\deploy\LolClient.exe 2015-05-18 16:46 - 2015-05-18 16:46 - 00005120 _____ () C:\WINDOWS\QAD-Hook.exe 2015-05-18 16:46 - 2015-05-18 16:46 - 00003584 _____ () C:\WINDOWS\QAD-Hook.dll 2015-05-26 15:29 - 2014-03-14 08:00 - 00695808 _____ () C:\Program Files\AVAST Software\Avast\VERSION.dll 2015-06-02 14:52 - 2015-06-02 14:52 - 02951680 _____ () C:\Program Files\AVAST Software\Avast\defs\15060200\algo.dll 2015-05-26 15:20 - 2015-05-26 15:20 - 04491192 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll 2011-06-12 15:09 - 2011-06-12 15:09 - 00038400 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\_socket.pyd 2011-06-12 15:09 - 2011-06-12 15:09 - 00720896 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\_ssl.pyd 2014-01-23 13:37 - 2014-01-23 13:37 - 00036352 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\_psutil_mswindows.pyd 2012-02-07 18:37 - 2012-02-07 18:37 - 00098816 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\win32api.pyd 2012-02-07 18:35 - 2012-02-07 18:35 - 00110080 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\pywintypes27.dll 2012-02-07 18:38 - 2012-02-07 18:38 - 00358912 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\pythoncom27.dll 2012-02-07 18:42 - 2012-02-07 18:42 - 00266240 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\win32com.shell.shell.pyd 2011-06-12 15:06 - 2011-06-12 15:06 - 00287232 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\_hashlib.pyd 2011-06-12 15:06 - 2011-06-12 15:06 - 00106496 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\_ctypes.pyd 2010-10-11 00:23 - 2010-10-11 00:23 - 00723968 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\apsw.pyd 2011-01-18 23:56 - 2011-01-18 23:56 - 00334336 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\M2Crypto.__m2crypto.pyd 2011-06-12 15:06 - 2011-06-12 15:06 - 00011776 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\select.pyd 2011-06-12 15:06 - 2011-06-12 15:06 - 00152576 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\pyexpat.pyd 2011-06-12 15:06 - 2011-06-12 15:06 - 00688128 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\unicodedata.pyd 2015-05-26 15:20 - 2015-05-26 15:20 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2012-11-13 19:42 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll 2015-05-28 21:36 - 2015-05-28 21:36 - 01672696 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.30\deploy\RiotLauncher.dll 2015-05-17 17:30 - 2015-05-17 17:30 - 04774248 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.146\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll 2012-10-01 20:33 - 2012-10-01 20:33 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\hugo\Downloads\loldrophackv16__7934_il309(1).exe:typelib ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hugo\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg HKU\S-1-5-21-2583284370-4071791723-3653827449-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\hugo\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby" HKLM\...\StartupApproved\Run32: => "Dolby Home Theater v4" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{06C5B32C-DC99-4B0E-ABFE-EBD4EA11DCF4}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe FirewallRules: [{A01F8104-FFB4-4B15-9ED5-7B9D29C34FC8}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe FirewallRules: [{6E2301DE-C363-4FE2-B806-C6D225852DAD}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe FirewallRules: [{FD020762-B806-4363-82A1-777EC17152B5}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{44B6D0AD-2FAD-4FCF-890F-A2BA9C491635}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{FCAA457F-271C-41D2-81D4-A6A8590ED400}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{2484B05B-84F8-4D44-9EA6-61A3BED4DDD4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{BF3E45D2-35E0-4649-A3E6-0D2F260B97BA}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe FirewallRules: [{68895981-5661-42F3-B8CB-DBDEBFA2057B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe FirewallRules: [{F7A05CE6-D1D6-4E47-87C3-18D687D1159E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{8A63CCB9-E34D-4432-90C1-6B9A7A35CA4F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{685FDB32-84ED-47D6-9102-BDAE2BD3E388}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{99F01D37-5AA3-4655-9DF6-8C3597C4FC15}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{C8B527EE-1E09-4CD8-89AD-F4DF6AFC9315}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe FirewallRules: [{18CE292C-0120-4EAB-8A95-359DE93E6A0D}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe FirewallRules: [{BA7CFF1F-DE81-4FA2-ADD5-7D137629D341}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{DC1B588F-359A-4924-8345-A1F4B26C3285}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{C77EDA70-43E8-411F-ACAF-E1C75E362DC9}] => (Allow) C:\Users\hugo\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{0B4C8F89-8DCF-4E89-A24A-83B3337DB3BE}] => (Allow) C:\Users\hugo\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{D507B54F-D727-4C4C-B4E0-FF2FC969924D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{278FAD10-26E7-466A-9E45-BEAA0DD9A637}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{6758D962-7D16-4A6B-A6E8-8B86B29F80D4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{DB29A1EA-11B1-4464-B798-C08106DDE118}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{CF520C60-1181-45D5-8917-1E2CAEBF0DD0}] => (Allow) C:\Windows\KMS-QAD.exe FirewallRules: [{F5DAB228-0DA1-4295-A2CE-77802667B7AE}] => (Allow) C:\Windows\KMS-QAD.exe FirewallRules: [{2E917060-F584-461A-ACDD-08E4044BC280}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe FirewallRules: [{BD0EB79D-F54F-472D-9F5A-D0896A794D32}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe FirewallRules: [{1C382281-4126-4699-8C9C-593519C9D2D3}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{50B57F0B-5E63-4741-90EE-FA6DC0C726DD}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [TCP Query User{DE79BC85-BB55-4F87-B51C-62D115F29524}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe FirewallRules: [uDP Query User{16A5F075-94D4-47A8-AEB0-91FA22FC9424}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe FirewallRules: [TCP Query User{4FAF1412-8EB5-41E3-BB85-66FD4BED92AA}C:\users\hugo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hugo\appdata\roaming\spotify\spotify.exe FirewallRules: [uDP Query User{ECB884FD-D15B-4F4D-84DF-A2AAE828E265}C:\users\hugo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hugo\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{E82421B4-6D07-457E-95F9-BA55014D258F}C:\users\hugo\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\hugo\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [uDP Query User{030C0F4D-6E13-419F-8C99-92B4077F2B26}C:\users\hugo\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\hugo\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [{7F1632F5-421E-4C5E-982C-786BCF25801E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{5FEB9081-A6DF-4FA4-88FE-83D238E48807}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/02/2015 03:57:06 PM) (Source: ETDService) (EventID: 0) (User: ) Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0 Error: (06/02/2015 03:30:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: League of Legends.exe, version: 5.10.0.330, time stamp: 0x555f6b59 Faulting module name: League of Legends.exe, version: 5.10.0.330, time stamp: 0x555f6b59 Exception code: 0xc0000409 Fault offset: 0x00d12cd7 Faulting process id: 0x1490 Faulting application start time: 0xLeague of Legends.exe0 Faulting application path: League of Legends.exe1 Faulting module path: League of Legends.exe2 Report Id: League of Legends.exe3 Faulting package full name: League of Legends.exe4 Faulting package-relative application ID: League of Legends.exe5 Error: (06/01/2015 09:26:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac Faulting module name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac Exception code: 0xc0000005 Fault offset: 0x000b8554 Faulting process id: 0x414 Faulting application start time: 0xrads_user_kernel.exe0 Faulting application path: rads_user_kernel.exe1 Faulting module path: rads_user_kernel.exe2 Report Id: rads_user_kernel.exe3 Faulting package full name: rads_user_kernel.exe4 Faulting package-relative application ID: rads_user_kernel.exe5 Error: (06/01/2015 06:43:49 PM) (Source: Adobe Reader) (EventID: 16) (User: ) Description: Error: (05/29/2015 10:57:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: LolClient.exe, version: 0.0.0.0, time stamp: 0x515663e0 Faulting module name: WebKit.dll, version: 6531.9.0.0, time stamp: 0x51566370 Exception code: 0xc0000005 Fault offset: 0x000a9965 Faulting process id: 0x2490 Faulting application start time: 0xLolClient.exe0 Faulting application path: LolClient.exe1 Faulting module path: LolClient.exe2 Report Id: LolClient.exe3 Faulting package full name: LolClient.exe4 Faulting package-relative application ID: LolClient.exe5 Error: (05/26/2015 03:33:42 PM) (Source: VSS) (EventID: 12294) (User: ) Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG. Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},00000079C2E22F80). Operation: Get Shadow Copy Properties Context: Execution Context: Coordinator Error: (05/26/2015 03:31:07 PM) (Source: ETDService) (EventID: 0) (User: ) Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0 Error: (05/26/2015 03:27:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary khzatoac. System Error: The system cannot find the file specified. . Error: (05/26/2015 03:26:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary khzatoac. System Error: The system cannot find the file specified. . Error: (05/26/2015 03:18:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary khzatoac. System Error: The system cannot find the file specified. . System errors: ============= Error: (06/02/2015 03:56:29 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY) Description: 0xc000014d0 Error: (06/02/2015 03:56:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Software Protection service terminated with the following error: %%19 Error: (06/02/2015 03:09:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The esgiguard service failed to start due to the following error: %%1275 Error: (06/02/2015 03:09:08 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\hugo\AppData\Local\Temp\RarSFX0\esgiguard.sys Error: (06/01/2015 07:04:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee SiteAdvisor Service service failed to start due to the following error: %%2 Error: (06/01/2015 07:03:37 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY) Description: 0xc000014d0 Error: (06/01/2015 07:03:59 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 18:49:13 on 1-6-2015 was unexpected. Error: (05/26/2015 04:17:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (05/26/2015 03:31:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee SiteAdvisor Service service failed to start due to the following error: %%2 Error: (05/26/2015 03:30:32 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY) Description: 0xc000014d0 Microsoft Office: ========================= Error: (06/02/2015 03:57:06 PM) (Source: ETDService) (EventID: 0) (User: ) Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0 Error: (06/02/2015 03:30:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: League of Legends.exe5.10.0.330555f6b59League of Legends.exe5.10.0.330555f6b59c000040900d12cd7149001d09d355c02be80C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.91\deploy\League of Legends.exeC:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.91\deploy\League of Legends.exe9a561a78-092b-11e5-be77-20689dfa0e02 Error: (06/01/2015 09:26:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: rads_user_kernel.exe0.0.0.04e65c1acrads_user_kernel.exe0.0.0.04e65c1acc0000005000b855441401d09ca0cc9162d4C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exeC:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe147ce1e2-0894-11e5-be77-20689dfa0e02 Error: (06/01/2015 06:43:49 PM) (Source: Adobe Reader) (EventID: 16) (User: ) Description: Error: (05/29/2015 10:57:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: LolClient.exe0.0.0.0515663e0WebKit.dll6531.9.0.051566370c0000005000a9965249001d09a1c5e12c6d2C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.146\deploy\LolClient.exeC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.146\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll5933ce7a-0645-11e5-be76-20689dfa0e02 Error: (05/26/2015 03:33:42 PM) (Source: VSS) (EventID: 12294) (User: ) Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},00000079C2E22F80) Operation: Get Shadow Copy Properties Context: Execution Context: Coordinator Error: (05/26/2015 03:31:07 PM) (Source: ETDService) (EventID: 0) (User: ) Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0 Error: (05/26/2015 03:27:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary khzatoac. System Error: The system cannot find the file specified. Error: (05/26/2015 03:26:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary khzatoac. System Error: The system cannot find the file specified. Error: (05/26/2015 03:18:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary khzatoac. System Error: The system cannot find the file specified. ==================== Memory info =========================== Processor: Intel® Core i3-2328M CPU @ 2.20GHz Percentage of memory in use: 59% Total physical RAM: 3912.27 MB Available physical RAM: 1601.07 MB Total Pagefile: 11912.27 MB Available Pagefile: 9234.22 MB Total Virtual: 8192 MB Available Virtual: 8191.78 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:443.61 GB) (Free:374.17 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 011599F4) Partition: GPT Partition Type. ==================== End of log ============================ -
Avast Antivirus 16 pop ups
Dinklebird replied to Dinklebird's topic in Resolved Malware Removal Logs
Here are my logs: ------------------------------------- Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015 Ran by hugo at 2015-06-02 17:10:53 Running from C:\Users\hugo\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2583284370-4071791723-3653827449-500 - Administrator - Disabled) Guest (S-1-5-21-2583284370-4071791723-3653827449-501 - Limited - Disabled) hugo (S-1-5-21-2583284370-4071791723-3653827449-1001 - Administrator - Enabled) => C:\Users\hugo ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Absolute Uninstaller 5.3.1.20 (HKLM-x32\...\Absolute Uninstaller) (Version: 5.3.1.20 - Glarysoft Ltd) Ace Stream Media 3.0.12 (HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\AceStream) (Version: 3.0.12 - Ace Stream Media) <==== ATTENTION! Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated) Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.4 - Atheros Communications Inc.) Avast Premier (HKLM-x32\...\Avast) (Version: 10.0.2206 - AVAST Software) Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc) EaseUS Data Recovery Wizard 8.8 (HKLM\...\EaseUS Data Recovery Wizard 8.8_is1) (Version: - EaseUS) ETDWare PS/2-X64 11.6.8.001_WHQL (HKLM\...\Elantech) (Version: 11.6.8.001 - ELAN Microelectronic Corp.) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4101 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation) Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 38.0.1 (x86 nl) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 nl)) (Version: 38.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla) Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer) Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 5.2.1 - Popcorn Time) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications) Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.05 - Qualcomm Atheros) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Spotify (HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\Spotify) (Version: 1.0.5.186.ga9c24d6a - Spotify AB) Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 17-05-2015 17:25:05 Installed Microsoft Visual C++ 2005 Redistributable (x64) 26-05-2015 15:18:12 avast! antivirus system restore point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 07:26 - 2015-05-20 23:18 - 00001001 ____N C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 thislineskipsanyemptylines 127.0.0.1 mirillis.com 127.0.0.1 www.mirillis.com 127.0.0.1 serwer2.paka-service.com 127.0.0.1 ns386119.ovh.net 127.0.0.1 mirillis.pl ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {13BEDC52-5356-41E4-A102-0B44F7E38165} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {16F58D1C-6B57-4750-B781-C836C9C5FE87} - System32\Tasks\R@1n-KMS\Office15x64ProP => wmic Task: {3C327C9E-7526-4E25-8ABD-9F7D6C93A8CE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated) Task: {3F9F3ECB-D53D-4068-AF34-F3C39D1A83D8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {895DA87E-805D-4C12-B1CB-FF34A015E750} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-06-02] (Enigma Software Group USA, LLC.) Task: {90BB94D8-B794-48CB-AA80-B6383E5B7B3D} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-23] (Acer Incorporated) Task: {9AEF8C1E-5CF1-4067-A98F-8865B31CEA86} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {A67A6EFB-2D9B-489D-B981-3429A2DEA768} - System32\Tasks\Bidaily Synchronize Task[pr] => c:\programdata\{10b7b995-cf23-ad39-10b7-7b995cf2e657}\re-loader_1.2_final.rar.exe <==== ATTENTION Task: {FD2CEA31-1CB8-4AD5-B9AC-273948F134FB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-26] (AVAST Software) Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task[pr].job => c:\programdata\{10b7b995-cf23-ad39-10b7-7b995cf2e657}\re-loader_1.2_final.rar.exe <==== ATTENTION ==================== Loaded Modules (Whitelisted) ============== 2015-05-18 16:46 - 2015-05-18 16:46 - 00022528 _____ () C:\Windows\KMS-QAD.exe 2012-10-01 20:34 - 2012-10-01 20:34 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2015-05-26 15:20 - 2015-05-26 15:20 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll 2015-05-26 15:20 - 2015-05-26 15:20 - 05846160 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll 2012-07-26 09:58 - 2012-07-26 09:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll 2012-10-29 06:16 - 2012-10-23 05:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2015-02-28 03:23 - 2015-02-28 03:23 - 00022824 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe 2012-08-11 04:28 - 2012-08-11 04:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll 2014-01-21 17:54 - 2015-05-17 17:27 - 01294336 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe 2015-05-28 21:36 - 2015-05-28 21:36 - 02362872 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.246\deploy\LoLLauncher.exe 2015-05-28 21:36 - 2015-05-28 21:36 - 03919864 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.30\deploy\LoLPatcher.exe 2015-05-17 17:36 - 2015-05-17 17:36 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.146\deploy\LolClient.exe 2015-05-18 16:46 - 2015-05-18 16:46 - 00005120 _____ () C:\WINDOWS\QAD-Hook.exe 2015-05-18 16:46 - 2015-05-18 16:46 - 00003584 _____ () C:\WINDOWS\QAD-Hook.dll 2015-05-26 15:29 - 2014-03-14 08:00 - 00695808 _____ () C:\Program Files\AVAST Software\Avast\VERSION.dll 2015-06-02 14:52 - 2015-06-02 14:52 - 02951680 _____ () C:\Program Files\AVAST Software\Avast\defs\15060200\algo.dll 2015-05-26 15:20 - 2015-05-26 15:20 - 04491192 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll 2011-06-12 15:09 - 2011-06-12 15:09 - 00038400 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\_socket.pyd 2011-06-12 15:09 - 2011-06-12 15:09 - 00720896 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\_ssl.pyd 2014-01-23 13:37 - 2014-01-23 13:37 - 00036352 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\_psutil_mswindows.pyd 2012-02-07 18:37 - 2012-02-07 18:37 - 00098816 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\win32api.pyd 2012-02-07 18:35 - 2012-02-07 18:35 - 00110080 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\pywintypes27.dll 2012-02-07 18:38 - 2012-02-07 18:38 - 00358912 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\pythoncom27.dll 2012-02-07 18:42 - 2012-02-07 18:42 - 00266240 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\win32com.shell.shell.pyd 2011-06-12 15:06 - 2011-06-12 15:06 - 00287232 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\_hashlib.pyd 2011-06-12 15:06 - 2011-06-12 15:06 - 00106496 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\_ctypes.pyd 2010-10-11 00:23 - 2010-10-11 00:23 - 00723968 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\apsw.pyd 2011-01-18 23:56 - 2011-01-18 23:56 - 00334336 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\M2Crypto.__m2crypto.pyd 2011-06-12 15:06 - 2011-06-12 15:06 - 00011776 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\select.pyd 2011-06-12 15:06 - 2011-06-12 15:06 - 00152576 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\pyexpat.pyd 2011-06-12 15:06 - 2011-06-12 15:06 - 00688128 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\unicodedata.pyd 2015-05-26 15:20 - 2015-05-26 15:20 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2012-11-13 19:42 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll 2015-05-28 21:36 - 2015-05-28 21:36 - 01672696 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.30\deploy\RiotLauncher.dll 2015-05-17 17:30 - 2015-05-17 17:30 - 04774248 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.146\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll 2012-10-01 20:33 - 2012-10-01 20:33 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\hugo\Downloads\loldrophackv16__7934_il309(1).exe:typelib ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hugo\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg HKU\S-1-5-21-2583284370-4071791723-3653827449-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\hugo\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby" HKLM\...\StartupApproved\Run32: => "Dolby Home Theater v4" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{06C5B32C-DC99-4B0E-ABFE-EBD4EA11DCF4}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe FirewallRules: [{A01F8104-FFB4-4B15-9ED5-7B9D29C34FC8}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe FirewallRules: [{6E2301DE-C363-4FE2-B806-C6D225852DAD}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe FirewallRules: [{FD020762-B806-4363-82A1-777EC17152B5}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{44B6D0AD-2FAD-4FCF-890F-A2BA9C491635}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{FCAA457F-271C-41D2-81D4-A6A8590ED400}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{2484B05B-84F8-4D44-9EA6-61A3BED4DDD4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{BF3E45D2-35E0-4649-A3E6-0D2F260B97BA}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe FirewallRules: [{68895981-5661-42F3-B8CB-DBDEBFA2057B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe FirewallRules: [{F7A05CE6-D1D6-4E47-87C3-18D687D1159E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{8A63CCB9-E34D-4432-90C1-6B9A7A35CA4F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{685FDB32-84ED-47D6-9102-BDAE2BD3E388}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{99F01D37-5AA3-4655-9DF6-8C3597C4FC15}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{C8B527EE-1E09-4CD8-89AD-F4DF6AFC9315}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe FirewallRules: [{18CE292C-0120-4EAB-8A95-359DE93E6A0D}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe FirewallRules: [{BA7CFF1F-DE81-4FA2-ADD5-7D137629D341}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{DC1B588F-359A-4924-8345-A1F4B26C3285}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{D507B54F-D727-4C4C-B4E0-FF2FC969924D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{278FAD10-26E7-466A-9E45-BEAA0DD9A637}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{6758D962-7D16-4A6B-A6E8-8B86B29F80D4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{DB29A1EA-11B1-4464-B798-C08106DDE118}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{CF520C60-1181-45D5-8917-1E2CAEBF0DD0}] => (Allow) C:\Windows\KMS-QAD.exe FirewallRules: [{F5DAB228-0DA1-4295-A2CE-77802667B7AE}] => (Allow) C:\Windows\KMS-QAD.exe FirewallRules: [TCP Query User{4FAF1412-8EB5-41E3-BB85-66FD4BED92AA}C:\users\hugo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hugo\appdata\roaming\spotify\spotify.exe FirewallRules: [uDP Query User{ECB884FD-D15B-4F4D-84DF-A2AAE828E265}C:\users\hugo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hugo\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{E82421B4-6D07-457E-95F9-BA55014D258F}C:\users\hugo\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\hugo\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [uDP Query User{030C0F4D-6E13-419F-8C99-92B4077F2B26}C:\users\hugo\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\hugo\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [{7F1632F5-421E-4C5E-982C-786BCF25801E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{5FEB9081-A6DF-4FA4-88FE-83D238E48807}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/02/2015 03:57:06 PM) (Source: ETDService) (EventID: 0) (User: ) Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0 Error: (06/02/2015 03:30:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: League of Legends.exe, version: 5.10.0.330, time stamp: 0x555f6b59 Faulting module name: League of Legends.exe, version: 5.10.0.330, time stamp: 0x555f6b59 Exception code: 0xc0000409 Fault offset: 0x00d12cd7 Faulting process id: 0x1490 Faulting application start time: 0xLeague of Legends.exe0 Faulting application path: League of Legends.exe1 Faulting module path: League of Legends.exe2 Report Id: League of Legends.exe3 Faulting package full name: League of Legends.exe4 Faulting package-relative application ID: League of Legends.exe5 Error: (06/01/2015 09:26:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac Faulting module name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac Exception code: 0xc0000005 Fault offset: 0x000b8554 Faulting process id: 0x414 Faulting application start time: 0xrads_user_kernel.exe0 Faulting application path: rads_user_kernel.exe1 Faulting module path: rads_user_kernel.exe2 Report Id: rads_user_kernel.exe3 Faulting package full name: rads_user_kernel.exe4 Faulting package-relative application ID: rads_user_kernel.exe5 Error: (06/01/2015 06:43:49 PM) (Source: Adobe Reader) (EventID: 16) (User: ) Description: Error: (05/29/2015 10:57:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: LolClient.exe, version: 0.0.0.0, time stamp: 0x515663e0 Faulting module name: WebKit.dll, version: 6531.9.0.0, time stamp: 0x51566370 Exception code: 0xc0000005 Fault offset: 0x000a9965 Faulting process id: 0x2490 Faulting application start time: 0xLolClient.exe0 Faulting application path: LolClient.exe1 Faulting module path: LolClient.exe2 Report Id: LolClient.exe3 Faulting package full name: LolClient.exe4 Faulting package-relative application ID: LolClient.exe5 Error: (05/26/2015 03:33:42 PM) (Source: VSS) (EventID: 12294) (User: ) Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG. Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},00000079C2E22F80). Operation: Get Shadow Copy Properties Context: Execution Context: Coordinator Error: (05/26/2015 03:31:07 PM) (Source: ETDService) (EventID: 0) (User: ) Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0 Error: (05/26/2015 03:27:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary khzatoac. System Error: The system cannot find the file specified. . Error: (05/26/2015 03:26:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary khzatoac. System Error: The system cannot find the file specified. . Error: (05/26/2015 03:18:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary khzatoac. System Error: The system cannot find the file specified. . System errors: ============= Error: (06/02/2015 03:56:29 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY) Description: 0xc000014d0 Error: (06/02/2015 03:56:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Software Protection service terminated with the following error: %%19 Error: (06/02/2015 03:09:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The esgiguard service failed to start due to the following error: %%1275 Error: (06/02/2015 03:09:08 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\hugo\AppData\Local\Temp\RarSFX0\esgiguard.sys Error: (06/01/2015 07:04:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee SiteAdvisor Service service failed to start due to the following error: %%2 Error: (06/01/2015 07:03:37 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY) Description: 0xc000014d0 Error: (06/01/2015 07:03:59 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 18:49:13 on 1-6-2015 was unexpected. Error: (05/26/2015 04:17:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (05/26/2015 03:31:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee SiteAdvisor Service service failed to start due to the following error: %%2 Error: (05/26/2015 03:30:32 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY) Description: 0xc000014d0 Microsoft Office: ========================= Error: (06/02/2015 03:57:06 PM) (Source: ETDService) (EventID: 0) (User: ) Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0 Error: (06/02/2015 03:30:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: League of Legends.exe5.10.0.330555f6b59League of Legends.exe5.10.0.330555f6b59c000040900d12cd7149001d09d355c02be80C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.91\deploy\League of Legends.exeC:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.91\deploy\League of Legends.exe9a561a78-092b-11e5-be77-20689dfa0e02 Error: (06/01/2015 09:26:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: rads_user_kernel.exe0.0.0.04e65c1acrads_user_kernel.exe0.0.0.04e65c1acc0000005000b855441401d09ca0cc9162d4C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exeC:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe147ce1e2-0894-11e5-be77-20689dfa0e02 Error: (06/01/2015 06:43:49 PM) (Source: Adobe Reader) (EventID: 16) (User: ) Description: Error: (05/29/2015 10:57:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: LolClient.exe0.0.0.0515663e0WebKit.dll6531.9.0.051566370c0000005000a9965249001d09a1c5e12c6d2C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.146\deploy\LolClient.exeC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.146\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll5933ce7a-0645-11e5-be76-20689dfa0e02 Error: (05/26/2015 03:33:42 PM) (Source: VSS) (EventID: 12294) (User: ) Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},00000079C2E22F80) Operation: Get Shadow Copy Properties Context: Execution Context: Coordinator Error: (05/26/2015 03:31:07 PM) (Source: ETDService) (EventID: 0) (User: ) Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0 Error: (05/26/2015 03:27:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary khzatoac. System Error: The system cannot find the file specified. Error: (05/26/2015 03:26:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary khzatoac. System Error: The system cannot find the file specified. Error: (05/26/2015 03:18:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary khzatoac. System Error: The system cannot find the file specified. ==================== Memory info =========================== Processor: Intel® Core i3-2328M CPU @ 2.20GHz Percentage of memory in use: 59% Total physical RAM: 3912.27 MB Available physical RAM: 1601.07 MB Total Pagefile: 11912.27 MB Available Pagefile: 9234.22 MB Total Virtual: 8192 MB Available Virtual: 8191.78 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:443.61 GB) (Free:374.17 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 011599F4) Partition: GPT Partition Type. ==================== End of log ============================ --------------------------------------------- 'Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015 Ran by hugo (administrator) on DOGE on 02-06-2015 17:09:50 Running from C:\Users\hugo\Desktop Loaded Profiles: hugo (Available Profiles: hugo) Platform: Windows 8 (X64) OS Language: English (United States) Internet Explorer Version 10 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe () C:\Windows\KMS-QAD.exe (Dritek System INC.) C:\Windows\RfBtnSvc64.exe (Company) C:\Program Files (x86)\Popcorn Time\Updater.exe (Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Spotify Ltd) C:\Users\hugo\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.246\deploy\LoLLauncher.exe () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.30\deploy\LoLPatcher.exe () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.146\deploy\LolClient.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe () C:\Windows\QAD-Hook.exe (Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor) HKLM\...\Run: [btPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-11] () HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-26] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2015-05-26] (AVAST Software) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\Run: [spotify Web Helper] => C:\Users\hugo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-25] (Spotify Ltd) HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\Run: [spotify] => C:\Users\hugo\AppData\Roaming\Spotify\Spotify.exe [7298616 2015-05-25] (Spotify Ltd) HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\Run: [AceUpdater] => C:\Users\hugo\AppData\Roaming\ACEStream\updater\ace_update.exe [22824 2014-10-01] () HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\Run: [AceWebExtensionUpdater] => C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe [22824 2015-02-28] () HKU\S-1-5-18\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} IFEO\OSppSvc.exe: [Debugger] QAD-Hook.exe IFEO\SppExtComObj.exe: [Debugger] QAD-Hook.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-26] (AVAST Software) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/nl-nl/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2583284370-4071791723-3653827449-1001 -> {4CC4338D-BB15-48E3-9BC1-8246E85F24B7} URL = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-26] (AVAST Software) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-26] (AVAST Software) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\hugo\AppData\Roaming\Mozilla\Firefox\Profiles\womepcs4.default FF Homepage: https://www.google.nl/?gws_rd=ssl FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-20] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-20] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2583284370-4071791723-3653827449-1001: @acestream.net/acestreamplugin,version=3.0.12 -> C:\Users\hugo\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-12-03] (Innovative Digital Technologies) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.) FF Extension: AS Magic Player - C:\Users\hugo\AppData\Roaming\Mozilla\Firefox\Profiles\womepcs4.default\Extensions\magicplayer@acestream.org [2015-05-27] FF Extension: Adblock Plus - C:\Users\hugo\AppData\Roaming\Mozilla\Firefox\Profiles\womepcs4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-17] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-26] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-26] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-26] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-11] (Qualcomm Atheros Commnucations) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-05-26] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-05-26] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-05-26] (Avast Software) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [28560 2012-08-30] (ELAN Microelectronics Corp.) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R2 KMS-R@1n; C:\Windows\KMS-QAD.exe [22528 2015-05-18] () [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-11-13] (Dritek System INC.) R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-06-02] (Enigma Software Group USA, LLC.) R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [335360 2014-12-17] (Company) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-05-26] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2015-05-26] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-05-26] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2015-05-26] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-05-26] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-05-26] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-05-26] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-05-26] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-05-26] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-05-26] () R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-11] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) S3 esgiguard; C:\Users\hugo\AppData\Local\Temp\RarSFX0\esgiguard.sys [16432 2015-04-17] (Enigma Software Group USA, LLC.) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-06-02] () R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-02] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-11-13] (Dritek System Inc.) U0 ufvqkt; C:\Windows\System32\drivers\yysxn.sys [79064 2015-06-02] (Malwarebytes Corporation) R3 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [270728 2015-05-26] (Avast Software) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-02 17:09 - 2015-06-02 17:10 - 00015157 _____ () C:\Users\hugo\Desktop\FRST.txt 2015-06-02 17:09 - 2015-06-02 17:09 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\yysxn.sys 2015-06-02 17:09 - 2015-06-02 17:09 - 00000000 ____D () C:\FRST 2015-06-02 16:58 - 2015-06-02 16:58 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-06-02 16:57 - 2015-06-02 16:57 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-06-02 16:57 - 2015-06-02 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-06-02 16:57 - 2015-06-02 16:57 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-06-02 16:57 - 2015-06-02 16:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-06-02 16:57 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-06-02 16:57 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-06-02 16:57 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-06-02 16:52 - 2015-06-02 16:54 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\hugo\Desktop\mbam-setup-2.1.6.1022.exe 2015-06-02 16:52 - 2015-06-02 16:52 - 02108928 _____ (Farbar) C:\Users\hugo\Desktop\FRST64.exe 2015-06-02 15:53 - 2015-06-02 15:53 - 04798416 _____ (McAfee, Inc.) C:\Users\hugo\Downloads\MCPR.exe 2015-06-02 15:07 - 2015-06-02 15:07 - 46420165 ____R () C:\Users\hugo\Downloads\SpyHunter 4.19.13.4482 Portable.zip 2015-06-02 14:55 - 2015-06-02 14:55 - 00003314 _____ () C:\WINDOWS\System32\Tasks\SpyHunter4Startup 2015-06-02 14:55 - 2015-06-02 14:55 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2015-06-02 14:55 - 2015-06-02 14:55 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Enigma Software Group 2015-06-02 14:55 - 2015-06-02 14:55 - 00000000 ____D () C:\sh4ldr 2015-06-02 14:55 - 2015-06-02 14:55 - 00000000 _____ () C:\autoexec.bat 2015-06-02 14:54 - 2015-06-02 14:54 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\hugo\Downloads\SpyHunter-Installer.exe 2015-06-02 14:54 - 2015-06-02 14:54 - 00022704 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys 2015-06-02 14:54 - 2015-06-02 14:54 - 00000000 ____D () C:\Program Files\Enigma Software Group 2015-06-02 07:32 - 2015-06-02 07:32 - 02231296 _____ () C:\Users\hugo\Downloads\adwcleaner_4.206.exe 2015-06-01 17:47 - 2015-06-01 17:47 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2015-06-01 17:46 - 2015-06-01 17:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-06-01 17:46 - 2015-06-01 17:46 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-06-01 17:45 - 2015-06-01 17:47 - 00000000 ____D () C:\ProgramData\Adobe 2015-06-01 17:44 - 2015-06-01 17:44 - 00568767 _____ () C:\Users\hugo\Downloads\lemoulin.pdf.zip 2015-05-26 16:28 - 2015-05-26 16:28 - 00000247 _____ () C:\WINDOWS\system32\2015-05-26-14-28-19.054-aswFe.exe-5212.log 2015-05-26 16:28 - 2015-05-26 16:28 - 00000197 _____ () C:\WINDOWS\system32\2015-05-26-14-28-15.012-AvastVBoxSVC.exe-1956.log 2015-05-26 15:42 - 2015-05-26 15:42 - 00755216 _____ () C:\Users\hugo\Downloads\loldrophackv16__7934_il309(1).exe 2015-05-26 15:40 - 2015-05-26 15:40 - 00755216 _____ () C:\Users\hugo\Downloads\loldrophackv16__7934_il309.exe 2015-05-26 15:38 - 2015-05-26 16:17 - 00000247 _____ () C:\WINDOWS\system32\2015-05-26-13-38-56.028-aswFe.exe-6100.log 2015-05-26 15:38 - 2015-05-26 15:38 - 00000197 _____ () C:\WINDOWS\system32\2015-05-26-13-38-52.009-AvastVBoxSVC.exe-2384.log 2015-05-26 15:36 - 2015-05-26 15:36 - 02097629 _____ () C:\Users\hugo\Downloads\leagueoflegendsmultihack.zip.part 2015-05-26 15:29 - 2015-05-26 15:29 - 00001223 _____ () C:\WINDOWS\unins000.dat 2015-05-26 15:29 - 2015-05-26 15:28 - 01180529 _____ () C:\WINDOWS\unins000.exe 2015-05-26 15:25 - 2015-05-26 15:26 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox 2015-05-26 15:25 - 2015-05-26 15:26 - 00000000 ____D () C:\WINDOWS\system32\vbox 2015-05-26 15:25 - 2015-05-26 15:25 - 01853762 _____ () C:\Users\hugo\Downloads\AA By Onhax.rar 2015-05-26 15:24 - 2015-05-26 15:24 - 02053480 _____ () C:\Users\hugo\Downloads\Avast 2015 All Working Cracks Keys are Here ! [LATEST].exe 2015-05-26 15:22 - 2015-05-26 15:22 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\AVAST Software 2015-05-26 15:21 - 2015-05-26 15:21 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update 2015-05-26 15:21 - 2015-05-26 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-05-26 15:20 - 2015-05-26 15:21 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2015-05-26 15:20 - 2015-05-26 15:21 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys 2015-05-26 15:20 - 2015-05-26 15:20 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2015-05-26 15:20 - 2015-05-26 15:20 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2015-05-26 15:20 - 2015-05-26 15:20 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2015-05-26 15:20 - 2015-05-26 15:20 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2015-05-26 15:20 - 2015-05-26 15:20 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2015-05-26 15:20 - 2015-05-26 15:20 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2015-05-26 15:20 - 2015-05-26 15:20 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2015-05-26 15:20 - 2015-05-26 15:20 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2015-05-26 15:20 - 2015-05-26 15:20 - 00028184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2015-05-26 15:19 - 2015-05-26 15:19 - 00449936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys 2015-05-26 15:18 - 2015-05-26 15:18 - 00000000 ____D () C:\Program Files\AVAST Software 2015-05-26 15:17 - 2015-05-26 15:18 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-05-26 15:03 - 2015-05-26 15:16 - 182803088 _____ (AVAST Software) C:\Users\hugo\Downloads\avast--Premier-Antivirus-2015-10.0.2206-Final Trial.exe 2015-05-25 09:56 - 2015-05-25 09:57 - 02128667 _____ () C:\Users\hugo\Downloads\EaseUS Data Recovery Wizard 8.6 Keygen _5BOnhax_5D.rar 2015-05-25 09:54 - 2015-05-25 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard 8.8 2015-05-25 09:52 - 2015-05-25 09:52 - 10758512 _____ (EaseUS ) C:\Users\hugo\Downloads\drw_trial.exe 2015-05-24 19:33 - 2015-05-24 19:34 - 00000000 ____D () C:\Users\hugo\Downloads\THE BLACKLIST(2014) S02E22 H.264(WEB-DL)DD5.1 1080p NL Subs TBS 2015-05-24 19:28 - 2015-05-24 19:28 - 00018205 _____ () C:\Users\hugo\Downloads\[kat.cr]the.blacklist.2014.s02e22.h.264.web.dl.dd5.1.1080p.nl.subs.tbs.torrent 2015-05-24 19:26 - 2015-05-24 19:27 - 00000000 ____D () C:\Users\hugo\Downloads\The Blacklist S02 WEB-DL x264-FUM[ettv] 2015-05-24 18:20 - 2015-05-24 19:32 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\.ACEStream 2015-05-24 18:20 - 2015-05-24 19:14 - 00000000 ___HD () C:\_acestream_cache_ 2015-05-24 18:20 - 2015-05-24 18:20 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media 2015-05-24 18:19 - 2015-05-24 18:20 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\AceWebExtension 2015-05-24 18:19 - 2015-05-24 18:20 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\ACEStream 2015-05-24 18:18 - 2015-05-24 18:19 - 69574952 _____ () C:\Users\hugo\Downloads\Ace_Stream_Media_3.0.12.exe 2015-05-24 18:18 - 2015-05-24 18:18 - 00028102 _____ () C:\Users\hugo\Downloads\[kat.cr]game.of.thrones.s05e06.hdtv.x264.asap.ettv.torrent 2015-05-20 23:20 - 2015-05-21 08:48 - 00000020 _____ () C:\WINDOWS\capsys184523.log 2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Mirillis 2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\Users\hugo\AppData\Local\Mirillis 2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\ProgramData\Mirillis 2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis 2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\Program Files (x86)\Mirillis 2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\Action! 2015-05-20 23:17 - 2015-05-20 23:17 - 00000000 ____D () C:\Users\hugo\Downloads\Mirillis Action! 1.21.0.0 2015-05-20 23:15 - 2015-05-20 23:15 - 00000000 ____D () C:\Users\hugo\Downloads\Mirillis.Action!.v1.21.0.0.Thx-Acersoft 2015-05-20 23:11 - 2015-05-20 23:12 - 18829112 _____ (Mirillis Ltd.) C:\Users\hugo\Downloads\action_1_22_0_setup.exe 2015-05-20 23:11 - 2015-05-20 23:11 - 01122816 _____ (ONHAX.NET) C:\Users\hugo\Downloads\Mirillis Action! v1.22 Patch.exe 2015-05-20 07:32 - 2015-05-20 07:32 - 00000000 ____D () C:\Users\hugo\AppData\Local\Macromedia 2015-05-20 07:28 - 2015-06-01 17:47 - 00000000 ____D () C:\Users\hugo\AppData\Local\Adobe 2015-05-19 22:22 - 2015-05-19 22:22 - 00000000 ____D () C:\Users\hugo\AppData\Local\clear.fi 2015-05-19 16:32 - 2015-06-02 07:34 - 00000000 ____D () C:\AdwCleaner 2015-05-19 16:31 - 2015-05-19 16:32 - 02209792 _____ () C:\Users\hugo\Downloads\adwcleaner_4.204.exe 2015-05-19 16:30 - 2015-05-19 16:30 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\GlarySoft 2015-05-19 07:48 - 2015-06-02 15:59 - 00000000 ____D () C:\Users\hugo\AppData\Local\Spotify 2015-05-19 07:48 - 2015-06-02 15:58 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Spotify 2015-05-19 07:48 - 2015-05-19 07:48 - 00155296 _____ (Spotify Ltd) C:\Users\hugo\Downloads\SpotifySetup.exe 2015-05-19 07:48 - 2015-05-19 07:48 - 00001766 _____ () C:\Users\hugo\Desktop\Spotify.lnk 2015-05-19 07:48 - 2015-05-19 07:48 - 00001752 _____ () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2015-05-18 21:05 - 2015-05-18 21:05 - 00022474 _____ () C:\Users\hugo\Downloads\the.blacklist.karakurt.(2015).dut.1cd.(6173748).zip 2015-05-18 20:58 - 2015-05-18 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time 2015-05-18 20:57 - 2015-05-18 20:58 - 00000000 ____D () C:\Program Files (x86)\Popcorn Time 2015-05-18 16:47 - 2015-05-18 16:47 - 00000000 ____D () C:\WINDOWS\System32\Tasks\R@1n-KMS 2015-05-18 16:46 - 2015-05-18 16:46 - 00022528 _____ () C:\WINDOWS\KMS-QAD.exe 2015-05-18 16:46 - 2015-05-18 16:46 - 00005120 _____ () C:\WINDOWS\QAD-Hook.exe 2015-05-18 16:46 - 2015-05-18 16:46 - 00003584 _____ () C:\WINDOWS\QAD-Hook.dll 2015-05-18 16:44 - 2015-05-18 16:44 - 00000000 _____ () C:\Users\hugo\AppData\Local\Temp.dat 2015-05-18 16:40 - 2015-05-18 16:40 - 02052456 _____ () C:\Users\hugo\Downloads\Re-Loader 1.2 Final All Windows And Office Activator Is Here![Latest].exe 2015-05-18 15:55 - 2015-05-18 15:55 - 00889416 _____ (Microsoft Corporation) C:\Users\hugo\Downloads\dotNetFx40_Full_setup.exe 2015-05-18 15:53 - 2015-05-18 15:53 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit 2015-05-18 15:48 - 2015-06-02 15:43 - 00000000 ____D () C:\Users\hugo\AppData\Local\Deployment 2015-05-18 15:48 - 2015-05-18 15:48 - 00000000 ____D () C:\Users\hugo\AppData\Local\Apps\2.0 2015-05-18 10:08 - 2015-05-18 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-05-18 10:06 - 2015-05-18 10:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server 2015-05-18 10:06 - 2015-05-18 10:06 - 00000000 ____D () C:\WINDOWS\PCHEALTH 2015-05-18 10:05 - 2015-05-18 10:08 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-05-18 10:05 - 2015-05-18 10:05 - 00000000 ____D () C:\Users\hugo\AppData\Local\Microsoft Help 2015-05-18 10:05 - 2015-05-18 10:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services 2015-05-18 10:04 - 2015-05-18 10:04 - 00000000 ____D () C:\Program Files\Microsoft Office 2015-05-18 10:02 - 2015-06-02 17:09 - 00000000 ____D () C:\Program Files (x86)\SharePoint Fix 2015-05-18 10:02 - 2015-05-18 16:41 - 00000000 ____D () C:\ProgramData\17676060002624468702 2015-05-18 10:02 - 2015-05-18 10:02 - 00000000 __RHD () C:\MSOCache 2015-05-18 10:01 - 2015-06-02 15:57 - 00000368 _____ () C:\WINDOWS\Tasks\Bidaily Synchronize Task[pr].job 2015-05-18 10:01 - 2015-05-18 10:01 - 00003254 _____ () C:\WINDOWS\System32\Tasks\Bidaily Synchronize Task[pr] 2015-05-18 09:57 - 2015-05-18 09:59 - 00000000 ____D () C:\Users\hugo\Downloads\Microsoft Office 2013 Professional Plus activation crack 2015-05-18 09:56 - 2015-05-18 09:56 - 02051944 _____ () C:\Users\hugo\Downloads\Re-Loader_1.2_Final.rar 2015-05-18 09:56 - 2015-05-18 09:56 - 00026057 _____ () C:\Users\hugo\Downloads\784_microsoft.offic.torrent 2015-05-18 09:47 - 2015-05-22 07:40 - 00000000 ____D () C:\Users\hugo\Desktop\School 2015-05-18 09:07 - 2015-05-18 09:10 - 00000000 ____D () C:\Users\hugo\Documents\Revocer 2015-05-18 09:05 - 2015-05-18 09:05 - 02622696 _____ (Copyright © 2011 eSupport.com • All Rights Reserved ) C:\Users\hugo\Downloads\undeleteplus_setup.exe 2015-05-18 08:30 - 2015-05-18 08:30 - 00234966 _____ () C:\Users\hugo\Downloads\REST2514.exe 2015-05-18 08:30 - 2015-05-18 08:30 - 00000000 ____D () C:\Restoration 2015-05-18 08:29 - 2015-05-18 08:29 - 00707144 _____ (Generic Installer ) C:\Users\hugo\Downloads\Installer_Restoration.exe 2015-05-18 08:21 - 2015-05-18 08:21 - 04426120 _____ (Piriform Ltd) C:\Users\hugo\Downloads\rcsetup152.exe 2015-05-17 22:59 - 2015-05-17 22:59 - 00646538 _____ () C:\Users\hugo\Downloads\ThrottleStop_500a.zip 2015-05-17 22:59 - 2015-05-17 22:59 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\WinRAR 2015-05-17 22:37 - 2015-05-25 15:02 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\vlc 2015-05-17 22:37 - 2015-05-17 22:37 - 00001034 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2015-05-17 22:37 - 2015-05-17 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-05-17 22:37 - 2015-05-17 22:37 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2015-05-17 22:36 - 2015-05-17 22:36 - 28849904 _____ () C:\Users\hugo\Downloads\vlc-2.2.1-win32.exe 2015-05-17 20:22 - 2015-05-17 20:22 - 131104768 _____ (Intel Corporation) C:\Users\hugo\Downloads\win64_152823.exe 2015-05-17 19:46 - 2015-05-17 19:46 - 00231760 _____ () C:\Users\hugo\Downloads\CrucialEUScan.exe 2015-05-17 19:03 - 2015-05-17 19:03 - 01941064 _____ () C:\Users\hugo\Downloads\winrar-x64-520.exe 2015-05-17 19:03 - 2015-05-17 19:03 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-05-17 19:03 - 2015-05-17 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-05-17 19:03 - 2015-05-17 19:03 - 00000000 ____D () C:\Program Files\WinRAR 2015-05-17 19:02 - 2015-05-17 19:02 - 02233009 _____ () C:\Users\hugo\Downloads\RL16.rar 2015-05-17 18:57 - 2015-05-17 18:57 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2015-05-17 18:39 - 2015-06-01 19:02 - 00000000 ____D () C:\Users\hugo\Documents\Bluetooth Folder 2015-05-17 18:39 - 2015-05-17 18:39 - 00000000 ____D () C:\Users\hugo\AppData\Local\BMExplorer 2015-05-17 18:31 - 2015-06-01 21:26 - 00000000 ____D () C:\Users\hugo\AppData\Local\CrashDumps 2015-05-17 18:16 - 2015-05-17 18:16 - 04737952 _____ () C:\Users\hugo\Downloads\ausetup.exe 2015-05-17 18:16 - 2015-05-17 18:16 - 00001278 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk 2015-05-17 18:16 - 2015-05-17 18:16 - 00001266 _____ () C:\Users\Public\Desktop\Absolute Uninstaller.lnk 2015-05-17 18:16 - 2015-05-17 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft 2015-05-17 18:16 - 2015-05-17 18:16 - 00000000 ____D () C:\Program Files (x86)\Glarysoft 2015-05-17 18:11 - 2015-05-17 18:11 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\LolClient 2015-05-17 17:35 - 2015-05-17 17:35 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Macromedia 2015-05-17 17:32 - 2015-05-17 17:32 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\CyberLink 2015-05-17 17:30 - 2015-05-17 17:30 - 00000000 ____D () C:\Users\Public\CyberLink 2015-05-17 17:30 - 2015-05-17 17:30 - 00000000 ____D () C:\Users\hugo\AppData\Local\Cyberlink 2015-05-17 17:27 - 2015-05-17 17:27 - 00000000 ____D () C:\ProgramData\Riot Games 2015-05-17 17:27 - 2008-07-31 11:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll 2015-05-17 17:27 - 2008-07-31 11:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll 2015-05-17 17:27 - 2008-07-12 09:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll 2015-05-17 17:27 - 2008-07-12 09:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll 2015-05-17 17:27 - 2008-07-12 09:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll 2015-05-17 17:26 - 2015-05-17 17:26 - 00001613 _____ () C:\Users\Public\Desktop\League of Legends.lnk 2015-05-17 17:26 - 2015-05-17 17:26 - 00000000 ____D () C:\Riot Games 2015-05-17 17:26 - 2015-05-17 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends 2015-05-17 17:24 - 2015-05-17 17:27 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Riot Games 2015-05-17 17:24 - 2015-05-17 17:24 - 30993712 _____ (Riot Games) C:\Users\hugo\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014.exe 2015-05-17 17:23 - 2015-06-02 16:02 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2583284370-4071791723-3653827449-1001 2015-05-17 17:23 - 2015-05-17 17:23 - 00000000 ____D () C:\Users\hugo\AppData\Local\EgisTec IPS 2015-05-17 17:22 - 2015-05-17 17:23 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Mozilla 2015-05-17 17:22 - 2015-05-17 17:23 - 00000000 ____D () C:\Users\hugo\AppData\Local\Mozilla 2015-05-17 17:21 - 2015-05-18 10:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-05-17 17:21 -%2 -
So here is my problem: When i plug in my internet cable or turn on my wifi when it wasn't in/on Avast starts popping up these messages, a total of 16 or 18. Saying there's a virus in SVCHost.exe and it's a URL:mal but i ran various adw cleaners and more but it's not working, please can someone help me?