Dinklebird

the first one is incorrect, sorry Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015 Ran by hugo (administrator) on DOGE on 02-06-2015 17:09:50 Running from C:\Users\hugo\Desktop Loaded Profiles: hugo (Available Profiles: hugo) Platform: Windows 8 (X64) OS Language: English (United States) Internet Explorer Version 10 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe () C:\Windows\KMS-QAD.exe (Dritek System INC.) C:\Windows\RfBtnSvc64.exe (Company) C:\Program Files (x86)\Popcorn Time\Updater.exe (Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Spotify Ltd) C:\Users\hugo\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.246\deploy\LoLLauncher.exe () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.30\deploy\LoLPatcher.exe () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.146\deploy\LolClient.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe () C:\Windows\QAD-Hook.exe (Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor) HKLM\...\Run: [btPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-11] () HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-26] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2015-05-26] (AVAST Software) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\Run: [spotify Web Helper] => C:\Users\hugo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-25] (Spotify Ltd) HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\Run: [spotify] => C:\Users\hugo\AppData\Roaming\Spotify\Spotify.exe [7298616 2015-05-25] (Spotify Ltd) HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\Run: [AceUpdater] => C:\Users\hugo\AppData\Roaming\ACEStream\updater\ace_update.exe [22824 2014-10-01] () HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\Run: [AceWebExtensionUpdater] => C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe [22824 2015-02-28] () HKU\S-1-5-18\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} IFEO\OSppSvc.exe: [Debugger] QAD-Hook.exe IFEO\SppExtComObj.exe: [Debugger] QAD-Hook.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-26] (AVAST Software) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/nl-nl/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2583284370-4071791723-3653827449-1001 -> {4CC4338D-BB15-48E3-9BC1-8246E85F24B7} URL = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-26] (AVAST Software) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-26] (AVAST Software) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\hugo\AppData\Roaming\Mozilla\Firefox\Profiles\womepcs4.default FF Homepage: https://www.google.nl/?gws_rd=ssl FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-20] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-20] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2583284370-4071791723-3653827449-1001: @acestream.net/acestreamplugin,version=3.0.12 -> C:\Users\hugo\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-12-03] (Innovative Digital Technologies) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.) FF Extension: AS Magic Player - C:\Users\hugo\AppData\Roaming\Mozilla\Firefox\Profiles\womepcs4.default\Extensions\magicplayer@acestream.org [2015-05-27] FF Extension: Adblock Plus - C:\Users\hugo\AppData\Roaming\Mozilla\Firefox\Profiles\womepcs4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-17] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-26] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-26] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-26] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-11] (Qualcomm Atheros Commnucations) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-05-26] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-05-26] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-05-26] (Avast Software) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [28560 2012-08-30] (ELAN Microelectronics Corp.) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R2 KMS-R@1n; C:\Windows\KMS-QAD.exe [22528 2015-05-18] () [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-11-13] (Dritek System INC.) R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-06-02] (Enigma Software Group USA, LLC.) R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [335360 2014-12-17] (Company) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-05-26] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2015-05-26] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-05-26] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2015-05-26] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-05-26] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-05-26] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-05-26] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-05-26] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-05-26] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-05-26] () R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-11] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) S3 esgiguard; C:\Users\hugo\AppData\Local\Temp\RarSFX0\esgiguard.sys [16432 2015-04-17] (Enigma Software Group USA, LLC.) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-06-02] () R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-02] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-11-13] (Dritek System Inc.) U0 ufvqkt; C:\Windows\System32\drivers\yysxn.sys [79064 2015-06-02] (Malwarebytes Corporation) R3 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [270728 2015-05-26] (Avast Software) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-02 17:09 - 2015-06-02 17:10 - 00015157 _____ () C:\Users\hugo\Desktop\FRST.txt 2015-06-02 17:09 - 2015-06-02 17:09 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\yysxn.sys 2015-06-02 17:09 - 2015-06-02 17:09 - 00000000 ____D () C:\FRST 2015-06-02 16:58 - 2015-06-02 16:58 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-06-02 16:57 - 2015-06-02 16:57 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-06-02 16:57 - 2015-06-02 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-06-02 16:57 - 2015-06-02 16:57 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-06-02 16:57 - 2015-06-02 16:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-06-02 16:57 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-06-02 16:57 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-06-02 16:57 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-06-02 16:52 - 2015-06-02 16:54 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\hugo\Desktop\mbam-setup-2.1.6.1022.exe 2015-06-02 16:52 - 2015-06-02 16:52 - 02108928 _____ (Farbar) C:\Users\hugo\Desktop\FRST64.exe 2015-06-02 15:53 - 2015-06-02 15:53 - 04798416 _____ (McAfee, Inc.) C:\Users\hugo\Downloads\MCPR.exe 2015-06-02 15:07 - 2015-06-02 15:07 - 46420165 ____R () C:\Users\hugo\Downloads\SpyHunter 4.19.13.4482 Portable.zip 2015-06-02 14:55 - 2015-06-02 14:55 - 00003314 _____ () C:\WINDOWS\System32\Tasks\SpyHunter4Startup 2015-06-02 14:55 - 2015-06-02 14:55 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2015-06-02 14:55 - 2015-06-02 14:55 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Enigma Software Group 2015-06-02 14:55 - 2015-06-02 14:55 - 00000000 ____D () C:\sh4ldr 2015-06-02 14:55 - 2015-06-02 14:55 - 00000000 _____ () C:\autoexec.bat 2015-06-02 14:54 - 2015-06-02 14:54 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\hugo\Downloads\SpyHunter-Installer.exe 2015-06-02 14:54 - 2015-06-02 14:54 - 00022704 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys 2015-06-02 14:54 - 2015-06-02 14:54 - 00000000 ____D () C:\Program Files\Enigma Software Group 2015-06-02 07:32 - 2015-06-02 07:32 - 02231296 _____ () C:\Users\hugo\Downloads\adwcleaner_4.206.exe 2015-06-01 17:47 - 2015-06-01 17:47 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2015-06-01 17:46 - 2015-06-01 17:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-06-01 17:46 - 2015-06-01 17:46 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-06-01 17:45 - 2015-06-01 17:47 - 00000000 ____D () C:\ProgramData\Adobe 2015-06-01 17:44 - 2015-06-01 17:44 - 00568767 _____ () C:\Users\hugo\Downloads\lemoulin.pdf.zip 2015-05-26 16:28 - 2015-05-26 16:28 - 00000247 _____ () C:\WINDOWS\system32\2015-05-26-14-28-19.054-aswFe.exe-5212.log 2015-05-26 16:28 - 2015-05-26 16:28 - 00000197 _____ () C:\WINDOWS\system32\2015-05-26-14-28-15.012-AvastVBoxSVC.exe-1956.log 2015-05-26 15:42 - 2015-05-26 15:42 - 00755216 _____ () C:\Users\hugo\Downloads\loldrophackv16__7934_il309(1).exe 2015-05-26 15:40 - 2015-05-26 15:40 - 00755216 _____ () C:\Users\hugo\Downloads\loldrophackv16__7934_il309.exe 2015-05-26 15:38 - 2015-05-26 16:17 - 00000247 _____ () C:\WINDOWS\system32\2015-05-26-13-38-56.028-aswFe.exe-6100.log 2015-05-26 15:38 - 2015-05-26 15:38 - 00000197 _____ () C:\WINDOWS\system32\2015-05-26-13-38-52.009-AvastVBoxSVC.exe-2384.log 2015-05-26 15:36 - 2015-05-26 15:36 - 02097629 _____ () C:\Users\hugo\Downloads\leagueoflegendsmultihack.zip.part 2015-05-26 15:29 - 2015-05-26 15:29 - 00001223 _____ () C:\WINDOWS\unins000.dat 2015-05-26 15:29 - 2015-05-26 15:28 - 01180529 _____ () C:\WINDOWS\unins000.exe 2015-05-26 15:25 - 2015-05-26 15:26 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox 2015-05-26 15:25 - 2015-05-26 15:26 - 00000000 ____D () C:\WINDOWS\system32\vbox 2015-05-26 15:25 - 2015-05-26 15:25 - 01853762 _____ () C:\Users\hugo\Downloads\AA By Onhax.rar 2015-05-26 15:24 - 2015-05-26 15:24 - 02053480 _____ () C:\Users\hugo\Downloads\Avast 2015 All Working Cracks Keys are Here ! [LATEST].exe 2015-05-26 15:22 - 2015-05-26 15:22 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\AVAST Software 2015-05-26 15:21 - 2015-05-26 15:21 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update 2015-05-26 15:21 - 2015-05-26 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-05-26 15:20 - 2015-05-26 15:21 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2015-05-26 15:20 - 2015-05-26 15:21 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys 2015-05-26 15:20 - 2015-05-26 15:20 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2015-05-26 15:20 - 2015-05-26 15:20 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2015-05-26 15:20 - 2015-05-26 15:20 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2015-05-26 15:20 - 2015-05-26 15:20 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2015-05-26 15:20 - 2015-05-26 15:20 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2015-05-26 15:20 - 2015-05-26 15:20 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2015-05-26 15:20 - 2015-05-26 15:20 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2015-05-26 15:20 - 2015-05-26 15:20 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2015-05-26 15:20 - 2015-05-26 15:20 - 00028184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2015-05-26 15:19 - 2015-05-26 15:19 - 00449936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys 2015-05-26 15:18 - 2015-05-26 15:18 - 00000000 ____D () C:\Program Files\AVAST Software 2015-05-26 15:17 - 2015-05-26 15:18 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-05-26 15:03 - 2015-05-26 15:16 - 182803088 _____ (AVAST Software) C:\Users\hugo\Downloads\avast--Premier-Antivirus-2015-10.0.2206-Final Trial.exe 2015-05-25 09:56 - 2015-05-25 09:57 - 02128667 _____ () C:\Users\hugo\Downloads\EaseUS Data Recovery Wizard 8.6 Keygen _5BOnhax_5D.rar 2015-05-25 09:54 - 2015-05-25 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard 8.8 2015-05-25 09:52 - 2015-05-25 09:52 - 10758512 _____ (EaseUS ) C:\Users\hugo\Downloads\drw_trial.exe 2015-05-24 19:33 - 2015-05-24 19:34 - 00000000 ____D () C:\Users\hugo\Downloads\THE BLACKLIST(2014) S02E22 H.264(WEB-DL)DD5.1 1080p NL Subs TBS 2015-05-24 19:28 - 2015-05-24 19:28 - 00018205 _____ () C:\Users\hugo\Downloads\[kat.cr]the.blacklist.2014.s02e22.h.264.web.dl.dd5.1.1080p.nl.subs.tbs.torrent 2015-05-24 19:26 - 2015-05-24 19:27 - 00000000 ____D () C:\Users\hugo\Downloads\The Blacklist S02 WEB-DL x264-FUM[ettv] 2015-05-24 18:20 - 2015-05-24 19:32 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\.ACEStream 2015-05-24 18:20 - 2015-05-24 19:14 - 00000000 ___HD () C:\_acestream_cache_ 2015-05-24 18:20 - 2015-05-24 18:20 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media 2015-05-24 18:19 - 2015-05-24 18:20 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\AceWebExtension 2015-05-24 18:19 - 2015-05-24 18:20 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\ACEStream 2015-05-24 18:18 - 2015-05-24 18:19 - 69574952 _____ () C:\Users\hugo\Downloads\Ace_Stream_Media_3.0.12.exe 2015-05-24 18:18 - 2015-05-24 18:18 - 00028102 _____ () C:\Users\hugo\Downloads\[kat.cr]game.of.thrones.s05e06.hdtv.x264.asap.ettv.torrent 2015-05-20 23:20 - 2015-05-21 08:48 - 00000020 _____ () C:\WINDOWS\capsys184523.log 2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Mirillis 2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\Users\hugo\AppData\Local\Mirillis 2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\ProgramData\Mirillis 2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis 2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\Program Files (x86)\Mirillis 2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\Action! 2015-05-20 23:17 - 2015-05-20 23:17 - 00000000 ____D () C:\Users\hugo\Downloads\Mirillis Action! 1.21.0.0 2015-05-20 23:15 - 2015-05-20 23:15 - 00000000 ____D () C:\Users\hugo\Downloads\Mirillis.Action!.v1.21.0.0.Thx-Acersoft 2015-05-20 23:11 - 2015-05-20 23:12 - 18829112 _____ (Mirillis Ltd.) C:\Users\hugo\Downloads\action_1_22_0_setup.exe 2015-05-20 23:11 - 2015-05-20 23:11 - 01122816 _____ (ONHAX.NET) C:\Users\hugo\Downloads\Mirillis Action! v1.22 Patch.exe 2015-05-20 07:32 - 2015-05-20 07:32 - 00000000 ____D () C:\Users\hugo\AppData\Local\Macromedia 2015-05-20 07:28 - 2015-06-01 17:47 - 00000000 ____D () C:\Users\hugo\AppData\Local\Adobe 2015-05-19 22:22 - 2015-05-19 22:22 - 00000000 ____D () C:\Users\hugo\AppData\Local\clear.fi 2015-05-19 16:32 - 2015-06-02 07:34 - 00000000 ____D () C:\AdwCleaner 2015-05-19 16:31 - 2015-05-19 16:32 - 02209792 _____ () C:\Users\hugo\Downloads\adwcleaner_4.204.exe 2015-05-19 16:30 - 2015-05-19 16:30 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\GlarySoft 2015-05-19 07:48 - 2015-06-02 15:59 - 00000000 ____D () C:\Users\hugo\AppData\Local\Spotify 2015-05-19 07:48 - 2015-06-02 15:58 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Spotify 2015-05-19 07:48 - 2015-05-19 07:48 - 00155296 _____ (Spotify Ltd) C:\Users\hugo\Downloads\SpotifySetup.exe 2015-05-19 07:48 - 2015-05-19 07:48 - 00001766 _____ () C:\Users\hugo\Desktop\Spotify.lnk 2015-05-19 07:48 - 2015-05-19 07:48 - 00001752 _____ () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2015-05-18 21:05 - 2015-05-18 21:05 - 00022474 _____ () C:\Users\hugo\Downloads\the.blacklist.karakurt.(2015).dut.1cd.(6173748).zip 2015-05-18 20:59 - 2015-05-30 15:23 - 00000000 ____D () C:\Users\hugo\Downloads\PopcornTime 2015-05-18 20:58 - 2015-05-18 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time 2015-05-18 20:57 - 2015-05-18 20:58 - 00000000 ____D () C:\Program Files (x86)\Popcorn Time 2015-05-18 20:57 - 2015-05-18 20:57 - 50764339 _____ (Popcorn Time ) C:\Users\hugo\Downloads\PopcornTime-latest.exe 2015-05-18 16:47 - 2015-05-18 16:47 - 00000000 ____D () C:\WINDOWS\System32\Tasks\R@1n-KMS 2015-05-18 16:46 - 2015-05-18 16:46 - 00022528 _____ () C:\WINDOWS\KMS-QAD.exe 2015-05-18 16:46 - 2015-05-18 16:46 - 00005120 _____ () C:\WINDOWS\QAD-Hook.exe 2015-05-18 16:46 - 2015-05-18 16:46 - 00003584 _____ () C:\WINDOWS\QAD-Hook.dll 2015-05-18 16:44 - 2015-05-18 16:44 - 00000000 _____ () C:\Users\hugo\AppData\Local\Temp.dat 2015-05-18 16:40 - 2015-05-18 16:40 - 02052456 _____ () C:\Users\hugo\Downloads\Re-Loader 1.2 Final All Windows And Office Activator Is Here![Latest].exe 2015-05-18 15:55 - 2015-05-18 15:55 - 00889416 _____ (Microsoft Corporation) C:\Users\hugo\Downloads\dotNetFx40_Full_setup.exe 2015-05-18 15:53 - 2015-05-18 15:53 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit 2015-05-18 15:48 - 2015-06-02 15:43 - 00000000 ____D () C:\Users\hugo\AppData\Local\Deployment 2015-05-18 15:48 - 2015-05-18 15:48 - 00000000 ____D () C:\Users\hugo\AppData\Local\Apps\2.0 2015-05-18 10:08 - 2015-05-18 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-05-18 10:06 - 2015-05-18 10:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server 2015-05-18 10:06 - 2015-05-18 10:06 - 00000000 ____D () C:\WINDOWS\PCHEALTH 2015-05-18 10:05 - 2015-05-18 10:08 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-05-18 10:05 - 2015-05-18 10:05 - 00000000 ____D () C:\Users\hugo\AppData\Local\Microsoft Help 2015-05-18 10:05 - 2015-05-18 10:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services 2015-05-18 10:04 - 2015-05-18 10:04 - 00000000 ____D () C:\Program Files\Microsoft Office 2015-05-18 10:02 - 2015-06-02 17:09 - 00000000 ____D () C:\Program Files (x86)\SharePoint Fix 2015-05-18 10:02 - 2015-05-18 16:41 - 00000000 ____D () C:\ProgramData\17676060002624468702 2015-05-18 10:02 - 2015-05-18 10:02 - 00000000 __RHD () C:\MSOCache 2015-05-18 10:01 - 2015-06-02 15:57 - 00000368 _____ () C:\WINDOWS\Tasks\Bidaily Synchronize Task[pr].job 2015-05-18 10:01 - 2015-05-18 10:01 - 00003254 _____ () C:\WINDOWS\System32\Tasks\Bidaily Synchronize Task[pr] 2015-05-18 09:57 - 2015-05-18 09:59 - 00000000 ____D () C:\Users\hugo\Downloads\Microsoft Office 2013 Professional Plus activation crack 2015-05-18 09:56 - 2015-06-02 15:11 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\uTorrent 2015-05-18 09:56 - 2015-05-18 09:56 - 02051944 _____ () C:\Users\hugo\Downloads\Re-Loader_1.2_Final.rar 2015-05-18 09:56 - 2015-05-18 09:56 - 00026057 _____ () C:\Users\hugo\Downloads\784_microsoft.offic.torrent 2015-05-18 09:55 - 2015-05-18 09:55 - 01998432 _____ (BitTorrent Inc.) C:\Users\hugo\Downloads\uTorrent.exe 2015-05-18 09:47 - 2015-05-22 07:40 - 00000000 ____D () C:\Users\hugo\Desktop\School 2015-05-18 09:07 - 2015-05-18 09:10 - 00000000 ____D () C:\Users\hugo\Documents\Revocer 2015-05-18 09:05 - 2015-05-18 09:05 - 02622696 _____ (Copyright © 2011 eSupport.com • All Rights Reserved ) C:\Users\hugo\Downloads\undeleteplus_setup.exe 2015-05-18 08:30 - 2015-05-18 08:30 - 00234966 _____ () C:\Users\hugo\Downloads\REST2514.exe 2015-05-18 08:30 - 2015-05-18 08:30 - 00000000 ____D () C:\Restoration 2015-05-18 08:29 - 2015-05-18 08:29 - 00707144 _____ (Generic Installer ) C:\Users\hugo\Downloads\Installer_Restoration.exe 2015-05-18 08:21 - 2015-05-18 08:21 - 04426120 _____ (Piriform Ltd) C:\Users\hugo\Downloads\rcsetup152.exe 2015-05-17 22:59 - 2015-05-17 22:59 - 00646538 _____ () C:\Users\hugo\Downloads\ThrottleStop_500a.zip 2015-05-17 22:59 - 2015-05-17 22:59 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\WinRAR 2015-05-17 22:37 - 2015-05-25 15:02 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\vlc 2015-05-17 22:37 - 2015-05-17 22:37 - 00001034 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2015-05-17 22:37 - 2015-05-17 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-05-17 22:37 - 2015-05-17 22:37 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2015-05-17 22:36 - 2015-05-17 22:36 - 28849904 _____ () C:\Users\hugo\Downloads\vlc-2.2.1-win32.exe 2015-05-17 20:22 - 2015-05-17 20:22 - 131104768 _____ (Intel Corporation) C:\Users\hugo\Downloads\win64_152823.exe 2015-05-17 19:46 - 2015-05-17 19:46 - 00231760 _____ () C:\Users\hugo\Downloads\CrucialEUScan.exe 2015-05-17 19:03 - 2015-05-17 19:03 - 01941064 _____ () C:\Users\hugo\Downloads\winrar-x64-520.exe 2015-05-17 19:03 - 2015-05-17 19:03 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-05-17 19:03 - 2015-05-17 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-05-17 19:03 - 2015-05-17 19:03 - 00000000 ____D () C:\Program Files\WinRAR 2015-05-17 19:02 - 2015-05-17 19:02 - 02233009 _____ () C:\Users\hugo\Downloads\RL16.rar 2015-05-17 18:57 - 2015-05-17 18:57 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2015-05-17 18:39 - 2015-06-01 19:02 - 00000000 ____D () C:\Users\hugo\Documents\Bluetooth Folder 2015-05-17 18:39 - 2015-05-17 18:39 - 00000000 ____D () C:\Users\hugo\AppData\Local\BMExplorer 2015-05-17 18:31 - 2015-06-01 21:26 - 00000000 ____D () C:\Users\hugo\AppData\Local\CrashDumps 2015-05-17 18:16 - 2015-05-17 18:16 - 04737952 _____ () C:\Users\hugo\Downloads\ausetup.exe 2015-05-17 18:16 - 2015-05-17 18:16 - 00001278 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk 2015-05-17 18:16 - 2015-05-17 18:16 - 00001266 _____ () C:\Users\Public\Desktop\Absolute Uninstaller.lnk 2015-05-17 18:16 - 2015-05-17 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft 2015-05-17 18:16 - 2015-05-17 18:16 - 00000000 ____D () C:\Program Files (x86)\Glarysoft 2015-05-17 18:11 - 2015-05-17 18:11 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\LolClient 2015-05-17 17:35 - 2015-05-17 17:35 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Macromedia 2015-05-17 17:32 - 2015-05-17 17:32 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\CyberLink 2015-05-17 17:30 - 2015-05-17 17:30 - 00000000 ____D () C:\Users\Public\CyberLink 2015-05-17 17:30 - 2015-05-17 17:30 - 00000000 ____D () C:\Users\hugo\AppData\Local\Cyberlink 2015-05-17 17:27 - 2015-05-17 17:27 - 00000000 ____D () C:\ProgramData\Riot Games 2015-05-17 17:27 - 2008-07-31 11:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll 2015-05-17 17:27 - 2008-07-31 11:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll 2015-05-17 17:27 - 2008-07-12 09:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll 2015-05-17 17:27 - 2008-07-12 09:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll 2015-05-17 17:27 - 2008-07-12 09:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll 2015-05-17 17:26 - 2015-05-17 17:26 - 00001613 _____ () C:\Users\Public\Desktop\League of Legends.lnk 2015-05-17 17:26 - 2015-05-17 17:26 - 00000000 ____D () C:\Riot Games 2015-05-17 17:26 - 2015-05-17 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends 2015-05-17 17:24 - 2015-05-17 17:27 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Riot Games 2015-05-17 17:24 - 2015-05-17 17:24 - 30993712 _____ (Riot Games) C:\Users\hugo\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014.exe 2015-05-17 17:23 - 2015-06-02 16:02 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2583284370-4071791723-3653827449-1001 2015-05-17 17:23 - 2015-05-17 17:23 - 00000000 ____D () C:\Users\hugo\AppData\Local\EgisTec IPS 2015-05-17 17:22 - 2015-05-17 17:23 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Mozilla 2015-05-17 17:22 - 2015-05-17 17:23 - 00000000 ____D () C:\Users\hugo\AppData\Local\Mozilla 2015-05-17 17:21 - 2015-05-18 10:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-05-17 17:21 - 2015-05-17 17:21 - 00001167 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-05-17 17:21 - 2015-05-17 17:21 - 00001155 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-05-17 17:21 - 2015-05-17 17:21 - 00000000 ____D () C:\ProgramData\Mozilla 2015-05-17 17:21 - 2015-05-17 17:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-05-17 17:17 - 2015-05-17 17:17 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Atheros 2015-05-17 17:15 - 2015-06-01 18:43 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Adobe 2015-05-17 17:15 - 2015-05-17 17:15 - 00001438 _____ () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-05-17 17:15 - 2015-05-17 17:15 - 00000000 ____D () C:\Program Files\Accessory Store 2015-05-17 17:13 - 2015-06-01 17:46 - 00000000 ____D () C:\Users\hugo\AppData\Local\Packages 2015-05-17 17:13 - 2015-05-18 20:58 - 00000000 ____D () C:\Users\hugo\AppData\Local\VirtualStore 2015-05-17 17:12 - 2015-06-02 07:39 - 01422734 _____ () C:\WINDOWS\WindowsUpdate.log 2015-05-17 17:11 - 2015-05-17 17:15 - 00000000 ____D () C:\Users\hugo 2015-05-17 17:11 - 2015-05-17 17:11 - 00000020 ___SH () C:\Users\hugo\ntuser.ini 2015-05-17 17:11 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-05-17 17:11 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-05-17 17:11 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-05-17 17:11 - 2012-07-26 10:13 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-02 17:09 - 2012-07-26 10:12 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages 2015-06-02 17:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-06-02 16:04 - 2012-07-26 09:28 - 00848230 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-06-02 15:57 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-06-02 15:56 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-06-01 19:03 - 2012-10-24 06:06 - 00032778 _____ () C:\WINDOWS\PFRO.log 2015-05-25 10:10 - 2012-07-26 09:21 - 00024747 _____ () C:\WINDOWS\setupact.log 2015-05-19 16:57 - 2012-10-24 06:34 - 00422024 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-05-19 14:59 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent 2015-05-18 14:14 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache 2015-05-18 14:13 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-05-18 14:12 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\WinStore 2015-05-18 14:12 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz 2015-05-18 14:12 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com 2015-05-18 14:12 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer 2015-05-18 14:12 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender 2015-05-18 14:12 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer 2015-05-18 14:12 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-05-18 14:12 - 2012-07-26 09:52 - 00000000 ____D () C:\Program Files\Windows Journal 2015-05-18 14:12 - 2012-07-26 09:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\winrm 2015-05-18 14:12 - 2012-07-26 09:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN 2015-05-18 14:12 - 2012-07-26 09:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep 2015-05-18 14:12 - 2012-07-26 09:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\slmgr 2015-05-18 14:12 - 2012-07-26 09:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\Printing_Admin_Scripts 2015-05-18 14:12 - 2012-07-26 07:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe 2015-05-18 14:12 - 2012-07-26 07:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism 2015-05-18 14:12 - 2012-07-26 07:37 - 00000000 ____D () C:\WINDOWS\servicing 2015-05-18 14:11 - 2012-07-26 10:12 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2015-05-18 14:11 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\migwiz 2015-05-18 14:11 - 2012-07-26 09:49 - 00000000 ____D () C:\WINDOWS\system32\winrm 2015-05-18 14:11 - 2012-07-26 09:49 - 00000000 ____D () C:\WINDOWS\system32\slmgr 2015-05-18 14:11 - 2012-07-26 07:38 - 00000000 ____D () C:\WINDOWS\system32\Sysprep 2015-05-18 14:11 - 2012-07-26 07:38 - 00000000 ____D () C:\WINDOWS\system32\oobe 2015-05-18 14:10 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform 2015-05-18 14:10 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\Com 2015-05-18 14:10 - 2012-07-26 09:49 - 00000000 ____D () C:\WINDOWS\system32\WCN 2015-05-18 14:10 - 2012-07-26 09:49 - 00000000 ____D () C:\WINDOWS\system32\Printing_Admin_Scripts 2015-05-18 14:10 - 2012-07-26 07:38 - 00000000 ____D () C:\WINDOWS\system32\Dism 2015-05-18 14:06 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI 2015-05-18 10:07 - 2012-07-26 09:52 - 00000000 ____D () C:\WINDOWS\ShellNew 2015-05-18 10:06 - 2012-11-13 20:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2015-05-18 10:05 - 2012-07-26 07:26 - 00000199 _____ () C:\WINDOWS\win.ini 2015-05-18 10:04 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-05-17 20:25 - 2012-11-13 19:31 - 00015758 _____ () C:\WINDOWS\system32\results.xml 2015-05-17 20:24 - 2012-11-13 19:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2015-05-17 20:24 - 2012-10-24 06:33 - 00000000 ____D () C:\Program Files (x86)\Intel 2015-05-17 19:20 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP 2015-05-17 18:39 - 2012-11-13 20:03 - 00000000 ____D () C:\ProgramData\Atheros 2015-05-17 18:35 - 2012-10-24 07:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-05-17 18:29 - 2012-11-13 20:17 - 00001024 ___RH () C:\Users\Public\Documents\NTIMMV9Acer.dll 2015-05-17 18:29 - 2012-10-24 07:15 - 00000000 ____D () C:\Program Files (x86)\NTI 2015-05-17 18:28 - 2012-10-24 07:13 - 00000000 ____D () C:\Program Files\Acer 2015-05-17 18:28 - 2012-10-24 07:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2015-05-17 18:27 - 2012-10-24 07:12 - 00000000 ____D () C:\ProgramData\Acer 2015-05-17 18:27 - 2012-10-24 07:11 - 00000000 ____D () C:\Program Files (x86)\Acer 2015-05-17 18:22 - 2012-10-24 07:11 - 00000000 ____D () C:\WINDOWS\oem 2015-05-17 18:19 - 2012-10-24 06:35 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-05-17 18:18 - 2012-10-24 06:35 - 00000000 ____D () C:\ProgramData\WildTangent 2015-05-17 18:16 - 2012-10-24 07:15 - 00000000 ____D () C:\ProgramData\BackupManager 2015-05-17 18:04 - 2012-07-26 10:13 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template 2015-05-17 17:25 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\restore 2015-05-17 17:21 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-05-17 17:16 - 2012-10-24 06:58 - 00000000 ___HD () C:\OEM 2015-05-17 17:15 - 2012-11-13 20:11 - 00000000 ____D () C:\ProgramData\OEM ==================== Files in the root of some directories ======= 2015-05-18 16:44 - 2015-05-18 16:44 - 0000000 _____ () C:\Users\hugo\AppData\Local\Temp.dat 2012-11-13 19:50 - 2012-11-13 19:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== C:\Users\hugo\AppData\Local\Temp\AcerCloudDocsSetup.exe C:\Users\hugo\AppData\Local\Temp\AcerCloudSetup.exe C:\Users\hugo\AppData\Local\Temp\ose00000.exe C:\Users\hugo\AppData\Local\Temp\Quarantine.exe C:\Users\hugo\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-01 17:52 ==================== End of log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015 Ran by hugo at 2015-06-02 17:10:53 Running from C:\Users\hugo\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2583284370-4071791723-3653827449-500 - Administrator - Disabled) Guest (S-1-5-21-2583284370-4071791723-3653827449-501 - Limited - Disabled) hugo (S-1-5-21-2583284370-4071791723-3653827449-1001 - Administrator - Enabled) => C:\Users\hugo ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Absolute Uninstaller 5.3.1.20 (HKLM-x32\...\Absolute Uninstaller) (Version: 5.3.1.20 - Glarysoft Ltd) Ace Stream Media 3.0.12 (HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\AceStream) (Version: 3.0.12 - Ace Stream Media) <==== ATTENTION! Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated) Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.4 - Atheros Communications Inc.) Avast Premier (HKLM-x32\...\Avast) (Version: 10.0.2206 - AVAST Software) Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc) EaseUS Data Recovery Wizard 8.8 (HKLM\...\EaseUS Data Recovery Wizard 8.8_is1) (Version: - EaseUS) ETDWare PS/2-X64 11.6.8.001_WHQL (HKLM\...\Elantech) (Version: 11.6.8.001 - ELAN Microelectronic Corp.) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4101 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation) Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 38.0.1 (x86 nl) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 nl)) (Version: 38.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla) Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer) Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 5.2.1 - Popcorn Time) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications) Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.05 - Qualcomm Atheros) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Spotify (HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\Spotify) (Version: 1.0.5.186.ga9c24d6a - Spotify AB) Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 17-05-2015 17:25:05 Installed Microsoft Visual C++ 2005 Redistributable (x64) 26-05-2015 15:18:12 avast! antivirus system restore point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 07:26 - 2015-05-20 23:18 - 00001001 ____N C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 thislineskipsanyemptylines 127.0.0.1 mirillis.com 127.0.0.1 www.mirillis.com 127.0.0.1 serwer2.paka-service.com 127.0.0.1 ns386119.ovh.net 127.0.0.1 mirillis.pl ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {13BEDC52-5356-41E4-A102-0B44F7E38165} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {16F58D1C-6B57-4750-B781-C836C9C5FE87} - System32\Tasks\R@1n-KMS\Office15x64ProP => wmic Task: {3C327C9E-7526-4E25-8ABD-9F7D6C93A8CE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated) Task: {3F9F3ECB-D53D-4068-AF34-F3C39D1A83D8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {895DA87E-805D-4C12-B1CB-FF34A015E750} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-06-02] (Enigma Software Group USA, LLC.) Task: {90BB94D8-B794-48CB-AA80-B6383E5B7B3D} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-23] (Acer Incorporated) Task: {9AEF8C1E-5CF1-4067-A98F-8865B31CEA86} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {A67A6EFB-2D9B-489D-B981-3429A2DEA768} - System32\Tasks\Bidaily Synchronize Task[pr] => c:\programdata\{10b7b995-cf23-ad39-10b7-7b995cf2e657}\re-loader_1.2_final.rar.exe <==== ATTENTION Task: {FD2CEA31-1CB8-4AD5-B9AC-273948F134FB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-26] (AVAST Software) Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task[pr].job => c:\programdata\{10b7b995-cf23-ad39-10b7-7b995cf2e657}\re-loader_1.2_final.rar.exe <==== ATTENTION ==================== Loaded Modules (Whitelisted) ============== 2015-05-18 16:46 - 2015-05-18 16:46 - 00022528 _____ () C:\Windows\KMS-QAD.exe 2012-10-01 20:34 - 2012-10-01 20:34 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2015-05-26 15:20 - 2015-05-26 15:20 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll 2015-05-26 15:20 - 2015-05-26 15:20 - 05846160 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll 2012-07-26 09:58 - 2012-07-26 09:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll 2012-10-29 06:16 - 2012-10-23 05:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2015-02-28 03:23 - 2015-02-28 03:23 - 00022824 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe 2012-08-11 04:28 - 2012-08-11 04:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll 2014-01-21 17:54 - 2015-05-17 17:27 - 01294336 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe 2015-05-28 21:36 - 2015-05-28 21:36 - 02362872 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.246\deploy\LoLLauncher.exe 2015-05-28 21:36 - 2015-05-28 21:36 - 03919864 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.30\deploy\LoLPatcher.exe 2015-05-17 17:36 - 2015-05-17 17:36 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.146\deploy\LolClient.exe 2015-05-18 16:46 - 2015-05-18 16:46 - 00005120 _____ () C:\WINDOWS\QAD-Hook.exe 2015-05-18 16:46 - 2015-05-18 16:46 - 00003584 _____ () C:\WINDOWS\QAD-Hook.dll 2015-05-26 15:29 - 2014-03-14 08:00 - 00695808 _____ () C:\Program Files\AVAST Software\Avast\VERSION.dll 2015-06-02 14:52 - 2015-06-02 14:52 - 02951680 _____ () C:\Program Files\AVAST Software\Avast\defs\15060200\algo.dll 2015-05-26 15:20 - 2015-05-26 15:20 - 04491192 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll 2011-06-12 15:09 - 2011-06-12 15:09 - 00038400 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\_socket.pyd 2011-06-12 15:09 - 2011-06-12 15:09 - 00720896 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\_ssl.pyd 2014-01-23 13:37 - 2014-01-23 13:37 - 00036352 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\_psutil_mswindows.pyd 2012-02-07 18:37 - 2012-02-07 18:37 - 00098816 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\win32api.pyd 2012-02-07 18:35 - 2012-02-07 18:35 - 00110080 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\pywintypes27.dll 2012-02-07 18:38 - 2012-02-07 18:38 - 00358912 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\pythoncom27.dll 2012-02-07 18:42 - 2012-02-07 18:42 - 00266240 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\win32com.shell.shell.pyd 2011-06-12 15:06 - 2011-06-12 15:06 - 00287232 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\_hashlib.pyd 2011-06-12 15:06 - 2011-06-12 15:06 - 00106496 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\_ctypes.pyd 2010-10-11 00:23 - 2010-10-11 00:23 - 00723968 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\apsw.pyd 2011-01-18 23:56 - 2011-01-18 23:56 - 00334336 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\M2Crypto.__m2crypto.pyd 2011-06-12 15:06 - 2011-06-12 15:06 - 00011776 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\select.pyd 2011-06-12 15:06 - 2011-06-12 15:06 - 00152576 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\pyexpat.pyd 2011-06-12 15:06 - 2011-06-12 15:06 - 00688128 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\unicodedata.pyd 2015-05-26 15:20 - 2015-05-26 15:20 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2012-11-13 19:42 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll 2015-05-28 21:36 - 2015-05-28 21:36 - 01672696 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.30\deploy\RiotLauncher.dll 2015-05-17 17:30 - 2015-05-17 17:30 - 04774248 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.146\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll 2012-10-01 20:33 - 2012-10-01 20:33 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\hugo\Downloads\loldrophackv16__7934_il309(1).exe:typelib ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hugo\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg HKU\S-1-5-21-2583284370-4071791723-3653827449-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\hugo\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby" HKLM\...\StartupApproved\Run32: => "Dolby Home Theater v4" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{06C5B32C-DC99-4B0E-ABFE-EBD4EA11DCF4}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe FirewallRules: [{A01F8104-FFB4-4B15-9ED5-7B9D29C34FC8}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe FirewallRules: [{6E2301DE-C363-4FE2-B806-C6D225852DAD}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe FirewallRules: [{FD020762-B806-4363-82A1-777EC17152B5}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{44B6D0AD-2FAD-4FCF-890F-A2BA9C491635}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{FCAA457F-271C-41D2-81D4-A6A8590ED400}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{2484B05B-84F8-4D44-9EA6-61A3BED4DDD4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{BF3E45D2-35E0-4649-A3E6-0D2F260B97BA}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe FirewallRules: [{68895981-5661-42F3-B8CB-DBDEBFA2057B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe FirewallRules: [{F7A05CE6-D1D6-4E47-87C3-18D687D1159E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{8A63CCB9-E34D-4432-90C1-6B9A7A35CA4F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{685FDB32-84ED-47D6-9102-BDAE2BD3E388}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{99F01D37-5AA3-4655-9DF6-8C3597C4FC15}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{C8B527EE-1E09-4CD8-89AD-F4DF6AFC9315}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe FirewallRules: [{18CE292C-0120-4EAB-8A95-359DE93E6A0D}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe FirewallRules: [{BA7CFF1F-DE81-4FA2-ADD5-7D137629D341}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{DC1B588F-359A-4924-8345-A1F4B26C3285}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{C77EDA70-43E8-411F-ACAF-E1C75E362DC9}] => (Allow) C:\Users\hugo\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{0B4C8F89-8DCF-4E89-A24A-83B3337DB3BE}] => (Allow) C:\Users\hugo\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{D507B54F-D727-4C4C-B4E0-FF2FC969924D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{278FAD10-26E7-466A-9E45-BEAA0DD9A637}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{6758D962-7D16-4A6B-A6E8-8B86B29F80D4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{DB29A1EA-11B1-4464-B798-C08106DDE118}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{CF520C60-1181-45D5-8917-1E2CAEBF0DD0}] => (Allow) C:\Windows\KMS-QAD.exe FirewallRules: [{F5DAB228-0DA1-4295-A2CE-77802667B7AE}] => (Allow) C:\Windows\KMS-QAD.exe FirewallRules: [{2E917060-F584-461A-ACDD-08E4044BC280}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe FirewallRules: [{BD0EB79D-F54F-472D-9F5A-D0896A794D32}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe FirewallRules: [{1C382281-4126-4699-8C9C-593519C9D2D3}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{50B57F0B-5E63-4741-90EE-FA6DC0C726DD}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [TCP Query User{DE79BC85-BB55-4F87-B51C-62D115F29524}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe FirewallRules: [uDP Query User{16A5F075-94D4-47A8-AEB0-91FA22FC9424}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe FirewallRules: [TCP Query User{4FAF1412-8EB5-41E3-BB85-66FD4BED92AA}C:\users\hugo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hugo\appdata\roaming\spotify\spotify.exe FirewallRules: [uDP Query User{ECB884FD-D15B-4F4D-84DF-A2AAE828E265}C:\users\hugo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hugo\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{E82421B4-6D07-457E-95F9-BA55014D258F}C:\users\hugo\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\hugo\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [uDP Query User{030C0F4D-6E13-419F-8C99-92B4077F2B26}C:\users\hugo\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\hugo\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [{7F1632F5-421E-4C5E-982C-786BCF25801E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{5FEB9081-A6DF-4FA4-88FE-83D238E48807}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/02/2015 03:57:06 PM) (Source: ETDService) (EventID: 0) (User: ) Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0 Error: (06/02/2015 03:30:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: League of Legends.exe, version: 5.10.0.330, time stamp: 0x555f6b59 Faulting module name: League of Legends.exe, version: 5.10.0.330, time stamp: 0x555f6b59 Exception code: 0xc0000409 Fault offset: 0x00d12cd7 Faulting process id: 0x1490 Faulting application start time: 0xLeague of Legends.exe0 Faulting application path: League of Legends.exe1 Faulting module path: League of Legends.exe2 Report Id: League of Legends.exe3 Faulting package full name: League of Legends.exe4 Faulting package-relative application ID: League of Legends.exe5 Error: (06/01/2015 09:26:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac Faulting module name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac Exception code: 0xc0000005 Fault offset: 0x000b8554 Faulting process id: 0x414 Faulting application start time: 0xrads_user_kernel.exe0 Faulting application path: rads_user_kernel.exe1 Faulting module path: rads_user_kernel.exe2 Report Id: rads_user_kernel.exe3 Faulting package full name: rads_user_kernel.exe4 Faulting package-relative application ID: rads_user_kernel.exe5 Error: (06/01/2015 06:43:49 PM) (Source: Adobe Reader) (EventID: 16) (User: ) Description: Error: (05/29/2015 10:57:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: LolClient.exe, version: 0.0.0.0, time stamp: 0x515663e0 Faulting module name: WebKit.dll, version: 6531.9.0.0, time stamp: 0x51566370 Exception code: 0xc0000005 Fault offset: 0x000a9965 Faulting process id: 0x2490 Faulting application start time: 0xLolClient.exe0 Faulting application path: LolClient.exe1 Faulting module path: LolClient.exe2 Report Id: LolClient.exe3 Faulting package full name: LolClient.exe4 Faulting package-relative application ID: LolClient.exe5 Error: (05/26/2015 03:33:42 PM) (Source: VSS) (EventID: 12294) (User: ) Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG. Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},00000079C2E22F80). Operation: Get Shadow Copy Properties Context: Execution Context: Coordinator Error: (05/26/2015 03:31:07 PM) (Source: ETDService) (EventID: 0) (User: ) Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0 Error: (05/26/2015 03:27:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary khzatoac. System Error: The system cannot find the file specified. . Error: (05/26/2015 03:26:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary khzatoac. System Error: The system cannot find the file specified. . Error: (05/26/2015 03:18:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary khzatoac. System Error: The system cannot find the file specified. . System errors: ============= Error: (06/02/2015 03:56:29 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY) Description: 0xc000014d0 Error: (06/02/2015 03:56:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Software Protection service terminated with the following error: %%19 Error: (06/02/2015 03:09:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The esgiguard service failed to start due to the following error: %%1275 Error: (06/02/2015 03:09:08 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\hugo\AppData\Local\Temp\RarSFX0\esgiguard.sys Error: (06/01/2015 07:04:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee SiteAdvisor Service service failed to start due to the following error: %%2 Error: (06/01/2015 07:03:37 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY) Description: 0xc000014d0 Error: (06/01/2015 07:03:59 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 18:49:13 on ‎1-‎6-‎2015 was unexpected. Error: (05/26/2015 04:17:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (05/26/2015 03:31:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee SiteAdvisor Service service failed to start due to the following error: %%2 Error: (05/26/2015 03:30:32 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY) Description: 0xc000014d0 Microsoft Office: ========================= Error: (06/02/2015 03:57:06 PM) (Source: ETDService) (EventID: 0) (User: ) Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0 Error: (06/02/2015 03:30:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: League of Legends.exe5.10.0.330555f6b59League of Legends.exe5.10.0.330555f6b59c000040900d12cd7149001d09d355c02be80C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.91\deploy\League of Legends.exeC:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.91\deploy\League of Legends.exe9a561a78-092b-11e5-be77-20689dfa0e02 Error: (06/01/2015 09:26:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: rads_user_kernel.exe0.0.0.04e65c1acrads_user_kernel.exe0.0.0.04e65c1acc0000005000b855441401d09ca0cc9162d4C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exeC:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe147ce1e2-0894-11e5-be77-20689dfa0e02 Error: (06/01/2015 06:43:49 PM) (Source: Adobe Reader) (EventID: 16) (User: ) Description: Error: (05/29/2015 10:57:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: LolClient.exe0.0.0.0515663e0WebKit.dll6531.9.0.051566370c0000005000a9965249001d09a1c5e12c6d2C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.146\deploy\LolClient.exeC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.146\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll5933ce7a-0645-11e5-be76-20689dfa0e02 Error: (05/26/2015 03:33:42 PM) (Source: VSS) (EventID: 12294) (User: ) Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},00000079C2E22F80) Operation: Get Shadow Copy Properties Context: Execution Context: Coordinator Error: (05/26/2015 03:31:07 PM) (Source: ETDService) (EventID: 0) (User: ) Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0 Error: (05/26/2015 03:27:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary khzatoac. System Error: The system cannot find the file specified. Error: (05/26/2015 03:26:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary khzatoac. System Error: The system cannot find the file specified. Error: (05/26/2015 03:18:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary khzatoac. System Error: The system cannot find the file specified. ==================== Memory info =========================== Processor: Intel® Core i3-2328M CPU @ 2.20GHz Percentage of memory in use: 59% Total physical RAM: 3912.27 MB Available physical RAM: 1601.07 MB Total Pagefile: 11912.27 MB Available Pagefile: 9234.22 MB Total Virtual: 8192 MB Available Virtual: 8191.78 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:443.61 GB) (Free:374.17 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 011599F4) Partition: GPT Partition Type. ==================== End of log ============================

Here are my logs: ------------------------------------- Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015 Ran by hugo at 2015-06-02 17:10:53 Running from C:\Users\hugo\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2583284370-4071791723-3653827449-500 - Administrator - Disabled) Guest (S-1-5-21-2583284370-4071791723-3653827449-501 - Limited - Disabled) hugo (S-1-5-21-2583284370-4071791723-3653827449-1001 - Administrator - Enabled) => C:\Users\hugo ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Absolute Uninstaller 5.3.1.20 (HKLM-x32\...\Absolute Uninstaller) (Version: 5.3.1.20 - Glarysoft Ltd) Ace Stream Media 3.0.12 (HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\AceStream) (Version: 3.0.12 - Ace Stream Media) <==== ATTENTION! Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated) Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.4 - Atheros Communications Inc.) Avast Premier (HKLM-x32\...\Avast) (Version: 10.0.2206 - AVAST Software) Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc) EaseUS Data Recovery Wizard 8.8 (HKLM\...\EaseUS Data Recovery Wizard 8.8_is1) (Version: - EaseUS) ETDWare PS/2-X64 11.6.8.001_WHQL (HKLM\...\Elantech) (Version: 11.6.8.001 - ELAN Microelectronic Corp.) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4101 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation) Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 38.0.1 (x86 nl) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 nl)) (Version: 38.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla) Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer) Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 5.2.1 - Popcorn Time) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications) Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.05 - Qualcomm Atheros) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Spotify (HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\Spotify) (Version: 1.0.5.186.ga9c24d6a - Spotify AB) Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 17-05-2015 17:25:05 Installed Microsoft Visual C++ 2005 Redistributable (x64) 26-05-2015 15:18:12 avast! antivirus system restore point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 07:26 - 2015-05-20 23:18 - 00001001 ____N C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 thislineskipsanyemptylines 127.0.0.1 mirillis.com 127.0.0.1 www.mirillis.com 127.0.0.1 serwer2.paka-service.com 127.0.0.1 ns386119.ovh.net 127.0.0.1 mirillis.pl ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {13BEDC52-5356-41E4-A102-0B44F7E38165} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {16F58D1C-6B57-4750-B781-C836C9C5FE87} - System32\Tasks\R@1n-KMS\Office15x64ProP => wmic Task: {3C327C9E-7526-4E25-8ABD-9F7D6C93A8CE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated) Task: {3F9F3ECB-D53D-4068-AF34-F3C39D1A83D8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {895DA87E-805D-4C12-B1CB-FF34A015E750} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-06-02] (Enigma Software Group USA, LLC.) Task: {90BB94D8-B794-48CB-AA80-B6383E5B7B3D} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-23] (Acer Incorporated) Task: {9AEF8C1E-5CF1-4067-A98F-8865B31CEA86} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {A67A6EFB-2D9B-489D-B981-3429A2DEA768} - System32\Tasks\Bidaily Synchronize Task[pr] => c:\programdata\{10b7b995-cf23-ad39-10b7-7b995cf2e657}\re-loader_1.2_final.rar.exe <==== ATTENTION Task: {FD2CEA31-1CB8-4AD5-B9AC-273948F134FB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-26] (AVAST Software) Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task[pr].job => c:\programdata\{10b7b995-cf23-ad39-10b7-7b995cf2e657}\re-loader_1.2_final.rar.exe <==== ATTENTION ==================== Loaded Modules (Whitelisted) ============== 2015-05-18 16:46 - 2015-05-18 16:46 - 00022528 _____ () C:\Windows\KMS-QAD.exe 2012-10-01 20:34 - 2012-10-01 20:34 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2015-05-26 15:20 - 2015-05-26 15:20 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll 2015-05-26 15:20 - 2015-05-26 15:20 - 05846160 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll 2012-07-26 09:58 - 2012-07-26 09:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll 2012-10-29 06:16 - 2012-10-23 05:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2015-02-28 03:23 - 2015-02-28 03:23 - 00022824 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe 2012-08-11 04:28 - 2012-08-11 04:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll 2014-01-21 17:54 - 2015-05-17 17:27 - 01294336 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe 2015-05-28 21:36 - 2015-05-28 21:36 - 02362872 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.246\deploy\LoLLauncher.exe 2015-05-28 21:36 - 2015-05-28 21:36 - 03919864 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.30\deploy\LoLPatcher.exe 2015-05-17 17:36 - 2015-05-17 17:36 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.146\deploy\LolClient.exe 2015-05-18 16:46 - 2015-05-18 16:46 - 00005120 _____ () C:\WINDOWS\QAD-Hook.exe 2015-05-18 16:46 - 2015-05-18 16:46 - 00003584 _____ () C:\WINDOWS\QAD-Hook.dll 2015-05-26 15:29 - 2014-03-14 08:00 - 00695808 _____ () C:\Program Files\AVAST Software\Avast\VERSION.dll 2015-06-02 14:52 - 2015-06-02 14:52 - 02951680 _____ () C:\Program Files\AVAST Software\Avast\defs\15060200\algo.dll 2015-05-26 15:20 - 2015-05-26 15:20 - 04491192 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll 2011-06-12 15:09 - 2011-06-12 15:09 - 00038400 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\_socket.pyd 2011-06-12 15:09 - 2011-06-12 15:09 - 00720896 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\_ssl.pyd 2014-01-23 13:37 - 2014-01-23 13:37 - 00036352 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\_psutil_mswindows.pyd 2012-02-07 18:37 - 2012-02-07 18:37 - 00098816 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\win32api.pyd 2012-02-07 18:35 - 2012-02-07 18:35 - 00110080 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\pywintypes27.dll 2012-02-07 18:38 - 2012-02-07 18:38 - 00358912 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\pythoncom27.dll 2012-02-07 18:42 - 2012-02-07 18:42 - 00266240 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\win32com.shell.shell.pyd 2011-06-12 15:06 - 2011-06-12 15:06 - 00287232 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\_hashlib.pyd 2011-06-12 15:06 - 2011-06-12 15:06 - 00106496 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\_ctypes.pyd 2010-10-11 00:23 - 2010-10-11 00:23 - 00723968 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\apsw.pyd 2011-01-18 23:56 - 2011-01-18 23:56 - 00334336 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\M2Crypto.__m2crypto.pyd 2011-06-12 15:06 - 2011-06-12 15:06 - 00011776 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\select.pyd 2011-06-12 15:06 - 2011-06-12 15:06 - 00152576 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\pyexpat.pyd 2011-06-12 15:06 - 2011-06-12 15:06 - 00688128 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\unicodedata.pyd 2015-05-26 15:20 - 2015-05-26 15:20 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2012-11-13 19:42 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll 2015-05-28 21:36 - 2015-05-28 21:36 - 01672696 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.30\deploy\RiotLauncher.dll 2015-05-17 17:30 - 2015-05-17 17:30 - 04774248 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.146\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll 2012-10-01 20:33 - 2012-10-01 20:33 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\hugo\Downloads\loldrophackv16__7934_il309(1).exe:typelib ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hugo\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg HKU\S-1-5-21-2583284370-4071791723-3653827449-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\hugo\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby" HKLM\...\StartupApproved\Run32: => "Dolby Home Theater v4" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{06C5B32C-DC99-4B0E-ABFE-EBD4EA11DCF4}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe FirewallRules: [{A01F8104-FFB4-4B15-9ED5-7B9D29C34FC8}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe FirewallRules: [{6E2301DE-C363-4FE2-B806-C6D225852DAD}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe FirewallRules: [{FD020762-B806-4363-82A1-777EC17152B5}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{44B6D0AD-2FAD-4FCF-890F-A2BA9C491635}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{FCAA457F-271C-41D2-81D4-A6A8590ED400}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{2484B05B-84F8-4D44-9EA6-61A3BED4DDD4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{BF3E45D2-35E0-4649-A3E6-0D2F260B97BA}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe FirewallRules: [{68895981-5661-42F3-B8CB-DBDEBFA2057B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe FirewallRules: [{F7A05CE6-D1D6-4E47-87C3-18D687D1159E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{8A63CCB9-E34D-4432-90C1-6B9A7A35CA4F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{685FDB32-84ED-47D6-9102-BDAE2BD3E388}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{99F01D37-5AA3-4655-9DF6-8C3597C4FC15}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{C8B527EE-1E09-4CD8-89AD-F4DF6AFC9315}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe FirewallRules: [{18CE292C-0120-4EAB-8A95-359DE93E6A0D}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe FirewallRules: [{BA7CFF1F-DE81-4FA2-ADD5-7D137629D341}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{DC1B588F-359A-4924-8345-A1F4B26C3285}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{D507B54F-D727-4C4C-B4E0-FF2FC969924D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{278FAD10-26E7-466A-9E45-BEAA0DD9A637}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{6758D962-7D16-4A6B-A6E8-8B86B29F80D4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{DB29A1EA-11B1-4464-B798-C08106DDE118}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{CF520C60-1181-45D5-8917-1E2CAEBF0DD0}] => (Allow) C:\Windows\KMS-QAD.exe FirewallRules: [{F5DAB228-0DA1-4295-A2CE-77802667B7AE}] => (Allow) C:\Windows\KMS-QAD.exe FirewallRules: [TCP Query User{4FAF1412-8EB5-41E3-BB85-66FD4BED92AA}C:\users\hugo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hugo\appdata\roaming\spotify\spotify.exe FirewallRules: [uDP Query User{ECB884FD-D15B-4F4D-84DF-A2AAE828E265}C:\users\hugo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hugo\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{E82421B4-6D07-457E-95F9-BA55014D258F}C:\users\hugo\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\hugo\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [uDP Query User{030C0F4D-6E13-419F-8C99-92B4077F2B26}C:\users\hugo\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\hugo\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [{7F1632F5-421E-4C5E-982C-786BCF25801E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{5FEB9081-A6DF-4FA4-88FE-83D238E48807}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/02/2015 03:57:06 PM) (Source: ETDService) (EventID: 0) (User: ) Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0 Error: (06/02/2015 03:30:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: League of Legends.exe, version: 5.10.0.330, time stamp: 0x555f6b59 Faulting module name: League of Legends.exe, version: 5.10.0.330, time stamp: 0x555f6b59 Exception code: 0xc0000409 Fault offset: 0x00d12cd7 Faulting process id: 0x1490 Faulting application start time: 0xLeague of Legends.exe0 Faulting application path: League of Legends.exe1 Faulting module path: League of Legends.exe2 Report Id: League of Legends.exe3 Faulting package full name: League of Legends.exe4 Faulting package-relative application ID: League of Legends.exe5 Error: (06/01/2015 09:26:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac Faulting module name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac Exception code: 0xc0000005 Fault offset: 0x000b8554 Faulting process id: 0x414 Faulting application start time: 0xrads_user_kernel.exe0 Faulting application path: rads_user_kernel.exe1 Faulting module path: rads_user_kernel.exe2 Report Id: rads_user_kernel.exe3 Faulting package full name: rads_user_kernel.exe4 Faulting package-relative application ID: rads_user_kernel.exe5 Error: (06/01/2015 06:43:49 PM) (Source: Adobe Reader) (EventID: 16) (User: ) Description: Error: (05/29/2015 10:57:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: LolClient.exe, version: 0.0.0.0, time stamp: 0x515663e0 Faulting module name: WebKit.dll, version: 6531.9.0.0, time stamp: 0x51566370 Exception code: 0xc0000005 Fault offset: 0x000a9965 Faulting process id: 0x2490 Faulting application start time: 0xLolClient.exe0 Faulting application path: LolClient.exe1 Faulting module path: LolClient.exe2 Report Id: LolClient.exe3 Faulting package full name: LolClient.exe4 Faulting package-relative application ID: LolClient.exe5 Error: (05/26/2015 03:33:42 PM) (Source: VSS) (EventID: 12294) (User: ) Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG. Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},00000079C2E22F80). Operation: Get Shadow Copy Properties Context: Execution Context: Coordinator Error: (05/26/2015 03:31:07 PM) (Source: ETDService) (EventID: 0) (User: ) Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0 Error: (05/26/2015 03:27:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary khzatoac. System Error: The system cannot find the file specified. . Error: (05/26/2015 03:26:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary khzatoac. System Error: The system cannot find the file specified. . Error: (05/26/2015 03:18:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary khzatoac. System Error: The system cannot find the file specified. . System errors: ============= Error: (06/02/2015 03:56:29 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY) Description: 0xc000014d0 Error: (06/02/2015 03:56:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Software Protection service terminated with the following error: %%19 Error: (06/02/2015 03:09:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The esgiguard service failed to start due to the following error: %%1275 Error: (06/02/2015 03:09:08 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\hugo\AppData\Local\Temp\RarSFX0\esgiguard.sys Error: (06/01/2015 07:04:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee SiteAdvisor Service service failed to start due to the following error: %%2 Error: (06/01/2015 07:03:37 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY) Description: 0xc000014d0 Error: (06/01/2015 07:03:59 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 18:49:13 on ‎1-‎6-‎2015 was unexpected. Error: (05/26/2015 04:17:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (05/26/2015 03:31:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee SiteAdvisor Service service failed to start due to the following error: %%2 Error: (05/26/2015 03:30:32 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY) Description: 0xc000014d0 Microsoft Office: ========================= Error: (06/02/2015 03:57:06 PM) (Source: ETDService) (EventID: 0) (User: ) Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0 Error: (06/02/2015 03:30:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: League of Legends.exe5.10.0.330555f6b59League of Legends.exe5.10.0.330555f6b59c000040900d12cd7149001d09d355c02be80C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.91\deploy\League of Legends.exeC:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.91\deploy\League of Legends.exe9a561a78-092b-11e5-be77-20689dfa0e02 Error: (06/01/2015 09:26:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: rads_user_kernel.exe0.0.0.04e65c1acrads_user_kernel.exe0.0.0.04e65c1acc0000005000b855441401d09ca0cc9162d4C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exeC:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe147ce1e2-0894-11e5-be77-20689dfa0e02 Error: (06/01/2015 06:43:49 PM) (Source: Adobe Reader) (EventID: 16) (User: ) Description: Error: (05/29/2015 10:57:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: LolClient.exe0.0.0.0515663e0WebKit.dll6531.9.0.051566370c0000005000a9965249001d09a1c5e12c6d2C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.146\deploy\LolClient.exeC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.146\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll5933ce7a-0645-11e5-be76-20689dfa0e02 Error: (05/26/2015 03:33:42 PM) (Source: VSS) (EventID: 12294) (User: ) Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},00000079C2E22F80) Operation: Get Shadow Copy Properties Context: Execution Context: Coordinator Error: (05/26/2015 03:31:07 PM) (Source: ETDService) (EventID: 0) (User: ) Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0 Error: (05/26/2015 03:27:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary khzatoac. System Error: The system cannot find the file specified. Error: (05/26/2015 03:26:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary khzatoac. System Error: The system cannot find the file specified. Error: (05/26/2015 03:18:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary khzatoac. System Error: The system cannot find the file specified. ==================== Memory info =========================== Processor: Intel® Core i3-2328M CPU @ 2.20GHz Percentage of memory in use: 59% Total physical RAM: 3912.27 MB Available physical RAM: 1601.07 MB Total Pagefile: 11912.27 MB Available Pagefile: 9234.22 MB Total Virtual: 8192 MB Available Virtual: 8191.78 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:443.61 GB) (Free:374.17 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 011599F4) Partition: GPT Partition Type. ==================== End of log ============================ --------------------------------------------- 'Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015 Ran by hugo (administrator) on DOGE on 02-06-2015 17:09:50 Running from C:\Users\hugo\Desktop Loaded Profiles: hugo (Available Profiles: hugo) Platform: Windows 8 (X64) OS Language: English (United States) Internet Explorer Version 10 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe () C:\Windows\KMS-QAD.exe (Dritek System INC.) C:\Windows\RfBtnSvc64.exe (Company) C:\Program Files (x86)\Popcorn Time\Updater.exe (Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Spotify Ltd) C:\Users\hugo\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.246\deploy\LoLLauncher.exe () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.30\deploy\LoLPatcher.exe () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.146\deploy\LolClient.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe () C:\Windows\QAD-Hook.exe (Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor) HKLM\...\Run: [btPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-11] () HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-26] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2015-05-26] (AVAST Software) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\Run: [spotify Web Helper] => C:\Users\hugo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-25] (Spotify Ltd) HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\Run: [spotify] => C:\Users\hugo\AppData\Roaming\Spotify\Spotify.exe [7298616 2015-05-25] (Spotify Ltd) HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\Run: [AceUpdater] => C:\Users\hugo\AppData\Roaming\ACEStream\updater\ace_update.exe [22824 2014-10-01] () HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\Run: [AceWebExtensionUpdater] => C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe [22824 2015-02-28] () HKU\S-1-5-18\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} IFEO\OSppSvc.exe: [Debugger] QAD-Hook.exe IFEO\SppExtComObj.exe: [Debugger] QAD-Hook.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-26] (AVAST Software) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/nl-nl/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2583284370-4071791723-3653827449-1001 -> {4CC4338D-BB15-48E3-9BC1-8246E85F24B7} URL = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-26] (AVAST Software) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-26] (AVAST Software) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\hugo\AppData\Roaming\Mozilla\Firefox\Profiles\womepcs4.default FF Homepage: https://www.google.nl/?gws_rd=ssl FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-20] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-20] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2583284370-4071791723-3653827449-1001: @acestream.net/acestreamplugin,version=3.0.12 -> C:\Users\hugo\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-12-03] (Innovative Digital Technologies) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.) FF Extension: AS Magic Player - C:\Users\hugo\AppData\Roaming\Mozilla\Firefox\Profiles\womepcs4.default\Extensions\magicplayer@acestream.org [2015-05-27] FF Extension: Adblock Plus - C:\Users\hugo\AppData\Roaming\Mozilla\Firefox\Profiles\womepcs4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-17] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-26] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-26] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-26] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-11] (Qualcomm Atheros Commnucations) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-05-26] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-05-26] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-05-26] (Avast Software) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [28560 2012-08-30] (ELAN Microelectronics Corp.) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R2 KMS-R@1n; C:\Windows\KMS-QAD.exe [22528 2015-05-18] () [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-11-13] (Dritek System INC.) R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-06-02] (Enigma Software Group USA, LLC.) R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [335360 2014-12-17] (Company) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-05-26] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2015-05-26] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-05-26] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2015-05-26] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-05-26] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-05-26] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-05-26] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-05-26] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-05-26] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-05-26] () R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-11] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) S3 esgiguard; C:\Users\hugo\AppData\Local\Temp\RarSFX0\esgiguard.sys [16432 2015-04-17] (Enigma Software Group USA, LLC.) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-06-02] () R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-02] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-11-13] (Dritek System Inc.) U0 ufvqkt; C:\Windows\System32\drivers\yysxn.sys [79064 2015-06-02] (Malwarebytes Corporation) R3 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [270728 2015-05-26] (Avast Software) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-02 17:09 - 2015-06-02 17:10 - 00015157 _____ () C:\Users\hugo\Desktop\FRST.txt 2015-06-02 17:09 - 2015-06-02 17:09 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\yysxn.sys 2015-06-02 17:09 - 2015-06-02 17:09 - 00000000 ____D () C:\FRST 2015-06-02 16:58 - 2015-06-02 16:58 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-06-02 16:57 - 2015-06-02 16:57 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-06-02 16:57 - 2015-06-02 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-06-02 16:57 - 2015-06-02 16:57 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-06-02 16:57 - 2015-06-02 16:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-06-02 16:57 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-06-02 16:57 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-06-02 16:57 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-06-02 16:52 - 2015-06-02 16:54 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\hugo\Desktop\mbam-setup-2.1.6.1022.exe 2015-06-02 16:52 - 2015-06-02 16:52 - 02108928 _____ (Farbar) C:\Users\hugo\Desktop\FRST64.exe 2015-06-02 15:53 - 2015-06-02 15:53 - 04798416 _____ (McAfee, Inc.) C:\Users\hugo\Downloads\MCPR.exe 2015-06-02 15:07 - 2015-06-02 15:07 - 46420165 ____R () C:\Users\hugo\Downloads\SpyHunter 4.19.13.4482 Portable.zip 2015-06-02 14:55 - 2015-06-02 14:55 - 00003314 _____ () C:\WINDOWS\System32\Tasks\SpyHunter4Startup 2015-06-02 14:55 - 2015-06-02 14:55 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2015-06-02 14:55 - 2015-06-02 14:55 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Enigma Software Group 2015-06-02 14:55 - 2015-06-02 14:55 - 00000000 ____D () C:\sh4ldr 2015-06-02 14:55 - 2015-06-02 14:55 - 00000000 _____ () C:\autoexec.bat 2015-06-02 14:54 - 2015-06-02 14:54 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\hugo\Downloads\SpyHunter-Installer.exe 2015-06-02 14:54 - 2015-06-02 14:54 - 00022704 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys 2015-06-02 14:54 - 2015-06-02 14:54 - 00000000 ____D () C:\Program Files\Enigma Software Group 2015-06-02 07:32 - 2015-06-02 07:32 - 02231296 _____ () C:\Users\hugo\Downloads\adwcleaner_4.206.exe 2015-06-01 17:47 - 2015-06-01 17:47 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2015-06-01 17:46 - 2015-06-01 17:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-06-01 17:46 - 2015-06-01 17:46 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-06-01 17:45 - 2015-06-01 17:47 - 00000000 ____D () C:\ProgramData\Adobe 2015-06-01 17:44 - 2015-06-01 17:44 - 00568767 _____ () C:\Users\hugo\Downloads\lemoulin.pdf.zip 2015-05-26 16:28 - 2015-05-26 16:28 - 00000247 _____ () C:\WINDOWS\system32\2015-05-26-14-28-19.054-aswFe.exe-5212.log 2015-05-26 16:28 - 2015-05-26 16:28 - 00000197 _____ () C:\WINDOWS\system32\2015-05-26-14-28-15.012-AvastVBoxSVC.exe-1956.log 2015-05-26 15:42 - 2015-05-26 15:42 - 00755216 _____ () C:\Users\hugo\Downloads\loldrophackv16__7934_il309(1).exe 2015-05-26 15:40 - 2015-05-26 15:40 - 00755216 _____ () C:\Users\hugo\Downloads\loldrophackv16__7934_il309.exe 2015-05-26 15:38 - 2015-05-26 16:17 - 00000247 _____ () C:\WINDOWS\system32\2015-05-26-13-38-56.028-aswFe.exe-6100.log 2015-05-26 15:38 - 2015-05-26 15:38 - 00000197 _____ () C:\WINDOWS\system32\2015-05-26-13-38-52.009-AvastVBoxSVC.exe-2384.log 2015-05-26 15:36 - 2015-05-26 15:36 - 02097629 _____ () C:\Users\hugo\Downloads\leagueoflegendsmultihack.zip.part 2015-05-26 15:29 - 2015-05-26 15:29 - 00001223 _____ () C:\WINDOWS\unins000.dat 2015-05-26 15:29 - 2015-05-26 15:28 - 01180529 _____ () C:\WINDOWS\unins000.exe 2015-05-26 15:25 - 2015-05-26 15:26 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox 2015-05-26 15:25 - 2015-05-26 15:26 - 00000000 ____D () C:\WINDOWS\system32\vbox 2015-05-26 15:25 - 2015-05-26 15:25 - 01853762 _____ () C:\Users\hugo\Downloads\AA By Onhax.rar 2015-05-26 15:24 - 2015-05-26 15:24 - 02053480 _____ () C:\Users\hugo\Downloads\Avast 2015 All Working Cracks Keys are Here ! [LATEST].exe 2015-05-26 15:22 - 2015-05-26 15:22 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\AVAST Software 2015-05-26 15:21 - 2015-05-26 15:21 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update 2015-05-26 15:21 - 2015-05-26 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-05-26 15:20 - 2015-05-26 15:21 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2015-05-26 15:20 - 2015-05-26 15:21 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys 2015-05-26 15:20 - 2015-05-26 15:20 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2015-05-26 15:20 - 2015-05-26 15:20 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2015-05-26 15:20 - 2015-05-26 15:20 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2015-05-26 15:20 - 2015-05-26 15:20 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2015-05-26 15:20 - 2015-05-26 15:20 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2015-05-26 15:20 - 2015-05-26 15:20 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2015-05-26 15:20 - 2015-05-26 15:20 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2015-05-26 15:20 - 2015-05-26 15:20 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2015-05-26 15:20 - 2015-05-26 15:20 - 00028184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2015-05-26 15:19 - 2015-05-26 15:19 - 00449936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys 2015-05-26 15:18 - 2015-05-26 15:18 - 00000000 ____D () C:\Program Files\AVAST Software 2015-05-26 15:17 - 2015-05-26 15:18 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-05-26 15:03 - 2015-05-26 15:16 - 182803088 _____ (AVAST Software) C:\Users\hugo\Downloads\avast--Premier-Antivirus-2015-10.0.2206-Final Trial.exe 2015-05-25 09:56 - 2015-05-25 09:57 - 02128667 _____ () C:\Users\hugo\Downloads\EaseUS Data Recovery Wizard 8.6 Keygen _5BOnhax_5D.rar 2015-05-25 09:54 - 2015-05-25 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard 8.8 2015-05-25 09:52 - 2015-05-25 09:52 - 10758512 _____ (EaseUS ) C:\Users\hugo\Downloads\drw_trial.exe 2015-05-24 19:33 - 2015-05-24 19:34 - 00000000 ____D () C:\Users\hugo\Downloads\THE BLACKLIST(2014) S02E22 H.264(WEB-DL)DD5.1 1080p NL Subs TBS 2015-05-24 19:28 - 2015-05-24 19:28 - 00018205 _____ () C:\Users\hugo\Downloads\[kat.cr]the.blacklist.2014.s02e22.h.264.web.dl.dd5.1.1080p.nl.subs.tbs.torrent 2015-05-24 19:26 - 2015-05-24 19:27 - 00000000 ____D () C:\Users\hugo\Downloads\The Blacklist S02 WEB-DL x264-FUM[ettv] 2015-05-24 18:20 - 2015-05-24 19:32 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\.ACEStream 2015-05-24 18:20 - 2015-05-24 19:14 - 00000000 ___HD () C:\_acestream_cache_ 2015-05-24 18:20 - 2015-05-24 18:20 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media 2015-05-24 18:19 - 2015-05-24 18:20 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\AceWebExtension 2015-05-24 18:19 - 2015-05-24 18:20 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\ACEStream 2015-05-24 18:18 - 2015-05-24 18:19 - 69574952 _____ () C:\Users\hugo\Downloads\Ace_Stream_Media_3.0.12.exe 2015-05-24 18:18 - 2015-05-24 18:18 - 00028102 _____ () C:\Users\hugo\Downloads\[kat.cr]game.of.thrones.s05e06.hdtv.x264.asap.ettv.torrent 2015-05-20 23:20 - 2015-05-21 08:48 - 00000020 _____ () C:\WINDOWS\capsys184523.log 2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Mirillis 2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\Users\hugo\AppData\Local\Mirillis 2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\ProgramData\Mirillis 2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis 2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\Program Files (x86)\Mirillis 2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\Action! 2015-05-20 23:17 - 2015-05-20 23:17 - 00000000 ____D () C:\Users\hugo\Downloads\Mirillis Action! 1.21.0.0 2015-05-20 23:15 - 2015-05-20 23:15 - 00000000 ____D () C:\Users\hugo\Downloads\Mirillis.Action!.v1.21.0.0.Thx-Acersoft 2015-05-20 23:11 - 2015-05-20 23:12 - 18829112 _____ (Mirillis Ltd.) C:\Users\hugo\Downloads\action_1_22_0_setup.exe 2015-05-20 23:11 - 2015-05-20 23:11 - 01122816 _____ (ONHAX.NET) C:\Users\hugo\Downloads\Mirillis Action! v1.22 Patch.exe 2015-05-20 07:32 - 2015-05-20 07:32 - 00000000 ____D () C:\Users\hugo\AppData\Local\Macromedia 2015-05-20 07:28 - 2015-06-01 17:47 - 00000000 ____D () C:\Users\hugo\AppData\Local\Adobe 2015-05-19 22:22 - 2015-05-19 22:22 - 00000000 ____D () C:\Users\hugo\AppData\Local\clear.fi 2015-05-19 16:32 - 2015-06-02 07:34 - 00000000 ____D () C:\AdwCleaner 2015-05-19 16:31 - 2015-05-19 16:32 - 02209792 _____ () C:\Users\hugo\Downloads\adwcleaner_4.204.exe 2015-05-19 16:30 - 2015-05-19 16:30 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\GlarySoft 2015-05-19 07:48 - 2015-06-02 15:59 - 00000000 ____D () C:\Users\hugo\AppData\Local\Spotify 2015-05-19 07:48 - 2015-06-02 15:58 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Spotify 2015-05-19 07:48 - 2015-05-19 07:48 - 00155296 _____ (Spotify Ltd) C:\Users\hugo\Downloads\SpotifySetup.exe 2015-05-19 07:48 - 2015-05-19 07:48 - 00001766 _____ () C:\Users\hugo\Desktop\Spotify.lnk 2015-05-19 07:48 - 2015-05-19 07:48 - 00001752 _____ () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2015-05-18 21:05 - 2015-05-18 21:05 - 00022474 _____ () C:\Users\hugo\Downloads\the.blacklist.karakurt.(2015).dut.1cd.(6173748).zip 2015-05-18 20:58 - 2015-05-18 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time 2015-05-18 20:57 - 2015-05-18 20:58 - 00000000 ____D () C:\Program Files (x86)\Popcorn Time 2015-05-18 16:47 - 2015-05-18 16:47 - 00000000 ____D () C:\WINDOWS\System32\Tasks\R@1n-KMS 2015-05-18 16:46 - 2015-05-18 16:46 - 00022528 _____ () C:\WINDOWS\KMS-QAD.exe 2015-05-18 16:46 - 2015-05-18 16:46 - 00005120 _____ () C:\WINDOWS\QAD-Hook.exe 2015-05-18 16:46 - 2015-05-18 16:46 - 00003584 _____ () C:\WINDOWS\QAD-Hook.dll 2015-05-18 16:44 - 2015-05-18 16:44 - 00000000 _____ () C:\Users\hugo\AppData\Local\Temp.dat 2015-05-18 16:40 - 2015-05-18 16:40 - 02052456 _____ () C:\Users\hugo\Downloads\Re-Loader 1.2 Final All Windows And Office Activator Is Here![Latest].exe 2015-05-18 15:55 - 2015-05-18 15:55 - 00889416 _____ (Microsoft Corporation) C:\Users\hugo\Downloads\dotNetFx40_Full_setup.exe 2015-05-18 15:53 - 2015-05-18 15:53 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit 2015-05-18 15:48 - 2015-06-02 15:43 - 00000000 ____D () C:\Users\hugo\AppData\Local\Deployment 2015-05-18 15:48 - 2015-05-18 15:48 - 00000000 ____D () C:\Users\hugo\AppData\Local\Apps\2.0 2015-05-18 10:08 - 2015-05-18 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-05-18 10:06 - 2015-05-18 10:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server 2015-05-18 10:06 - 2015-05-18 10:06 - 00000000 ____D () C:\WINDOWS\PCHEALTH 2015-05-18 10:05 - 2015-05-18 10:08 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-05-18 10:05 - 2015-05-18 10:05 - 00000000 ____D () C:\Users\hugo\AppData\Local\Microsoft Help 2015-05-18 10:05 - 2015-05-18 10:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services 2015-05-18 10:04 - 2015-05-18 10:04 - 00000000 ____D () C:\Program Files\Microsoft Office 2015-05-18 10:02 - 2015-06-02 17:09 - 00000000 ____D () C:\Program Files (x86)\SharePoint Fix 2015-05-18 10:02 - 2015-05-18 16:41 - 00000000 ____D () C:\ProgramData\17676060002624468702 2015-05-18 10:02 - 2015-05-18 10:02 - 00000000 __RHD () C:\MSOCache 2015-05-18 10:01 - 2015-06-02 15:57 - 00000368 _____ () C:\WINDOWS\Tasks\Bidaily Synchronize Task[pr].job 2015-05-18 10:01 - 2015-05-18 10:01 - 00003254 _____ () C:\WINDOWS\System32\Tasks\Bidaily Synchronize Task[pr] 2015-05-18 09:57 - 2015-05-18 09:59 - 00000000 ____D () C:\Users\hugo\Downloads\Microsoft Office 2013 Professional Plus activation crack 2015-05-18 09:56 - 2015-05-18 09:56 - 02051944 _____ () C:\Users\hugo\Downloads\Re-Loader_1.2_Final.rar 2015-05-18 09:56 - 2015-05-18 09:56 - 00026057 _____ () C:\Users\hugo\Downloads\784_microsoft.offic.torrent 2015-05-18 09:47 - 2015-05-22 07:40 - 00000000 ____D () C:\Users\hugo\Desktop\School 2015-05-18 09:07 - 2015-05-18 09:10 - 00000000 ____D () C:\Users\hugo\Documents\Revocer 2015-05-18 09:05 - 2015-05-18 09:05 - 02622696 _____ (Copyright © 2011 eSupport.com • All Rights Reserved ) C:\Users\hugo\Downloads\undeleteplus_setup.exe 2015-05-18 08:30 - 2015-05-18 08:30 - 00234966 _____ () C:\Users\hugo\Downloads\REST2514.exe 2015-05-18 08:30 - 2015-05-18 08:30 - 00000000 ____D () C:\Restoration 2015-05-18 08:29 - 2015-05-18 08:29 - 00707144 _____ (Generic Installer ) C:\Users\hugo\Downloads\Installer_Restoration.exe 2015-05-18 08:21 - 2015-05-18 08:21 - 04426120 _____ (Piriform Ltd) C:\Users\hugo\Downloads\rcsetup152.exe 2015-05-17 22:59 - 2015-05-17 22:59 - 00646538 _____ () C:\Users\hugo\Downloads\ThrottleStop_500a.zip 2015-05-17 22:59 - 2015-05-17 22:59 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\WinRAR 2015-05-17 22:37 - 2015-05-25 15:02 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\vlc 2015-05-17 22:37 - 2015-05-17 22:37 - 00001034 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2015-05-17 22:37 - 2015-05-17 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-05-17 22:37 - 2015-05-17 22:37 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2015-05-17 22:36 - 2015-05-17 22:36 - 28849904 _____ () C:\Users\hugo\Downloads\vlc-2.2.1-win32.exe 2015-05-17 20:22 - 2015-05-17 20:22 - 131104768 _____ (Intel Corporation) C:\Users\hugo\Downloads\win64_152823.exe 2015-05-17 19:46 - 2015-05-17 19:46 - 00231760 _____ () C:\Users\hugo\Downloads\CrucialEUScan.exe 2015-05-17 19:03 - 2015-05-17 19:03 - 01941064 _____ () C:\Users\hugo\Downloads\winrar-x64-520.exe 2015-05-17 19:03 - 2015-05-17 19:03 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-05-17 19:03 - 2015-05-17 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-05-17 19:03 - 2015-05-17 19:03 - 00000000 ____D () C:\Program Files\WinRAR 2015-05-17 19:02 - 2015-05-17 19:02 - 02233009 _____ () C:\Users\hugo\Downloads\RL16.rar 2015-05-17 18:57 - 2015-05-17 18:57 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2015-05-17 18:39 - 2015-06-01 19:02 - 00000000 ____D () C:\Users\hugo\Documents\Bluetooth Folder 2015-05-17 18:39 - 2015-05-17 18:39 - 00000000 ____D () C:\Users\hugo\AppData\Local\BMExplorer 2015-05-17 18:31 - 2015-06-01 21:26 - 00000000 ____D () C:\Users\hugo\AppData\Local\CrashDumps 2015-05-17 18:16 - 2015-05-17 18:16 - 04737952 _____ () C:\Users\hugo\Downloads\ausetup.exe 2015-05-17 18:16 - 2015-05-17 18:16 - 00001278 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk 2015-05-17 18:16 - 2015-05-17 18:16 - 00001266 _____ () C:\Users\Public\Desktop\Absolute Uninstaller.lnk 2015-05-17 18:16 - 2015-05-17 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft 2015-05-17 18:16 - 2015-05-17 18:16 - 00000000 ____D () C:\Program Files (x86)\Glarysoft 2015-05-17 18:11 - 2015-05-17 18:11 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\LolClient 2015-05-17 17:35 - 2015-05-17 17:35 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Macromedia 2015-05-17 17:32 - 2015-05-17 17:32 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\CyberLink 2015-05-17 17:30 - 2015-05-17 17:30 - 00000000 ____D () C:\Users\Public\CyberLink 2015-05-17 17:30 - 2015-05-17 17:30 - 00000000 ____D () C:\Users\hugo\AppData\Local\Cyberlink 2015-05-17 17:27 - 2015-05-17 17:27 - 00000000 ____D () C:\ProgramData\Riot Games 2015-05-17 17:27 - 2008-07-31 11:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll 2015-05-17 17:27 - 2008-07-31 11:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll 2015-05-17 17:27 - 2008-07-12 09:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll 2015-05-17 17:27 - 2008-07-12 09:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll 2015-05-17 17:27 - 2008-07-12 09:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll 2015-05-17 17:26 - 2015-05-17 17:26 - 00001613 _____ () C:\Users\Public\Desktop\League of Legends.lnk 2015-05-17 17:26 - 2015-05-17 17:26 - 00000000 ____D () C:\Riot Games 2015-05-17 17:26 - 2015-05-17 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends 2015-05-17 17:24 - 2015-05-17 17:27 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Riot Games 2015-05-17 17:24 - 2015-05-17 17:24 - 30993712 _____ (Riot Games) C:\Users\hugo\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014.exe 2015-05-17 17:23 - 2015-06-02 16:02 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2583284370-4071791723-3653827449-1001 2015-05-17 17:23 - 2015-05-17 17:23 - 00000000 ____D () C:\Users\hugo\AppData\Local\EgisTec IPS 2015-05-17 17:22 - 2015-05-17 17:23 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Mozilla 2015-05-17 17:22 - 2015-05-17 17:23 - 00000000 ____D () C:\Users\hugo\AppData\Local\Mozilla 2015-05-17 17:21 - 2015-05-18 10:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-05-17 17:21 -%2

So here is my problem: When i plug in my internet cable or turn on my wifi when it wasn't in/on Avast starts popping up these messages, a total of 16 or 18. Saying there's a virus in SVCHost.exe and it's a URL:mal but i ran various adw cleaners and more but it's not working, please can someone help me?