Avast Antivirus 16 pop ups

[Dinklebird]

So here is my problem: When i plug in my internet cable or turn on my wifi when it wasn't in/on Avast starts popping up these messages, a total of 16 or 18. Saying there's a virus in SVCHost.exe and it's a URL:mal but i ran various adw cleaners and more but it's not working, please can someone help me?

[Maniac]

Hello Dinklebird and ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here and then post your log files in a new reply in this thread:

https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/

[Dinklebird]

Here are my logs:

 

-------------------------------------

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by hugo at 2015-06-02 17:10:53
Running from C:\Users\hugo\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2583284370-4071791723-3653827449-500 - Administrator - Disabled)
Guest (S-1-5-21-2583284370-4071791723-3653827449-501 - Limited - Disabled)
hugo (S-1-5-21-2583284370-4071791723-3653827449-1001 - Administrator - Enabled) => C:\Users\hugo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Absolute Uninstaller 5.3.1.20 (HKLM-x32\...\Absolute Uninstaller) (Version: 5.3.1.20 - Glarysoft Ltd)
Ace Stream Media 3.0.12 (HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\AceStream) (Version: 3.0.12 - Ace Stream Media) <==== ATTENTION!
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.4 - Atheros Communications Inc.)
Avast Premier (HKLM-x32\...\Avast) (Version: 10.0.2206 - AVAST Software)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
EaseUS Data Recovery Wizard 8.8 (HKLM\...\EaseUS Data Recovery Wizard 8.8_is1) (Version:  - EaseUS)
ETDWare PS/2-X64 11.6.8.001_WHQL (HKLM\...\Elantech) (Version: 11.6.8.001 - ELAN Microelectronic Corp.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4101 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 nl) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 nl)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 5.2.1 - Popcorn Time)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.05 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\Spotify) (Version: 1.0.5.186.ga9c24d6a - Spotify AB)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

17-05-2015 17:25:05 Installed Microsoft Visual C++ 2005 Redistributable (x64)
26-05-2015 15:18:12 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2015-05-20 23:18 - 00001001 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 thislineskipsanyemptylines
127.0.0.1 mirillis.com
127.0.0.1 www.mirillis.com
127.0.0.1 serwer2.paka-service.com
127.0.0.1 ns386119.ovh.net
127.0.0.1 mirillis.pl


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {13BEDC52-5356-41E4-A102-0B44F7E38165} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {16F58D1C-6B57-4750-B781-C836C9C5FE87} - System32\Tasks\R@1n-KMS\Office15x64ProP => wmic
Task: {3C327C9E-7526-4E25-8ABD-9F7D6C93A8CE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {3F9F3ECB-D53D-4068-AF34-F3C39D1A83D8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {895DA87E-805D-4C12-B1CB-FF34A015E750} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-06-02] (Enigma Software Group USA, LLC.)
Task: {90BB94D8-B794-48CB-AA80-B6383E5B7B3D} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-23] (Acer Incorporated)
Task: {9AEF8C1E-5CF1-4067-A98F-8865B31CEA86} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {A67A6EFB-2D9B-489D-B981-3429A2DEA768} - System32\Tasks\Bidaily Synchronize Task[pr] => c:\programdata\{10b7b995-cf23-ad39-10b7-7b995cf2e657}\re-loader_1.2_final.rar.exe <==== ATTENTION
Task: {FD2CEA31-1CB8-4AD5-B9AC-273948F134FB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-26] (AVAST Software)
Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task[pr].job => c:\programdata\{10b7b995-cf23-ad39-10b7-7b995cf2e657}\re-loader_1.2_final.rar.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-05-18 16:46 - 2015-05-18 16:46 - 00022528 _____ () C:\Windows\KMS-QAD.exe
2012-10-01 20:34 - 2012-10-01 20:34 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-05-26 15:20 - 2015-05-26 15:20 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2015-05-26 15:20 - 2015-05-26 15:20 - 05846160 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2012-07-26 09:58 - 2012-07-26 09:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-10-29 06:16 - 2012-10-23 05:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-02-28 03:23 - 2015-02-28 03:23 - 00022824 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe
2012-08-11 04:28 - 2012-08-11 04:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2014-01-21 17:54 - 2015-05-17 17:27 - 01294336 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2015-05-28 21:36 - 2015-05-28 21:36 - 02362872 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.246\deploy\LoLLauncher.exe
2015-05-28 21:36 - 2015-05-28 21:36 - 03919864 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.30\deploy\LoLPatcher.exe
2015-05-17 17:36 - 2015-05-17 17:36 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.146\deploy\LolClient.exe
2015-05-18 16:46 - 2015-05-18 16:46 - 00005120 _____ () C:\WINDOWS\QAD-Hook.exe
2015-05-18 16:46 - 2015-05-18 16:46 - 00003584 _____ () C:\WINDOWS\QAD-Hook.dll
2015-05-26 15:29 - 2014-03-14 08:00 - 00695808 _____ () C:\Program Files\AVAST Software\Avast\VERSION.dll
2015-06-02 14:52 - 2015-06-02 14:52 - 02951680 _____ () C:\Program Files\AVAST Software\Avast\defs\15060200\algo.dll
2015-05-26 15:20 - 2015-05-26 15:20 - 04491192 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2011-06-12 15:09 - 2011-06-12 15:09 - 00038400 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\_socket.pyd
2011-06-12 15:09 - 2011-06-12 15:09 - 00720896 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\_ssl.pyd
2014-01-23 13:37 - 2014-01-23 13:37 - 00036352 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\_psutil_mswindows.pyd
2012-02-07 18:37 - 2012-02-07 18:37 - 00098816 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\win32api.pyd
2012-02-07 18:35 - 2012-02-07 18:35 - 00110080 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\pywintypes27.dll
2012-02-07 18:38 - 2012-02-07 18:38 - 00358912 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\pythoncom27.dll
2012-02-07 18:42 - 2012-02-07 18:42 - 00266240 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\win32com.shell.shell.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00287232 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\_hashlib.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00106496 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\_ctypes.pyd
2010-10-11 00:23 - 2010-10-11 00:23 - 00723968 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\apsw.pyd
2011-01-18 23:56 - 2011-01-18 23:56 - 00334336 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\M2Crypto.__m2crypto.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00011776 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\select.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00152576 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\pyexpat.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00688128 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\unicodedata.pyd
2015-05-26 15:20 - 2015-05-26 15:20 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-11-13 19:42 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-05-28 21:36 - 2015-05-28 21:36 - 01672696 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.30\deploy\RiotLauncher.dll
2015-05-17 17:30 - 2015-05-17 17:30 - 04774248 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.146\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
2012-10-01 20:33 - 2012-10-01 20:33 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\hugo\Downloads\loldrophackv16__7934_il309(1).exe:typelib

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hugo\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
HKU\S-1-5-21-2583284370-4071791723-3653827449-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\hugo\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby"
HKLM\...\StartupApproved\Run32: => "Dolby Home Theater v4"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{06C5B32C-DC99-4B0E-ABFE-EBD4EA11DCF4}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe
FirewallRules: [{A01F8104-FFB4-4B15-9ED5-7B9D29C34FC8}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
FirewallRules: [{6E2301DE-C363-4FE2-B806-C6D225852DAD}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe
FirewallRules: [{FD020762-B806-4363-82A1-777EC17152B5}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{44B6D0AD-2FAD-4FCF-890F-A2BA9C491635}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{FCAA457F-271C-41D2-81D4-A6A8590ED400}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{2484B05B-84F8-4D44-9EA6-61A3BED4DDD4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{BF3E45D2-35E0-4649-A3E6-0D2F260B97BA}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{68895981-5661-42F3-B8CB-DBDEBFA2057B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe
FirewallRules: [{F7A05CE6-D1D6-4E47-87C3-18D687D1159E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{8A63CCB9-E34D-4432-90C1-6B9A7A35CA4F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{685FDB32-84ED-47D6-9102-BDAE2BD3E388}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{99F01D37-5AA3-4655-9DF6-8C3597C4FC15}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{C8B527EE-1E09-4CD8-89AD-F4DF6AFC9315}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{18CE292C-0120-4EAB-8A95-359DE93E6A0D}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{BA7CFF1F-DE81-4FA2-ADD5-7D137629D341}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DC1B588F-359A-4924-8345-A1F4B26C3285}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D507B54F-D727-4C4C-B4E0-FF2FC969924D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{278FAD10-26E7-466A-9E45-BEAA0DD9A637}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{6758D962-7D16-4A6B-A6E8-8B86B29F80D4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{DB29A1EA-11B1-4464-B798-C08106DDE118}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{CF520C60-1181-45D5-8917-1E2CAEBF0DD0}] => (Allow) C:\Windows\KMS-QAD.exe
FirewallRules: [{F5DAB228-0DA1-4295-A2CE-77802667B7AE}] => (Allow) C:\Windows\KMS-QAD.exe
FirewallRules: [TCP Query User{4FAF1412-8EB5-41E3-BB85-66FD4BED92AA}C:\users\hugo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hugo\appdata\roaming\spotify\spotify.exe
FirewallRules: [uDP Query User{ECB884FD-D15B-4F4D-84DF-A2AAE828E265}C:\users\hugo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hugo\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{E82421B4-6D07-457E-95F9-BA55014D258F}C:\users\hugo\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\hugo\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [uDP Query User{030C0F4D-6E13-419F-8C99-92B4077F2B26}C:\users\hugo\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\hugo\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{7F1632F5-421E-4C5E-982C-786BCF25801E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{5FEB9081-A6DF-4FA4-88FE-83D238E48807}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/02/2015 03:57:06 PM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (06/02/2015 03:30:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: League of Legends.exe, version: 5.10.0.330, time stamp: 0x555f6b59
Faulting module name: League of Legends.exe, version: 5.10.0.330, time stamp: 0x555f6b59
Exception code: 0xc0000409
Fault offset: 0x00d12cd7
Faulting process id: 0x1490
Faulting application start time: 0xLeague of Legends.exe0
Faulting application path: League of Legends.exe1
Faulting module path: League of Legends.exe2
Report Id: League of Legends.exe3
Faulting package full name: League of Legends.exe4
Faulting package-relative application ID: League of Legends.exe5

Error: (06/01/2015 09:26:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac
Faulting module name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac
Exception code: 0xc0000005
Fault offset: 0x000b8554
Faulting process id: 0x414
Faulting application start time: 0xrads_user_kernel.exe0
Faulting application path: rads_user_kernel.exe1
Faulting module path: rads_user_kernel.exe2
Report Id: rads_user_kernel.exe3
Faulting package full name: rads_user_kernel.exe4
Faulting package-relative application ID: rads_user_kernel.exe5

Error: (06/01/2015 06:43:49 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (05/29/2015 10:57:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LolClient.exe, version: 0.0.0.0, time stamp: 0x515663e0
Faulting module name: WebKit.dll, version: 6531.9.0.0, time stamp: 0x51566370
Exception code: 0xc0000005
Fault offset: 0x000a9965
Faulting process id: 0x2490
Faulting application start time: 0xLolClient.exe0
Faulting application path: LolClient.exe1
Faulting module path: LolClient.exe2
Report Id: LolClient.exe3
Faulting package full name: LolClient.exe4
Faulting package-relative application ID: LolClient.exe5

Error: (05/26/2015 03:33:42 PM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},00000079C2E22F80).


Operation:
   Get Shadow Copy Properties

Context:
   Execution Context: Coordinator

Error: (05/26/2015 03:31:07 PM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (05/26/2015 03:27:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary khzatoac.

System Error:
The system cannot find the file specified.
.

Error: (05/26/2015 03:26:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary khzatoac.

System Error:
The system cannot find the file specified.
.

Error: (05/26/2015 03:18:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary khzatoac.

System Error:
The system cannot find the file specified.
.


System errors:
=============
Error: (06/02/2015 03:56:29 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (06/02/2015 03:56:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Software Protection service terminated with the following error:
%%19

Error: (06/02/2015 03:09:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The esgiguard service failed to start due to the following error:
%%1275

Error: (06/02/2015 03:09:08 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\hugo\AppData\Local\Temp\RarSFX0\esgiguard.sys

Error: (06/01/2015 07:04:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (06/01/2015 07:03:37 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (06/01/2015 07:03:59 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 18:49:13 on ‎1-‎6-‎2015 was unexpected.

Error: (05/26/2015 04:17:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The avast! Antivirus service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (05/26/2015 03:31:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (05/26/2015 03:30:32 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0


Microsoft Office:
=========================
Error: (06/02/2015 03:57:06 PM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (06/02/2015 03:30:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: League of Legends.exe5.10.0.330555f6b59League of Legends.exe5.10.0.330555f6b59c000040900d12cd7149001d09d355c02be80C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.91\deploy\League of Legends.exeC:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.91\deploy\League of Legends.exe9a561a78-092b-11e5-be77-20689dfa0e02

Error: (06/01/2015 09:26:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rads_user_kernel.exe0.0.0.04e65c1acrads_user_kernel.exe0.0.0.04e65c1acc0000005000b855441401d09ca0cc9162d4C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exeC:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe147ce1e2-0894-11e5-be77-20689dfa0e02

Error: (06/01/2015 06:43:49 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (05/29/2015 10:57:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LolClient.exe0.0.0.0515663e0WebKit.dll6531.9.0.051566370c0000005000a9965249001d09a1c5e12c6d2C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.146\deploy\LolClient.exeC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.146\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll5933ce7a-0645-11e5-be76-20689dfa0e02

Error: (05/26/2015 03:33:42 PM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},00000079C2E22F80)

Operation:
   Get Shadow Copy Properties

Context:
   Execution Context: Coordinator

Error: (05/26/2015 03:31:07 PM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (05/26/2015 03:27:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary khzatoac.

System Error:
The system cannot find the file specified.

Error: (05/26/2015 03:26:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary khzatoac.

System Error:
The system cannot find the file specified.

Error: (05/26/2015 03:18:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary khzatoac.

System Error:
The system cannot find the file specified.


==================== Memory info ===========================

Processor: Intel® Core i3-2328M CPU @ 2.20GHz
Percentage of memory in use: 59%
Total physical RAM: 3912.27 MB
Available physical RAM: 1601.07 MB
Total Pagefile: 11912.27 MB
Available Pagefile: 9234.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:443.61 GB) (Free:374.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 011599F4)

Partition: GPT Partition Type.

==================== End of log ============================

---------------------------------------------

'Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by hugo (administrator) on DOGE on 02-06-2015 17:09:50
Running from C:\Users\hugo\Desktop
Loaded Profiles: hugo (Available Profiles: hugo)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\KMS-QAD.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Spotify Ltd) C:\Users\hugo\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
() C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.246\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.30\deploy\LoLPatcher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.146\deploy\LolClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe
() C:\Windows\QAD-Hook.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [btPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-11] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-26] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2015-05-26] (AVAST Software)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\Run: [spotify Web Helper] => C:\Users\hugo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-25] (Spotify Ltd)
HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\Run: [spotify] => C:\Users\hugo\AppData\Roaming\Spotify\Spotify.exe [7298616 2015-05-25] (Spotify Ltd)
HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\Run: [AceUpdater] => C:\Users\hugo\AppData\Roaming\ACEStream\updater\ace_update.exe [22824 2014-10-01] ()
HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\Run: [AceWebExtensionUpdater] => C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe [22824 2015-02-28] ()
HKU\S-1-5-18\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
IFEO\OSppSvc.exe: [Debugger] QAD-Hook.exe
IFEO\SppExtComObj.exe: [Debugger] QAD-Hook.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-26] (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/nl-nl/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2583284370-4071791723-3653827449-1001 -> {4CC4338D-BB15-48E3-9BC1-8246E85F24B7} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-26] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-26] (AVAST Software)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\hugo\AppData\Roaming\Mozilla\Firefox\Profiles\womepcs4.default
FF Homepage: https://www.google.nl/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-20] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-20] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2583284370-4071791723-3653827449-1001: @acestream.net/acestreamplugin,version=3.0.12 -> C:\Users\hugo\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-12-03] (Innovative Digital Technologies)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Extension: AS Magic Player - C:\Users\hugo\AppData\Roaming\Mozilla\Firefox\Profiles\womepcs4.default\Extensions\magicplayer@acestream.org [2015-05-27]
FF Extension: Adblock Plus - C:\Users\hugo\AppData\Roaming\Mozilla\Firefox\Profiles\womepcs4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-26]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-26]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-11] (Qualcomm Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-05-26] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-05-26] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-05-26] (Avast Software)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [28560 2012-08-30] (ELAN Microelectronics Corp.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 KMS-R@1n; C:\Windows\KMS-QAD.exe [22528 2015-05-18] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-11-13] (Dritek System INC.)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-06-02] (Enigma Software Group USA, LLC.)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [335360 2014-12-17] (Company) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-05-26] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2015-05-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-05-26] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2015-05-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-05-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-05-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-05-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-05-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-05-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-05-26] ()
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-11] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 esgiguard; C:\Users\hugo\AppData\Local\Temp\RarSFX0\esgiguard.sys [16432 2015-04-17] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-06-02] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-11-13] (Dritek System Inc.)
U0 ufvqkt; C:\Windows\System32\drivers\yysxn.sys [79064 2015-06-02] (Malwarebytes Corporation)
R3 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [270728 2015-05-26] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-02 17:09 - 2015-06-02 17:10 - 00015157 _____ () C:\Users\hugo\Desktop\FRST.txt
2015-06-02 17:09 - 2015-06-02 17:09 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\yysxn.sys
2015-06-02 17:09 - 2015-06-02 17:09 - 00000000 ____D () C:\FRST
2015-06-02 16:58 - 2015-06-02 16:58 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-02 16:57 - 2015-06-02 16:57 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-02 16:57 - 2015-06-02 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-02 16:57 - 2015-06-02 16:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-06-02 16:57 - 2015-06-02 16:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-02 16:57 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-02 16:57 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-02 16:57 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-02 16:52 - 2015-06-02 16:54 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\hugo\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-02 16:52 - 2015-06-02 16:52 - 02108928 _____ (Farbar) C:\Users\hugo\Desktop\FRST64.exe
2015-06-02 15:53 - 2015-06-02 15:53 - 04798416 _____ (McAfee, Inc.) C:\Users\hugo\Downloads\MCPR.exe
2015-06-02 15:07 - 2015-06-02 15:07 - 46420165 ____R () C:\Users\hugo\Downloads\SpyHunter 4.19.13.4482 Portable.zip
2015-06-02 14:55 - 2015-06-02 14:55 - 00003314 _____ () C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2015-06-02 14:55 - 2015-06-02 14:55 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-06-02 14:55 - 2015-06-02 14:55 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Enigma Software Group
2015-06-02 14:55 - 2015-06-02 14:55 - 00000000 ____D () C:\sh4ldr
2015-06-02 14:55 - 2015-06-02 14:55 - 00000000 _____ () C:\autoexec.bat
2015-06-02 14:54 - 2015-06-02 14:54 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\hugo\Downloads\SpyHunter-Installer.exe
2015-06-02 14:54 - 2015-06-02 14:54 - 00022704 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-06-02 14:54 - 2015-06-02 14:54 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-06-02 07:32 - 2015-06-02 07:32 - 02231296 _____ () C:\Users\hugo\Downloads\adwcleaner_4.206.exe
2015-06-01 17:47 - 2015-06-01 17:47 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-06-01 17:46 - 2015-06-01 17:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-06-01 17:46 - 2015-06-01 17:46 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-06-01 17:45 - 2015-06-01 17:47 - 00000000 ____D () C:\ProgramData\Adobe
2015-06-01 17:44 - 2015-06-01 17:44 - 00568767 _____ () C:\Users\hugo\Downloads\lemoulin.pdf.zip
2015-05-26 16:28 - 2015-05-26 16:28 - 00000247 _____ () C:\WINDOWS\system32\2015-05-26-14-28-19.054-aswFe.exe-5212.log
2015-05-26 16:28 - 2015-05-26 16:28 - 00000197 _____ () C:\WINDOWS\system32\2015-05-26-14-28-15.012-AvastVBoxSVC.exe-1956.log
2015-05-26 15:42 - 2015-05-26 15:42 - 00755216 _____ () C:\Users\hugo\Downloads\loldrophackv16__7934_il309(1).exe
2015-05-26 15:40 - 2015-05-26 15:40 - 00755216 _____ () C:\Users\hugo\Downloads\loldrophackv16__7934_il309.exe
2015-05-26 15:38 - 2015-05-26 16:17 - 00000247 _____ () C:\WINDOWS\system32\2015-05-26-13-38-56.028-aswFe.exe-6100.log
2015-05-26 15:38 - 2015-05-26 15:38 - 00000197 _____ () C:\WINDOWS\system32\2015-05-26-13-38-52.009-AvastVBoxSVC.exe-2384.log
2015-05-26 15:36 - 2015-05-26 15:36 - 02097629 _____ () C:\Users\hugo\Downloads\leagueoflegendsmultihack.zip.part
2015-05-26 15:29 - 2015-05-26 15:29 - 00001223 _____ () C:\WINDOWS\unins000.dat
2015-05-26 15:29 - 2015-05-26 15:28 - 01180529 _____ () C:\WINDOWS\unins000.exe
2015-05-26 15:25 - 2015-05-26 15:26 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox
2015-05-26 15:25 - 2015-05-26 15:26 - 00000000 ____D () C:\WINDOWS\system32\vbox
2015-05-26 15:25 - 2015-05-26 15:25 - 01853762 _____ () C:\Users\hugo\Downloads\AA By Onhax.rar
2015-05-26 15:24 - 2015-05-26 15:24 - 02053480 _____ () C:\Users\hugo\Downloads\Avast 2015 All Working Cracks Keys are Here ! [LATEST].exe
2015-05-26 15:22 - 2015-05-26 15:22 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\AVAST Software
2015-05-26 15:21 - 2015-05-26 15:21 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-05-26 15:21 - 2015-05-26 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-05-26 15:20 - 2015-05-26 15:21 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-05-26 15:20 - 2015-05-26 15:21 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-05-26 15:20 - 2015-05-26 15:20 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-05-26 15:20 - 2015-05-26 15:20 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-05-26 15:20 - 2015-05-26 15:20 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-05-26 15:20 - 2015-05-26 15:20 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-05-26 15:20 - 2015-05-26 15:20 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-05-26 15:20 - 2015-05-26 15:20 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-05-26 15:20 - 2015-05-26 15:20 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-05-26 15:20 - 2015-05-26 15:20 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-05-26 15:20 - 2015-05-26 15:20 - 00028184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2015-05-26 15:19 - 2015-05-26 15:19 - 00449936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys
2015-05-26 15:18 - 2015-05-26 15:18 - 00000000 ____D () C:\Program Files\AVAST Software
2015-05-26 15:17 - 2015-05-26 15:18 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-05-26 15:03 - 2015-05-26 15:16 - 182803088 _____ (AVAST Software) C:\Users\hugo\Downloads\avast--Premier-Antivirus-2015-10.0.2206-Final Trial.exe
2015-05-25 09:56 - 2015-05-25 09:57 - 02128667 _____ () C:\Users\hugo\Downloads\EaseUS Data Recovery Wizard 8.6 Keygen _5BOnhax_5D.rar
2015-05-25 09:54 - 2015-05-25 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard 8.8
2015-05-25 09:52 - 2015-05-25 09:52 - 10758512 _____ (EaseUS ) C:\Users\hugo\Downloads\drw_trial.exe
2015-05-24 19:33 - 2015-05-24 19:34 - 00000000 ____D () C:\Users\hugo\Downloads\THE BLACKLIST(2014) S02E22 H.264(WEB-DL)DD5.1 1080p NL Subs TBS
2015-05-24 19:28 - 2015-05-24 19:28 - 00018205 _____ () C:\Users\hugo\Downloads\[kat.cr]the.blacklist.2014.s02e22.h.264.web.dl.dd5.1.1080p.nl.subs.tbs.torrent
2015-05-24 19:26 - 2015-05-24 19:27 - 00000000 ____D () C:\Users\hugo\Downloads\The Blacklist S02 WEB-DL x264-FUM[ettv]
2015-05-24 18:20 - 2015-05-24 19:32 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\.ACEStream
2015-05-24 18:20 - 2015-05-24 19:14 - 00000000 ___HD () C:\_acestream_cache_
2015-05-24 18:20 - 2015-05-24 18:20 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
2015-05-24 18:19 - 2015-05-24 18:20 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\AceWebExtension
2015-05-24 18:19 - 2015-05-24 18:20 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\ACEStream
2015-05-24 18:18 - 2015-05-24 18:19 - 69574952 _____ () C:\Users\hugo\Downloads\Ace_Stream_Media_3.0.12.exe
2015-05-24 18:18 - 2015-05-24 18:18 - 00028102 _____ () C:\Users\hugo\Downloads\[kat.cr]game.of.thrones.s05e06.hdtv.x264.asap.ettv.torrent
2015-05-20 23:20 - 2015-05-21 08:48 - 00000020 _____ () C:\WINDOWS\capsys184523.log
2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Mirillis
2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\Users\hugo\AppData\Local\Mirillis
2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\ProgramData\Mirillis
2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\Program Files (x86)\Mirillis
2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\Action!
2015-05-20 23:17 - 2015-05-20 23:17 - 00000000 ____D () C:\Users\hugo\Downloads\Mirillis Action! 1.21.0.0
2015-05-20 23:15 - 2015-05-20 23:15 - 00000000 ____D () C:\Users\hugo\Downloads\Mirillis.Action!.v1.21.0.0.Thx-Acersoft
2015-05-20 23:11 - 2015-05-20 23:12 - 18829112 _____ (Mirillis Ltd.) C:\Users\hugo\Downloads\action_1_22_0_setup.exe
2015-05-20 23:11 - 2015-05-20 23:11 - 01122816 _____ (ONHAX.NET) C:\Users\hugo\Downloads\Mirillis Action! v1.22 Patch.exe
2015-05-20 07:32 - 2015-05-20 07:32 - 00000000 ____D () C:\Users\hugo\AppData\Local\Macromedia
2015-05-20 07:28 - 2015-06-01 17:47 - 00000000 ____D () C:\Users\hugo\AppData\Local\Adobe
2015-05-19 22:22 - 2015-05-19 22:22 - 00000000 ____D () C:\Users\hugo\AppData\Local\clear.fi
2015-05-19 16:32 - 2015-06-02 07:34 - 00000000 ____D () C:\AdwCleaner
2015-05-19 16:31 - 2015-05-19 16:32 - 02209792 _____ () C:\Users\hugo\Downloads\adwcleaner_4.204.exe
2015-05-19 16:30 - 2015-05-19 16:30 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\GlarySoft
2015-05-19 07:48 - 2015-06-02 15:59 - 00000000 ____D () C:\Users\hugo\AppData\Local\Spotify
2015-05-19 07:48 - 2015-06-02 15:58 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Spotify
2015-05-19 07:48 - 2015-05-19 07:48 - 00155296 _____ (Spotify Ltd) C:\Users\hugo\Downloads\SpotifySetup.exe
2015-05-19 07:48 - 2015-05-19 07:48 - 00001766 _____ () C:\Users\hugo\Desktop\Spotify.lnk
2015-05-19 07:48 - 2015-05-19 07:48 - 00001752 _____ () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-05-18 21:05 - 2015-05-18 21:05 - 00022474 _____ () C:\Users\hugo\Downloads\the.blacklist.karakurt.(2015).dut.1cd.(6173748).zip
2015-05-18 20:58 - 2015-05-18 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2015-05-18 20:57 - 2015-05-18 20:58 - 00000000 ____D () C:\Program Files (x86)\Popcorn Time
2015-05-18 16:47 - 2015-05-18 16:47 - 00000000 ____D () C:\WINDOWS\System32\Tasks\R@1n-KMS
2015-05-18 16:46 - 2015-05-18 16:46 - 00022528 _____ () C:\WINDOWS\KMS-QAD.exe
2015-05-18 16:46 - 2015-05-18 16:46 - 00005120 _____ () C:\WINDOWS\QAD-Hook.exe
2015-05-18 16:46 - 2015-05-18 16:46 - 00003584 _____ () C:\WINDOWS\QAD-Hook.dll
2015-05-18 16:44 - 2015-05-18 16:44 - 00000000 _____ () C:\Users\hugo\AppData\Local\Temp.dat
2015-05-18 16:40 - 2015-05-18 16:40 - 02052456 _____ () C:\Users\hugo\Downloads\Re-Loader 1.2 Final All  Windows And Office Activator Is Here![Latest].exe
2015-05-18 15:55 - 2015-05-18 15:55 - 00889416 _____ (Microsoft Corporation) C:\Users\hugo\Downloads\dotNetFx40_Full_setup.exe
2015-05-18 15:53 - 2015-05-18 15:53 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2015-05-18 15:48 - 2015-06-02 15:43 - 00000000 ____D () C:\Users\hugo\AppData\Local\Deployment
2015-05-18 15:48 - 2015-05-18 15:48 - 00000000 ____D () C:\Users\hugo\AppData\Local\Apps\2.0
2015-05-18 10:08 - 2015-05-18 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-18 10:06 - 2015-05-18 10:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-05-18 10:06 - 2015-05-18 10:06 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2015-05-18 10:05 - 2015-05-18 10:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-18 10:05 - 2015-05-18 10:05 - 00000000 ____D () C:\Users\hugo\AppData\Local\Microsoft Help
2015-05-18 10:05 - 2015-05-18 10:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-05-18 10:04 - 2015-05-18 10:04 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-05-18 10:02 - 2015-06-02 17:09 - 00000000 ____D () C:\Program Files (x86)\SharePoint Fix
2015-05-18 10:02 - 2015-05-18 16:41 - 00000000 ____D () C:\ProgramData\17676060002624468702
2015-05-18 10:02 - 2015-05-18 10:02 - 00000000 __RHD () C:\MSOCache
2015-05-18 10:01 - 2015-06-02 15:57 - 00000368 _____ () C:\WINDOWS\Tasks\Bidaily Synchronize Task[pr].job
2015-05-18 10:01 - 2015-05-18 10:01 - 00003254 _____ () C:\WINDOWS\System32\Tasks\Bidaily Synchronize Task[pr]
2015-05-18 09:57 - 2015-05-18 09:59 - 00000000 ____D () C:\Users\hugo\Downloads\Microsoft Office 2013 Professional Plus activation crack
2015-05-18 09:56 - 2015-05-18 09:56 - 02051944 _____ () C:\Users\hugo\Downloads\Re-Loader_1.2_Final.rar
2015-05-18 09:56 - 2015-05-18 09:56 - 00026057 _____ () C:\Users\hugo\Downloads\784_microsoft.offic.torrent
2015-05-18 09:47 - 2015-05-22 07:40 - 00000000 ____D () C:\Users\hugo\Desktop\School
2015-05-18 09:07 - 2015-05-18 09:10 - 00000000 ____D () C:\Users\hugo\Documents\Revocer
2015-05-18 09:05 - 2015-05-18 09:05 - 02622696 _____ (Copyright © 2011 eSupport.com • All Rights Reserved ) C:\Users\hugo\Downloads\undeleteplus_setup.exe
2015-05-18 08:30 - 2015-05-18 08:30 - 00234966 _____ () C:\Users\hugo\Downloads\REST2514.exe
2015-05-18 08:30 - 2015-05-18 08:30 - 00000000 ____D () C:\Restoration
2015-05-18 08:29 - 2015-05-18 08:29 - 00707144 _____ (Generic Installer ) C:\Users\hugo\Downloads\Installer_Restoration.exe
2015-05-18 08:21 - 2015-05-18 08:21 - 04426120 _____ (Piriform Ltd) C:\Users\hugo\Downloads\rcsetup152.exe
2015-05-17 22:59 - 2015-05-17 22:59 - 00646538 _____ () C:\Users\hugo\Downloads\ThrottleStop_500a.zip
2015-05-17 22:59 - 2015-05-17 22:59 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\WinRAR
2015-05-17 22:37 - 2015-05-25 15:02 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\vlc
2015-05-17 22:37 - 2015-05-17 22:37 - 00001034 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-05-17 22:37 - 2015-05-17 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-05-17 22:37 - 2015-05-17 22:37 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-05-17 22:36 - 2015-05-17 22:36 - 28849904 _____ () C:\Users\hugo\Downloads\vlc-2.2.1-win32.exe
2015-05-17 20:22 - 2015-05-17 20:22 - 131104768 _____ (Intel Corporation) C:\Users\hugo\Downloads\win64_152823.exe
2015-05-17 19:46 - 2015-05-17 19:46 - 00231760 _____ () C:\Users\hugo\Downloads\CrucialEUScan.exe
2015-05-17 19:03 - 2015-05-17 19:03 - 01941064 _____ () C:\Users\hugo\Downloads\winrar-x64-520.exe
2015-05-17 19:03 - 2015-05-17 19:03 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-17 19:03 - 2015-05-17 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-17 19:03 - 2015-05-17 19:03 - 00000000 ____D () C:\Program Files\WinRAR
2015-05-17 19:02 - 2015-05-17 19:02 - 02233009 _____ () C:\Users\hugo\Downloads\RL16.rar
2015-05-17 18:57 - 2015-05-17 18:57 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-05-17 18:39 - 2015-06-01 19:02 - 00000000 ____D () C:\Users\hugo\Documents\Bluetooth Folder
2015-05-17 18:39 - 2015-05-17 18:39 - 00000000 ____D () C:\Users\hugo\AppData\Local\BMExplorer
2015-05-17 18:31 - 2015-06-01 21:26 - 00000000 ____D () C:\Users\hugo\AppData\Local\CrashDumps
2015-05-17 18:16 - 2015-05-17 18:16 - 04737952 _____ () C:\Users\hugo\Downloads\ausetup.exe
2015-05-17 18:16 - 2015-05-17 18:16 - 00001278 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk
2015-05-17 18:16 - 2015-05-17 18:16 - 00001266 _____ () C:\Users\Public\Desktop\Absolute Uninstaller.lnk
2015-05-17 18:16 - 2015-05-17 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2015-05-17 18:16 - 2015-05-17 18:16 - 00000000 ____D () C:\Program Files (x86)\Glarysoft
2015-05-17 18:11 - 2015-05-17 18:11 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\LolClient
2015-05-17 17:35 - 2015-05-17 17:35 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Macromedia
2015-05-17 17:32 - 2015-05-17 17:32 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\CyberLink
2015-05-17 17:30 - 2015-05-17 17:30 - 00000000 ____D () C:\Users\Public\CyberLink
2015-05-17 17:30 - 2015-05-17 17:30 - 00000000 ____D () C:\Users\hugo\AppData\Local\Cyberlink
2015-05-17 17:27 - 2015-05-17 17:27 - 00000000 ____D () C:\ProgramData\Riot Games
2015-05-17 17:27 - 2008-07-31 11:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2015-05-17 17:27 - 2008-07-31 11:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2015-05-17 17:27 - 2008-07-12 09:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2015-05-17 17:27 - 2008-07-12 09:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2015-05-17 17:27 - 2008-07-12 09:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2015-05-17 17:26 - 2015-05-17 17:26 - 00001613 _____ () C:\Users\Public\Desktop\League of Legends.lnk
2015-05-17 17:26 - 2015-05-17 17:26 - 00000000 ____D () C:\Riot Games
2015-05-17 17:26 - 2015-05-17 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-05-17 17:24 - 2015-05-17 17:27 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Riot Games
2015-05-17 17:24 - 2015-05-17 17:24 - 30993712 _____ (Riot Games) C:\Users\hugo\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014.exe
2015-05-17 17:23 - 2015-06-02 16:02 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2583284370-4071791723-3653827449-1001
2015-05-17 17:23 - 2015-05-17 17:23 - 00000000 ____D () C:\Users\hugo\AppData\Local\EgisTec IPS
2015-05-17 17:22 - 2015-05-17 17:23 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Mozilla
2015-05-17 17:22 - 2015-05-17 17:23 - 00000000 ____D () C:\Users\hugo\AppData\Local\Mozilla
2015-05-17 17:21 - 2015-05-18 10:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-17 17:21 -%2

[Dinklebird]

the first one is incorrect, sorry

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by hugo (administrator) on DOGE on 02-06-2015 17:09:50
Running from C:\Users\hugo\Desktop
Loaded Profiles: hugo (Available Profiles: hugo)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\KMS-QAD.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Spotify Ltd) C:\Users\hugo\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
() C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.246\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.30\deploy\LoLPatcher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.146\deploy\LolClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe
() C:\Windows\QAD-Hook.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [btPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-11] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-26] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2015-05-26] (AVAST Software)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\Run: [spotify Web Helper] => C:\Users\hugo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-25] (Spotify Ltd)
HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\Run: [spotify] => C:\Users\hugo\AppData\Roaming\Spotify\Spotify.exe [7298616 2015-05-25] (Spotify Ltd)
HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\Run: [AceUpdater] => C:\Users\hugo\AppData\Roaming\ACEStream\updater\ace_update.exe [22824 2014-10-01] ()
HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\Run: [AceWebExtensionUpdater] => C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe [22824 2015-02-28] ()
HKU\S-1-5-18\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
IFEO\OSppSvc.exe: [Debugger] QAD-Hook.exe
IFEO\SppExtComObj.exe: [Debugger] QAD-Hook.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-26] (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/nl-nl/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2583284370-4071791723-3653827449-1001 -> {4CC4338D-BB15-48E3-9BC1-8246E85F24B7} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-26] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-26] (AVAST Software)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\hugo\AppData\Roaming\Mozilla\Firefox\Profiles\womepcs4.default
FF Homepage: https://www.google.nl/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-20] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-20] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2583284370-4071791723-3653827449-1001: @acestream.net/acestreamplugin,version=3.0.12 -> C:\Users\hugo\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-12-03] (Innovative Digital Technologies)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Extension: AS Magic Player - C:\Users\hugo\AppData\Roaming\Mozilla\Firefox\Profiles\womepcs4.default\Extensions\magicplayer@acestream.org [2015-05-27]
FF Extension: Adblock Plus - C:\Users\hugo\AppData\Roaming\Mozilla\Firefox\Profiles\womepcs4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-26]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-26]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-11] (Qualcomm Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-05-26] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-05-26] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-05-26] (Avast Software)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [28560 2012-08-30] (ELAN Microelectronics Corp.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 KMS-R@1n; C:\Windows\KMS-QAD.exe [22528 2015-05-18] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-11-13] (Dritek System INC.)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-06-02] (Enigma Software Group USA, LLC.)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [335360 2014-12-17] (Company) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-05-26] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2015-05-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-05-26] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2015-05-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-05-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-05-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-05-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-05-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-05-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-05-26] ()
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-11] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 esgiguard; C:\Users\hugo\AppData\Local\Temp\RarSFX0\esgiguard.sys [16432 2015-04-17] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-06-02] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-11-13] (Dritek System Inc.)
U0 ufvqkt; C:\Windows\System32\drivers\yysxn.sys [79064 2015-06-02] (Malwarebytes Corporation)
R3 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [270728 2015-05-26] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-02 17:09 - 2015-06-02 17:10 - 00015157 _____ () C:\Users\hugo\Desktop\FRST.txt
2015-06-02 17:09 - 2015-06-02 17:09 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\yysxn.sys
2015-06-02 17:09 - 2015-06-02 17:09 - 00000000 ____D () C:\FRST
2015-06-02 16:58 - 2015-06-02 16:58 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-02 16:57 - 2015-06-02 16:57 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-02 16:57 - 2015-06-02 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-02 16:57 - 2015-06-02 16:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-06-02 16:57 - 2015-06-02 16:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-02 16:57 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-02 16:57 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-02 16:57 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-02 16:52 - 2015-06-02 16:54 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\hugo\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-02 16:52 - 2015-06-02 16:52 - 02108928 _____ (Farbar) C:\Users\hugo\Desktop\FRST64.exe
2015-06-02 15:53 - 2015-06-02 15:53 - 04798416 _____ (McAfee, Inc.) C:\Users\hugo\Downloads\MCPR.exe
2015-06-02 15:07 - 2015-06-02 15:07 - 46420165 ____R () C:\Users\hugo\Downloads\SpyHunter 4.19.13.4482 Portable.zip
2015-06-02 14:55 - 2015-06-02 14:55 - 00003314 _____ () C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2015-06-02 14:55 - 2015-06-02 14:55 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-06-02 14:55 - 2015-06-02 14:55 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Enigma Software Group
2015-06-02 14:55 - 2015-06-02 14:55 - 00000000 ____D () C:\sh4ldr
2015-06-02 14:55 - 2015-06-02 14:55 - 00000000 _____ () C:\autoexec.bat
2015-06-02 14:54 - 2015-06-02 14:54 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\hugo\Downloads\SpyHunter-Installer.exe
2015-06-02 14:54 - 2015-06-02 14:54 - 00022704 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-06-02 14:54 - 2015-06-02 14:54 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-06-02 07:32 - 2015-06-02 07:32 - 02231296 _____ () C:\Users\hugo\Downloads\adwcleaner_4.206.exe
2015-06-01 17:47 - 2015-06-01 17:47 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-06-01 17:46 - 2015-06-01 17:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-06-01 17:46 - 2015-06-01 17:46 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-06-01 17:45 - 2015-06-01 17:47 - 00000000 ____D () C:\ProgramData\Adobe
2015-06-01 17:44 - 2015-06-01 17:44 - 00568767 _____ () C:\Users\hugo\Downloads\lemoulin.pdf.zip
2015-05-26 16:28 - 2015-05-26 16:28 - 00000247 _____ () C:\WINDOWS\system32\2015-05-26-14-28-19.054-aswFe.exe-5212.log
2015-05-26 16:28 - 2015-05-26 16:28 - 00000197 _____ () C:\WINDOWS\system32\2015-05-26-14-28-15.012-AvastVBoxSVC.exe-1956.log
2015-05-26 15:42 - 2015-05-26 15:42 - 00755216 _____ () C:\Users\hugo\Downloads\loldrophackv16__7934_il309(1).exe
2015-05-26 15:40 - 2015-05-26 15:40 - 00755216 _____ () C:\Users\hugo\Downloads\loldrophackv16__7934_il309.exe
2015-05-26 15:38 - 2015-05-26 16:17 - 00000247 _____ () C:\WINDOWS\system32\2015-05-26-13-38-56.028-aswFe.exe-6100.log
2015-05-26 15:38 - 2015-05-26 15:38 - 00000197 _____ () C:\WINDOWS\system32\2015-05-26-13-38-52.009-AvastVBoxSVC.exe-2384.log
2015-05-26 15:36 - 2015-05-26 15:36 - 02097629 _____ () C:\Users\hugo\Downloads\leagueoflegendsmultihack.zip.part
2015-05-26 15:29 - 2015-05-26 15:29 - 00001223 _____ () C:\WINDOWS\unins000.dat
2015-05-26 15:29 - 2015-05-26 15:28 - 01180529 _____ () C:\WINDOWS\unins000.exe
2015-05-26 15:25 - 2015-05-26 15:26 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox
2015-05-26 15:25 - 2015-05-26 15:26 - 00000000 ____D () C:\WINDOWS\system32\vbox
2015-05-26 15:25 - 2015-05-26 15:25 - 01853762 _____ () C:\Users\hugo\Downloads\AA By Onhax.rar
2015-05-26 15:24 - 2015-05-26 15:24 - 02053480 _____ () C:\Users\hugo\Downloads\Avast 2015 All Working Cracks Keys are Here ! [LATEST].exe
2015-05-26 15:22 - 2015-05-26 15:22 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\AVAST Software
2015-05-26 15:21 - 2015-05-26 15:21 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-05-26 15:21 - 2015-05-26 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-05-26 15:20 - 2015-05-26 15:21 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-05-26 15:20 - 2015-05-26 15:21 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-05-26 15:20 - 2015-05-26 15:20 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-05-26 15:20 - 2015-05-26 15:20 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-05-26 15:20 - 2015-05-26 15:20 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-05-26 15:20 - 2015-05-26 15:20 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-05-26 15:20 - 2015-05-26 15:20 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-05-26 15:20 - 2015-05-26 15:20 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-05-26 15:20 - 2015-05-26 15:20 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-05-26 15:20 - 2015-05-26 15:20 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-05-26 15:20 - 2015-05-26 15:20 - 00028184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2015-05-26 15:19 - 2015-05-26 15:19 - 00449936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys
2015-05-26 15:18 - 2015-05-26 15:18 - 00000000 ____D () C:\Program Files\AVAST Software
2015-05-26 15:17 - 2015-05-26 15:18 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-05-26 15:03 - 2015-05-26 15:16 - 182803088 _____ (AVAST Software) C:\Users\hugo\Downloads\avast--Premier-Antivirus-2015-10.0.2206-Final Trial.exe
2015-05-25 09:56 - 2015-05-25 09:57 - 02128667 _____ () C:\Users\hugo\Downloads\EaseUS Data Recovery Wizard 8.6 Keygen _5BOnhax_5D.rar
2015-05-25 09:54 - 2015-05-25 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard 8.8
2015-05-25 09:52 - 2015-05-25 09:52 - 10758512 _____ (EaseUS ) C:\Users\hugo\Downloads\drw_trial.exe
2015-05-24 19:33 - 2015-05-24 19:34 - 00000000 ____D () C:\Users\hugo\Downloads\THE BLACKLIST(2014) S02E22 H.264(WEB-DL)DD5.1 1080p NL Subs TBS
2015-05-24 19:28 - 2015-05-24 19:28 - 00018205 _____ () C:\Users\hugo\Downloads\[kat.cr]the.blacklist.2014.s02e22.h.264.web.dl.dd5.1.1080p.nl.subs.tbs.torrent
2015-05-24 19:26 - 2015-05-24 19:27 - 00000000 ____D () C:\Users\hugo\Downloads\The Blacklist S02 WEB-DL x264-FUM[ettv]
2015-05-24 18:20 - 2015-05-24 19:32 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\.ACEStream
2015-05-24 18:20 - 2015-05-24 19:14 - 00000000 ___HD () C:\_acestream_cache_
2015-05-24 18:20 - 2015-05-24 18:20 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
2015-05-24 18:19 - 2015-05-24 18:20 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\AceWebExtension
2015-05-24 18:19 - 2015-05-24 18:20 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\ACEStream
2015-05-24 18:18 - 2015-05-24 18:19 - 69574952 _____ () C:\Users\hugo\Downloads\Ace_Stream_Media_3.0.12.exe
2015-05-24 18:18 - 2015-05-24 18:18 - 00028102 _____ () C:\Users\hugo\Downloads\[kat.cr]game.of.thrones.s05e06.hdtv.x264.asap.ettv.torrent
2015-05-20 23:20 - 2015-05-21 08:48 - 00000020 _____ () C:\WINDOWS\capsys184523.log
2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Mirillis
2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\Users\hugo\AppData\Local\Mirillis
2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\ProgramData\Mirillis
2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\Program Files (x86)\Mirillis
2015-05-20 23:20 - 2015-05-20 23:20 - 00000000 ____D () C:\Action!
2015-05-20 23:17 - 2015-05-20 23:17 - 00000000 ____D () C:\Users\hugo\Downloads\Mirillis Action! 1.21.0.0
2015-05-20 23:15 - 2015-05-20 23:15 - 00000000 ____D () C:\Users\hugo\Downloads\Mirillis.Action!.v1.21.0.0.Thx-Acersoft
2015-05-20 23:11 - 2015-05-20 23:12 - 18829112 _____ (Mirillis Ltd.) C:\Users\hugo\Downloads\action_1_22_0_setup.exe
2015-05-20 23:11 - 2015-05-20 23:11 - 01122816 _____ (ONHAX.NET) C:\Users\hugo\Downloads\Mirillis Action! v1.22 Patch.exe
2015-05-20 07:32 - 2015-05-20 07:32 - 00000000 ____D () C:\Users\hugo\AppData\Local\Macromedia
2015-05-20 07:28 - 2015-06-01 17:47 - 00000000 ____D () C:\Users\hugo\AppData\Local\Adobe
2015-05-19 22:22 - 2015-05-19 22:22 - 00000000 ____D () C:\Users\hugo\AppData\Local\clear.fi
2015-05-19 16:32 - 2015-06-02 07:34 - 00000000 ____D () C:\AdwCleaner
2015-05-19 16:31 - 2015-05-19 16:32 - 02209792 _____ () C:\Users\hugo\Downloads\adwcleaner_4.204.exe
2015-05-19 16:30 - 2015-05-19 16:30 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\GlarySoft
2015-05-19 07:48 - 2015-06-02 15:59 - 00000000 ____D () C:\Users\hugo\AppData\Local\Spotify
2015-05-19 07:48 - 2015-06-02 15:58 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Spotify
2015-05-19 07:48 - 2015-05-19 07:48 - 00155296 _____ (Spotify Ltd) C:\Users\hugo\Downloads\SpotifySetup.exe
2015-05-19 07:48 - 2015-05-19 07:48 - 00001766 _____ () C:\Users\hugo\Desktop\Spotify.lnk
2015-05-19 07:48 - 2015-05-19 07:48 - 00001752 _____ () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-05-18 21:05 - 2015-05-18 21:05 - 00022474 _____ () C:\Users\hugo\Downloads\the.blacklist.karakurt.(2015).dut.1cd.(6173748).zip
2015-05-18 20:59 - 2015-05-30 15:23 - 00000000 ____D () C:\Users\hugo\Downloads\PopcornTime
2015-05-18 20:58 - 2015-05-18 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2015-05-18 20:57 - 2015-05-18 20:58 - 00000000 ____D () C:\Program Files (x86)\Popcorn Time
2015-05-18 20:57 - 2015-05-18 20:57 - 50764339 _____ (Popcorn Time ) C:\Users\hugo\Downloads\PopcornTime-latest.exe
2015-05-18 16:47 - 2015-05-18 16:47 - 00000000 ____D () C:\WINDOWS\System32\Tasks\R@1n-KMS
2015-05-18 16:46 - 2015-05-18 16:46 - 00022528 _____ () C:\WINDOWS\KMS-QAD.exe
2015-05-18 16:46 - 2015-05-18 16:46 - 00005120 _____ () C:\WINDOWS\QAD-Hook.exe
2015-05-18 16:46 - 2015-05-18 16:46 - 00003584 _____ () C:\WINDOWS\QAD-Hook.dll
2015-05-18 16:44 - 2015-05-18 16:44 - 00000000 _____ () C:\Users\hugo\AppData\Local\Temp.dat
2015-05-18 16:40 - 2015-05-18 16:40 - 02052456 _____ () C:\Users\hugo\Downloads\Re-Loader 1.2 Final All  Windows And Office Activator Is Here![Latest].exe
2015-05-18 15:55 - 2015-05-18 15:55 - 00889416 _____ (Microsoft Corporation) C:\Users\hugo\Downloads\dotNetFx40_Full_setup.exe
2015-05-18 15:53 - 2015-05-18 15:53 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2015-05-18 15:48 - 2015-06-02 15:43 - 00000000 ____D () C:\Users\hugo\AppData\Local\Deployment
2015-05-18 15:48 - 2015-05-18 15:48 - 00000000 ____D () C:\Users\hugo\AppData\Local\Apps\2.0
2015-05-18 10:08 - 2015-05-18 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-18 10:06 - 2015-05-18 10:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-05-18 10:06 - 2015-05-18 10:06 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2015-05-18 10:05 - 2015-05-18 10:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-18 10:05 - 2015-05-18 10:05 - 00000000 ____D () C:\Users\hugo\AppData\Local\Microsoft Help
2015-05-18 10:05 - 2015-05-18 10:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-05-18 10:04 - 2015-05-18 10:04 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-05-18 10:02 - 2015-06-02 17:09 - 00000000 ____D () C:\Program Files (x86)\SharePoint Fix
2015-05-18 10:02 - 2015-05-18 16:41 - 00000000 ____D () C:\ProgramData\17676060002624468702
2015-05-18 10:02 - 2015-05-18 10:02 - 00000000 __RHD () C:\MSOCache
2015-05-18 10:01 - 2015-06-02 15:57 - 00000368 _____ () C:\WINDOWS\Tasks\Bidaily Synchronize Task[pr].job
2015-05-18 10:01 - 2015-05-18 10:01 - 00003254 _____ () C:\WINDOWS\System32\Tasks\Bidaily Synchronize Task[pr]
2015-05-18 09:57 - 2015-05-18 09:59 - 00000000 ____D () C:\Users\hugo\Downloads\Microsoft Office 2013 Professional Plus activation crack
2015-05-18 09:56 - 2015-06-02 15:11 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\uTorrent
2015-05-18 09:56 - 2015-05-18 09:56 - 02051944 _____ () C:\Users\hugo\Downloads\Re-Loader_1.2_Final.rar
2015-05-18 09:56 - 2015-05-18 09:56 - 00026057 _____ () C:\Users\hugo\Downloads\784_microsoft.offic.torrent
2015-05-18 09:55 - 2015-05-18 09:55 - 01998432 _____ (BitTorrent Inc.) C:\Users\hugo\Downloads\uTorrent.exe
2015-05-18 09:47 - 2015-05-22 07:40 - 00000000 ____D () C:\Users\hugo\Desktop\School
2015-05-18 09:07 - 2015-05-18 09:10 - 00000000 ____D () C:\Users\hugo\Documents\Revocer
2015-05-18 09:05 - 2015-05-18 09:05 - 02622696 _____ (Copyright © 2011 eSupport.com • All Rights Reserved ) C:\Users\hugo\Downloads\undeleteplus_setup.exe
2015-05-18 08:30 - 2015-05-18 08:30 - 00234966 _____ () C:\Users\hugo\Downloads\REST2514.exe
2015-05-18 08:30 - 2015-05-18 08:30 - 00000000 ____D () C:\Restoration
2015-05-18 08:29 - 2015-05-18 08:29 - 00707144 _____ (Generic Installer ) C:\Users\hugo\Downloads\Installer_Restoration.exe
2015-05-18 08:21 - 2015-05-18 08:21 - 04426120 _____ (Piriform Ltd) C:\Users\hugo\Downloads\rcsetup152.exe
2015-05-17 22:59 - 2015-05-17 22:59 - 00646538 _____ () C:\Users\hugo\Downloads\ThrottleStop_500a.zip
2015-05-17 22:59 - 2015-05-17 22:59 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\WinRAR
2015-05-17 22:37 - 2015-05-25 15:02 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\vlc
2015-05-17 22:37 - 2015-05-17 22:37 - 00001034 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-05-17 22:37 - 2015-05-17 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-05-17 22:37 - 2015-05-17 22:37 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-05-17 22:36 - 2015-05-17 22:36 - 28849904 _____ () C:\Users\hugo\Downloads\vlc-2.2.1-win32.exe
2015-05-17 20:22 - 2015-05-17 20:22 - 131104768 _____ (Intel Corporation) C:\Users\hugo\Downloads\win64_152823.exe
2015-05-17 19:46 - 2015-05-17 19:46 - 00231760 _____ () C:\Users\hugo\Downloads\CrucialEUScan.exe
2015-05-17 19:03 - 2015-05-17 19:03 - 01941064 _____ () C:\Users\hugo\Downloads\winrar-x64-520.exe
2015-05-17 19:03 - 2015-05-17 19:03 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-17 19:03 - 2015-05-17 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-17 19:03 - 2015-05-17 19:03 - 00000000 ____D () C:\Program Files\WinRAR
2015-05-17 19:02 - 2015-05-17 19:02 - 02233009 _____ () C:\Users\hugo\Downloads\RL16.rar
2015-05-17 18:57 - 2015-05-17 18:57 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-05-17 18:39 - 2015-06-01 19:02 - 00000000 ____D () C:\Users\hugo\Documents\Bluetooth Folder
2015-05-17 18:39 - 2015-05-17 18:39 - 00000000 ____D () C:\Users\hugo\AppData\Local\BMExplorer
2015-05-17 18:31 - 2015-06-01 21:26 - 00000000 ____D () C:\Users\hugo\AppData\Local\CrashDumps
2015-05-17 18:16 - 2015-05-17 18:16 - 04737952 _____ () C:\Users\hugo\Downloads\ausetup.exe
2015-05-17 18:16 - 2015-05-17 18:16 - 00001278 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk
2015-05-17 18:16 - 2015-05-17 18:16 - 00001266 _____ () C:\Users\Public\Desktop\Absolute Uninstaller.lnk
2015-05-17 18:16 - 2015-05-17 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2015-05-17 18:16 - 2015-05-17 18:16 - 00000000 ____D () C:\Program Files (x86)\Glarysoft
2015-05-17 18:11 - 2015-05-17 18:11 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\LolClient
2015-05-17 17:35 - 2015-05-17 17:35 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Macromedia
2015-05-17 17:32 - 2015-05-17 17:32 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\CyberLink
2015-05-17 17:30 - 2015-05-17 17:30 - 00000000 ____D () C:\Users\Public\CyberLink
2015-05-17 17:30 - 2015-05-17 17:30 - 00000000 ____D () C:\Users\hugo\AppData\Local\Cyberlink
2015-05-17 17:27 - 2015-05-17 17:27 - 00000000 ____D () C:\ProgramData\Riot Games
2015-05-17 17:27 - 2008-07-31 11:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2015-05-17 17:27 - 2008-07-31 11:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2015-05-17 17:27 - 2008-07-12 09:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2015-05-17 17:27 - 2008-07-12 09:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2015-05-17 17:27 - 2008-07-12 09:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2015-05-17 17:26 - 2015-05-17 17:26 - 00001613 _____ () C:\Users\Public\Desktop\League of Legends.lnk
2015-05-17 17:26 - 2015-05-17 17:26 - 00000000 ____D () C:\Riot Games
2015-05-17 17:26 - 2015-05-17 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-05-17 17:24 - 2015-05-17 17:27 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Riot Games
2015-05-17 17:24 - 2015-05-17 17:24 - 30993712 _____ (Riot Games) C:\Users\hugo\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014.exe
2015-05-17 17:23 - 2015-06-02 16:02 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2583284370-4071791723-3653827449-1001
2015-05-17 17:23 - 2015-05-17 17:23 - 00000000 ____D () C:\Users\hugo\AppData\Local\EgisTec IPS
2015-05-17 17:22 - 2015-05-17 17:23 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Mozilla
2015-05-17 17:22 - 2015-05-17 17:23 - 00000000 ____D () C:\Users\hugo\AppData\Local\Mozilla
2015-05-17 17:21 - 2015-05-18 10:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-17 17:21 - 2015-05-17 17:21 - 00001167 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-17 17:21 - 2015-05-17 17:21 - 00001155 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-17 17:21 - 2015-05-17 17:21 - 00000000 ____D () C:\ProgramData\Mozilla
2015-05-17 17:21 - 2015-05-17 17:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-17 17:17 - 2015-05-17 17:17 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Atheros
2015-05-17 17:15 - 2015-06-01 18:43 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Adobe
2015-05-17 17:15 - 2015-05-17 17:15 - 00001438 _____ () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-17 17:15 - 2015-05-17 17:15 - 00000000 ____D () C:\Program Files\Accessory Store
2015-05-17 17:13 - 2015-06-01 17:46 - 00000000 ____D () C:\Users\hugo\AppData\Local\Packages
2015-05-17 17:13 - 2015-05-18 20:58 - 00000000 ____D () C:\Users\hugo\AppData\Local\VirtualStore
2015-05-17 17:12 - 2015-06-02 07:39 - 01422734 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-17 17:11 - 2015-05-17 17:15 - 00000000 ____D () C:\Users\hugo
2015-05-17 17:11 - 2015-05-17 17:11 - 00000020 ___SH () C:\Users\hugo\ntuser.ini
2015-05-17 17:11 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-17 17:11 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-17 17:11 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-17 17:11 - 2012-07-26 10:13 - 00000000 ____D () C:\Users\hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-02 17:09 - 2012-07-26 10:12 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages
2015-06-02 17:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-06-02 16:04 - 2012-07-26 09:28 - 00848230 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-02 15:57 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-06-02 15:56 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-06-01 19:03 - 2012-10-24 06:06 - 00032778 _____ () C:\WINDOWS\PFRO.log
2015-05-25 10:10 - 2012-07-26 09:21 - 00024747 _____ () C:\WINDOWS\setupact.log
2015-05-19 16:57 - 2012-10-24 06:34 - 00422024 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-19 14:59 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2015-05-18 14:14 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-18 14:13 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-18 14:12 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\WinStore
2015-05-18 14:12 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-05-18 14:12 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com
2015-05-18 14:12 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-05-18 14:12 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2015-05-18 14:12 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-05-18 14:12 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-05-18 14:12 - 2012-07-26 09:52 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-18 14:12 - 2012-07-26 09:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\winrm
2015-05-18 14:12 - 2012-07-26 09:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2015-05-18 14:12 - 2012-07-26 09:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep
2015-05-18 14:12 - 2012-07-26 09:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\slmgr
2015-05-18 14:12 - 2012-07-26 09:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-05-18 14:12 - 2012-07-26 07:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe
2015-05-18 14:12 - 2012-07-26 07:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2015-05-18 14:12 - 2012-07-26 07:37 - 00000000 ____D () C:\WINDOWS\servicing
2015-05-18 14:11 - 2012-07-26 10:12 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-18 14:11 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2015-05-18 14:11 - 2012-07-26 09:49 - 00000000 ____D () C:\WINDOWS\system32\winrm
2015-05-18 14:11 - 2012-07-26 09:49 - 00000000 ____D () C:\WINDOWS\system32\slmgr
2015-05-18 14:11 - 2012-07-26 07:38 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-05-18 14:11 - 2012-07-26 07:38 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-05-18 14:10 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2015-05-18 14:10 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\Com
2015-05-18 14:10 - 2012-07-26 09:49 - 00000000 ____D () C:\WINDOWS\system32\WCN
2015-05-18 14:10 - 2012-07-26 09:49 - 00000000 ____D () C:\WINDOWS\system32\Printing_Admin_Scripts
2015-05-18 14:10 - 2012-07-26 07:38 - 00000000 ____D () C:\WINDOWS\system32\Dism
2015-05-18 14:06 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2015-05-18 10:07 - 2012-07-26 09:52 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-05-18 10:06 - 2012-11-13 20:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-05-18 10:05 - 2012-07-26 07:26 - 00000199 _____ () C:\WINDOWS\win.ini
2015-05-18 10:04 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-05-17 20:25 - 2012-11-13 19:31 - 00015758 _____ () C:\WINDOWS\system32\results.xml
2015-05-17 20:24 - 2012-11-13 19:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-05-17 20:24 - 2012-10-24 06:33 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-05-17 19:20 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-05-17 18:39 - 2012-11-13 20:03 - 00000000 ____D () C:\ProgramData\Atheros
2015-05-17 18:35 - 2012-10-24 07:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-17 18:29 - 2012-11-13 20:17 - 00001024 ___RH () C:\Users\Public\Documents\NTIMMV9Acer.dll
2015-05-17 18:29 - 2012-10-24 07:15 - 00000000 ____D () C:\Program Files (x86)\NTI
2015-05-17 18:28 - 2012-10-24 07:13 - 00000000 ____D () C:\Program Files\Acer
2015-05-17 18:28 - 2012-10-24 07:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-05-17 18:27 - 2012-10-24 07:12 - 00000000 ____D () C:\ProgramData\Acer
2015-05-17 18:27 - 2012-10-24 07:11 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-05-17 18:22 - 2012-10-24 07:11 - 00000000 ____D () C:\WINDOWS\oem
2015-05-17 18:19 - 2012-10-24 06:35 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-17 18:18 - 2012-10-24 06:35 - 00000000 ____D () C:\ProgramData\WildTangent
2015-05-17 18:16 - 2012-10-24 07:15 - 00000000 ____D () C:\ProgramData\BackupManager
2015-05-17 18:04 - 2012-07-26 10:13 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-05-17 17:25 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\restore
2015-05-17 17:21 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-17 17:16 - 2012-10-24 06:58 - 00000000 ___HD () C:\OEM
2015-05-17 17:15 - 2012-11-13 20:11 - 00000000 ____D () C:\ProgramData\OEM

==================== Files in the root of some directories =======

2015-05-18 16:44 - 2015-05-18 16:44 - 0000000 _____ () C:\Users\hugo\AppData\Local\Temp.dat
2012-11-13 19:50 - 2012-11-13 19:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\hugo\AppData\Local\Temp\AcerCloudDocsSetup.exe
C:\Users\hugo\AppData\Local\Temp\AcerCloudSetup.exe
C:\Users\hugo\AppData\Local\Temp\ose00000.exe
C:\Users\hugo\AppData\Local\Temp\Quarantine.exe
C:\Users\hugo\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-01 17:52

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by hugo at 2015-06-02 17:10:53
Running from C:\Users\hugo\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2583284370-4071791723-3653827449-500 - Administrator - Disabled)
Guest (S-1-5-21-2583284370-4071791723-3653827449-501 - Limited - Disabled)
hugo (S-1-5-21-2583284370-4071791723-3653827449-1001 - Administrator - Enabled) => C:\Users\hugo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Absolute Uninstaller 5.3.1.20 (HKLM-x32\...\Absolute Uninstaller) (Version: 5.3.1.20 - Glarysoft Ltd)
Ace Stream Media 3.0.12 (HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\AceStream) (Version: 3.0.12 - Ace Stream Media) <==== ATTENTION!
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.4 - Atheros Communications Inc.)
Avast Premier (HKLM-x32\...\Avast) (Version: 10.0.2206 - AVAST Software)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
EaseUS Data Recovery Wizard 8.8 (HKLM\...\EaseUS Data Recovery Wizard 8.8_is1) (Version:  - EaseUS)
ETDWare PS/2-X64 11.6.8.001_WHQL (HKLM\...\Elantech) (Version: 11.6.8.001 - ELAN Microelectronic Corp.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4101 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 nl) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 nl)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 5.2.1 - Popcorn Time)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.05 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\...\Spotify) (Version: 1.0.5.186.ga9c24d6a - Spotify AB)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

17-05-2015 17:25:05 Installed Microsoft Visual C++ 2005 Redistributable (x64)
26-05-2015 15:18:12 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2015-05-20 23:18 - 00001001 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 thislineskipsanyemptylines
127.0.0.1 mirillis.com
127.0.0.1 www.mirillis.com
127.0.0.1 serwer2.paka-service.com
127.0.0.1 ns386119.ovh.net
127.0.0.1 mirillis.pl


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {13BEDC52-5356-41E4-A102-0B44F7E38165} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {16F58D1C-6B57-4750-B781-C836C9C5FE87} - System32\Tasks\R@1n-KMS\Office15x64ProP => wmic
Task: {3C327C9E-7526-4E25-8ABD-9F7D6C93A8CE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {3F9F3ECB-D53D-4068-AF34-F3C39D1A83D8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {895DA87E-805D-4C12-B1CB-FF34A015E750} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-06-02] (Enigma Software Group USA, LLC.)
Task: {90BB94D8-B794-48CB-AA80-B6383E5B7B3D} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-23] (Acer Incorporated)
Task: {9AEF8C1E-5CF1-4067-A98F-8865B31CEA86} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {A67A6EFB-2D9B-489D-B981-3429A2DEA768} - System32\Tasks\Bidaily Synchronize Task[pr] => c:\programdata\{10b7b995-cf23-ad39-10b7-7b995cf2e657}\re-loader_1.2_final.rar.exe <==== ATTENTION
Task: {FD2CEA31-1CB8-4AD5-B9AC-273948F134FB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-26] (AVAST Software)
Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task[pr].job => c:\programdata\{10b7b995-cf23-ad39-10b7-7b995cf2e657}\re-loader_1.2_final.rar.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-05-18 16:46 - 2015-05-18 16:46 - 00022528 _____ () C:\Windows\KMS-QAD.exe
2012-10-01 20:34 - 2012-10-01 20:34 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-05-26 15:20 - 2015-05-26 15:20 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2015-05-26 15:20 - 2015-05-26 15:20 - 05846160 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2012-07-26 09:58 - 2012-07-26 09:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-10-29 06:16 - 2012-10-23 05:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-02-28 03:23 - 2015-02-28 03:23 - 00022824 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe
2012-08-11 04:28 - 2012-08-11 04:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2014-01-21 17:54 - 2015-05-17 17:27 - 01294336 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2015-05-28 21:36 - 2015-05-28 21:36 - 02362872 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.246\deploy\LoLLauncher.exe
2015-05-28 21:36 - 2015-05-28 21:36 - 03919864 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.30\deploy\LoLPatcher.exe
2015-05-17 17:36 - 2015-05-17 17:36 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.146\deploy\LolClient.exe
2015-05-18 16:46 - 2015-05-18 16:46 - 00005120 _____ () C:\WINDOWS\QAD-Hook.exe
2015-05-18 16:46 - 2015-05-18 16:46 - 00003584 _____ () C:\WINDOWS\QAD-Hook.dll
2015-05-26 15:29 - 2014-03-14 08:00 - 00695808 _____ () C:\Program Files\AVAST Software\Avast\VERSION.dll
2015-06-02 14:52 - 2015-06-02 14:52 - 02951680 _____ () C:\Program Files\AVAST Software\Avast\defs\15060200\algo.dll
2015-05-26 15:20 - 2015-05-26 15:20 - 04491192 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2011-06-12 15:09 - 2011-06-12 15:09 - 00038400 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\_socket.pyd
2011-06-12 15:09 - 2011-06-12 15:09 - 00720896 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\_ssl.pyd
2014-01-23 13:37 - 2014-01-23 13:37 - 00036352 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\_psutil_mswindows.pyd
2012-02-07 18:37 - 2012-02-07 18:37 - 00098816 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\win32api.pyd
2012-02-07 18:35 - 2012-02-07 18:35 - 00110080 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\pywintypes27.dll
2012-02-07 18:38 - 2012-02-07 18:38 - 00358912 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\pythoncom27.dll
2012-02-07 18:42 - 2012-02-07 18:42 - 00266240 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\win32com.shell.shell.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00287232 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\_hashlib.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00106496 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\_ctypes.pyd
2010-10-11 00:23 - 2010-10-11 00:23 - 00723968 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\apsw.pyd
2011-01-18 23:56 - 2011-01-18 23:56 - 00334336 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\M2Crypto.__m2crypto.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00011776 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\select.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00152576 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\pyexpat.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00688128 _____ () C:\Users\hugo\AppData\Roaming\AceWebExtension\updater\lib\unicodedata.pyd
2015-05-26 15:20 - 2015-05-26 15:20 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-11-13 19:42 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-05-28 21:36 - 2015-05-28 21:36 - 01672696 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.30\deploy\RiotLauncher.dll
2015-05-17 17:30 - 2015-05-17 17:30 - 04774248 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.146\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
2012-10-01 20:33 - 2012-10-01 20:33 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\hugo\Downloads\loldrophackv16__7934_il309(1).exe:typelib

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2583284370-4071791723-3653827449-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hugo\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
HKU\S-1-5-21-2583284370-4071791723-3653827449-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\hugo\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby"
HKLM\...\StartupApproved\Run32: => "Dolby Home Theater v4"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{06C5B32C-DC99-4B0E-ABFE-EBD4EA11DCF4}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe
FirewallRules: [{A01F8104-FFB4-4B15-9ED5-7B9D29C34FC8}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
FirewallRules: [{6E2301DE-C363-4FE2-B806-C6D225852DAD}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe
FirewallRules: [{FD020762-B806-4363-82A1-777EC17152B5}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{44B6D0AD-2FAD-4FCF-890F-A2BA9C491635}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{FCAA457F-271C-41D2-81D4-A6A8590ED400}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{2484B05B-84F8-4D44-9EA6-61A3BED4DDD4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{BF3E45D2-35E0-4649-A3E6-0D2F260B97BA}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{68895981-5661-42F3-B8CB-DBDEBFA2057B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe
FirewallRules: [{F7A05CE6-D1D6-4E47-87C3-18D687D1159E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{8A63CCB9-E34D-4432-90C1-6B9A7A35CA4F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{685FDB32-84ED-47D6-9102-BDAE2BD3E388}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{99F01D37-5AA3-4655-9DF6-8C3597C4FC15}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{C8B527EE-1E09-4CD8-89AD-F4DF6AFC9315}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{18CE292C-0120-4EAB-8A95-359DE93E6A0D}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{BA7CFF1F-DE81-4FA2-ADD5-7D137629D341}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DC1B588F-359A-4924-8345-A1F4B26C3285}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C77EDA70-43E8-411F-ACAF-E1C75E362DC9}] => (Allow) C:\Users\hugo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0B4C8F89-8DCF-4E89-A24A-83B3337DB3BE}] => (Allow) C:\Users\hugo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D507B54F-D727-4C4C-B4E0-FF2FC969924D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{278FAD10-26E7-466A-9E45-BEAA0DD9A637}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{6758D962-7D16-4A6B-A6E8-8B86B29F80D4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{DB29A1EA-11B1-4464-B798-C08106DDE118}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{CF520C60-1181-45D5-8917-1E2CAEBF0DD0}] => (Allow) C:\Windows\KMS-QAD.exe
FirewallRules: [{F5DAB228-0DA1-4295-A2CE-77802667B7AE}] => (Allow) C:\Windows\KMS-QAD.exe
FirewallRules: [{2E917060-F584-461A-ACDD-08E4044BC280}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{BD0EB79D-F54F-472D-9F5A-D0896A794D32}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{1C382281-4126-4699-8C9C-593519C9D2D3}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{50B57F0B-5E63-4741-90EE-FA6DC0C726DD}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [TCP Query User{DE79BC85-BB55-4F87-B51C-62D115F29524}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [uDP Query User{16A5F075-94D4-47A8-AEB0-91FA22FC9424}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [TCP Query User{4FAF1412-8EB5-41E3-BB85-66FD4BED92AA}C:\users\hugo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hugo\appdata\roaming\spotify\spotify.exe
FirewallRules: [uDP Query User{ECB884FD-D15B-4F4D-84DF-A2AAE828E265}C:\users\hugo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hugo\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{E82421B4-6D07-457E-95F9-BA55014D258F}C:\users\hugo\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\hugo\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [uDP Query User{030C0F4D-6E13-419F-8C99-92B4077F2B26}C:\users\hugo\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\hugo\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{7F1632F5-421E-4C5E-982C-786BCF25801E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{5FEB9081-A6DF-4FA4-88FE-83D238E48807}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/02/2015 03:57:06 PM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (06/02/2015 03:30:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: League of Legends.exe, version: 5.10.0.330, time stamp: 0x555f6b59
Faulting module name: League of Legends.exe, version: 5.10.0.330, time stamp: 0x555f6b59
Exception code: 0xc0000409
Fault offset: 0x00d12cd7
Faulting process id: 0x1490
Faulting application start time: 0xLeague of Legends.exe0
Faulting application path: League of Legends.exe1
Faulting module path: League of Legends.exe2
Report Id: League of Legends.exe3
Faulting package full name: League of Legends.exe4
Faulting package-relative application ID: League of Legends.exe5

Error: (06/01/2015 09:26:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac
Faulting module name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac
Exception code: 0xc0000005
Fault offset: 0x000b8554
Faulting process id: 0x414
Faulting application start time: 0xrads_user_kernel.exe0
Faulting application path: rads_user_kernel.exe1
Faulting module path: rads_user_kernel.exe2
Report Id: rads_user_kernel.exe3
Faulting package full name: rads_user_kernel.exe4
Faulting package-relative application ID: rads_user_kernel.exe5

Error: (06/01/2015 06:43:49 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (05/29/2015 10:57:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LolClient.exe, version: 0.0.0.0, time stamp: 0x515663e0
Faulting module name: WebKit.dll, version: 6531.9.0.0, time stamp: 0x51566370
Exception code: 0xc0000005
Fault offset: 0x000a9965
Faulting process id: 0x2490
Faulting application start time: 0xLolClient.exe0
Faulting application path: LolClient.exe1
Faulting module path: LolClient.exe2
Report Id: LolClient.exe3
Faulting package full name: LolClient.exe4
Faulting package-relative application ID: LolClient.exe5

Error: (05/26/2015 03:33:42 PM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},00000079C2E22F80).


Operation:
   Get Shadow Copy Properties

Context:
   Execution Context: Coordinator

Error: (05/26/2015 03:31:07 PM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (05/26/2015 03:27:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary khzatoac.

System Error:
The system cannot find the file specified.
.

Error: (05/26/2015 03:26:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary khzatoac.

System Error:
The system cannot find the file specified.
.

Error: (05/26/2015 03:18:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary khzatoac.

System Error:
The system cannot find the file specified.
.


System errors:
=============
Error: (06/02/2015 03:56:29 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (06/02/2015 03:56:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Software Protection service terminated with the following error:
%%19

Error: (06/02/2015 03:09:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The esgiguard service failed to start due to the following error:
%%1275

Error: (06/02/2015 03:09:08 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\hugo\AppData\Local\Temp\RarSFX0\esgiguard.sys

Error: (06/01/2015 07:04:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (06/01/2015 07:03:37 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (06/01/2015 07:03:59 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 18:49:13 on ‎1-‎6-‎2015 was unexpected.

Error: (05/26/2015 04:17:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The avast! Antivirus service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (05/26/2015 03:31:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (05/26/2015 03:30:32 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0


Microsoft Office:
=========================
Error: (06/02/2015 03:57:06 PM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (06/02/2015 03:30:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: League of Legends.exe5.10.0.330555f6b59League of Legends.exe5.10.0.330555f6b59c000040900d12cd7149001d09d355c02be80C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.91\deploy\League of Legends.exeC:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.91\deploy\League of Legends.exe9a561a78-092b-11e5-be77-20689dfa0e02

Error: (06/01/2015 09:26:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rads_user_kernel.exe0.0.0.04e65c1acrads_user_kernel.exe0.0.0.04e65c1acc0000005000b855441401d09ca0cc9162d4C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exeC:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe147ce1e2-0894-11e5-be77-20689dfa0e02

Error: (06/01/2015 06:43:49 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (05/29/2015 10:57:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LolClient.exe0.0.0.0515663e0WebKit.dll6531.9.0.051566370c0000005000a9965249001d09a1c5e12c6d2C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.146\deploy\LolClient.exeC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.146\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll5933ce7a-0645-11e5-be76-20689dfa0e02

Error: (05/26/2015 03:33:42 PM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},00000079C2E22F80)

Operation:
   Get Shadow Copy Properties

Context:
   Execution Context: Coordinator

Error: (05/26/2015 03:31:07 PM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (05/26/2015 03:27:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary khzatoac.

System Error:
The system cannot find the file specified.

Error: (05/26/2015 03:26:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary khzatoac.

System Error:
The system cannot find the file specified.

Error: (05/26/2015 03:18:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary khzatoac.

System Error:
The system cannot find the file specified.


==================== Memory info ===========================

Processor: Intel® Core i3-2328M CPU @ 2.20GHz
Percentage of memory in use: 59%
Total physical RAM: 3912.27 MB
Available physical RAM: 1601.07 MB
Total Pagefile: 11912.27 MB
Available Pagefile: 9234.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:443.61 GB) (Free:374.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 011599F4)

Partition: GPT Partition Type.

==================== End of log ============================

[Maniac]

There are evidence of cracked or pirated software on this system.

Task: {16F58D1C-6B57-4750-B781-C836C9C5FE87} - System32\Tasks\R@1n-KMS\Office15x64ProP => wmic

2015-05-18 16:46 - 2015-05-18 16:46 - 00022528 _____ () C:\Windows\KMS-QAD.exe

Piracy

[AdvancedSetup]

This topic will now be closed due to evidence of cracked or pirated software on this system.

Piracy Policy