TechSpot

Laptop infected with Rookit

By Balanced
Jun 16, 2015
  1. I've had this laptop for a while and after some point in time I was unable to run programs labeled "Setup.exe".
    Any application with a normal name changed to "Setup.exe" will not work at all.
    I've just been researching on it and I came across a website that said maybe the issue could be a Usermode-Rookit, so I used Kaspersky TDSS Killer to scan for some.

    It found some suspicious files, I deleted them and rebooted my computer.
    It deleted all of them except for one, everytime I delete it comes back with a new name and from my research thats what rookits do right?
    I didn't know what else to do from there so I'd really like to receive some help on this, I've already downloaded and scanned wih FRST, I'll wait untill Logs are requested.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Balanced

    Balanced TS Rookie Topic Starter Posts: 34

    Thank you for the response, I'll be pasting the logs.
    __________________________________________
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
    Ran by Vala (administrator) on NICK on 16-06-2015 21:16:25
    Running from C:\Users\Vala\Downloads
    Loaded Profiles: Vala (Available Profiles: Vala & Open & Guest)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Opera)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Webroot) C:\Program Files\Webroot\WRSA.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Webroot) C:\Program Files\Webroot\WRSA.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    () C:\Program Files (x86)\RocketDock\RocketDock.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera_crashreporter.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
    (Acresso Software Inc.) C:\Users\Vala\AppData\Local\Temp\{588C783B-AB75-4B6C-BCEB-9523EB645DA4}\Sims3EP03Setup.exe
    (Acresso Software Inc.) C:\Users\Vala\AppData\Local\Temp\{9BEF7733-BA81-4A16-892A-6695DE4B2851}\ISBEW64.exe
    (Microsoft Corporation) C:\Windows\System32\SrTasks.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-19] (Dell Inc.)
    HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
    HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-01-28] (ESET)
    HKLM-x32\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 1999-12-31] (Realtek Semiconductor)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [817072 2015-06-12] (Webroot)
    HKLM-x32\...\RunOnce: [D667DCE0-4047-4A93-B065-F8D916D829F1] => cmd.exe /C start /D "C:\Users\Vala\AppData\Local\Temp" /B D667DCE0-4047-4A93-B065-F8D916D829F1.exe -postboot
    HKLM-x32\...\RunOnce: [UnKIS] => wscript.exe //b C:\Users\Vala\AppData\Local\Temp\UnKIS.vbs <===== ATTENTION
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
    HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
    HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\Run: [launcher.exe] => C:\Program Files (x86)\Opera\launcher.exe [908408 2015-06-10] (Opera Software)
    IFEO\chrmstp.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
    IFEO\HD-Adb.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
    IFEO\HD-Agent.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
    IFEO\HD-ApkHandler.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
    IFEO\HD-BlockDevice.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
    IFEO\HD-CreateSymlink.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
    IFEO\HD-Frontend.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
    IFEO\HD-GLCheck.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
    IFEO\HD-GuestCommandRunner.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
    IFEO\HD-LogCollector.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
    IFEO\HD-LogRotator.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
    IFEO\HD-LogRotatorService.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
    IFEO\HD-Network.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
    IFEO\HD-OptiPng.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
    IFEO\HD-png2ico.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
    IFEO\HD-Quit.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
    IFEO\HD-Restart.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
    IFEO\HD-RunApp.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
    IFEO\HD-Service.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
    IFEO\HD-SharedFolder.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
    IFEO\HD-StartLauncher.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
    IFEO\HD-TileCreator.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
    IFEO\HD-unzip.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
    IFEO\HD-UpdaterService.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
    IFEO\HD-zip.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
    IFEO\RivaTuner.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
    IFEO\RivaTunerWrapper.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
    IFEO\Setup.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-11] (Oracle Corporation)
    BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-06-12] (Webroot)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-11] (Oracle Corporation)
    BHO-x32: No Name -> {43D9786F-A485-683B-9B5B-ACC97ABC17FC} -> No File
    BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-06-12] (Webroot)
    Handler: WSIEChrome - No CLSID Value
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

    FireFox:
    ========
    FF ProfilePath: C:\Users\Vala\AppData\Roaming\Mozilla\Firefox\Profiles\3f23aba8.default
    FF DefaultSearchEngine: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-20] ()
    FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-11] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-11] (Oracle Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-20] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-26] (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-16] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin HKU\S-1-5-21-1699397770-1706359949-1841341789-1005: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Vala\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
    FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
    FF HKLM-x32\...\Firefox\Extensions: [Player@Wondershare.com] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com
    FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
    FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2015-06-12]
    FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

    Chrome:
    =======
    CHR Profile: C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-24]
    CHR Extension: (Google Docs) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-24]
    CHR Extension: (Google Drive) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-24]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-25]
    CHR Extension: (YouTube) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-24]
    CHR Extension: (Adblock Plus) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-24]
    CHR Extension: (Google Search) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-24]
    CHR Extension: (Google Sheets) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-24]
    CHR Extension: (Avira Browser Safety) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-24]
    CHR Extension: (Webroot Filtering Extension) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2015-01-28]
    CHR Extension: (Google Wallet) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-24]
    CHR Extension: (Gmail) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-24]
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

    Opera:
    =======
    OPR Extension: (Hover Free) - C:\Users\Vala\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbilojbgaikphnpbllmjjfpgapbhmkic [2014-12-21]
    OPR Extension: (Ghostery) - C:\Users\Vala\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbkekonodcdmedgffkkbgmnnekbainbg [2014-12-28]
    OPR Extension: (HTTPS Everywhere) - C:\Users\Vala\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2014-12-21]
    OPR Extension: (disconnectme) - C:\Users\Vala\AppData\Roaming\Opera Software\Opera Stable\Extensions\hciohocinlhbdkbjldffomiadmnhjnoj [2014-12-21]
    OPR Extension: (gorhill) - C:\Users\Vala\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2014-12-21]
    OPR Extension: (quoctrinh) - C:\Users\Vala\AppData\Roaming\Opera Software\Opera Stable\Extensions\njffefebkflfmooaoohkhkddmhailjgj [2014-12-28]
    OPR Extension: (Adblock Plus) - C:\Users\Vala\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-12-21]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
    S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
    S4 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2015-01-28] (ESET)
    S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1930608 2015-03-31] (Electronic Arts)
    S4 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2014-10-09] ()
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 1999-12-31] (Realtek Semiconductor)
    S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-04-01] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-04-01] (Microsoft Corporation)
    R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [817072 2015-06-12] (Webroot)
    S4 DockLoginService; No ImagePath
    S3 TeamViewer; "C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe" [X]


    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U0 27263692; C:\Windows\System32\drivers\93594999.sys [208216 2015-06-16] (Kaspersky Lab, GERT)
    S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
    R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [246000 2015-01-30] (ESET)
    R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169792 2015-01-30] (ESET)
    R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
    U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-10-03] (GEAR Software Inc.)
    S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-16] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)
    S3 RivaTuner64; No ImagePath
    R0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 1999-12-31] (Realtek Semiconductor Corp.)
    U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [476888 2014-03-21] (Realsil Semiconductor Corporation)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-11-22] (Synaptics Incorporated)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-06-16] ()
    S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-04-01] (Microsoft Corporation)
    S3 WinRing0_1_2_0; No ImagePath
    R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [116224 2015-06-12] (Webroot)
    S3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [41040 2015-06-13] (Webroot)
    S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-16 21:11 - 2015-06-16 21:11 - 00000000 ___HD C:\kleaner.tmp
    2015-06-16 21:06 - 2015-06-16 21:11 - 00300370 _____ C:\Users\Vala\Desktop\kavremvr 2015-06-16 21-06-50 (pid 3456).log
    2015-06-16 21:06 - 2015-04-29 19:44 - 07373624 _____ (Kaspersky Lab ZAO) C:\Users\Vala\Desktop\kavremover.exe
    2015-06-16 21:03 - 2015-06-16 21:03 - 00208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\93594999.sys
    2015-06-16 20:51 - 2015-06-16 20:57 - 00000000 ____D C:\AdwCleaner
    2015-06-16 20:50 - 2015-06-16 20:50 - 02231296 _____ C:\Users\Vala\Downloads\adwcleaner_4.206.exe
    2015-06-16 20:30 - 2015-06-16 20:30 - 00000000 ____D C:\ProgramData\AVAST Software
    2015-06-16 20:29 - 2015-06-16 20:29 - 05499984 _____ (Avast Software s.r.o.) C:\Users\Vala\Downloads\avast_free_antivirus_setup_online.exe
    2015-06-16 20:02 - 2015-06-16 20:02 - 00000000 ____D C:\Users\Vala\AppData\Local\CrashDumps
    2015-06-16 17:17 - 2015-06-16 17:17 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2015-06-16 16:20 - 2015-06-16 16:24 - 00070641 _____ C:\Users\Vala\Downloads\Shortcut.txt
    2015-06-16 16:17 - 2015-06-16 16:24 - 00047692 _____ C:\Users\Vala\Downloads\Addition.txt
    2015-06-16 16:14 - 2015-06-16 21:17 - 00021062 _____ C:\Users\Vala\Downloads\FRST.txt
    2015-06-16 16:14 - 2015-06-16 21:16 - 00000000 ____D C:\FRST
    2015-06-16 16:13 - 2015-06-16 16:13 - 02109952 _____ (Farbar) C:\Users\Vala\Downloads\FRST64.exe
    2015-06-16 15:50 - 2015-06-16 15:50 - 00380416 _____ C:\Users\Vala\Downloads\g211807v.exe
    2015-06-16 10:25 - 2015-06-16 16:22 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-06-16 10:22 - 2015-06-16 10:22 - 17659640 _____ C:\Users\Vala\Downloads\RogueKiller.exe
    2015-06-16 09:17 - 2015-01-22 09:42 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Vala\Desktop\TDSSKiller.exe
    2015-06-16 09:15 - 2015-06-16 09:15 - 03279147 _____ C:\Users\Vala\Downloads\kavremover.zip
    2015-06-16 08:29 - 2015-06-16 08:29 - 00000000 ____D C:\WINDOWS\SysWOW64\%Report%
    2015-06-16 08:27 - 2015-06-16 08:27 - 04176437 _____ C:\Users\Vala\Downloads\tdsskiller.zip
    2015-06-16 08:26 - 2015-06-16 21:03 - 00000000 ____D C:\TDSSKiller_Quarantine
    2015-06-16 08:23 - 2015-06-16 08:23 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Vala\Downloads\tdsskiller.exe
    2015-06-16 06:44 - 2015-06-16 06:44 - 07874287 _____ C:\Users\Vala\Downloads\1434211653629.webm
    2015-06-16 06:43 - 2015-06-16 06:44 - 07263584 _____ C:\Users\Vala\Downloads\1434211627643.webm
    2015-06-16 06:43 - 2015-06-16 06:43 - 07150993 _____ C:\Users\Vala\Downloads\1434211610348.webm
    2015-06-16 06:14 - 2015-06-16 06:14 - 01917069 _____ C:\Users\Vala\Downloads\1412222535463.webm
    2015-06-16 05:09 - 2015-06-16 08:56 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\107230C7.sys
    2015-06-16 04:25 - 2015-06-16 04:25 - 195151168 _____ (Kaspersky Lab) C:\Users\Vala\Downloads\kav15.0.2.361en_7201.exe
    2015-06-16 03:44 - 2015-06-16 03:44 - 00000000 ____D C:\test
    2015-06-16 03:28 - 2015-06-16 03:28 - 43529296 _____ (Google Inc.) C:\Users\Vala\Downloads\ChromeStandaloneSetup (1).exe
    2015-06-16 03:15 - 2015-06-16 20:59 - 00000900 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-06-16 03:15 - 2015-06-16 20:20 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-06-16 03:14 - 2015-06-16 03:14 - 00000000 ____D C:\Program Files (x86)\Google
    2015-06-15 22:10 - 2015-06-15 23:21 - 00000000 ____D C:\Users\Vala\AppData\Roaming\TeamViewer
    2015-06-15 21:59 - 2015-06-15 22:00 - 83303094 _____ C:\Users\Vala\Downloads\Mac Miller - Faces - HotNewHipHop.zip
    2015-06-15 21:30 - 2015-06-16 04:38 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2015-06-15 21:30 - 2015-06-15 21:30 - 00001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
    2015-06-15 21:30 - 2015-06-15 21:30 - 00001053 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
    2015-06-15 21:29 - 2015-06-15 21:29 - 08009728 _____ (TeamViewer GmbH) C:\Users\Vala\Downloads\TeamViewer_Setup_en.exe
    2015-06-14 22:08 - 2015-06-16 21:00 - 00000000 ____D C:\Users\Vala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Software
    2015-06-14 04:11 - 2015-06-14 04:11 - 00267056 _____ C:\Users\Vala\Desktop\2009-01-25-139237.jpeg
    2015-06-14 04:10 - 2015-06-14 04:10 - 00267056 _____ C:\Users\Vala\Downloads\2009-01-25-139237.jpeg
    2015-06-14 00:34 - 2015-06-14 00:34 - 00109911 _____ C:\Users\Vala\Desktop\e7261410b2640e2692f7e862b41d5d37bb774be1.jpeg
    2015-06-14 00:33 - 2015-06-14 00:33 - 00387542 _____ C:\Users\Vala\Desktop\079a143880aa39d0ac423bf2b3150c513ac6b239.jpeg
    2015-06-14 00:31 - 2015-06-14 00:31 - 00359867 _____ C:\Users\Vala\Desktop\a21f9eb0d51b3a59c1663b73fde2766b2d80b0ce.jpeg
    2015-06-14 00:30 - 2015-06-14 00:30 - 00394101 _____ C:\Users\Vala\Desktop\047702ebf5768c239831bdbab83f7f5e19fbdfb1.jpeg
    2015-06-14 00:28 - 2015-06-14 00:28 - 00184753 _____ C:\Users\Vala\Desktop\83eabc051e79d8040158348c702147d1dc8c0f10.jpeg
    2015-06-14 00:27 - 2015-06-14 00:27 - 00252242 _____ C:\Users\Vala\Desktop\0b38e9f1373bc7b2a7a3eb0fab0e37371be1941d.jpeg
    2015-06-13 22:54 - 2015-06-13 22:54 - 00675528 _____ (ESET) C:\Users\Vala\Downloads\ESETUninstaller.exe
    2015-06-13 22:49 - 2015-06-13 22:52 - 00000000 ____D C:\Users\Vala\Documents\Stuff
    2015-06-12 18:50 - 2015-06-12 18:50 - 03145176 _____ C:\Users\Vala\Downloads\1434149112245.webm
    2015-06-12 18:49 - 2015-06-12 18:49 - 02897190 _____ C:\Users\Vala\Downloads\1434148529138.webm
    2015-06-12 18:46 - 2015-06-12 18:46 - 03098218 _____ C:\Users\Vala\Downloads\1434147311562.webm
    2015-06-12 18:41 - 2015-06-12 18:41 - 03121013 _____ C:\Users\Vala\Downloads\1434145212100.webm
    2015-06-12 18:39 - 2015-06-12 18:39 - 03022788 _____ C:\Users\Vala\Downloads\1434144129312.webm
    2015-06-12 18:39 - 2015-06-12 18:39 - 03019077 _____ C:\Users\Vala\Downloads\1434144054440.webm
    2015-06-12 18:39 - 2015-06-12 18:39 - 02643081 _____ C:\Users\Vala\Downloads\1434144130100.webm
    2015-06-12 18:35 - 2015-06-12 18:35 - 01135687 _____ C:\Users\Vala\Downloads\1434142888049.webm
    2015-06-12 18:33 - 2015-06-12 18:33 - 02983297 _____ C:\Users\Vala\Downloads\1434142879076.webm
    2015-06-12 18:31 - 2015-06-12 18:31 - 02633335 _____ C:\Users\Vala\Downloads\1434142300390.webm
    2015-06-12 18:30 - 2015-06-12 18:30 - 02995824 _____ C:\Users\Vala\Downloads\1434142248125.webm
    2015-06-12 17:33 - 2015-06-12 17:33 - 00267879 _____ C:\Users\Vala\Downloads\a73c2796332e0937e406798e123f616f.jpeg
    2015-06-12 17:31 - 2015-06-12 17:31 - 00463467 _____ C:\Users\Vala\Downloads\e90f56837691dbadd2be44dc0cbe37e8.jpeg
    2015-06-12 17:27 - 2015-06-12 17:27 - 00255736 _____ C:\Users\Vala\Downloads\ff11627c8ec037169bf3601ea93e4481.jpeg
    2015-06-12 15:22 - 2015-06-16 16:23 - 00000000 ____D C:\ProgramData\WRData
    2015-06-12 15:22 - 2015-06-12 15:24 - 00000000 ____D C:\Program Files\Webroot
    2015-06-12 15:22 - 2015-06-12 15:22 - 00116224 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
    2015-06-12 15:22 - 2015-06-12 15:22 - 00103816 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
    2015-06-12 15:19 - 2015-06-12 15:20 - 00817072 _____ (Webroot) C:\Users\Vala\Downloads\wsainstall (1).exe
    2015-06-12 14:54 - 2015-06-13 22:40 - 00000000 ___RD C:\Users\Vala\OneDrive
    2015-06-12 06:43 - 2015-06-12 06:44 - 00000000 ____D C:\Users\Vala\Desktop\mbar
    2015-06-12 01:12 - 2015-06-12 01:41 - 00000000 ____D C:\WINDOWS\pss
    2015-06-12 00:49 - 2015-06-12 00:50 - 43529296 _____ (Google Inc.) C:\Users\Vala\Downloads\ChromeStandaloneSetup.exe
    2015-06-11 23:22 - 2015-06-11 23:22 - 00001765 _____ C:\Users\Vala\Desktop\Photoshop.lnk
    2015-06-11 22:30 - 2015-06-11 22:30 - 00003492 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-Nick-Vala
    2015-06-11 21:56 - 2015-06-11 21:10 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2015-06-11 21:56 - 2015-06-11 21:10 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2015-06-11 21:55 - 2015-06-16 20:59 - 00001843 _____ C:\WINDOWS\setupact.log
    2015-06-11 21:55 - 2015-06-11 21:55 - 00000000 _____ C:\WINDOWS\setuperr.log
    2015-06-11 21:52 - 2015-06-16 09:11 - 03386480 _____ C:\WINDOWS\PFRO.log
    2015-06-11 21:52 - 2015-06-11 21:52 - 70168576 _____ C:\WINDOWS\system32\config\COMPONENTS.iodefrag.bak
    2015-06-11 21:52 - 2015-06-11 21:52 - 00000000 ____H C:\asc_rdflag
    2015-06-11 21:17 - 2015-06-11 21:17 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
    2015-06-11 21:17 - 2015-06-11 21:17 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2015-06-11 21:15 - 2015-06-11 21:15 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2015-06-11 21:15 - 2015-06-11 21:15 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2015-06-11 21:15 - 2015-06-11 21:15 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
    2015-06-11 21:15 - 2015-06-11 21:15 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
    2015-06-11 21:15 - 2015-06-11 21:15 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2015-06-11 21:09 - 2015-06-11 21:09 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2015-06-11 21:09 - 2015-06-11 21:09 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
    2015-06-11 21:09 - 2015-06-11 21:09 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
    2015-06-11 21:08 - 2015-06-11 21:08 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
    2015-06-11 21:08 - 2015-06-11 21:08 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
    2015-06-11 21:08 - 2015-06-11 21:08 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
    2015-06-11 21:07 - 2015-06-11 21:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
    2015-06-11 21:07 - 2015-06-11 21:07 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
    2015-06-11 21:07 - 2015-06-11 21:07 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
    2015-06-11 21:06 - 2015-06-16 03:15 - 00003876 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-06-11 21:06 - 2015-06-16 03:15 - 00003640 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-06-11 21:06 - 2015-06-11 21:06 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
    2015-06-11 21:06 - 2015-06-11 21:06 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
    2015-06-11 21:06 - 2015-06-11 21:06 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
    2015-06-11 21:06 - 2015-06-11 21:06 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
    2015-06-11 21:06 - 2015-06-11 21:06 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
    2015-06-11 21:06 - 2015-06-11 21:06 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
    2015-06-11 21:06 - 2015-06-11 21:06 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
    2015-06-11 21:06 - 2015-06-11 21:06 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
    2015-06-11 21:06 - 2015-06-11 21:06 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
    2015-06-11 21:06 - 2015-06-11 21:06 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
    2015-06-11 21:06 - 2015-06-11 21:06 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
    2015-06-11 21:06 - 2015-06-11 21:06 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
    2015-06-11 21:06 - 2015-06-11 21:06 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
    2015-06-11 21:05 - 2015-06-11 21:05 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
    2015-06-11 21:05 - 2015-06-11 21:05 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
    2015-06-11 21:05 - 2015-06-11 21:05 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
    2015-06-11 21:04 - 2015-06-11 21:04 - 03682304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2015-06-11 21:04 - 2015-06-11 21:04 - 02223104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
    2015-06-11 21:04 - 2015-06-11 21:04 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2015-06-11 21:04 - 2015-06-11 21:04 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2015-06-11 21:04 - 2015-06-11 21:04 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
    2015-06-11 21:04 - 2015-06-11 21:04 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
    2015-06-11 21:04 - 2015-06-11 21:04 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
    2015-06-11 21:04 - 2015-06-11 21:04 - 00133288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2015-06-11 21:04 - 2015-06-11 21:04 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
    2015-06-11 21:04 - 2015-06-11 21:04 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
    2015-06-11 21:04 - 2015-06-11 21:04 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
    2015-06-11 21:04 - 2015-06-11 21:04 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2015-06-11 21:04 - 2015-06-11 21:04 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
    2015-06-11 21:04 - 2015-06-11 21:04 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
    2015-06-11 21:04 - 2015-06-11 21:04 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
    2015-06-11 21:02 - 2015-06-11 21:02 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-06-11 21:02 - 2015-06-11 21:02 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-06-11 21:00 - 2015-06-11 21:00 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2015-06-11 20:59 - 2015-06-11 20:59 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2015-06-11 20:59 - 2015-06-11 20:59 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2015-06-11 20:59 - 2015-06-11 20:59 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2015-06-11 20:59 - 2015-06-11 20:59 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2015-06-11 20:59 - 2015-06-11 20:59 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2015-06-11 20:58 - 2015-06-11 20:58 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2015-06-11 20:58 - 2015-06-11 20:58 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2015-06-11 20:58 - 2015-06-11 20:58 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
    2015-06-11 20:58 - 2015-06-11 20:58 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
    2015-06-11 20:58 - 2014-10-28 22:41 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\expand - Copy.exe
    2015-06-11 20:55 - 2015-06-11 20:55 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
    2015-06-11 20:55 - 2015-06-11 20:55 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
    2015-06-11 20:53 - 2015-06-11 20:53 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2015-06-11 20:53 - 2015-06-11 20:53 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2015-06-11 20:53 - 2015-06-11 20:53 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
    2015-06-11 20:52 - 2015-06-11 20:52 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
    2015-06-11 20:52 - 2015-06-11 20:52 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
    2015-06-11 20:52 - 2015-06-11 20:52 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
    2015-06-11 20:52 - 2015-06-11 20:52 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
    2015-06-11 20:22 - 2015-06-11 20:22 - 58990592 _____ C:\WINDOWS\system32\config\COMPONENTS.iobit
    2015-06-11 16:15 - 2015-06-11 16:15 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
    2015-06-11 16:14 - 2015-06-11 16:14 - 00000000 ____D C:\Program Files\Common Files\VST2
    2015-06-11 16:14 - 2015-06-11 16:14 - 00000000 ____D C:\Program Files (x86)\VstPlugins
    2015-06-11 16:10 - 2015-06-11 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
    2015-06-11 15:58 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2015-06-11 15:58 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2015-06-11 15:58 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2015-06-11 15:52 - 2015-06-11 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gunpoint
    2015-06-11 08:10 - 2015-06-11 08:10 - 00003822 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1410125875
    2015-06-11 08:10 - 2015-06-11 08:10 - 00001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
    2015-06-11 02:31 - 2015-06-16 21:15 - 00000000 ____D C:\Users\Vala\AppData\Roaming\vlc
    2015-06-11 02:30 - 2015-06-11 02:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2015-06-10 05:38 - 2015-06-10 05:49 - 00002329 _____ C:\Users\Open\Desktop\Skyrim (SKSE).lnk
    2015-06-06 02:22 - 2005-10-02 15:00 - 00118784 _____ C:\Users\Vala\Desktop\ski32.exe
    2015-06-04 18:21 - 2015-06-04 18:21 - 00000000 ____D C:\Users\Vala\Documents\Skullgirls
    2015-06-04 14:16 - 2015-06-04 14:16 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
    2015-06-04 14:16 - 2015-06-04 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2015-06-04 14:16 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    2015-06-04 14:15 - 2015-06-11 17:15 - 00000000 ____D C:\Program Files\iTunes
    2015-06-04 14:15 - 2015-06-04 14:16 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-06-04 14:15 - 2015-06-04 14:15 - 00000000 ____D C:\Program Files (x86)\iTunes
    2015-06-04 14:08 - 2015-06-04 14:08 - 00002579 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2015-06-04 14:08 - 2015-06-04 14:08 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2015-06-04 00:52 - 2015-06-04 00:54 - 00000000 ____D C:\Users\Vala\AppData\Roaming\nomacs
    2015-06-04 00:52 - 2015-06-04 00:52 - 00000997 _____ C:\Users\Vala\Desktop\nomacs - Image Lounge.lnk
    2015-06-04 00:52 - 2015-06-04 00:52 - 00000997 _____ C:\Users\Open\Desktop\nomacs - Image Lounge.lnk
    2015-06-04 00:52 - 2015-06-04 00:52 - 00000997 _____ C:\Users\Guest\Desktop\nomacs - Image Lounge.lnk
    2015-06-04 00:52 - 2015-06-04 00:52 - 00000000 ____D C:\Users\Vala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\nomacs - image lounge
    2015-06-04 00:52 - 2015-06-04 00:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nomacs - image lounge
    2015-06-04 00:52 - 2015-06-04 00:52 - 00000000 ____D C:\Program Files (x86)\nomacs
    2015-06-01 06:23 - 2015-06-01 06:23 - 00002256 _____ C:\Users\Public\Desktop\The Sims™ 3 Supernatural.lnk
    2015-05-27 04:18 - 2015-05-27 04:19 - 00000000 ____D C:\Users\Vala\Desktop\Webm - Copy
    2015-05-24 07:41 - 2015-05-24 07:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
    2015-05-24 07:41 - 2015-05-24 07:41 - 00000000 ____D C:\ProgramData\ESET
    2015-05-24 07:41 - 2015-05-24 07:41 - 00000000 ____D C:\Program Files\ESET
    2015-05-24 07:23 - 2015-06-12 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
    2015-05-20 14:37 - 2015-05-20 14:37 - 00000000 ____D C:\ProgramData\Mozilla
    2015-05-20 00:10 - 2015-06-16 19:36 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-05-20 00:10 - 2015-05-20 00:10 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
     
  4. Balanced

    Balanced TS Rookie Topic Starter Posts: 34

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-16 21:16 - 2015-04-23 16:45 - 01746591 _____ C:\WINDOWS\WindowsUpdate.log
    2015-06-16 21:16 - 2014-09-09 09:38 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2015-06-16 21:12 - 2014-12-21 08:44 - 00000000 ____D C:\Users\Vala\AppData\Roaming\Skype
    2015-06-16 21:11 - 2014-09-16 00:15 - 00000000 ____D C:\Program Files (x86)\Steam
    2015-06-16 21:09 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
    2015-06-16 21:05 - 2014-12-21 08:32 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1699397770-1706359949-1841341789-1005
    2015-06-16 21:02 - 2014-09-16 05:09 - 00006468 _____ C:\WINDOWS\SysWOW64\Gms.log
    2015-06-16 21:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
    2015-06-16 20:59 - 2014-12-25 18:56 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-06-16 20:59 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2015-06-16 20:55 - 2015-03-17 05:42 - 00000000 ____D C:\Users\Vala\AppData\Roaming\JAM Software
    2015-06-16 20:36 - 2014-12-21 08:26 - 00000000 ____D C:\Users\Vala
    2015-06-16 08:50 - 2015-04-26 18:17 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
    2015-06-16 08:30 - 2014-09-07 20:13 - 00000000 ____D C:\Program Files (x86)\IObit
    2015-06-16 08:29 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
    2015-06-16 04:34 - 2015-05-06 18:53 - 04959000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2015-06-15 19:16 - 2015-01-14 14:50 - 00000000 ____D C:\Users\Vala\AppData\Roaming\.minecraft
    2015-06-15 15:37 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
    2015-06-15 08:31 - 2015-05-02 16:17 - 00000000 ____D C:\Users\Public\Documents\Wondershare
    2015-06-14 16:45 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
    2015-06-13 22:52 - 2014-12-21 08:49 - 00000000 ____D C:\Users\Vala\Documents\Eventually
    2015-06-13 22:51 - 2014-10-08 17:10 - 00000000 ____D C:\Games
    2015-06-13 14:54 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
    2015-06-13 10:38 - 2015-05-07 13:32 - 00041040 ____T (Webroot) C:\WINDOWS\system32\Drivers\wrUrlFlt.sys
    2015-06-13 08:12 - 2014-12-21 09:00 - 02075648 ___SH C:\Users\Vala\Downloads\Thumbs.db
    2015-06-12 17:46 - 2014-12-18 05:08 - 00000000 ____D C:\GOG Games
    2015-06-12 16:30 - 2014-12-21 08:52 - 00000000 ____D C:\Users\Vala\Documents\My Games
    2015-06-12 15:37 - 2014-12-21 08:48 - 00000000 ____D C:\Users\Vala\Documents\Electronic Arts
    2015-06-12 15:22 - 2015-05-07 13:31 - 00166128 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
    2015-06-12 14:54 - 2013-08-22 11:20 - 00000000 ____D C:\WINDOWS\CbsTemp
    2015-06-12 14:47 - 2015-05-08 14:01 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-06-12 05:32 - 2015-04-12 05:05 - 00000000 ___SD C:\WINDOWS\system32\GWX
    2015-06-12 05:32 - 2015-04-01 21:05 - 00000000 ____D C:\Users\Open
    2015-06-12 05:32 - 2014-12-21 08:30 - 00000000 ____D C:\Users\Vala\AppData\Roaming\IObit
    2015-06-12 05:32 - 2014-12-01 07:29 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-06-12 05:32 - 2014-12-01 07:29 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-06-12 05:32 - 2014-12-01 07:29 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-06-12 05:32 - 2014-12-01 07:29 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2015-06-12 05:32 - 2014-12-01 07:29 - 00000000 ____D C:\Users\Guest
    2015-06-12 05:32 - 2014-09-07 20:14 - 00000000 ____D C:\ProgramData\ProductData
    2015-06-12 05:32 - 2013-08-22 15:11 - 00000000 ____D C:\WINDOWS\ShellNew
    2015-06-12 05:32 - 2013-08-22 15:11 - 00000000 ____D C:\Program Files\Windows Journal
    2015-06-12 05:32 - 2013-08-22 11:36 - 00000000 __RSD C:\WINDOWS\Media
    2015-06-12 05:32 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
    2015-06-12 05:32 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2015-06-12 05:32 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
    2015-06-12 01:57 - 2014-12-24 15:58 - 00000000 ____D C:\Users\Vala\AppData\Local\Google
    2015-06-11 21:52 - 2014-09-20 02:41 - 75071488 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
    2015-06-11 21:52 - 2014-09-20 02:41 - 00303104 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
    2015-06-11 21:52 - 2014-09-20 02:41 - 00102400 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak
    2015-06-11 21:52 - 2014-09-20 02:41 - 00028672 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
    2015-06-11 21:50 - 2014-09-09 14:54 - 00000000 ____D C:\WINDOWS\PCHEALTH
    2015-06-11 21:31 - 2014-09-07 17:32 - 00000000 ____D C:\Users\Nick\AppData\Local\Packages
    2015-06-11 21:31 - 2014-09-07 17:31 - 00000000 ____D C:\Users\Nick
    2015-06-11 19:36 - 2015-04-01 21:05 - 00000000 ____D C:\Users\Open\AppData\Roaming\IObit
    2015-06-11 16:15 - 2015-01-03 12:56 - 00000000 ____D C:\Users\Vala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
    2015-06-11 16:15 - 2015-01-03 12:48 - 00000000 ____D C:\Program Files (x86)\Image-Line
    2015-06-11 16:10 - 2015-01-03 12:55 - 00000000 ____D C:\Users\Vala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
    2015-06-11 16:10 - 2015-01-03 12:55 - 00000000 ____D C:\Program Files\Image-Line
    2015-06-11 15:58 - 2014-12-25 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-06-11 15:58 - 2014-12-25 18:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-06-11 15:54 - 2014-12-21 13:10 - 00000000 ____D C:\Users\Vala\AppData\Roaming\uTorrent
    2015-06-11 08:10 - 2014-09-07 17:37 - 00000000 ____D C:\Program Files (x86)\Opera
    2015-06-11 02:30 - 2014-10-23 07:22 - 00000000 ____D C:\Program Files (x86)\VideoLAN
    2015-06-10 21:29 - 2014-09-18 12:44 - 00000000 ____D C:\Program Files (x86)\Mod Organizer
    2015-06-10 20:08 - 2015-01-02 23:39 - 00000000 ____D C:\Users\Vala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2015-06-10 05:49 - 2015-01-26 19:31 - 00002329 _____ C:\Users\Guest\Desktop\Skyrim (SKSE).lnk
    2015-06-05 07:16 - 2014-12-21 08:42 - 10653696 ___SH C:\Users\Vala\Desktop\Thumbs.db
    2015-06-04 14:15 - 2015-05-08 00:29 - 00000000 ____D C:\Program Files\iPod
    2015-06-04 14:15 - 2015-05-08 00:26 - 00000000 ____D C:\Program Files\Common Files\Apple
    2015-06-04 14:07 - 2015-05-08 00:26 - 00000000 ____D C:\ProgramData\Apple
    2015-06-01 19:14 - 2015-05-02 16:18 - 00000000 ____D C:\ProgramData\Wondershare Player
    2015-05-28 20:22 - 2014-09-14 17:33 - 00000000 ____D C:\ProgramData\Intel
    2015-05-28 20:22 - 2014-09-07 19:53 - 00000000 ____D C:\Program Files\Intel
    2015-05-26 00:59 - 2015-02-24 21:56 - 00001736 _____ C:\Users\Vala\AppData\Roaming\PureRef.ini
    2015-05-25 02:12 - 2015-01-16 20:57 - 00000132 _____ C:\Users\Vala\AppData\Roaming\Adobe PNG Format CS6 Prefs
    2015-05-24 07:34 - 2015-04-16 08:44 - 00000000 ____D C:\Program Files\Unlocker
    2015-05-24 00:50 - 2014-09-29 14:40 - 00000000 ____D C:\ProgramData\Adobe
    2015-05-20 14:37 - 2014-10-27 08:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

    ==================== Files in the root of some directories =======

    2015-01-16 09:18 - 2015-01-16 09:18 - 0000132 _____ () C:\Users\Vala\AppData\Roaming\Adobe GIF Format CS6 Prefs
    2015-01-16 20:57 - 2015-05-25 02:12 - 0000132 _____ () C:\Users\Vala\AppData\Roaming\Adobe PNG Format CS6 Prefs
    2015-02-24 21:56 - 2015-05-26 00:59 - 0001736 _____ () C:\Users\Vala\AppData\Roaming\PureRef.ini
    2015-02-05 20:19 - 2015-02-05 20:19 - 0007631 _____ () C:\Users\Vala\AppData\Local\Resmon.ResmonCfg
    2014-09-14 17:29 - 2014-09-14 17:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Some files in TEMP:
    ====================
    C:\Users\Guest\AppData\Local\Temp\avgnt.exe
    C:\Users\Open\AppData\Local\Temp\WRupdate1790663015.exe
    C:\Users\Vala\AppData\Local\Temp\1EF7EB5B-BDD5-4BBF-A54C-FEB704B9EDD7.exe
    C:\Users\Vala\AppData\Local\Temp\D667DCE0-4047-4A93-B065-F8D916D829F1.exe
    C:\Users\Vala\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Vala\AppData\Local\Temp\InstHelper.exe
    C:\Users\Vala\AppData\Local\Temp\Quarantine.exe
    C:\Users\Vala\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-06-13 13:17

    ==================== End of log ============================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Addition.txt log?
     
  6. Balanced

    Balanced TS Rookie Topic Starter Posts: 34

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
    Ran by Vala at 2015-06-16 21:18:30
    Running from C:\Users\Vala\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1699397770-1706359949-1841341789-500 - Administrator - Disabled)
    Guest (S-1-5-21-1699397770-1706359949-1841341789-501 - Limited - Disabled) => C:\Users\Guest
    HomeGroupUser$ (S-1-5-21-1699397770-1706359949-1841341789-1003 - Limited - Enabled)
    Open (S-1-5-21-1699397770-1706359949-1841341789-1006 - Limited - Enabled) => C:\Users\Open
    Vala (S-1-5-21-1699397770-1706359949-1841341789-1005 - Administrator - Enabled) => C:\Users\Vala

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
    AV: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
    Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
    Banished (HKLM-x32\...\GOGPACKBANISHED_is1) (Version: 2.0.0.3 - GOG.com)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.1.0 - Synaptics Incorporated)
    Don't Starve (HKLM-x32\...\GOGPACKDONTSTARVE_is1) (Version: 2.7.0.16 - GOG.com)
    Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version: - Fistful of Frags Team)
    FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line)
    FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
    IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
    iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
    Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
    League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
    League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
    Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon)
    Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
    nomacs 2.4.5 (HKLM-x32\...\nomacs) (Version: 2.4.5 - )
    NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
    Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
    Opera Stable 30.0.1835.59 (HKLM-x32\...\Opera 30.0.1835.59) (Version: 30.0.1835.59 - Opera Software)
    Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
    Papers, Please (HKLM-x32\...\GOGPACKPAPERSPLEASE_is1) (Version: 2.0.0.4 - GOG.com)
    Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
    PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    Psychonauts (HKLM-x32\...\Psychonauts_is1) (Version: - GOG.com)
    PureRef (HKLM-x32\...\PureRef) (Version: 1.6.0 - Idyllic Pixel)
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.012 - Dell Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.43 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7240 - Realtek Semiconductor Corp.)
    RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software)
    Shovel Knight (HKLM-x32\...\1207664823_is1) (Version: 2.6.0.13 - GOG.com)
    Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
    Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
    TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43174 - TeamViewer)
    Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
    The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
    The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
    The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
    The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
    This War of Mine (HKLM-x32\...\1207666873_is1) (Version: 2.0.0.2 - GOG.com)
    Unity Web Player (HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
    Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.8.88 - Webroot)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    13-06-2015 14:49:57 Scheduled Checkpoint
    16-06-2015 21:05:16 Removed The Sims 3 Ambitions
    16-06-2015 21:15:54 Removed The Sims 3 Late Night

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ___RA C:\WINDOWS\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {1B544D4E-25E5-449A-B891-57C8C710374E} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-04-01] (Microsoft Corporation)
    Task: {2AE5C956-72F6-47D7-BD9F-AF681E10FDD9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {37677571-3FA4-4FA2-8E83-9B82F49EF565} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-16] (Google Inc.)
    Task: {51CEB777-B7E7-419C-A70F-9626A1F3AE60} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-16] (Google Inc.)
    Task: {6DDF1087-8018-44BB-B5CE-4926AAF50729} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {8113E2B5-0EE7-45CE-A8A0-D6683AFA4304} - System32\Tasks\Opera scheduled Autoupdate 1410125875 => C:\Program Files (x86)\Opera\launcher.exe [2015-06-10] (Opera Software)
    Task: {8E347C7C-948B-4944-BD26-48EBA2A37B94} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-04-01] (Microsoft Corporation)
    Task: {96411166-FA5A-40D2-91BE-91F82C038D52} - System32\Tasks\AdobeAAMUpdater-1.0-Nick-Vala => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-02-03] (Adobe Systems Incorporated)
    Task: {9763B52D-131F-468B-B644-53B466672220} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {9A0E42FF-BEFA-490D-AA1D-C53E975D4817} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-04-01] (Microsoft Corporation)
    Task: {DF579C70-8879-431D-B906-5B12FEE394F8} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-20] (Adobe Systems Incorporated)
    Task: {E4C36EB6-6732-47C3-A80A-3914FD6ECE98} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-11-22] (Synaptics Incorporated)
    Task: {EFD706D5-CA1E-427E-A070-F55D6C633C54} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-04-01] (Microsoft Corporation)
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\ASC7_SkipUac_Nick.job => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2010-07-15 00:44 - 2010-07-15 00:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
    2014-10-21 06:54 - 2007-09-02 16:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
    2014-10-21 06:54 - 2007-09-02 16:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
    2015-06-11 08:10 - 2015-06-10 05:45 - 00157304 _____ () C:\Program Files (x86)\Opera\30.0.1835.59\message_center_win8.dll
    2015-06-11 08:10 - 2015-06-10 05:45 - 01649272 _____ () C:\Program Files (x86)\Opera\30.0.1835.59\libglesv2.dll
    2015-06-11 08:10 - 2015-06-10 05:45 - 00081016 _____ () C:\Program Files (x86)\Opera\30.0.1835.59\libegl.dll
    2014-11-10 12:12 - 2014-11-10 12:12 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\Vala\OneDrive:ms-properties

    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\27263692.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\32013379.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\53930880.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\59487981.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\59540859.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\61987929.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\75870151.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77961255.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\81722075.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UnsignedThemes => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\27263692.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\32013379.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\53930880.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\59487981.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\59540859.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\61987929.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\75870151.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\77961255.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\81722075.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UnsignedThemes => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\aeriagames.com -> hxxps://aeriagames.com
    IE trusted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\aeriagames.com -> hxxp://aeriagames.com
    IE trusted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\com -> hxxp://*.Wondershare.com

    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\008k.com -> 008k.com
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\00hq.com -> 00hq.com
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\0190-dialers.com -> 0190-dialers.com
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\01i.info -> 01i.info
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\05p.com -> 05p.com
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\0calories.net -> 0calories.net
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\0cj.net -> 0cj.net
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\0scan.com -> 0scan.com
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\1-domains-registrations.com -> 1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\1-se.com -> 1-se.com
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\1001movie.com -> 1001movie.com
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\1001night.biz -> 1001night.biz
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\100gal.net -> 100gal.net
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\100sexlinks.com -> 100sexlinks.com

    There are 4788 more restricted sites.

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Vala\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 75.75.75.75 - 75.75.76.76

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdvancedSystemCareService7 => 3
    MSCONFIG\Services: ekrn => 2
    MSCONFIG\Services: LiveUpdateSvc => 2
    MSCONFIG\startupreg: AdobeCS6ServiceManager => "c:\program files (x86)\common files\adobe\cs6servicemanager\cs6servicemanager.exe" -launchedbylogin
    MSCONFIG\startupreg: BlueStacks Agent => c:\program files (x86)\bluestacks\hd-agent.exe
    MSCONFIG\startupreg: Dxtory Update Checker 2.0 =>
    MSCONFIG\startupreg: MouseDriver =>
    MSCONFIG\startupreg: RtHDVBg => "c:\program files\realtek\audio\hda\ravbg64.exe" /maxx4
    MSCONFIG\startupreg: Skype =>
    MSCONFIG\startupreg: SwitchBoard => c:\program files (x86)\common files\adobe\switchboard\switchboard.exe
    MSCONFIG\startupreg: uTorrent =>
    HKLM\...\StartupApproved\Run: => "egui"
    HKLM\...\StartupApproved\Run: => "MouseDriver"
    HKLM\...\StartupApproved\Run: => "IAStorIcon"
    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run: => "QuickSet"
    HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
    HKLM\...\StartupApproved\Run32: => "SwitchBoard"
    HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
    HKLM\...\StartupApproved\Run32: => "D3DOverrider"
    HKLM\...\StartupApproved\Run32: => "uTorrent"
    HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run32: => "UXTheme Launcher"
    HKLM\...\StartupApproved\Run32: => "DelaypluginInstall"
    HKLM\...\StartupApproved\Run32: => "SDTray"
    HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\StartupFolder: => "Curse.lnk"
    HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "Skype"
    HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "ASCTray.exe"
    HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "ASC.exe"
    HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "GameBooster.exe"
    HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "Advanced SystemCare 8"
    HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "Spotify"
    HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "Spotify Web Helper"
    HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "Google Update"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [TCP Query User{B0C26D87-DFF9-497C-A69F-7F4598236976}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{2DC76815-2D26-4A59-BD67-6D1FC165C9BF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [TCP Query User{D8C0D86B-9B7C-4359-9A4B-ACFD8BF71ECF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{A066DE20-33A8-4C43-BBD3-48DF251FAACA}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{732FF684-EFA4-4D50-BF03-C154ED171FBA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{F58AD488-2E23-4924-BD0A-D0E0812782B3}] => (Allow) LPort=2869
    FirewallRules: [{8A0B7691-3A37-4A76-935E-9DEBA2A8CA58}] => (Allow) LPort=1900
    FirewallRules: [{5762D2FB-EB17-4DE1-9F2A-D88140A837DE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{7F0DB825-BCA6-495C-8419-9FFD3E7DE5A8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{795524D8-D277-4587-9232-24410F04BAE1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{C321CD08-402E-4878-B79C-5B530A02F96D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{E320C745-75BB-4920-8FFF-D012F69D0FF6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{5198B202-3731-49C0-AE75-3C76238F5B07}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{6A9A32EA-D582-45E0-98E6-52F5329C28E5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{2A8CF148-5FFC-4534-8FE4-DC5F731BB8D8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{0532BB4E-0328-4171-85EC-A8366ABDD1DA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
    FirewallRules: [{F56BA8D9-CF19-4BE1-A668-BBA7D8551C20}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
    FirewallRules: [TCP Query User{08015EFD-85FE-4368-B395-3BBC2F63D86A}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
    FirewallRules: [UDP Query User{433CEA71-757D-4394-8366-02370C902E2E}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
    FirewallRules: [TCP Query User{22983644-7269-4776-8C75-5435BF753435}C:\games\xcom\xcom enemy unknown\binaries\win32\xcomgame.exe] => (Block) C:\games\xcom\xcom enemy unknown\binaries\win32\xcomgame.exe
    FirewallRules: [UDP Query User{E4152684-7CB9-4383-948B-A6BDF3037158}C:\games\xcom\xcom enemy unknown\binaries\win32\xcomgame.exe] => (Block) C:\games\xcom\xcom enemy unknown\binaries\win32\xcomgame.exe
    FirewallRules: [{7F9F1F20-1A79-4633-906A-1CA2EF28EE64}] => (Allow) C:\Users\Vala\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{CDF34A80-9350-4AFA-8E3B-BBBD43327C22}] => (Allow) C:\Users\Vala\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{8832BAA9-34FC-44A7-96B4-CBF16F8C91C6}] => (Allow) %SystemDrive%\Riot Games\League of Legends\lol.launcher.exe
    FirewallRules: [{706989A1-EE0E-4800-BFC9-A58FAA700D5B}] => (Allow) %SystemDrive%\Riot Games\League of Legends\lol.launcher.exe
    FirewallRules: [{492D1A93-86A2-45EC-B09C-0D383DFBB9D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fistful of Frags\sdk\hl2.exe
    FirewallRules: [{F1EB0A55-968F-4242-B8BD-ACA3B4F1B962}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fistful of Frags\sdk\hl2.exe
    FirewallRules: [TCP Query User{45C49C72-812F-493A-9F06-703008D8D48C}C:\games\xcom\xcom enemy unknown\binaries\win32\xcomgame.exe] => (Block) C:\games\xcom\xcom enemy unknown\binaries\win32\xcomgame.exe
    FirewallRules: [UDP Query User{E0D15A21-BA83-4278-9670-84965C704878}C:\games\xcom\xcom enemy unknown\binaries\win32\xcomgame.exe] => (Block) C:\games\xcom\xcom enemy unknown\binaries\win32\xcomgame.exe
    FirewallRules: [{F37EF24A-ECA4-4949-9408-7740F6082D02}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
    FirewallRules: [{0D1CD10D-8B54-4D9B-AF13-7930D6985345}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
    FirewallRules: [{82F72679-A078-4279-9BEF-CFBED42AF969}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
    FirewallRules: [{5E789CBB-5017-4079-8E04-F6B9008DA058}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
    FirewallRules: [{F00BF2A4-99D6-4685-BCDF-806291EBB969}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{A52BA5C6-8EBF-4558-963A-CBF0EC7BD5A2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{4593F805-0A8C-45C2-B26E-426AD06ECCF1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{80590668-F7C5-4EC1-85A5-A27C1D47816A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [TCP Query User{2BC3CF39-2B5A-4856-93BA-7179D8F1262E}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
    FirewallRules: [UDP Query User{97C15DE6-6C01-44F9-90E7-6464750DB3AF}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
    FirewallRules: [{FE0A6228-77F9-4019-AE0A-50B78BEF3AAB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{991A258E-F01D-4D7D-B12D-8F864C09CF39}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [{D0C4BC97-363C-4634-BC1A-6963361A01E3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [{E3A0E76F-4985-4E6E-A876-EDC14338E718}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{8CFAB8F5-772A-436F-85B2-3139CB00C240}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{E0DC456F-52C6-4D1D-8307-CCB2AF3B76CF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{B392903C-C491-41CA-A8E1-94EBD543035A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Faulty Device Manager Devices =============

    Name: PLDS DVD+-RW DU-8A5HH
    Description: CD-ROM Drive
    Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
    Manufacturer: (Standard CD-ROM drives)
    Service: cdrom
    Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
    Resolution: A registry problem was detected.
    This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
    Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/16/2015 09:15:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary kneps.

    System Error:
    The system cannot find the file specified.
    .

    Error: (06/16/2015 09:15:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary klwfp.

    System Error:
    The system cannot find the file specified.
    .

    Error: (06/16/2015 09:15:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary klpd.

    System Error:
    The system cannot find the file specified.
    .

    Error: (06/16/2015 09:15:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Kaspersky Lab Driver.

    System Error:
    The system cannot find the file specified.
    .

    Error: (06/16/2015 09:15:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary klhk.

    System Error:
    The system cannot find the file specified.
    .

    Error: (06/16/2015 09:15:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Kaspersky Lab Kernel DLL.

    System Error:
    The system cannot find the file specified.
    .

    Error: (06/16/2015 09:15:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary kldisk.

    System Error:
    The system cannot find the file specified.
    .

    Error: (06/16/2015 09:15:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary kl1.

    System Error:
    The system cannot find the file specified.
    .

    Error: (06/16/2015 09:15:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Kaspersky Lab Crypto Module (FDE PDK).

    System Error:
    The system cannot find the file specified.
    .

    Error: (06/16/2015 09:15:54 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1699397770-1706359949-1841341789-1001.bak). hr = 0x80070539, The security ID structure is invalid.
    .


    Operation:
    OnIdentify event
    Gathering Writer Data

    Context:
    Execution Context: Shadow Copy Optimization Writer
    Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
    Writer Name: Shadow Copy Optimization Writer
    Writer Instance ID: {8d874891-6a55-45c8-b8f4-21dfdc5ce2b2}


    System errors:
    =============
    Error: (06/16/2015 08:57:49 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
    %%1056

    Error: (06/16/2015 08:57:48 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
    %%1056

    Error: (06/16/2015 08:57:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (06/16/2015 08:57:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 2 time(s).

    Error: (06/16/2015 08:57:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Error: (06/16/2015 08:57:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (06/16/2015 08:57:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (06/16/2015 08:57:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

    Error: (06/16/2015 08:57:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

    Error: (06/16/2015 08:57:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).


    Microsoft Office:
    =========================
    Error: (06/16/2015 09:15:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary kneps.

    System Error:
    The system cannot find the file specified.

    Error: (06/16/2015 09:15:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary klwfp.

    System Error:
    The system cannot find the file specified.

    Error: (06/16/2015 09:15:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary klpd.

    System Error:
    The system cannot find the file specified.

    Error: (06/16/2015 09:15:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Kaspersky Lab Driver.

    System Error:
    The system cannot find the file specified.

    Error: (06/16/2015 09:15:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary klhk.

    System Error:
    The system cannot find the file specified.

    Error: (06/16/2015 09:15:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Kaspersky Lab Kernel DLL.

    System Error:
    The system cannot find the file specified.

    Error: (06/16/2015 09:15:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary kldisk.

    System Error:
    The system cannot find the file specified.

    Error: (06/16/2015 09:15:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary kl1.

    System Error:
    The system cannot find the file specified.

    Error: (06/16/2015 09:15:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Kaspersky Lab Crypto Module (FDE PDK).

    System Error:
    The system cannot find the file specified.

    Error: (06/16/2015 09:15:54 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: ConvertStringSidToSid(S-1-5-21-1699397770-1706359949-1841341789-1001.bak)0x80070539, The security ID structure is invalid.


    Operation:
    OnIdentify event
    Gathering Writer Data

    Context:
    Execution Context: Shadow Copy Optimization Writer
    Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
    Writer Name: Shadow Copy Optimization Writer
    Writer Instance ID: {8d874891-6a55-45c8-b8f4-21dfdc5ce2b2}


    CodeIntegrity Errors:
    ===================================
    Date: 2015-01-18 14:13:03.005
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-01-09 21:10:30.260
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-01-03 21:05:28.345
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-12-25 13:20:33.756
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-12-21 09:43:08.365
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-12-20 20:45:37.977
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-12-20 01:01:26.070
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-12-19 12:17:35.602
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-12-09 09:19:54.495
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-12-03 04:13:25.915
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Celeron(R) CPU 1007U @ 1.50GHz
    Percentage of memory in use: 58%
    Total physical RAM: 4001.27 MB
    Available physical RAM: 1678.55 MB
    Total Pagefile: 7001.27 MB
    Available Pagefile: 4355.74 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.83 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:287.29 GB) (Free:155.77 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 298.1 GB) (Disk ID: FCAA072E)

    Partition: GPT Partition Type.

    ==================== End of log ============================
     
  7. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  8. Balanced

    Balanced TS Rookie Topic Starter Posts: 34

    RogueKiller V10.8.4.0 [Jun 15 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
    Started in : Normal mode
    User : Vala [Administrator]
    Started from : C:\Users\Vala\Downloads\RogueKiller.exe
    Mode : Delete -- Date : 06/17/2015 19:53:16

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 0 ¤¤¤

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] 727851618c9845ba070e1faa46a2ae47
    [BSP] 7a9cc389ff519649f974198a647ced9f : Empty MBR Code
    Partition table:
    0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
    1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 MB
    2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 MB
    3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 500 MB
    4 - Basic data partition | Offset (sectors): 2394112 | Size: 294184 MB
    5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 604882944 | Size: 350 MB
    6 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 605599744 | Size: 9541 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_06162015_104337.log - RKreport_DEL_06162015_162233.log - RKreport_DEL_06162015_162253.log - RKreport_SCN_06162015_172818.log
    RKreport_SCN_06172015_195024.log - RKreport_DEL_06172015_195312.log
     
  9. Balanced

    Balanced TS Rookie Topic Starter Posts: 34

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 6/17/2015
    Scan Time: 7:58:02 PM
    Logfile: MBAM.txt
    Administrator: Yes

    Version: 2.01.6.1022
    Malware Database: v2015.06.17.05
    Rootkit Database: v2015.06.15.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Vala

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 466338
    Time Elapsed: 1 hr, 20 min, 53 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  10. Balanced

    Balanced TS Rookie Topic Starter Posts: 34

    I am also unable to install google chrome
    ______________________________________________
    # AdwCleaner v4.206 - Logfile created 16/06/2015 at 20:57:18
    # Updated 01/06/2015 by Xplode
    # Database : 2015-06-16.1 [Server]
    # Operating system : Windows 8.1 (x64)
    # Username : Vala - NICK
    # Running from : C:\Users\Vala\Downloads\adwcleaner_4.206.exe
    # Option : Cleaning

    ***** [ Services ] *****

    [#] Service Deleted : swdumon

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\~0
    File Deleted : C:\WINDOWS\System32\drivers\swdumon.sys
    File Deleted : C:\Users\Vala\AppData\Roaming\Mozilla\Firefox\Profiles\3f23aba8.default\user.js

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*.local

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17840


    -\\ Mozilla Firefox v34.0.5 (x86 en-US)


    -\\ Google Chrome v39.0.2171.71

    [C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    -\\ Opera v30.0.1835.59


    *************************

    AdwCleaner[R0].txt - [1406 bytes] - [16/06/2015 20:55:20]
    AdwCleaner[S0].txt - [1349 bytes] - [16/06/2015 20:57:18]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1408 bytes] ##########
     
  11. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Still need JRT log.
    What happens when you try to install Chrome?
     
  12. Balanced

    Balanced TS Rookie Topic Starter Posts: 34

    When I download Google Chrome I get a 103 installation error.
    I researched it and it says it has something to do with Expand.exe not working, I've tried the solutions and they haven't worked. I came across a blog post talking about it could be caused by a Rookit and he mentioned programs are Gmer, Rkiller, and many other applications you guys tell us to use, I google searched those names and I found this website and came here for help.

    JRT Deleted a task from an iObit program I had, I'm guessing iObit isn't safe?
    __________________________________________________________
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 7.0.2 (06.18.2015:1)
    OS: Windows 8.1 x64
    Ran by Vala on Fri 06/19/2015 at 5:16:44.64
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks

    Successfully deleted: [Task] C:\WINDOWS\tasks\Uninstaller_SkipUac_Administrator.job



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hd-adb.exe
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hd-agent.exe
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hd-apkhandler.exe
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hd-blockdevice.exe
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hd-createsymlink.exe
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hd-frontend.exe
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hd-glcheck.exe
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hd-guestcommandrunner.exe
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hd-logcollector.exe
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hd-logrotator.exe
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hd-logrotatorservice.exe
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hd-network.exe
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hd-optipng.exe
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hd-png2ico.exe
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hd-quit.exe
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hd-restart.exe
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hd-runapp.exe
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hd-service.exe
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hd-sharedfolder.exe
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hd-startlauncher.exe
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hd-tilecreator.exe
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hd-unzip.exe
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hd-updaterservice.exe
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hd-zip.exe



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] C:\ProgramData\productdata
    Successfully deleted: [Folder] C:\users\public\documents\downloaded installers
    Successfully deleted: [Folder] C:\Users\Vala\AppData\Roaming\productdata
    Successfully deleted: [Folder] C:\WINDOWS\syswow64\ai_recyclebin



    ~~~ FireFox






    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 06/19/2015 at 5:23:36.94
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  13. Balanced

    Balanced TS Rookie Topic Starter Posts: 34

    I found my Setup.exe problem.
    Debugger REG_SZ C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe

    \Image File Execution Options\ Is like some thing to change an operation of a file
    ____________________________________________________________________
    I've scanned for the keyword "Debugger" in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ REGEDIT and I found an edit on the folder "chrmstp.exe" and it turns out thats a file for google chome, so im going to try installing google chrome now.
    ____________________________________________________________________
    EDIT: Deleting the debugger worked 100% for my Setup.exe Issue.
     
    Last edited: Jun 19, 2015
  14. Balanced

    Balanced TS Rookie Topic Starter Posts: 34

    Deleting the debugger worked 100% for chrmstp.exe and I now have google chrome installed
    iObit is not to be trusted.
     
  15. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Nice job :)
    iObit won't get anything malicious on your computer but it's a shady company which in the past stole some data from Malwarebytes to use it in their own product.
    In your case there were some leftovers from Advanced SystemCare, which is not recommended because it deals with registry. Registry should be left alone.

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  16. Balanced

    Balanced TS Rookie Topic Starter Posts: 34

    Thank you for your help man, I was really considering refreshing my computer.
    I have alot of memories I'd rather not lose.
    Also, I've just been running around in my File Explorer and deleting anything iObit related
    ________________________________________________________________
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
    Ran by Vala (administrator) on NICK on 19-06-2015 21:55:54
    Running from C:\Users\Vala\Downloads
    Loaded Profiles: Vala (Available Profiles: Vala & Open & Guest)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Opera)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    () C:\Program Files (x86)\RocketDock\RocketDock.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\SndVol.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera_crashreporter.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-19] (Dell Inc.)
    HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
    HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-01-28] (ESET)
    HKLM-x32\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 1999-12-31] (Realtek Semiconductor)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [817072 2015-06-12] (Webroot)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-17] (Avast Software s.r.o.)
    HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\a51328c5-932e-4bbb-8e8c-76d8f8831c01.exe [183232 2015-06-17] (AVAST Software)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
    HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
    HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\Run: [launcher.exe] => C:\Program Files (x86)\Opera\launcher.exe [908408 2015-06-10] (Opera Software)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-17] (Avast Software s.r.o.)
    BootExecute: autocheck autochk * aswBoot.exe /A:"C:" /A:"* STARTUP" /A:"* " /L:"1033" /heur:100 /RA:ask /pup /archives /IA:0 /KBD:1 /wow /dir:"C:\Program Files\AVAST Software\Avast"

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-11] (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-17] (Avast Software s.r.o.)
    BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-06-12] (Webroot)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-11] (Oracle Corporation)
    BHO-x32: No Name -> {43D9786F-A485-683B-9B5B-ACC97ABC17FC} -> No File
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-17] (Avast Software s.r.o.)
    BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-06-12] (Webroot)
    Handler: WSIEChrome - No CLSID Value
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

    FireFox:
    ========
    FF ProfilePath: C:\Users\Vala\AppData\Roaming\Mozilla\Firefox\Profiles\3f23aba8.default
    FF DefaultSearchEngine: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-20] ()
    FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-11] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-11] (Oracle Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-20] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-26] (Adobe Systems, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-19] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-19] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin HKU\S-1-5-21-1699397770-1706359949-1841341789-1005: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Vala\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
    FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
    FF HKLM-x32\...\Firefox\Extensions: [Player@Wondershare.com] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com
    FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
    FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2015-06-12]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-17]
    FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

    Chrome:
    =======
    CHR Profile: C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-24]
    CHR Extension: (Google Docs) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-24]
    CHR Extension: (Google Drive) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-24]
    CHR Extension: (YouTube) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-24]
    CHR Extension: (Adblock Plus) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-24]
    CHR Extension: (Google Search) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-24]
    CHR Extension: (Google Sheets) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-24]
    CHR Extension: (Manyland) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\geieilhcelplmpfhepdoggckhmfaanmp [2015-06-19]
    CHR Extension: (Disconnect) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-06-19]
    CHR Extension: (Territory War 3) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfknmahjfliijedjbhonlmjenllgjhgj [2015-06-19]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-19]
    CHR Extension: (Google Wallet) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-24]
    CHR Extension: (Hover Zoom) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2015-06-19]
    CHR Extension: (Gmail) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-24]
    CHR Extension: (Cube Slam) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcoeeddamedegogbcmdbadnoifmfipn [2015-06-19]

    Opera:
    =======
    OPR Extension: (Hover Free) - C:\Users\Vala\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbilojbgaikphnpbllmjjfpgapbhmkic [2014-12-21]
    OPR Extension: (Ghostery) - C:\Users\Vala\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbkekonodcdmedgffkkbgmnnekbainbg [2014-12-28]
    OPR Extension: (HTTPS Everywhere) - C:\Users\Vala\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2014-12-21]
    OPR Extension: (disconnectme) - C:\Users\Vala\AppData\Roaming\Opera Software\Opera Stable\Extensions\hciohocinlhbdkbjldffomiadmnhjnoj [2014-12-21]
    OPR Extension: (gorhill) - C:\Users\Vala\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2014-12-21]
    OPR Extension: (quoctrinh) - C:\Users\Vala\AppData\Roaming\Opera Software\Opera Stable\Extensions\njffefebkflfmooaoohkhkddmhailjgj [2014-12-28]
    OPR Extension: (Adblock Plus) - C:\Users\Vala\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-12-21]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-17] (Avast Software s.r.o.)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-17] (Avast Software)
    S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
    S4 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2015-01-28] (ESET)
    S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
    S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
    S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1930608 2015-03-31] (Electronic Arts)
    S4 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2014-10-09] ()
    S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 1999-12-31] (Realtek Semiconductor)
    S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-04-01] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-04-01] (Microsoft Corporation)
    S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [817072 2015-06-12] (Webroot)
    S4 DockLoginService; No ImagePath
    S3 TeamViewer; "C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-17] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-17] (Avast Software s.r.o.)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-17] (Avast Software s.r.o.)
    S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-17] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-17] (Avast Software s.r.o.)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-17] (Avast Software s.r.o.)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-17] (Avast Software s.r.o.)
    S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [44640 2015-06-17] (The OpenVPN Project)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-17] ()
    S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
    R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [246000 2015-01-30] (ESET)
    R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169792 2015-01-30] (ESET)
    R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
    S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-18] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)
    S3 RivaTuner64; No ImagePath
    R0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 1999-12-31] (Realtek Semiconductor Corp.)
    U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [476888 2014-03-21] (Realsil Semiconductor Corporation)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-11-22] (Synaptics Incorporated)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-06-17] ()
    S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-06-17] (Avast Software)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-04-01] (Microsoft Corporation)
    S3 WinRing0_1_2_0; No ImagePath
    R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [116224 2015-06-12] (Webroot)
    S3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [41040 2015-06-13] (Webroot)
    S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-19 21:47 - 2015-06-19 21:47 - 00000000 ____D C:\Users\Vala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Software
    2015-06-19 07:50 - 2015-06-19 07:50 - 00002327 _____ C:\Users\Vala\Desktop\Chrome App Launcher.lnk
    2015-06-19 07:50 - 2015-06-19 07:50 - 00000000 ____D C:\Users\Vala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-06-19 06:05 - 2015-06-19 21:10 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-06-19 06:05 - 2015-06-19 06:10 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-06-19 06:00 - 2015-06-19 06:05 - 00003888 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-06-19 06:00 - 2015-06-19 06:05 - 00003652 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-06-19 06:00 - 2015-06-19 06:00 - 00002283 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-06-19 06:00 - 2015-06-19 06:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-06-19 05:23 - 2015-06-19 05:23 - 00004540 _____ C:\Users\Vala\Desktop\JRT.txt
    2015-06-19 05:17 - 2015-06-19 05:17 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-NICK-Windows-8.1-(64-bit).dat
    2015-06-19 05:17 - 2015-06-19 05:17 - 00000000 ____D C:\RegBackup
    2015-06-19 04:50 - 2015-06-19 21:21 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
    2015-06-19 04:50 - 2015-06-19 04:50 - 00003846 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
    2015-06-19 04:47 - 2015-06-18 02:27 - 02950477 _____ (Thisisu) C:\Users\Vala\Desktop\JRT.exe
    2015-06-18 02:11 - 2015-06-18 02:11 - 00056060 _____ C:\Users\Vala\Downloads\04f414cc9d4c74acb58205772614469b.jpeg
    2015-06-18 01:13 - 2015-06-18 01:13 - 00000000 ____D C:\WINDOWS\LastGood
    2015-06-18 00:48 - 2015-04-30 21:13 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
    2015-06-18 00:48 - 2015-04-30 21:13 - 01488000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2015-06-18 00:48 - 2015-04-30 21:13 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
    2015-06-18 00:46 - 2015-05-03 11:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2015-06-18 00:46 - 2015-05-03 10:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2015-06-18 00:46 - 2015-05-01 19:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
    2015-06-17 22:03 - 2015-06-17 22:03 - 00001047 _____ C:\Users\Vala\Desktop\MBAM.txt
    2015-06-17 19:23 - 2015-06-17 19:23 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2015-06-17 19:18 - 2015-06-17 19:18 - 02949914 _____ (Thisisu) C:\Users\Vala\Downloads\JRT.exe
    2015-06-17 02:00 - 2015-06-19 04:49 - 00000000 ____D C:\Users\Vala\AppData\Local\Adobe
    2015-06-17 00:59 - 2015-06-17 00:59 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
    2015-06-17 00:59 - 2015-06-17 00:45 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
    2015-06-17 00:59 - 2015-06-17 00:45 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
    2015-06-17 00:59 - 2015-06-17 00:45 - 00272248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
    2015-06-17 00:59 - 2015-06-17 00:45 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
    2015-06-17 00:59 - 2015-06-17 00:45 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2015-06-17 00:59 - 2015-06-17 00:45 - 00065736 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2015-06-17 00:59 - 2015-06-17 00:45 - 00029168 _____ C:\WINDOWS\system32\Drivers\aswHwid.sys
    2015-06-17 00:59 - 2015-06-17 00:44 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2015-06-17 00:59 - 2015-06-17 00:44 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2015-06-17 00:56 - 2015-06-17 00:45 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswE65F.tmp
    2015-06-17 00:56 - 2015-06-17 00:45 - 00272248 _____ C:\WINDOWS\system32\Drivers\aswE66F.tmp
    2015-06-17 00:56 - 2015-06-17 00:45 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswE680.tmp
    2015-06-17 00:56 - 2015-06-17 00:45 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswE64D.tmp
    2015-06-17 00:56 - 2015-06-17 00:45 - 00065736 _____ C:\WINDOWS\system32\Drivers\aswE65E.tmp
    2015-06-17 00:56 - 2015-06-17 00:45 - 00029168 _____ C:\WINDOWS\system32\Drivers\aswE63C.tmp
    2015-06-17 00:56 - 2015-06-17 00:44 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswE61B.tmp
    2015-06-17 00:56 - 2015-06-17 00:44 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswE62C.tmp
    2015-06-17 00:47 - 2015-06-17 00:47 - 00000000 ____D C:\Users\Vala\AppData\Roaming\AVAST Software
    2015-06-17 00:47 - 2015-06-17 00:45 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswCCEA.tmp
    2015-06-17 00:47 - 2015-06-17 00:45 - 00272248 _____ C:\WINDOWS\system32\Drivers\aswCCEB.tmp
    2015-06-17 00:47 - 2015-06-17 00:45 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswCCFB.tmp
    2015-06-17 00:47 - 2015-06-17 00:45 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswCCD8.tmp
    2015-06-17 00:47 - 2015-06-17 00:45 - 00065736 _____ C:\WINDOWS\system32\Drivers\aswCCD9.tmp
    2015-06-17 00:47 - 2015-06-17 00:45 - 00029168 _____ C:\WINDOWS\system32\Drivers\aswCCC7.tmp
    2015-06-17 00:47 - 2015-06-17 00:44 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswCCA6.tmp
    2015-06-17 00:47 - 2015-06-17 00:44 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswCCB7.tmp
    2015-06-17 00:46 - 2015-06-17 00:46 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
    2015-06-17 00:46 - 2015-06-17 00:46 - 00000000 ____D C:\WINDOWS\system32\vbox
    2015-06-17 00:45 - 2015-06-17 01:00 - 00001946 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2015-06-17 00:45 - 2015-06-17 00:45 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswDB68.tmp
    2015-06-17 00:45 - 2015-06-17 00:45 - 00272248 _____ C:\WINDOWS\system32\Drivers\aswDB88.tmp
    2015-06-17 00:45 - 2015-06-17 00:45 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswDB98.tmp
    2015-06-17 00:45 - 2015-06-17 00:45 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswDB46.tmp
    2015-06-17 00:45 - 2015-06-17 00:45 - 00065736 _____ C:\WINDOWS\system32\Drivers\aswDB57.tmp
    2015-06-17 00:45 - 2015-06-17 00:45 - 00029168 _____ C:\WINDOWS\system32\Drivers\aswDB36.tmp
    2015-06-17 00:45 - 2015-06-17 00:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2015-06-17 00:45 - 2015-06-17 00:44 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswDAD6.tmp
    2015-06-17 00:45 - 2015-06-17 00:44 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswDB25.tmp
    2015-06-17 00:44 - 2015-06-17 00:44 - 00044640 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\aswTap.sys
    2015-06-17 00:44 - 2015-06-17 00:44 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
    2015-06-17 00:43 - 2015-06-17 00:43 - 00000000 ____D C:\Program Files\AVAST Software
    2015-06-16 21:06 - 2015-04-29 19:44 - 07373624 _____ (Kaspersky Lab ZAO) C:\Users\Vala\Desktop\kavremover.exe
    2015-06-16 20:51 - 2015-06-17 00:37 - 00000000 ____D C:\AdwCleaner
    2015-06-16 20:50 - 2015-06-16 20:50 - 02231296 _____ C:\Users\Vala\Downloads\adwcleaner_4.206.exe
    2015-06-16 20:30 - 2015-06-16 21:49 - 00000000 ____D C:\ProgramData\AVAST Software
    2015-06-16 20:29 - 2015-06-16 20:29 - 05499984 _____ (Avast Software s.r.o.) C:\Users\Vala\Downloads\avast_free_antivirus_setup_online.exe
    2015-06-16 20:02 - 2015-06-19 04:38 - 00000000 ____D C:\Users\Vala\AppData\Local\CrashDumps
    2015-06-16 16:17 - 2015-06-16 21:19 - 00046157 _____ C:\Users\Vala\Downloads\Addition.txt
    2015-06-16 16:14 - 2015-06-19 21:56 - 00000000 ____D C:\FRST
    2015-06-16 16:14 - 2015-06-19 21:55 - 00019456 _____ C:\Users\Vala\Downloads\FRST.txt
    2015-06-16 16:13 - 2015-06-16 16:13 - 02109952 _____ (Farbar) C:\Users\Vala\Downloads\FRST64.exe
    2015-06-16 15:50 - 2015-06-16 15:50 - 00380416 _____ C:\Users\Vala\Downloads\g211807v.exe
    2015-06-16 10:25 - 2015-06-16 16:22 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-06-16 10:22 - 2015-06-16 10:22 - 17659640 _____ C:\Users\Vala\Downloads\RogueKiller.exe
    2015-06-16 09:17 - 2015-01-22 09:42 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Vala\Desktop\TDSSKiller.exe
    2015-06-16 09:15 - 2015-06-16 09:15 - 03279147 _____ C:\Users\Vala\Downloads\kavremover.zip
    2015-06-16 08:29 - 2015-06-16 08:29 - 00000000 ____D C:\WINDOWS\SysWOW64\%Report%
    2015-06-16 08:27 - 2015-06-16 08:27 - 04176437 _____ C:\Users\Vala\Downloads\tdsskiller.zip
    2015-06-16 08:26 - 2015-06-16 21:56 - 00000000 ____D C:\TDSSKiller_Quarantine
    2015-06-16 08:23 - 2015-06-16 08:23 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Vala\Downloads\tdsskiller.exe
    2015-06-16 05:09 - 2015-06-16 08:56 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\107230C7.sys
    2015-06-16 04:25 - 2015-06-16 04:25 - 195151168 _____ (Kaspersky Lab) C:\Users\Vala\Downloads\kav15.0.2.361en_7201.exe
    2015-06-16 03:44 - 2015-06-16 03:44 - 00000000 ____D C:\test
    2015-06-16 03:28 - 2015-06-16 03:28 - 43529296 _____ (Google Inc.) C:\Users\Vala\Downloads\ChromeStandaloneSetup (1).exe
    2015-06-16 03:14 - 2015-06-19 06:00 - 00000000 ____D C:\Program Files (x86)\Google
    2015-06-15 22:10 - 2015-06-15 23:21 - 00000000 ____D C:\Users\Vala\AppData\Roaming\TeamViewer
    2015-06-15 21:59 - 2015-06-15 22:00 - 83303094 _____ C:\Users\Vala\Downloads\Mac Miller - Faces - HotNewHipHop.zip
    2015-06-15 21:30 - 2015-06-16 04:38 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2015-06-15 21:30 - 2015-06-15 21:30 - 00001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
    2015-06-15 21:30 - 2015-06-15 21:30 - 00001053 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
    2015-06-15 21:29 - 2015-06-15 21:29 - 08009728 _____ (TeamViewer GmbH) C:\Users\Vala\Downloads\TeamViewer_Setup_en.exe
    2015-06-14 04:11 - 2015-06-14 04:11 - 00267056 _____ C:\Users\Vala\Desktop\2009-01-25-139237.jpeg
    2015-06-14 00:34 - 2015-06-14 00:34 - 00109911 _____ C:\Users\Vala\Desktop\e7261410b2640e2692f7e862b41d5d37bb774be1.jpeg
    2015-06-14 00:33 - 2015-06-14 00:33 - 00387542 _____ C:\Users\Vala\Desktop\079a143880aa39d0ac423bf2b3150c513ac6b239.jpeg
    2015-06-14 00:31 - 2015-06-14 00:31 - 00359867 _____ C:\Users\Vala\Desktop\a21f9eb0d51b3a59c1663b73fde2766b2d80b0ce.jpeg
    2015-06-14 00:30 - 2015-06-14 00:30 - 00394101 _____ C:\Users\Vala\Desktop\047702ebf5768c239831bdbab83f7f5e19fbdfb1.jpeg
    2015-06-14 00:28 - 2015-06-14 00:28 - 00184753 _____ C:\Users\Vala\Desktop\83eabc051e79d8040158348c702147d1dc8c0f10.jpeg
    2015-06-14 00:27 - 2015-06-14 00:27 - 00252242 _____ C:\Users\Vala\Desktop\0b38e9f1373bc7b2a7a3eb0fab0e37371be1941d.jpeg
    2015-06-13 22:54 - 2015-06-13 22:54 - 00675528 _____ (ESET) C:\Users\Vala\Downloads\ESETUninstaller.exe
    2015-06-13 22:49 - 2015-06-17 01:14 - 00000000 ____D C:\Users\Vala\Documents\Stuff
    2015-06-12 15:22 - 2015-06-16 21:53 - 00000000 ____D C:\ProgramData\WRData
    2015-06-12 15:22 - 2015-06-12 15:24 - 00000000 ____D C:\Program Files\Webroot
    2015-06-12 15:22 - 2015-06-12 15:22 - 00116224 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
    2015-06-12 15:22 - 2015-06-12 15:22 - 00103816 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
    2015-06-12 15:19 - 2015-06-12 15:20 - 00817072 _____ (Webroot) C:\Users\Vala\Downloads\wsainstall (1).exe
    2015-06-12 14:54 - 2015-06-13 22:40 - 00000000 ___RD C:\Users\Vala\OneDrive
    2015-06-12 06:43 - 2015-06-12 06:44 - 00000000 ____D C:\Users\Vala\Desktop\mbar
    2015-06-12 01:12 - 2015-06-12 01:41 - 00000000 ____D C:\WINDOWS\pss
    2015-06-12 00:49 - 2015-06-12 00:50 - 43529296 _____ (Google Inc.) C:\Users\Vala\Downloads\ChromeStandaloneSetup.exe
    2015-06-11 23:22 - 2015-06-11 23:22 - 00001765 _____ C:\Users\Vala\Desktop\Photoshop.lnk
    2015-06-11 22:30 - 2015-06-11 22:30 - 00003492 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-Nick-Vala
    2015-06-11 21:56 - 2015-06-11 21:10 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2015-06-11 21:56 - 2015-06-11 21:10 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2015-06-11 21:55 - 2015-06-18 01:13 - 00002199 _____ C:\WINDOWS\setupact.log
    2015-06-11 21:55 - 2015-06-11 21:55 - 00000000 _____ C:\WINDOWS\setuperr.log
    2015-06-11 21:52 - 2015-06-16 21:51 - 03387148 _____ C:\WINDOWS\PFRO.log
    2015-06-11 21:52 - 2015-06-11 21:52 - 70168576 _____ C:\WINDOWS\system32\config\COMPONENTS.iodefrag.bak
    2015-06-11 21:52 - 2015-06-11 21:52 - 00000000 ____H C:\asc_rdflag
    2015-06-11 21:17 - 2015-06-11 21:17 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
    2015-06-11 21:17 - 2015-06-11 21:17 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2015-06-11 21:15 - 2015-06-11 21:15 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2015-06-11 21:15 - 2015-06-11 21:15 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2015-06-11 21:15 - 2015-06-11 21:15 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
    2015-06-11 21:15 - 2015-06-11 21:15 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
    2015-06-11 21:15 - 2015-06-11 21:15 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2015-06-11 21:15 - 2015-06-11 21:15 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2015-06-11 21:09 - 2015-06-11 21:09 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2015-06-11 21:09 - 2015-06-11 21:09 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
    2015-06-11 21:09 - 2015-06-11 21:09 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
    2015-06-11 21:08 - 2015-06-11 21:08 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
    2015-06-11 21:08 - 2015-06-11 21:08 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
    2015-06-11 21:08 - 2015-06-11 21:08 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
    2015-06-11 21:07 - 2015-06-11 21:07 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
    2015-06-11 21:07 - 2015-06-11 21:07 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
    2015-06-11 21:06 - 2015-06-11 21:06 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
    2015-06-11 21:06 - 2015-06-11 21:06 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
    2015-06-11 21:06 - 2015-06-11 21:06 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
    2015-06-11 21:06 - 2015-06-11 21:06 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
    2015-06-11 21:06 - 2015-06-11 21:06 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
    2015-06-11 21:06 - 2015-06-11 21:06 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
    2015-06-11 21:06 - 2015-06-11 21:06 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
    2015-06-11 21:06 - 2015-06-11 21:06 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
    2015-06-11 21:06 - 2015-06-11 21:06 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
    2015-06-11 21:06 - 2015-06-11 21:06 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
    2015-06-11 21:06 - 2015-06-11 21:06 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
    2015-06-11 21:06 - 2015-06-11 21:06 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
    2015-06-11 21:06 - 2015-06-11 21:06 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
    2015-06-11 21:05 - 2015-06-11 21:05 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
    2015-06-11 21:05 - 2015-06-11 21:05 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
    2015-06-11 21:05 - 2015-06-11 21:05 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
    2015-06-11 21:04 - 2015-06-11 21:04 - 03682304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2015-06-11 21:04 - 2015-06-11 21:04 - 02223104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
    2015-06-11 21:04 - 2015-06-11 21:04 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2015-06-11 21:04 - 2015-06-11 21:04 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2015-06-11 21:04 - 2015-06-11 21:04 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
    2015-06-11 21:04 - 2015-06-11 21:04 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
    2015-06-11 21:04 - 2015-06-11 21:04 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
    2015-06-11 21:04 - 2015-06-11 21:04 - 00133288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2015-06-11 21:04 - 2015-06-11 21:04 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
    2015-06-11 21:04 - 2015-06-11 21:04 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
    2015-06-11 21:04 - 2015-06-11 21:04 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
    2015-06-11 21:04 - 2015-06-11 21:04 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2015-06-11 21:04 - 2015-06-11 21:04 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
    2015-06-11 21:04 - 2015-06-11 21:04 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
    2015-06-11 21:04 - 2015-06-11 21:04 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
    2015-06-11 21:02 - 2015-06-11 21:02 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-06-11 21:02 - 2015-06-11 21:02 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-06-11 21:00 - 2015-06-11 21:00 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2015-06-11 20:59 - 2015-06-11 20:59 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2015-06-11 20:59 - 2015-06-11 20:59 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2015-06-11 20:59 - 2015-06-11 20:59 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2015-06-11 20:59 - 2015-06-11 20:59 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2015-06-11 20:59 - 2015-06-11 20:59 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2015-06-11 20:58 - 2015-06-11 20:58 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2015-06-11 20:58 - 2015-06-11 20:58 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2015-06-11 20:58 - 2015-06-11 20:58 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
    2015-06-11 20:58 - 2015-06-11 20:58 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
    2015-06-11 20:58 - 2014-10-28 22:41 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\expand - Copy.exe
    2015-06-11 20:55 - 2015-06-11 20:55 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
    2015-06-11 20:55 - 2015-06-11 20:55 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
    2015-06-11 20:53 - 2015-06-11 20:53 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2015-06-11 20:53 - 2015-06-11 20:53 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2015-06-11 20:53 - 2015-06-11 20:53 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
    2015-06-11 20:52 - 2015-06-11 20:52 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
    2015-06-11 20:52 - 2015-06-11 20:52 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
    2015-06-11 20:52 - 2015-06-11 20:52 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
    2015-06-11 20:52 - 2015-06-11 20:52 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
    2015-06-11 20:22 - 2015-06-11 20:22 - 58990592 _____ C:\WINDOWS\system32\config\COMPONENTS.iobit
    2015-06-11 16:15 - 2015-06-11 16:15 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
    2015-06-11 16:14 - 2015-06-11 16:14 - 00000000 ____D C:\Program Files\Common Files\VST2
    2015-06-11 16:14 - 2015-06-11 16:14 - 00000000 ____D C:\Program Files (x86)\VstPlugins
    2015-06-11 16:10 - 2015-06-11 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
    2015-06-11 15:58 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2015-06-11 15:58 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2015-06-11 15:58 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2015-06-11 15:52 - 2015-06-11 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gunpoint
    2015-06-11 08:10 - 2015-06-11 08:10 - 00003822 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1410125875
    2015-06-11 08:10 - 2015-06-11 08:10 - 00001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
    2015-06-11 02:31 - 2015-06-17 19:39 - 00000000 ____D C:\Users\Vala\AppData\Roaming\vlc
    2015-06-11 02:30 - 2015-06-11 02:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2015-06-10 05:38 - 2015-06-10 05:49 - 00002329 _____ C:\Users\Open\Desktop\Skyrim (SKSE).lnk
    2015-06-06 02:22 - 2005-10-02 15:00 - 00118784 _____ C:\Users\Vala\Desktop\ski32.exe
    2015-06-04 18:21 - 2015-06-04 18:21 - 00000000 ____D C:\Users\Vala\Documents\Skullgirls
    2015-06-04 14:15 - 2015-06-18 18:13 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-06-04 14:08 - 2015-06-04 14:08 - 00002579 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2015-06-04 14:08 - 2015-06-04 14:08 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2015-06-04 00:52 - 2015-06-04 00:54 - 00000000 ____D C:\Users\Vala\AppData\Roaming\nomacs
    2015-06-04 00:52 - 2015-06-04 00:52 - 00000997 _____ C:\Users\Vala\Desktop\nomacs - Image Lounge.lnk
    2015-06-04 00:52 - 2015-06-04 00:52 - 00000997 _____ C:\Users\Open\Desktop\nomacs - Image Lounge.lnk
    2015-06-04 00:52 - 2015-06-04 00:52 - 00000997 _____ C:\Users\Guest\Desktop\nomacs - Image Lounge.lnk
    2015-06-04 00:52 - 2015-06-04 00:52 - 00000000 ____D C:\Users\Vala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\nomacs - image lounge
    2015-06-04 00:52 - 2015-06-04 00:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nomacs - image lounge
    2015-06-04 00:52 - 2015-06-04 00:52 - 00000000 ____D C:\Program Files (x86)\nomacs
    2015-05-27 04:18 - 2015-05-27 04:19 - 00000000 ____D C:\Users\Vala\Desktop\Webm - Copy
    2015-05-24 07:41 - 2015-05-24 07:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
    2015-05-24 07:41 - 2015-05-24 07:41 - 00000000 ____D C:\ProgramData\ESET
    2015-05-24 07:41 - 2015-05-24 07:41 - 00000000 ____D C:\Program Files\ESET
    2015-05-24 07:23 - 2015-06-12 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
    2015-05-20 14:37 - 2015-05-20 14:37 - 00000000 ____D C:\ProgramData\Mozilla
     
  17. Balanced

    Balanced TS Rookie Topic Starter Posts: 34

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-19 21:54 - 2014-12-21 08:44 - 00000000 ____D C:\Users\Vala\AppData\Roaming\Skype
    2015-06-19 21:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
    2015-06-19 19:37 - 2015-04-23 16:45 - 01593149 _____ C:\WINDOWS\WindowsUpdate.log
    2015-06-19 06:06 - 2014-12-21 08:32 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1699397770-1706359949-1841341789-1005
    2015-06-19 04:52 - 2014-12-21 08:37 - 00000000 __SHD C:\Users\Vala\AppData\Local\EmieUserList
    2015-06-19 04:52 - 2014-12-21 08:37 - 00000000 __SHD C:\Users\Vala\AppData\Local\EmieBrowserModeList
    2015-06-18 18:08 - 2015-05-08 00:29 - 00000000 ____D C:\Program Files\iPod
    2015-06-18 18:08 - 2015-05-08 00:26 - 00000000 ____D C:\Program Files\Common Files\Apple
    2015-06-18 05:15 - 2014-12-25 18:56 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-06-18 05:00 - 2014-09-16 00:15 - 00000000 ____D C:\Program Files (x86)\Steam
    2015-06-18 01:14 - 2013-08-22 11:20 - 00000000 ____D C:\WINDOWS\CbsTemp
    2015-06-18 00:28 - 2014-09-07 20:40 - 00000000 ____D C:\WINDOWS\system32\MRT
    2015-06-17 01:15 - 2014-12-21 08:49 - 00000000 ____D C:\Users\Vala\Documents\Eventually
    2015-06-17 01:14 - 2014-12-21 09:00 - 02155520 ___SH C:\Users\Vala\Downloads\Thumbs.db
    2015-06-17 00:42 - 2014-09-16 05:09 - 00017138 _____ C:\WINDOWS\SysWOW64\Gms.log
    2015-06-17 00:39 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2015-06-16 21:53 - 2014-12-21 08:26 - 00000000 ____D C:\Users\Vala
    2015-06-16 21:36 - 2014-09-09 09:38 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2015-06-16 21:09 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
    2015-06-16 20:55 - 2015-03-17 05:42 - 00000000 ____D C:\Users\Vala\AppData\Roaming\JAM Software
    2015-06-16 08:50 - 2015-04-26 18:17 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
    2015-06-16 08:29 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
    2015-06-16 04:34 - 2015-05-06 18:53 - 04959000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2015-06-15 19:16 - 2015-01-14 14:50 - 00000000 ____D C:\Users\Vala\AppData\Roaming\.minecraft
    2015-06-15 15:37 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
    2015-06-15 08:31 - 2015-05-02 16:17 - 00000000 ____D C:\Users\Public\Documents\Wondershare
    2015-06-14 16:45 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
    2015-06-13 22:51 - 2014-10-08 17:10 - 00000000 ____D C:\Games
    2015-06-13 14:54 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
    2015-06-13 10:38 - 2015-05-07 13:32 - 00041040 ____T (Webroot) C:\WINDOWS\system32\Drivers\wrUrlFlt.sys
    2015-06-12 17:46 - 2014-12-18 05:08 - 00000000 ____D C:\GOG Games
    2015-06-12 16:30 - 2014-12-21 08:52 - 00000000 ____D C:\Users\Vala\Documents\My Games
    2015-06-12 15:37 - 2014-12-21 08:48 - 00000000 ____D C:\Users\Vala\Documents\Electronic Arts
    2015-06-12 15:22 - 2015-05-07 13:31 - 00166128 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
    2015-06-12 14:47 - 2015-05-08 14:01 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-06-12 05:32 - 2015-04-12 05:05 - 00000000 ___SD C:\WINDOWS\system32\GWX
    2015-06-12 05:32 - 2015-04-01 21:05 - 00000000 ____D C:\Users\Open
    2015-06-12 05:32 - 2014-12-21 08:30 - 00000000 ____D C:\Users\Vala\AppData\Roaming\IObit
    2015-06-12 05:32 - 2014-12-01 07:29 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-06-12 05:32 - 2014-12-01 07:29 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-06-12 05:32 - 2014-12-01 07:29 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-06-12 05:32 - 2014-12-01 07:29 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2015-06-12 05:32 - 2014-12-01 07:29 - 00000000 ____D C:\Users\Guest
    2015-06-12 05:32 - 2013-08-22 15:11 - 00000000 ____D C:\WINDOWS\ShellNew
    2015-06-12 05:32 - 2013-08-22 15:11 - 00000000 ____D C:\Program Files\Windows Journal
    2015-06-12 05:32 - 2013-08-22 11:36 - 00000000 __RSD C:\WINDOWS\Media
    2015-06-12 05:32 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
    2015-06-12 05:32 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2015-06-12 05:32 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
    2015-06-12 01:57 - 2014-12-24 15:58 - 00000000 ____D C:\Users\Vala\AppData\Local\Google
    2015-06-11 21:52 - 2014-09-20 02:41 - 75071488 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
    2015-06-11 21:52 - 2014-09-20 02:41 - 00303104 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
    2015-06-11 21:52 - 2014-09-20 02:41 - 00102400 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak
    2015-06-11 21:52 - 2014-09-20 02:41 - 00028672 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
    2015-06-11 21:50 - 2014-09-09 14:54 - 00000000 ____D C:\WINDOWS\PCHEALTH
    2015-06-11 21:31 - 2014-09-07 17:32 - 00000000 ____D C:\Users\Nick\AppData\Local\Packages
    2015-06-11 21:31 - 2014-09-07 17:31 - 00000000 ____D C:\Users\Nick
    2015-06-11 19:36 - 2015-04-01 21:05 - 00000000 ____D C:\Users\Open\AppData\Roaming\IObit
    2015-06-11 16:15 - 2015-01-03 12:56 - 00000000 ____D C:\Users\Vala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
    2015-06-11 16:15 - 2015-01-03 12:48 - 00000000 ____D C:\Program Files (x86)\Image-Line
    2015-06-11 16:10 - 2015-01-03 12:55 - 00000000 ____D C:\Users\Vala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
    2015-06-11 16:10 - 2015-01-03 12:55 - 00000000 ____D C:\Program Files\Image-Line
    2015-06-11 15:58 - 2014-12-25 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-06-11 15:58 - 2014-12-25 18:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-06-11 15:54 - 2014-12-21 13:10 - 00000000 ____D C:\Users\Vala\AppData\Roaming\uTorrent
    2015-06-11 08:10 - 2014-09-07 17:37 - 00000000 ____D C:\Program Files (x86)\Opera
    2015-06-11 02:30 - 2014-10-23 07:22 - 00000000 ____D C:\Program Files (x86)\VideoLAN
    2015-06-10 21:29 - 2014-09-18 12:44 - 00000000 ____D C:\Program Files (x86)\Mod Organizer
    2015-06-10 20:08 - 2015-01-02 23:39 - 00000000 ____D C:\Users\Vala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2015-06-10 05:49 - 2015-01-26 19:31 - 00002329 _____ C:\Users\Guest\Desktop\Skyrim (SKSE).lnk
    2015-06-05 07:16 - 2014-12-21 08:42 - 10653696 ___SH C:\Users\Vala\Desktop\Thumbs.db
    2015-06-04 14:07 - 2015-05-08 00:26 - 00000000 ____D C:\ProgramData\Apple
    2015-06-01 19:14 - 2015-05-02 16:18 - 00000000 ____D C:\ProgramData\Wondershare Player
    2015-05-28 20:22 - 2014-09-14 17:33 - 00000000 ____D C:\ProgramData\Intel
    2015-05-28 20:22 - 2014-09-07 19:53 - 00000000 ____D C:\Program Files\Intel
    2015-05-27 00:04 - 2014-09-07 20:40 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-05-26 00:59 - 2015-02-24 21:56 - 00001736 _____ C:\Users\Vala\AppData\Roaming\PureRef.ini
    2015-05-25 02:12 - 2015-01-16 20:57 - 00000132 _____ C:\Users\Vala\AppData\Roaming\Adobe PNG Format CS6 Prefs
    2015-05-24 07:34 - 2015-04-16 08:44 - 00000000 ____D C:\Program Files\Unlocker
    2015-05-24 00:50 - 2014-09-29 14:40 - 00000000 ____D C:\ProgramData\Adobe
    2015-05-20 14:37 - 2014-10-27 08:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

    ==================== Files in the root of some directories =======

    2015-01-16 09:18 - 2015-01-16 09:18 - 0000132 _____ () C:\Users\Vala\AppData\Roaming\Adobe GIF Format CS6 Prefs
    2015-01-16 20:57 - 2015-05-25 02:12 - 0000132 _____ () C:\Users\Vala\AppData\Roaming\Adobe PNG Format CS6 Prefs
    2015-02-24 21:56 - 2015-05-26 00:59 - 0001736 _____ () C:\Users\Vala\AppData\Roaming\PureRef.ini
    2015-02-05 20:19 - 2015-02-05 20:19 - 0007631 _____ () C:\Users\Vala\AppData\Local\Resmon.ResmonCfg
    2014-09-14 17:29 - 2014-09-14 17:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Some files in TEMP:
    ====================
    C:\Users\Guest\AppData\Local\Temp\avgnt.exe
    C:\Users\Open\AppData\Local\Temp\WRupdate1790663015.exe
    C:\Users\Vala\AppData\Local\Temp\8662EB2A-4665-4785-80DC-5348FBF23CAF.exe
    C:\Users\Vala\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Vala\AppData\Local\Temp\InstHelper.exe
    C:\Users\Vala\AppData\Local\Temp\Quarantine.exe
    C:\Users\Vala\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-06-13 13:17

    ==================== End of log ============================
     
  18. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    I still need Addition.txt log.
     
  19. Balanced

    Balanced TS Rookie Topic Starter Posts: 34

    Sorry, I forgot to check mark it.
    __________________________
    Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
    Ran by Vala at 2015-06-21 17:46:18
    Running from C:\Users\Vala\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1699397770-1706359949-1841341789-500 - Administrator - Disabled)
    Guest (S-1-5-21-1699397770-1706359949-1841341789-501 - Limited - Disabled) => C:\Users\Guest
    HomeGroupUser$ (S-1-5-21-1699397770-1706359949-1841341789-1003 - Limited - Enabled)
    Open (S-1-5-21-1699397770-1706359949-1841341789-1006 - Limited - Enabled) => C:\Users\Open
    Vala (S-1-5-21-1699397770-1706359949-1841341789-1005 - Administrator - Enabled) => C:\Users\Vala

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
    AV: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
    Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
    Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
    Banished (HKLM-x32\...\GOGPACKBANISHED_is1) (Version: 2.0.0.3 - GOG.com)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.1.0 - Synaptics Incorporated)
    Don't Starve (HKLM-x32\...\GOGPACKDONTSTARVE_is1) (Version: 2.7.0.16 - GOG.com)
    Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version: - Fistful of Frags Team)
    FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line)
    FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
    IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
    iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
    Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
    League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
    League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
    Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon)
    Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
    nomacs 2.4.5 (HKLM-x32\...\nomacs) (Version: 2.4.5 - )
    NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
    Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
    Opera Stable 30.0.1835.59 (HKLM-x32\...\Opera 30.0.1835.59) (Version: 30.0.1835.59 - Opera Software)
    Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
    Papers, Please (HKLM-x32\...\GOGPACKPAPERSPLEASE_is1) (Version: 2.0.0.4 - GOG.com)
    Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
    PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    Psychonauts (HKLM-x32\...\Psychonauts_is1) (Version: - GOG.com)
    PureRef (HKLM-x32\...\PureRef) (Version: 1.6.0 - Idyllic Pixel)
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.012 - Dell Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.43 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7240 - Realtek Semiconductor Corp.)
    RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software)
    Shovel Knight (HKLM-x32\...\1207664823_is1) (Version: 2.6.0.13 - GOG.com)
    Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
    Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
    TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43174 - TeamViewer)
    Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
    The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
    This War of Mine (HKLM-x32\...\1207666873_is1) (Version: 2.0.0.2 - GOG.com)
    Unity Web Player (HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
    Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.8.88 - Webroot)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    13-06-2015 14:49:57 Scheduled Checkpoint
    16-06-2015 21:05:16 Removed The Sims 3 Ambitions
    16-06-2015 21:15:54 Removed The Sims 3 Late Night
    16-06-2015 21:33:45 Removed TheSims3EP8
    16-06-2015 21:35:52 Removed TheSims3EP7
    16-06-2015 21:45:54 Removed TheSims3EP9
    17-06-2015 00:42:58 avast! antivirus system restore point
    17-06-2015 00:46:05 avast! antivirus system restore point
    17-06-2015 00:55:29 avast! antivirus system restore point
    17-06-2015 00:58:39 avast! antivirus system restore point
    17-06-2015 22:35:18 JRT
    18-06-2015 17:58:16 Removed iTunes
    21-06-2015 15:54:22 avast! antivirus system restore point
    21-06-2015 17:23:59 Installed iTunes

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ___RA C:\WINDOWS\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {2AE5C956-72F6-47D7-BD9F-AF681E10FDD9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {5B19064A-C496-43EE-AB14-892043DBC3A5} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_160_pepper.exe [2015-06-19] (Adobe Systems Incorporated)
    Task: {5EADB0C0-34C2-4955-B4FD-AB537F7D4105} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-27] (Microsoft Corporation)
    Task: {6DDF1087-8018-44BB-B5CE-4926AAF50729} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {8113E2B5-0EE7-45CE-A8A0-D6683AFA4304} - System32\Tasks\Opera scheduled Autoupdate 1410125875 => C:\Program Files (x86)\Opera\launcher.exe [2015-06-10] (Opera Software)
    Task: {8B730C8F-05C0-4EBC-9CED-07CDE73729A5} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
    Task: {96411166-FA5A-40D2-91BE-91F82C038D52} - System32\Tasks\AdobeAAMUpdater-1.0-Nick-Vala => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-02-03] (Adobe Systems Incorporated)
    Task: {9763B52D-131F-468B-B644-53B466672220} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {BBA46726-988B-4778-9D8A-E955C12A95D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-19] (Google Inc.)
    Task: {CC8D65E5-7492-428C-B46F-D5F34140AA6D} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-04-16] (Microsoft Corporation)
    Task: {E4C36EB6-6732-47C3-A80A-3914FD6ECE98} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-11-22] (Synaptics Incorporated)
    Task: {F073FC9D-010D-4FF0-A620-D1AEA1E89DEB} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
    Task: {FB21493A-D101-4E12-B938-C49781000968} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-19] (Google Inc.)
    Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_160_pepper.exe
    Task: C:\WINDOWS\Tasks\ASC7_SkipUac_Nick.job => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2010-07-15 00:44 - 2010-07-15 00:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
    2014-10-21 06:54 - 2007-09-02 16:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
    2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-03-20 18:12 - 2015-03-20 18:12 - 00306984 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
    2014-10-21 06:54 - 2007-09-02 16:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
    2014-11-10 12:12 - 2014-11-10 12:12 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2015-06-17 00:44 - 2015-06-17 00:44 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-06-17 00:44 - 2015-06-17 00:44 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-06-19 06:00 - 2015-06-05 14:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
    2015-06-19 06:00 - 2015-06-05 14:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll
    2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-03-20 18:12 - 2015-03-20 18:12 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-06-11 08:10 - 2015-06-10 05:45 - 00157304 _____ () C:\Program Files (x86)\Opera\30.0.1835.59\message_center_win8.dll
    2015-06-11 08:10 - 2015-06-10 05:45 - 01649272 _____ () C:\Program Files (x86)\Opera\30.0.1835.59\libglesv2.dll
    2015-06-11 08:10 - 2015-06-10 05:45 - 00081016 _____ () C:\Program Files (x86)\Opera\30.0.1835.59\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\Vala\OneDrive:ms-properties

    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\27263692.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\32013379.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\53930880.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\59487981.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\59540859.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\61987929.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\75870151.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77961255.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\80515704.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\81722075.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UnsignedThemes => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\27263692.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\32013379.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\53930880.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\59487981.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\59540859.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\61987929.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\75870151.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\77961255.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\80515704.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\81722075.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UnsignedThemes => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\aeriagames.com -> hxxps://aeriagames.com
    IE trusted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\aeriagames.com -> hxxp://aeriagames.com
    IE trusted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\com -> hxxp://*.Wondershare.com

    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\008k.com -> 008k.com
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\00hq.com -> 00hq.com
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\0190-dialers.com -> 0190-dialers.com
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\01i.info -> 01i.info
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\05p.com -> 05p.com
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\0calories.net -> 0calories.net
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\0cj.net -> 0cj.net
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\0scan.com -> 0scan.com
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\1-domains-registrations.com -> 1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\1-se.com -> 1-se.com
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\1001movie.com -> 1001movie.com
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\1001night.biz -> 1001night.biz
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\100gal.net -> 100gal.net
    IE restricted site: HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\100sexlinks.com -> 100sexlinks.com

    There are 4788 more restricted sites.

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Vala\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 75.75.75.75 - 75.75.76.76

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdvancedSystemCareService7 => 3
    MSCONFIG\Services: ekrn => 2
    MSCONFIG\Services: LiveUpdateSvc => 2
    MSCONFIG\startupreg: AdobeCS6ServiceManager => "c:\program files (x86)\common files\adobe\cs6servicemanager\cs6servicemanager.exe" -launchedbylogin
    MSCONFIG\startupreg: BlueStacks Agent => c:\program files (x86)\bluestacks\hd-agent.exe
    MSCONFIG\startupreg: Dxtory Update Checker 2.0 =>
    MSCONFIG\startupreg: MouseDriver =>
    MSCONFIG\startupreg: RtHDVBg => "c:\program files\realtek\audio\hda\ravbg64.exe" /maxx4
    MSCONFIG\startupreg: Skype =>
    MSCONFIG\startupreg: SwitchBoard => c:\program files (x86)\common files\adobe\switchboard\switchboard.exe
    MSCONFIG\startupreg: uTorrent =>
    HKLM\...\StartupApproved\Run: => "egui"
    HKLM\...\StartupApproved\Run: => "MouseDriver"
    HKLM\...\StartupApproved\Run: => "IAStorIcon"
    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run: => "QuickSet"
    HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
    HKLM\...\StartupApproved\Run32: => "SwitchBoard"
    HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
    HKLM\...\StartupApproved\Run32: => "D3DOverrider"
    HKLM\...\StartupApproved\Run32: => "uTorrent"
    HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run32: => "RtHDVBg_PushButton"
    HKLM\...\StartupApproved\Run32: => "WRSVC"
    HKLM\...\StartupApproved\Run32: => "UXTheme Launcher"
    HKLM\...\StartupApproved\Run32: => "DelaypluginInstall"
    HKLM\...\StartupApproved\Run32: => "SDTray"
    HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\StartupFolder: => "Curse.lnk"
    HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "Skype"
    HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "ASCTray.exe"
    HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "ASC.exe"
    HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "GameBooster.exe"
    HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "Advanced SystemCare 8"
    HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "Spotify"
    HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "Spotify Web Helper"
    HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "Google Update"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [TCP Query User{B0C26D87-DFF9-497C-A69F-7F4598236976}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{2DC76815-2D26-4A59-BD67-6D1FC165C9BF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [TCP Query User{D8C0D86B-9B7C-4359-9A4B-ACFD8BF71ECF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{A066DE20-33A8-4C43-BBD3-48DF251FAACA}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{732FF684-EFA4-4D50-BF03-C154ED171FBA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{F58AD488-2E23-4924-BD0A-D0E0812782B3}] => (Allow) LPort=2869
    FirewallRules: [{8A0B7691-3A37-4A76-935E-9DEBA2A8CA58}] => (Allow) LPort=1900
    FirewallRules: [{5762D2FB-EB17-4DE1-9F2A-D88140A837DE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{7F0DB825-BCA6-495C-8419-9FFD3E7DE5A8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{795524D8-D277-4587-9232-24410F04BAE1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{C321CD08-402E-4878-B79C-5B530A02F96D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{E320C745-75BB-4920-8FFF-D012F69D0FF6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{5198B202-3731-49C0-AE75-3C76238F5B07}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{6A9A32EA-D582-45E0-98E6-52F5329C28E5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{2A8CF148-5FFC-4534-8FE4-DC5F731BB8D8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{0532BB4E-0328-4171-85EC-A8366ABDD1DA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
    FirewallRules: [{F56BA8D9-CF19-4BE1-A668-BBA7D8551C20}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
    FirewallRules: [TCP Query User{08015EFD-85FE-4368-B395-3BBC2F63D86A}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
    FirewallRules: [UDP Query User{433CEA71-757D-4394-8366-02370C902E2E}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
    FirewallRules: [TCP Query User{22983644-7269-4776-8C75-5435BF753435}C:\games\xcom\xcom enemy unknown\binaries\win32\xcomgame.exe] => (Block) C:\games\xcom\xcom enemy unknown\binaries\win32\xcomgame.exe
    FirewallRules: [UDP Query User{E4152684-7CB9-4383-948B-A6BDF3037158}C:\games\xcom\xcom enemy unknown\binaries\win32\xcomgame.exe] => (Block) C:\games\xcom\xcom enemy unknown\binaries\win32\xcomgame.exe
    FirewallRules: [{7F9F1F20-1A79-4633-906A-1CA2EF28EE64}] => (Allow) C:\Users\Vala\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{CDF34A80-9350-4AFA-8E3B-BBBD43327C22}] => (Allow) C:\Users\Vala\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{8832BAA9-34FC-44A7-96B4-CBF16F8C91C6}] => (Allow) %SystemDrive%\Riot Games\League of Legends\lol.launcher.exe
    FirewallRules: [{706989A1-EE0E-4800-BFC9-A58FAA700D5B}] => (Allow) %SystemDrive%\Riot Games\League of Legends\lol.launcher.exe
    FirewallRules: [{492D1A93-86A2-45EC-B09C-0D383DFBB9D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fistful of Frags\sdk\hl2.exe
    FirewallRules: [{F1EB0A55-968F-4242-B8BD-ACA3B4F1B962}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fistful of Frags\sdk\hl2.exe
    FirewallRules: [TCP Query User{45C49C72-812F-493A-9F06-703008D8D48C}C:\games\xcom\xcom enemy unknown\binaries\win32\xcomgame.exe] => (Block) C:\games\xcom\xcom enemy unknown\binaries\win32\xcomgame.exe
    FirewallRules: [UDP Query User{E0D15A21-BA83-4278-9670-84965C704878}C:\games\xcom\xcom enemy unknown\binaries\win32\xcomgame.exe] => (Block) C:\games\xcom\xcom enemy unknown\binaries\win32\xcomgame.exe
    FirewallRules: [{F37EF24A-ECA4-4949-9408-7740F6082D02}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
    FirewallRules: [{0D1CD10D-8B54-4D9B-AF13-7930D6985345}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
    FirewallRules: [{82F72679-A078-4279-9BEF-CFBED42AF969}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
    FirewallRules: [{5E789CBB-5017-4079-8E04-F6B9008DA058}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
    FirewallRules: [{F00BF2A4-99D6-4685-BCDF-806291EBB969}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{A52BA5C6-8EBF-4558-963A-CBF0EC7BD5A2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{4593F805-0A8C-45C2-B26E-426AD06ECCF1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{80590668-F7C5-4EC1-85A5-A27C1D47816A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [TCP Query User{2BC3CF39-2B5A-4856-93BA-7179D8F1262E}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
    FirewallRules: [UDP Query User{97C15DE6-6C01-44F9-90E7-6464750DB3AF}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
    FirewallRules: [{991A258E-F01D-4D7D-B12D-8F864C09CF39}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [{D0C4BC97-363C-4634-BC1A-6963361A01E3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [{E3A0E76F-4985-4E6E-A876-EDC14338E718}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{8CFAB8F5-772A-436F-85B2-3139CB00C240}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{E0DC456F-52C6-4D1D-8307-CCB2AF3B76CF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{B392903C-C491-41CA-A8E1-94EBD543035A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{7E1F6826-21AC-4129-A7E1-73DBCC4EEEAD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{AC8C5D99-B83C-41D1-B8E3-A5B0B43F1729}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/21/2015 05:29:23 PM) (Source: MsiInstaller) (EventID: 11920) (User: Nick)
    Description: Product: iTunes -- Error 1920. Service 'Apple Mobile Device Service' (Apple Mobile Device Service) failed to start. Verify that you have sufficient privileges to start system services.

    Error: (06/21/2015 05:28:49 PM) (Source: MsiInstaller) (EventID: 11920) (User: Nick)
    Description: Product: iTunes -- Error 1920. Service 'Apple Mobile Device Service' (Apple Mobile Device Service) failed to start. Verify that you have sufficient privileges to start system services.

    Error: (06/21/2015 05:24:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary avast! VM Monitor.

    System Error:
    The system cannot find the file specified.
    .

    Error: (06/21/2015 05:24:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary aswSP.

    System Error:
    The system cannot find the file specified.
    .

    Error: (06/21/2015 05:24:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary aswSnx.

    System Error:
    The system cannot find the file specified.
    .

    Error: (06/21/2015 05:24:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary avast! Revert.

    System Error:
    The system cannot find the file specified.
    .

    Error: (06/21/2015 05:24:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary aswRdr.

    System Error:
    The system cannot find the file specified.
    .

    Error: (06/21/2015 05:24:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary aswMonFlt.

    System Error:
    The system cannot find the file specified.
    .

    Error: (06/21/2015 05:24:00 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1699397770-1706359949-1841341789-1001.bak). hr = 0x80070539, The security ID structure is invalid.
    .


    Operation:
    OnIdentify event
    Gathering Writer Data

    Context:
    Execution Context: Shadow Copy Optimization Writer
    Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
    Writer Name: Shadow Copy Optimization Writer
    Writer Instance ID: {8fecef12-734f-4e05-bfa6-154f0099531a}

    Error: (06/21/2015 03:54:22 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1699397770-1706359949-1841341789-1001.bak). hr = 0x80070539, The security ID structure is invalid.
    .


    Operation:
    OnIdentify event
    Gathering Writer Data

    Context:
    Execution Context: Shadow Copy Optimization Writer
    Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
    Writer Name: Shadow Copy Optimization Writer
    Writer Instance ID: {061eca96-adca-4f2e-af42-149f9136ab32}


    System errors:
    =============
    Error: (06/21/2015 05:28:31 PM) (Source: cdrom) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\CdRom0.

    Error: (06/21/2015 05:28:09 PM) (Source: cdrom) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\CdRom0.

    Error: (06/21/2015 03:22:53 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
    Description: 1053AvastVBoxSvcUnavailable{F319F1B8-7587-4146-AF9C-0D6D77819BF1}

    Error: (06/21/2015 03:22:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The AvastVBox COM Service service failed to start due to the following error:
    %%1053

    Error: (06/21/2015 03:22:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the AvastVBox COM Service service to connect.

    Error: (06/21/2015 03:22:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
    %%1053

    Error: (06/21/2015 03:22:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

    Error: (06/21/2015 03:21:02 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 11:03:07 AM on ‎6/‎21/‎2015 was unexpected.

    Error: (06/21/2015 10:19:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error:
    %%1115

    Error: (06/21/2015 10:19:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The SSDP Discovery service failed to start due to the following error:
    %%1069


    Microsoft Office:
    =========================
    Error: (06/21/2015 05:29:23 PM) (Source: MsiInstaller) (EventID: 11920) (User: Nick)
    Description: Product: iTunes -- Error 1920. Service 'Apple Mobile Device Service' (Apple Mobile Device Service) failed to start. Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (06/21/2015 05:28:49 PM) (Source: MsiInstaller) (EventID: 11920) (User: Nick)
    Description: Product: iTunes -- Error 1920. Service 'Apple Mobile Device Service' (Apple Mobile Device Service) failed to start. Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (06/21/2015 05:24:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary avast! VM Monitor.

    System Error:
    The system cannot find the file specified.

    Error: (06/21/2015 05:24:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary aswSP.

    System Error:
    The system cannot find the file specified.

    Error: (06/21/2015 05:24:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary aswSnx.

    System Error:
    The system cannot find the file specified.

    Error: (06/21/2015 05:24:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary avast! Revert.

    System Error:
    The system cannot find the file specified.

    Error: (06/21/2015 05:24:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary aswRdr.

    System Error:
    The system cannot find the file specified.

    Error: (06/21/2015 05:24:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary aswMonFlt.

    System Error:
    The system cannot find the file specified.

    Error: (06/21/2015 05:24:00 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: ConvertStringSidToSid(S-1-5-21-1699397770-1706359949-1841341789-1001.bak)0x80070539, The security ID structure is invalid.


    Operation:
    OnIdentify event
    Gathering Writer Data

    Context:
    Execution Context: Shadow Copy Optimization Writer
    Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
    Writer Name: Shadow Copy Optimization Writer
    Writer Instance ID: {8fecef12-734f-4e05-bfa6-154f0099531a}

    Error: (06/21/2015 03:54:22 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: ConvertStringSidToSid(S-1-5-21-1699397770-1706359949-1841341789-1001.bak)0x80070539, The security ID structure is invalid.


    Operation:
    OnIdentify event
    Gathering Writer Data

    Context:
    Execution Context: Shadow Copy Optimization Writer
    Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
    Writer Name: Shadow Copy Optimization Writer
    Writer Instance ID: {061eca96-adca-4f2e-af42-149f9136ab32}


    CodeIntegrity Errors:
    ===================================
    Date: 2015-01-18 14:13:03.005
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-01-09 21:10:30.260
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-01-03 21:05:28.345
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-12-25 13:20:33.756
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-12-21 09:43:08.365
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-12-20 20:45:37.977
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-12-20 01:01:26.070
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-12-19 12:17:35.602
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-12-09 09:19:54.495
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-12-03 04:13:25.915
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Celeron(R) CPU 1007U @ 1.50GHz
    Percentage of memory in use: 72%
    Total physical RAM: 4001.27 MB
    Available physical RAM: 1081.09 MB
    Total Pagefile: 7001.27 MB
    Available Pagefile: 2831.84 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.83 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:287.29 GB) (Free:142.65 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 298.1 GB) (Disk ID: FCAA072E)

    Partition: GPT Partition Type.

    ==================== End of log ============================
     
  20. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    [​IMG] You're running two AV programs, Webroot and Eset.
    You have to uninstall one of them.

    [​IMG]
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  21. Balanced

    Balanced TS Rookie Topic Starter Posts: 34

    How did you find EagleX64?
    Everytime I search something, I go on a website and you're there. lol
    You're a savior.
    ____________________________________________________________
    Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
    Ran by Vala at 2015-06-22 01:54:33 Run:1
    Running from C:\Users\Vala\Downloads
    Loaded Profiles: Vala (Available Profiles: Vala & Open & Guest)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
    BHO-x32: No Name -> {43D9786F-A485-683B-9B5B-ACC97ABC17FC} -> No File
    Handler: WSIEChrome - No CLSID Value
    S4 DockLoginService; No ImagePath
    S3 TeamViewer; "C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe" [X]
    S3 RivaTuner64; No ImagePath
    S3 WinRing0_1_2_0; No ImagePath
    S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
    2015-01-16 09:18 - 2015-01-16 09:18 - 0000132 _____ () C:\Users\Vala\AppData\Roaming\Adobe GIF Format CS6 Prefs
    2015-01-16 20:57 - 2015-05-25 02:12 - 0000132 _____ () C:\Users\Vala\AppData\Roaming\Adobe PNG Format CS6 Prefs
    2015-02-24 21:56 - 2015-05-26 00:59 - 0001736 _____ () C:\Users\Vala\AppData\Roaming\PureRef.ini
    2015-02-05 20:19 - 2015-02-05 20:19 - 0007631 _____ () C:\Users\Vala\AppData\Local\Resmon.ResmonCfg
    2014-09-14 17:29 - 2014-09-14 17:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    C:\Users\Guest\AppData\Local\Temp\avgnt.exe
    C:\Users\Open\AppData\Local\Temp\WRupdate1790663015.exe
    C:\Users\Vala\AppData\Local\Temp\8662EB2A-4665-4785-80DC-5348FBF23CAF.exe
    C:\Users\Vala\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Vala\AppData\Local\Temp\InstHelper.exe
    C:\Users\Vala\AppData\Local\Temp\Quarantine.exe
    C:\Users\Vala\AppData\Local\Temp\sqlite3.dll
    AlternateDataStreams: C:\Users\Vala\OneDrive:ms-properties

    *****************

    "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key not found.
    HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43D9786F-A485-683B-9B5B-ACC97ABC17FC}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{43D9786F-A485-683B-9B5B-ACC97ABC17FC} => key not found.
    "HKCR\PROTOCOLS\Handler\WSIEChrome" => key removed successfully
    DockLoginService => Service removed successfully
    TeamViewer => Service not found.
    RivaTuner64 => Service removed successfully
    WinRing0_1_2_0 => Service removed successfully
    EagleX64 => Service removed successfully
    C:\Users\Vala\AppData\Roaming\Adobe GIF Format CS6 Prefs => moved successfully.
    C:\Users\Vala\AppData\Roaming\Adobe PNG Format CS6 Prefs => moved successfully.
    C:\Users\Vala\AppData\Roaming\PureRef.ini => moved successfully.
    C:\Users\Vala\AppData\Local\Resmon.ResmonCfg => moved successfully.
    C:\ProgramData\DP45977C.lfl => moved successfully.
    C:\Users\Guest\AppData\Local\Temp\avgnt.exe => moved successfully.
    C:\Users\Open\AppData\Local\Temp\WRupdate1790663015.exe => moved successfully.
    "C:\Users\Vala\AppData\Local\Temp\8662EB2A-4665-4785-80DC-5348FBF23CAF.exe" => File/Folder not found.
    C:\Users\Vala\AppData\Local\Temp\dllnt_dump.dll => moved successfully.
    C:\Users\Vala\AppData\Local\Temp\InstHelper.exe => moved successfully.
    C:\Users\Vala\AppData\Local\Temp\Quarantine.exe => moved successfully.
    C:\Users\Vala\AppData\Local\Temp\sqlite3.dll => moved successfully.
    "C:\Users\Vala\OneDrive" => ":ms-properties" ADS not found.

    ==== End of Fixlog 01:54:36 ====
     
    Last edited: Jun 22, 2015
  22. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    hahahaha....

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  23. Balanced

    Balanced TS Rookie Topic Starter Posts: 34

    Results of screen317's Security Check version 1.004
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Webroot SecureAnywhere
    ESET NOD32 Antivirus 8.0
    Windows Defender
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    Spybot - Search & Destroy
    Adobe Flash Player 17.0.0.188 Flash Player out of Date!
    Mozilla Firefox 34.0.5 Firefox out of Date!
    Google Chrome (43.0.2357.124)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbam.exe
    Malwarebytes Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````
     
  24. Balanced

    Balanced TS Rookie Topic Starter Posts: 34

    Farbar Service Scanner Version: 17-01-2015
    Ran by Vala (administrator) on 25-06-2015 at 06:11:17
    Running from "C:\Users\Vala\Downloads"
    Microsoft Windows 8.1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is set to Demand. The default start type is Auto.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  25. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    In my reply #20 I posted...

    [​IMG] You're running two AV programs, Webroot and Eset.
    You have to uninstall one of them.

    I still see both of them.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...