Resolved I have multiple problems

[Balanced]

1st. I was just using my computer regularly and a CMD.exe window popped up and disappeared
After I saw it I was scared so I checked taskmanager, In my taskmanager there were two background processes of iexplorer.exe, I have internet explorer disabled through programs and features.

2nd. I ran a scan with GMER and I would like for someone to help me with the results because I am not sure I can do it correctly without damaging my computer.

3rd. Through GMER I have found a hidden process "\??\C:\Vala\AppData\Local\Temp\fxldqpoc.sys" this file has nothing about it online and I am unable to delete it yet GMER has found it's presence.

 

[Broni]

You've been to this forum before so you should know what I need.

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[Balanced]

Yes, nice to see you again, Broni or is it bad that I'm seeing you again?
_____________________________________________________________________
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015
Ran by Vala (administrator) on NICK (09-09-2015 22:16:24)
Running from C:\Users\Vala\Downloads
Loaded Profiles: Vala (Available Profiles: Vala & Open)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\MKJogo\MK IM\Bin\ucybl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Vala\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
() C:\Users\Vala\AppData\Roaming\IMVUClient\IMVUClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 1999-12-31] (Realtek Semiconductor)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [828888 2015-08-21] (Webroot)
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6462744 2014-08-21] (Piriform Ltd)
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\Run: [Rocket Dock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-07-30] (SUPERAntiSpyware)
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\Run: [Process Hacker 2] => C:\Program Files\Process Hacker 2\ProcessHacker.exe [1515864 2015-06-29] (wj32)
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [55104640 2015-08-26] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{C7089D5D-2ECD-44CA-B7C1-A49412D3FCE4}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-11] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-11] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Vala\AppData\Roaming\Mozilla\Firefox\Profiles\6i5wi5in.Default User
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-20] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-11] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-20] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
FF Plugin HKU\S-1-5-21-1699397770-1706359949-1841341789-1005: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Vala\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-09] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [Player@Wondershare.com] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP"
CHR Profile: C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-24]
CHR Extension: (YouTube) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-24]
CHR Extension: (Adblock Plus) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-24]
CHR Extension: (Google Search) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-24]
CHR Extension: (Deathamns) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2015-08-27]
CHR Extension: (Ghostery) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-06-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-24]
CHR Extension: (Gmail) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-24]

Opera:
=======
OPR Extension: (Hover Free) - C:\Users\Vala\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbilojbgaikphnpbllmjjfpgapbhmkic [2015-07-09]
OPR Extension: (Ghostery) - C:\Users\Vala\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbkekonodcdmedgffkkbgmnnekbainbg [2014-12-28]
OPR Extension: (HTTPS Everywhere) - C:\Users\Vala\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2014-12-21]
OPR Extension: (Disconnect) - C:\Users\Vala\AppData\Roaming\Opera Software\Opera Stable\Extensions\hciohocinlhbdkbjldffomiadmnhjnoj [2014-12-21]
OPR Extension: (Image Searcher) - C:\Users\Vala\AppData\Roaming\Opera Software\Opera Stable\Extensions\njffefebkflfmooaoohkhkddmhailjgj [2014-12-28]
OPR Extension: (Adblock Plus) - C:\Users\Vala\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-12-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-06-29] (Electronic Arts)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 1999-12-31] (Realtek Semiconductor)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-04-01] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-04-01] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [44640 2015-06-17] (The OpenVPN Project)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-13] (ESET)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-13] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [178520 2015-07-13] (ESET)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [168208 2015-07-13] (ESET)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)
R0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 1999-12-31] (Realtek Semiconductor Corp.)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [476888 2014-03-21] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-11-22] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-09-06] ()
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-04-01] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-04-01] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-04-01] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-09 22:16 - 2015-09-09 22:17 - 00016095 _____ C:\Users\Vala\Downloads\FRST.txt
2015-09-09 22:15 - 2015-09-09 22:16 - 00000000 ____D C:\FRST
2015-09-09 22:14 - 2015-09-09 22:14 - 02190336 _____ (Farbar) C:\Users\Vala\Downloads\FRST64.exe
2015-09-09 22:11 - 2015-09-09 22:11 - 00001001 _____ C:\DelFix.txt
2015-09-09 01:16 - 2015-09-09 01:16 - 00008621 _____ C:\Users\Vala\AppData\Local\recently-used.xbel
2015-09-08 15:16 - 2015-09-09 22:08 - 00000000 ____D C:\Users\Vala\AppData\Roaming\IMVU
2015-09-08 15:16 - 2015-09-08 15:16 - 00001926 _____ C:\Users\Vala\Desktop\IMVU.lnk
2015-09-08 15:16 - 2015-09-08 15:16 - 00000000 ____D C:\Users\Vala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU
2015-09-08 15:15 - 2015-09-08 15:16 - 00000000 ____D C:\Users\Vala\AppData\Roaming\IMVUClient
2015-09-07 06:29 - 2015-09-07 06:29 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-09-07 06:07 - 2015-09-07 06:07 - 00022901 _____ C:\Users\Vala\Desktop\GMER 2.1.19357.txt
2015-09-07 01:51 - 2015-09-07 01:51 - 00000000 ____D C:\Users\Vala\AppData\Roaming\PDAppFlex
2015-09-07 01:49 - 2015-09-07 01:49 - 00003492 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-Nick-Vala
2015-09-07 01:37 - 2015-09-07 01:37 - 00001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2015-09-07 01:37 - 2015-09-07 01:37 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-09-07 01:29 - 2015-09-07 01:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-09-07 01:21 - 2015-09-07 01:21 - 00000000 ____D C:\Program Files\Adobe
2015-09-06 18:06 - 2015-09-06 18:16 - 00000000 ____D C:\Users\Vala\Desktop\Adobe Photoshop CC 2015 (20150529.r.88) (32+64Bit) + Crack
2015-09-06 17:23 - 2015-09-07 05:43 - 00000232 _____ C:\WINDOWS\setupact.log
2015-09-06 17:23 - 2015-09-06 17:23 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-06 17:22 - 2015-09-06 17:23 - 04959032 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-06 17:22 - 2015-09-06 17:22 - 00003392 _____ C:\WINDOWS\PFRO.log
2015-09-06 01:26 - 2015-09-06 01:26 - 00000000 ____D C:\Users\Vala\AppData\Roaming\Process Hacker 2
2015-09-06 01:23 - 2015-09-06 01:23 - 00001867 _____ C:\Users\Vala\Desktop\Process Hacker 2.lnk
2015-09-06 01:23 - 2015-09-06 01:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2015-09-06 01:23 - 2015-09-06 01:23 - 00000000 ____D C:\Program Files\Process Hacker 2
2015-09-06 00:59 - 2015-09-06 00:59 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-09-06 00:58 - 2015-09-06 00:58 - 00208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\02719820.sys
2015-09-05 13:13 - 2015-09-05 13:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-09-05 13:10 - 2013-04-08 15:13 - 00017920 _____ C:\Users\Vala\Desktop\RunAsDate.exe
2015-09-05 13:08 - 2015-09-05 13:09 - 00024791 _____ C:\Users\Vala\Downloads\runasdate.zip
2015-09-05 05:31 - 2015-09-05 05:31 - 00000000 ____D C:\SUPERDelete
2015-09-05 05:17 - 2015-09-09 02:00 - 00000518 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 1846d608-a8d3-44e2-aa3c-1776865fb73e.job
2015-09-05 05:17 - 2015-09-05 05:17 - 00003562 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 1846d608-a8d3-44e2-aa3c-1776865fb73e
2015-09-05 05:17 - 2015-09-05 05:17 - 00003480 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task d3907744-da3e-464f-b879-4172389e63b6
2015-09-05 05:16 - 2015-09-09 21:16 - 00000518 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d3907744-da3e-464f-b879-4172389e63b6.job
2015-09-05 05:16 - 2015-09-05 05:16 - 00001838 _____ C:\Users\Vala\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-09-05 05:16 - 2015-09-05 05:16 - 00000000 ____D C:\Users\Vala\AppData\Roaming\SUPERAntiSpyware.com
2015-09-05 05:16 - 2015-09-05 05:16 - 00000000 ____D C:\Users\Vala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-09-05 05:15 - 2015-09-05 05:16 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-09-05 05:15 - 2015-09-05 05:15 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-09-05 04:06 - 2015-09-05 04:06 - 00000222 _____ C:\Users\Vala\Desktop\Heroes & Generals.url
2015-09-05 03:58 - 2015-09-05 03:58 - 00000222 _____ C:\Users\Vala\Desktop\Zombies Monsters Robots.url
2015-09-04 14:47 - 2015-05-25 04:39 - 00680600 _____ (Sysinternals - www.sysinternals.com) C:\Users\Vala\Desktop\Autoruns.exe
2015-09-04 14:46 - 2015-09-04 14:46 - 00593693 _____ C:\Users\Vala\Downloads\Autoruns.zip
2015-09-03 07:53 - 2015-09-03 07:53 - 00000000 ____D C:\ProgramData\Temp
2015-09-03 05:10 - 2015-09-04 02:16 - 00075496 _____ C:\Users\Vala\Desktop\faegeag.art
2015-09-02 12:20 - 2015-09-02 12:20 - 124655843 _____ C:\Users\Vala\Downloads\Evil_Red_Flame_Mixtape-(DatPiff.com).zip
2015-09-02 06:31 - 2015-09-02 06:31 - 00001183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-02 06:31 - 2015-09-02 06:31 - 00001171 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-02 06:31 - 2015-09-02 06:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-01 01:32 - 2015-09-01 01:32 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-01 01:32 - 2015-09-01 01:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-01 01:32 - 2015-09-01 01:32 - 00000000 ____D C:\Program Files\iTunes
2015-09-01 01:32 - 2015-09-01 01:32 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-09-01 01:02 - 2015-09-01 01:02 - 00000000 ____D C:\Users\Vala\AppData\Local\CEF
2015-08-31 21:56 - 2015-08-31 21:56 - 00000000 ____D C:\Users\Nick\Documents\MK-LOL
2015-08-31 07:33 - 2015-08-31 07:33 - 06213287 _____ C:\Users\Vala\Downloads\1418303981990.webm
2015-08-31 07:31 - 2015-08-31 07:31 - 03308669 _____ C:\Users\Vala\Downloads\1418303107410.webm
2015-08-31 07:30 - 2015-08-31 07:30 - 02409292 _____ C:\Users\Vala\Downloads\1432429868977-1.webm
2015-08-31 07:29 - 2015-08-31 07:29 - 02606663 _____ C:\Users\Vala\Downloads\1432429868977-0.webm
2015-08-31 07:09 - 2015-08-31 07:09 - 03737190 _____ C:\Users\Vala\Downloads\1423545616129.webm
2015-08-31 07:05 - 2015-08-31 07:05 - 03966938 _____ C:\Users\Vala\Downloads\1425339827629.webm
2015-08-31 07:04 - 2015-08-31 07:04 - 08339450 _____ C:\Users\Vala\Downloads\1431128958285.webm
2015-08-31 06:55 - 2015-08-31 06:55 - 08109705 _____ C:\Users\Vala\Downloads\Tanushirube Quest 6.webm
2015-08-31 06:55 - 2015-08-31 06:55 - 02551702 _____ C:\Users\Vala\Downloads\1423213502162.webm
2015-08-31 06:54 - 2015-08-31 06:55 - 08141624 _____ C:\Users\Vala\Downloads\Tanushirube Quest 4.webm
2015-08-31 06:54 - 2015-08-31 06:54 - 08346344 _____ C:\Users\Vala\Downloads\Tanushirube Quest 2.webm
2015-08-31 06:54 - 2015-08-31 06:54 - 06113317 _____ C:\Users\Vala\Downloads\Tanushirube Quest 3.webm
2015-08-31 06:53 - 2015-08-31 06:53 - 07991498 _____ C:\Users\Vala\Downloads\1423202716721.webm
2015-08-31 06:50 - 2015-08-31 06:50 - 07178948 _____ C:\Users\Vala\Downloads\1423160815400.webm
2015-08-31 06:48 - 2015-08-31 06:48 - 08215929 _____ C:\Users\Vala\Downloads\1423156972616.webm
2015-08-31 06:44 - 2015-08-31 06:44 - 03070495 _____ C:\Users\Vala\Downloads\1409909144590.webm
2015-08-31 06:28 - 2015-08-31 06:28 - 08301640 _____ C:\Users\Vala\Downloads\1440954461604.mp4
2015-08-31 06:24 - 2015-08-31 06:24 - 03285719 _____ C:\Users\Vala\Downloads\1433748692837.webm
2015-08-31 06:24 - 2015-08-31 06:24 - 03104855 _____ C:\Users\Vala\Downloads\1434565377926.webm
2015-08-29 13:33 - 2015-08-29 13:34 - 00000000 ____D C:\Users\Vala\Desktop\Bob's Burgers Season 3 (1280x720) [Phr0stY]
2015-08-28 20:08 - 2015-08-28 20:08 - 03140299 _____ C:\Users\Vala\Downloads\1440776400261.webm
2015-08-28 19:51 - 2015-08-28 19:51 - 02925100 _____ C:\Users\Vala\Downloads\1440805072605.webm
2015-08-25 17:21 - 2015-08-25 17:21 - 00998548 _____ C:\Users\Vala\Desktop\jftfmh.ora
2015-08-24 14:11 - 2015-08-24 14:11 - 01218488 _____ C:\Users\Vala\Desktop\sav.ora
2015-08-24 12:44 - 2015-08-24 12:44 - 02890171 _____ C:\Users\Vala\Downloads\1440429167257.webm
2015-08-24 12:44 - 2015-08-24 12:44 - 00248505 _____ C:\Users\Vala\Downloads\1440429137967.webm
2015-08-24 12:43 - 2015-08-24 12:43 - 03077025 _____ C:\Users\Vala\Downloads\1440429043327.webm
2015-08-24 12:40 - 2015-08-24 12:41 - 02198578 _____ C:\Users\Vala\Downloads\1440428535108.webm
2015-08-23 10:01 - 2015-08-30 01:17 - 00000000 ____D C:\Users\Vala\Desktop\Bar Rescue Seasons 1-3
2015-08-23 07:47 - 2015-08-23 07:47 - 01077920 _____ C:\Users\Vala\Downloads\Augustus - Imgur.zip
2015-08-22 06:25 - 2015-08-22 06:25 - 00001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-08-21 16:41 - 2015-08-21 16:41 - 02988500 _____ C:\Users\Vala\Downloads\VmLX.webm
2015-08-21 16:40 - 2015-08-21 16:41 - 11351815 _____ C:\Users\Vala\Downloads\hJf4.webm
2015-08-21 16:39 - 2015-08-21 16:39 - 03142486 _____ C:\Users\Vala\Downloads\Y2vF.webm
2015-08-21 16:38 - 2015-08-21 16:38 - 03141205 _____ C:\Users\Vala\Downloads\jFVX.webm
2015-08-21 16:38 - 2015-08-21 16:38 - 03000998 _____ C:\Users\Vala\Downloads\yV6D.webm
2015-08-21 16:37 - 2015-08-21 16:37 - 11694100 _____ C:\Users\Vala\Downloads\xmAK.webm
2015-08-21 16:37 - 2015-08-21 16:37 - 03952316 _____ C:\Users\Vala\Downloads\iLgt.webm
2015-08-21 16:35 - 2015-08-21 16:35 - 03074238 _____ C:\Users\Vala\Downloads\C6vv.webm
2015-08-21 16:34 - 2015-08-21 16:34 - 02805566 _____ C:\Users\Vala\Downloads\WVzY.webm
2015-08-21 16:32 - 2015-08-21 16:32 - 03117452 _____ C:\Users\Vala\Downloads\rEZ4.webm
2015-08-21 16:32 - 2015-08-21 16:32 - 02855473 _____ C:\Users\Vala\Downloads\P3UI.webm
2015-08-21 16:31 - 2015-08-21 16:32 - 11353852 _____ C:\Users\Vala\Downloads\YUMX.webm
2015-08-21 16:31 - 2015-08-21 16:31 - 02453589 _____ C:\Users\Vala\Downloads\JadB.webm
2015-08-21 16:30 - 2015-08-21 16:31 - 16273888 _____ C:\Users\Vala\Downloads\1cXq.webm
2015-08-21 16:29 - 2015-08-21 16:29 - 05057140 _____ C:\Users\Vala\Downloads\vtwk.webm
2015-08-21 16:27 - 2015-08-21 16:27 - 03718658 _____ C:\Users\Vala\Downloads\wESO.webm
2015-08-21 16:27 - 2015-08-21 16:27 - 03090184 _____ C:\Users\Vala\Downloads\msSw.webm
2015-08-21 16:25 - 2015-08-21 16:25 - 03133895 _____ C:\Users\Vala\Downloads\b2hA.webm
2015-08-21 16:25 - 2015-08-21 16:25 - 03024515 _____ C:\Users\Vala\Downloads\j2uD.webm
2015-08-21 16:23 - 2015-08-21 16:23 - 11876945 _____ C:\Users\Vala\Downloads\8aFO.webm
2015-08-21 16:23 - 2015-08-21 16:23 - 11257127 _____ C:\Users\Vala\Downloads\d2l1.webm
2015-08-21 16:22 - 2015-08-21 16:23 - 11927737 _____ C:\Users\Vala\Downloads\egxY.webm
2015-08-21 16:21 - 2015-08-21 16:21 - 10932007 _____ C:\Users\Vala\Downloads\LnYx.webm
2015-08-21 16:21 - 2015-08-21 16:21 - 03557722 _____ C:\Users\Vala\Downloads\IDje.webm
2015-08-21 16:21 - 2015-08-21 16:21 - 01579236 _____ C:\Users\Vala\Downloads\ZP5p.webm
2015-08-21 16:20 - 2015-08-21 16:20 - 03136972 _____ C:\Users\Vala\Downloads\tHWD.webm
2015-08-21 16:18 - 2015-08-21 16:18 - 02994892 _____ C:\Users\Vala\Downloads\yKGR.webm
2015-08-21 16:18 - 2015-08-21 16:18 - 02117402 _____ C:\Users\Vala\Downloads\ynDd.webm
2015-08-21 16:18 - 2015-08-21 16:18 - 01727781 _____ C:\Users\Vala\Downloads\Byyl.webm
2015-08-21 16:18 - 2015-08-21 16:18 - 01685975 _____ C:\Users\Vala\Downloads\tPk3.webm
2015-08-21 16:12 - 2015-08-21 16:12 - 01903558 _____ C:\Users\Vala\Downloads\3lKn.webm
2015-08-21 16:06 - 2015-08-21 16:06 - 04183914 _____ C:\Users\Vala\Downloads\opsT.webm
2015-08-21 12:21 - 2015-08-30 01:17 - 00000000 ____D C:\Users\Vala\Desktop\[AliQ] Steven Universe Season 1 [1080p WEB_DL x264]
2015-08-21 11:53 - 2015-09-04 16:09 - 00000000 ____D C:\ProgramData\WRData
2015-08-18 00:25 - 2013-08-22 09:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20150818-002515.backup
2015-08-18 00:24 - 2013-08-22 09:25 - 00000824 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20150818-002406.backup
2015-08-17 23:58 - 2015-08-17 23:58 - 00000000 ____D C:\Users\Vala\Documents\ProcAlyzer Dumps
2015-08-12 13:25 - 2015-08-12 13:26 - 29991834 _____ C:\Users\Vala\Downloads\King_LA-(DatPiff.com).zip
2015-08-12 00:01 - 2015-08-12 00:01 - 00000000 ____D C:\Users\Vala\AppData\Local\Medibang
2015-08-11 23:58 - 2015-08-11 23:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medibang
2015-08-11 23:58 - 2015-08-11 23:58 - 00000000 ____D C:\Program Files (x86)\Medibang
2015-08-11 23:58 - 2015-07-23 18:06 - 00705056 _____ C:\WINDOWS\system32\MdpThumb64.dll
2015-08-11 20:35 - 2015-08-11 20:35 - 125619526 _____ C:\Users\Vala\Downloads\King Louie - Drilluminati 3 God Of Drill - HotNewHipHop.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-09 22:18 - 2014-12-21 08:44 - 00000000 ____D C:\Users\Vala\AppData\Roaming\Skype
2015-09-09 22:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-09 10:27 - 2014-12-21 08:32 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1699397770-1706359949-1841341789-1005
2015-09-09 10:00 - 2015-06-16 20:02 - 00000000 ____D C:\Users\Vala\AppData\Local\CrashDumps
2015-09-09 08:20 - 2015-06-30 00:17 - 00001544 _____ C:\Users\Vala\AppData\Roaming\PureRef.ini
2015-09-09 06:47 - 2015-07-15 07:16 - 01317618 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-09 02:00 - 2015-06-17 02:00 - 00000000 ____D C:\Users\Vala\AppData\Local\Adobe
2015-09-07 09:58 - 2015-06-11 02:31 - 00000000 ____D C:\Users\Vala\AppData\Roaming\vlc
2015-09-07 05:47 - 2014-09-16 05:09 - 00006468 _____ C:\WINDOWS\SysWOW64\Gms.log
2015-09-07 05:43 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-07 01:37 - 2015-03-15 09:06 - 00000000 ____D C:\Users\Vala\Documents\Adobe
2015-09-07 01:31 - 2014-09-16 00:15 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-07 01:30 - 2014-09-07 18:13 - 00000000 ____D C:\ProgramData\Skype
2015-09-07 01:29 - 2014-09-07 18:13 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-09-07 01:26 - 2014-09-29 14:45 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-09-06 18:33 - 2014-12-25 18:56 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-06 18:18 - 2014-12-21 13:10 - 00000000 ____D C:\Users\Vala\AppData\Roaming\uTorrent
2015-09-06 17:37 - 2014-12-21 09:00 - 03248128 ___SH C:\Users\Vala\Downloads\Thumbs.db
2015-09-06 17:23 - 2014-12-21 08:26 - 00000000 ____D C:\Users\Vala
2015-09-06 17:23 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-06 17:22 - 2015-06-12 15:22 - 00000000 ____D C:\Program Files\Webroot
2015-09-05 13:33 - 2015-08-02 01:41 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2015-09-05 13:33 - 2014-09-09 09:38 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-05 13:31 - 2015-08-02 01:36 - 00000000 ____D C:\ProgramData\CyberLink
2015-09-05 13:30 - 2015-08-02 01:45 - 00000000 ____D C:\Users\Vala\AppData\Local\CyberLink
2015-09-05 04:06 - 2015-01-02 23:39 - 00000000 ____D C:\Users\Vala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-09-05 02:06 - 2015-06-11 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-09-05 02:06 - 2015-01-03 12:55 - 00000000 ____D C:\Users\Vala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-09-04 16:36 - 2014-12-21 08:42 - 11971584 ___SH C:\Users\Vala\Desktop\Thumbs.db
2015-09-04 16:35 - 2014-10-08 17:10 - 00000000 ____D C:\Games
2015-09-04 16:34 - 2014-12-21 08:52 - 00000000 ____D C:\Users\Vala\Documents\My Games
2015-09-04 16:29 - 2014-12-18 05:08 - 00000000 ____D C:\GOG Games
2015-09-04 15:09 - 2014-10-06 18:34 - 00002990 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2015-09-04 14:37 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-09-01 15:56 - 2014-09-18 12:44 - 00000000 ____D C:\Program Files (x86)\Mod Organizer
2015-09-01 04:01 - 2015-03-15 04:45 - 00000000 ____D C:\Users\Vala\AppData\Roaming\Apple Computer
2015-09-01 01:32 - 2015-05-08 00:29 - 00000000 ____D C:\Program Files\iPod
2015-09-01 01:32 - 2015-05-08 00:26 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-01 01:31 - 2015-06-21 17:25 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-08-31 21:56 - 2014-09-07 17:31 - 00000000 ____D C:\Users\Nick
2015-08-31 20:21 - 2015-07-12 20:27 - 00000000 ____D C:\Users\Vala\AppData\Local\Battle.net
2015-08-31 14:59 - 2015-07-12 20:37 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-08-31 14:50 - 2015-07-12 20:26 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-08-31 01:33 - 2014-12-21 08:49 - 00000000 ___RD C:\Users\Vala\Documents\Eventually
2015-08-22 06:25 - 2014-09-07 17:37 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-21 09:10 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-19 08:30 - 2015-06-13 22:49 - 00000000 ____D C:\Users\Vala\Documents\Stuff
2015-08-18 00:23 - 2015-04-22 11:13 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-08-17 07:54 - 2015-08-01 06:10 - 00000000 ____D C:\Users\Vala\AppData\Roaming\Audacity
2015-08-12 01:53 - 2015-01-03 12:48 - 00000000 ____D C:\Program Files (x86)\Image-Line
2015-08-12 00:30 - 2015-01-03 12:55 - 00000000 ____D C:\Program Files\Image-Line

==================== Files in the root of some directories =======

2015-06-30 00:17 - 2015-09-09 08:20 - 0001544 _____ () C:\Users\Vala\AppData\Roaming\PureRef.ini
2015-09-09 01:16 - 2015-09-09 01:16 - 0008621 _____ () C:\Users\Vala\AppData\Local\recently-used.xbel
2015-06-23 14:41 - 2015-06-23 14:41 - 0007597 _____ () C:\Users\Vala\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Vala\AppData\Local\Temp\InstallIMVU_522.8.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-29 13:30

==================== End of FRST.txt ============================

 

[Balanced]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-09-2015
Ran by Vala (2015-09-09 22:20:18)
Running from C:\Users\Vala\Downloads
Windows 8.1 (X64) (2014-09-07 21:32:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1699397770-1706359949-1841341789-500 - Administrator - Disabled)
Guest (S-1-5-21-1699397770-1706359949-1841341789-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1699397770-1706359949-1841341789-1003 - Limited - Enabled)
Open (S-1-5-21-1699397770-1706359949-1841341789-1006 - Limited - Enabled) => C:\Users\Open
Vala (S-1-5-21-1699397770-1706359949-1841341789-1005 - Administrator - Enabled) => C:\Users\Vala

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Papers, Please (HKLM-x32\...\GOGPACKPAPERSPLEASE_is1) (Version: 2.0.0.4 - GOG.com)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Process Hacker 2.36 (r6153) (HKLM\...\Process_Hacker2_is1) (Version: 2.36.0.6153 - wj32)
Psychonauts (HKLM-x32\...\Psychonauts_is1) (Version: - GOG.com)
PureRef (HKLM-x32\...\PureRef) (Version: 1.6.0 - Idyllic Pixel)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.012 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.43 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7240 - Realtek Semiconductor Corp.)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software)
Shovel Knight (HKLM-x32\...\1207664823_is1) (Version: 2.6.0.13 - GOG.com)
Skype™ 7.9 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.9.103 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43174 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
This War of Mine (HKLM-x32\...\1207666873_is1) (Version: 2.0.0.2 - GOG.com)
Unity Web Player (HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Zombies Monsters Robots (HKLM-x32\...\Steam App 306830) (Version: - Yingpei Games)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

19-08-2015 08:12:49 Scheduled Checkpoint
27-08-2015 15:46:02 Scheduled Checkpoint
04-09-2015 20:14:26 Scheduled Checkpoint
07-09-2015 01:24:12 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
07-09-2015 01:24:55 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
07-09-2015 01:25:28 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
07-09-2015 01:26:13 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2AE5C956-72F6-47D7-BD9F-AF681E10FDD9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {6DDF1087-8018-44BB-B5CE-4926AAF50729} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {830F2AC1-C4BB-41CF-AFF7-7F29A400CF62} - System32\Tasks\SUPERAntiSpyware Scheduled Task 1846d608-a8d3-44e2-aa3c-1776865fb73e => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {9763B52D-131F-468B-B644-53B466672220} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {AC745D74-E436-436A-8B0A-F31896F069E3} - System32\Tasks\AdobeAAMUpdater-1.0-Nick-Vala => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {C5BDEF03-4CF1-4B81-B611-829BE85D3E9F} - System32\Tasks\SUPERAntiSpyware Scheduled Task d3907744-da3e-464f-b879-4172389e63b6 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {E4C36EB6-6732-47C3-A80A-3914FD6ECE98} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-11-22] (Synaptics Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 1846d608-a8d3-44e2-aa3c-1776865fb73e.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d3907744-da3e-464f-b879-4172389e63b6.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (Whitelisted) ==============

2015-06-13 14:17 - 2015-06-13 14:17 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2014-10-21 06:54 - 2007-09-02 16:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00306984 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2015-09-09 08:33 - 2014-12-08 03:21 - 01092296 _____ () C:\Program Files (x86)\MKJogo\MK IM\Bin\ucybl.exe
2015-09-03 20:57 - 2015-08-27 21:56 - 01868104 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libglesv2.dll
2015-09-03 20:57 - 2015-08-27 21:56 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libegl.dll
2015-09-03 20:57 - 2015-08-27 21:56 - 28659016 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll
2015-09-02 19:03 - 2015-09-02 19:03 - 00217568 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
2015-09-02 19:03 - 2015-09-02 19:03 - 00221152 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\IMVUClient.exe
2010-07-15 00:44 - 2010-07-15 00:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2014-11-10 12:12 - 2014-11-10 12:12 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-10-21 06:54 - 2007-09-02 16:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-12-08 03:21 - 2014-12-08 03:21 - 00799232 _____ () C:\Program Files (x86)\MKJogo\MK IM\Bin\sqlite3.dll
2014-12-08 03:21 - 2014-12-08 03:21 - 01721856 _____ () C:\Program Files (x86)\MKJogo\MK IM\Bin\RLib.dll
2014-12-08 03:21 - 2014-12-08 03:21 - 01191936 _____ () C:\Program Files (x86)\MKJogo\MK IM\Bin\ACE.dll
2014-12-08 03:21 - 2015-08-31 21:55 - 01017544 _____ () C:\Program Files (x86)\MKJogo\MK IM\LOL\AddonSkin-LOL.dll
2015-05-20 21:19 - 2015-05-20 21:19 - 00098304 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\win32api.pyd
2015-05-20 21:19 - 2015-05-20 21:19 - 00109568 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\pywintypes27.dll
2015-05-20 21:19 - 2015-05-20 21:19 - 00110592 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\win32file.pyd
2015-05-20 21:18 - 2015-05-20 21:18 - 00016896 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\win32event.pyd
2015-05-20 21:19 - 2015-05-20 21:19 - 00087040 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\_ctypes.pyd
2015-05-20 21:18 - 2015-05-20 21:18 - 00166912 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\win32gui.pyd
2015-05-20 21:19 - 2015-05-20 21:19 - 00034816 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\win32process.pyd
2015-05-20 21:18 - 2015-05-20 21:18 - 00357888 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\pythoncom27.dll
2015-05-20 21:18 - 2015-05-20 21:18 - 00265216 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\win32com.shell.shell.pyd
2015-05-20 21:19 - 2015-05-20 21:19 - 00016384 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\win32clipboard.pyd
2015-05-20 21:18 - 2015-05-20 21:18 - 00007168 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\_win32sysloader.pyd
2015-05-20 21:19 - 2015-05-20 21:19 - 00046080 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\_socket.pyd
2015-05-20 21:19 - 2015-05-20 21:19 - 00028160 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\_ssl.pyd
2015-05-20 21:18 - 2015-05-20 21:18 - 00659456 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\_imaging.pyd
2015-05-20 22:06 - 2015-05-20 22:06 - 00911872 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\_cal3d.pyd
2015-05-20 21:29 - 2015-05-20 21:29 - 00216576 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\boost_python.dll
2015-05-20 21:30 - 2015-05-20 21:30 - 00360960 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\cal3d.dll
2015-05-20 21:29 - 2015-05-20 21:29 - 00031744 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\CallStack.dll
2015-08-06 13:48 - 2015-08-06 13:48 - 01892352 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\_avatarwindow.pyd
2015-05-20 21:35 - 2015-05-20 21:35 - 00169984 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\zero.dll
2015-05-20 21:35 - 2015-05-20 21:35 - 00052736 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\pixmap.dll
2015-08-06 13:46 - 2015-08-06 13:46 - 00920064 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\SceneWindow.dll
2015-05-20 21:34 - 2015-05-20 21:34 - 00072704 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\ParticleLib.dll
2015-05-20 21:37 - 2015-05-20 21:37 - 00014336 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\MemoryHook.dll
2015-05-20 21:19 - 2015-05-20 21:19 - 00126976 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\pyexpat.pyd
2015-05-20 22:08 - 2015-05-20 22:08 - 00059392 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\_sqlite3.pyd
2015-05-20 21:52 - 2015-05-20 21:52 - 00506368 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\sqlite3.dll
2015-05-20 21:19 - 2015-05-20 21:19 - 00010240 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\select.pyd
2015-05-20 22:08 - 2015-05-20 22:08 - 00044032 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\_pylzma.pyd
2015-08-06 13:49 - 2015-08-06 13:49 - 00131072 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\_imvugecko.pyd
2015-08-06 13:47 - 2015-08-06 13:47 - 00190976 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\imvugecko.dll
2015-05-20 21:07 - 2015-05-20 21:07 - 00872448 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\js3250.dll
2015-05-20 22:08 - 2015-05-20 22:08 - 00135680 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\_libzero.pyd
2015-08-06 13:49 - 2015-08-06 13:49 - 00083968 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\_imvuflash.pyd
2015-08-06 13:47 - 2015-08-06 13:47 - 00111104 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\imvuflash.dll
2015-05-20 21:45 - 2015-05-20 21:45 - 00010752 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\nphwndproxy.dll
2015-05-20 21:24 - 2015-05-20 21:24 - 17024688 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\NPSWF32.dll
2015-05-20 21:19 - 2015-05-20 21:19 - 00686080 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\unicodedata.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\27263692.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\32013379.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\53930880.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\59487981.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\59540859.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\61987929.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\75870151.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77961255.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\80515704.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\81722075.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UnsignedThemes => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\27263692.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\32013379.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\53930880.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\59487981.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\59540859.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\61987929.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\75870151.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\77961255.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\80515704.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\81722075.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UnsignedThemes => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 11405 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Vala\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdvancedSystemCareService7 => 3
MSCONFIG\Services: ekrn => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\startupreg: AdobeCS6ServiceManager => "c:\program files (x86)\common files\adobe\cs6servicemanager\cs6servicemanager.exe" -launchedbylogin
MSCONFIG\startupreg: BlueStacks Agent => c:\program files (x86)\bluestacks\hd-agent.exe
MSCONFIG\startupreg: Dxtory Update Checker 2.0 =>
MSCONFIG\startupreg: MouseDriver =>
MSCONFIG\startupreg: RtHDVBg => "c:\program files\realtek\audio\hda\ravbg64.exe" /maxx4
MSCONFIG\startupreg: Skype =>
MSCONFIG\startupreg: SwitchBoard => c:\program files (x86)\common files\adobe\switchboard\switchboard.exe
MSCONFIG\startupreg: uTorrent =>
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "D3DOverrider"
HKLM\...\StartupApproved\Run32: => "uTorrent"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "RtHDVBg_PushButton"
HKLM\...\StartupApproved\Run32: => "WRSVC"
HKLM\...\StartupApproved\Run32: => "UXTheme Launcher"
HKLM\...\StartupApproved\Run32: => "DelaypluginInstall"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "MouseDriver"
HKLM\...\StartupApproved\Run32: => "PowerDVD15Agent"
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "RocketDock"
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "ASCTray.exe"
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "ASC.exe"
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "GameBooster.exe"
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "launcher.exe"
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "Advanced SystemCare 8"
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "CCleaner"
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "Process Hacker 2"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{B0C26D87-DFF9-497C-A69F-7F4598236976}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{2DC76815-2D26-4A59-BD67-6D1FC165C9BF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{D8C0D86B-9B7C-4359-9A4B-ACFD8BF71ECF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A066DE20-33A8-4C43-BBD3-48DF251FAACA}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{732FF684-EFA4-4D50-BF03-C154ED171FBA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F58AD488-2E23-4924-BD0A-D0E0812782B3}] => (Allow) LPort=2869
FirewallRules: [{8A0B7691-3A37-4A76-935E-9DEBA2A8CA58}] => (Allow) LPort=1900
FirewallRules: [{5762D2FB-EB17-4DE1-9F2A-D88140A837DE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7F0DB825-BCA6-495C-8419-9FFD3E7DE5A8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{795524D8-D277-4587-9232-24410F04BAE1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C321CD08-402E-4878-B79C-5B530A02F96D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E320C745-75BB-4920-8FFF-D012F69D0FF6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5198B202-3731-49C0-AE75-3C76238F5B07}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6A9A32EA-D582-45E0-98E6-52F5329C28E5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{2A8CF148-5FFC-4534-8FE4-DC5F731BB8D8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{0532BB4E-0328-4171-85EC-A8366ABDD1DA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{F56BA8D9-CF19-4BE1-A668-BBA7D8551C20}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{08015EFD-85FE-4368-B395-3BBC2F63D86A}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{433CEA71-757D-4394-8366-02370C902E2E}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{7F9F1F20-1A79-4633-906A-1CA2EF28EE64}] => (Allow) C:\Users\Vala\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CDF34A80-9350-4AFA-8E3B-BBBD43327C22}] => (Allow) C:\Users\Vala\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8832BAA9-34FC-44A7-96B4-CBF16F8C91C6}] => (Allow) %SystemDrive%\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{706989A1-EE0E-4800-BFC9-A58FAA700D5B}] => (Allow) %SystemDrive%\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{492D1A93-86A2-45EC-B09C-0D383DFBB9D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{F1EB0A55-968F-4242-B8BD-ACA3B4F1B962}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{F37EF24A-ECA4-4949-9408-7740F6082D02}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0D1CD10D-8B54-4D9B-AF13-7930D6985345}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{82F72679-A078-4279-9BEF-CFBED42AF969}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{5E789CBB-5017-4079-8E04-F6B9008DA058}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{F00BF2A4-99D6-4685-BCDF-806291EBB969}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A52BA5C6-8EBF-4558-963A-CBF0EC7BD5A2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4593F805-0A8C-45C2-B26E-426AD06ECCF1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{80590668-F7C5-4EC1-85A5-A27C1D47816A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{2BC3CF39-2B5A-4856-93BA-7179D8F1262E}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{97C15DE6-6C01-44F9-90E7-6464750DB3AF}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{991A258E-F01D-4D7D-B12D-8F864C09CF39}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{D0C4BC97-363C-4634-BC1A-6963361A01E3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{E3A0E76F-4985-4E6E-A876-EDC14338E718}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8CFAB8F5-772A-436F-85B2-3139CB00C240}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A79B8270-FA6F-49EF-BE68-F78D3A1FBF9B}] => (Allow) C:\Program Files (x86)\Origin Games\Peggle Deluxe\Peggle.exe
FirewallRules: [{F34E2B90-C198-454E-B365-8621ACBF1993}] => (Allow) C:\Program Files (x86)\Origin Games\Peggle Deluxe\Peggle.exe
FirewallRules: [{97BC925E-8BA9-40B8-BFAF-C1BF061E20AF}] => (Allow) C:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{C8972B06-44E6-4AF3-80EE-0325CCD54FE1}] => (Allow) C:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{F6E4ED8D-7475-4355-8353-5DE83C59733A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{08BB8D10-1D58-42C8-B6C3-A59F45020BE6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{E80BF7A6-7C66-4D00-A691-493C53CCF04A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{69B114FA-A677-4538-87EA-CAA2684641E7}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{780BA432-2237-4249-92AC-9A3AAF3F59AE}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{C094E686-BAD0-4E0A-9CCB-91E236CDA41A}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{7A8070E2-A2BA-4583-ACB0-F3678B24408B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2AD21110-C905-4499-B91D-B67163E3DB73}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{92BADAB4-CA82-4EF2-AC73-39C145ADCF75}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{10B2DAAE-6CE4-421D-813F-D6A368A8328B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D0906913-E17B-454A-89A5-2F25514EE279}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{3027982F-857F-4933-830D-B02EE863C610}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{31E72819-1BD4-493F-BE83-2F233909C84C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6028C91F-580D-4743-B14D-B1EF1EA77752}] => (Allow) C:\Program Files\iTunes\iTunes.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/09/2015 10:24:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.17667 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 834

Start Time: 01d0e951af99fa28

Termination Time: 0

Application Path: C:\WINDOWS\Explorer.EXE

Report Id: 27c16ba4-56fe-11e5-82a7-74867a0f02b0

Faulting package full name:

Faulting package-relative application ID:

Error: (09/09/2015 10:00:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: League of Legends.exe, version: 5.17.0.329, time stamp: 0x55e8a593
Faulting module name: League of Legends.exe, version: 5.17.0.329, time stamp: 0x55e8a593
Exception code: 0xc0000005
Fault offset: 0x00d7af28
Faulting process id: 0x40f8
Faulting application start time: 0xLeague of Legends.exe0
Faulting application path: League of Legends.exe1
Faulting module path: League of Legends.exe2
Report Id: League of Legends.exe3
Faulting package full name: League of Legends.exe4
Faulting package-relative application ID: League of Legends.exe5

Error: (09/08/2015 10:58:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: League of Legends.exe, version: 5.17.0.329, time stamp: 0x55e8a593
Faulting module name: League of Legends.exe, version: 5.17.0.329, time stamp: 0x55e8a593
Exception code: 0xc0000005
Fault offset: 0x00d7af28
Faulting process id: 0xef0
Faulting application start time: 0xLeague of Legends.exe0
Faulting application path: League of Legends.exe1
Faulting module path: League of Legends.exe2
Report Id: League of Legends.exe3
Faulting package full name: League of Legends.exe4
Faulting package-relative application ID: League of Legends.exe5

Error: (09/07/2015 05:42:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: egui.exe, version: 8.0.319.0, time stamp: 0x559d2313
Faulting module name: ToastNotify.dll, version: 8.0.319.0, time stamp: 0x559d2398
Exception code: 0xc0000005
Fault offset: 0x0000000000002f3e
Faulting process id: 0x374
Faulting application start time: 0xegui.exe0
Faulting application path: egui.exe1
Faulting module path: egui.exe2
Report Id: egui.exe3
Faulting package full name: egui.exe4
Faulting package-relative application ID: egui.exe5

Error: (09/07/2015 01:26:14 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1699397770-1706359949-1841341789-1001.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {5217d51a-fda1-417d-bbdf-07b93638f178}

Error: (09/07/2015 01:25:29 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1699397770-1706359949-1841341789-1001.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {5217d51a-fda1-417d-bbdf-07b93638f178}

Error: (09/07/2015 01:24:58 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1699397770-1706359949-1841341789-1001.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {5217d51a-fda1-417d-bbdf-07b93638f178}

Error: (09/07/2015 01:24:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1699397770-1706359949-1841341789-1001.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {5217d51a-fda1-417d-bbdf-07b93638f178}

Error: (09/07/2015 01:20:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 7.7.0.103, time stamp: 0x55b7d8c2
Faulting module name: mshtml.dll, version: 11.0.9600.17842, time stamp: 0x5565cf99
Exception code: 0xc0000005
Fault offset: 0x0021f3d4
Faulting process id: 0xe90
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3
Faulting package full name: Skype.exe4
Faulting package-relative application ID: Skype.exe5

Error: (09/07/2015 01:15:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 7.7.0.103, time stamp: 0x55b7d8c2
Faulting module name: mshtml.dll, version: 11.0.9600.17842, time stamp: 0x5565cf99
Exception code: 0xc0000005
Fault offset: 0x0021f3d4
Faulting process id: 0x3b0
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3
Faulting package full name: Skype.exe4
Faulting package-relative application ID: Skype.exe5


System errors:
=============
Error: (09/07/2015 06:15:27 PM) (Source: DCOM) (EventID: 10010) (User: Nick)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (09/07/2015 06:14:57 PM) (Source: DCOM) (EventID: 10010) (User: Nick)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (09/07/2015 10:31:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/07/2015 06:45:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/07/2015 06:45:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/07/2015 06:27:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s).

Error: (09/07/2015 05:42:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069

Error: (09/07/2015 05:42:25 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (09/07/2015 05:42:15 AM) (Source: DCOM) (EventID: 10010) (User: Nick)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (09/07/2015 05:41:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office:
=========================
Error: (09/09/2015 10:24:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.1766783401d0e951af99fa280C:\WINDOWS\Explorer.EXE27c16ba4-56fe-11e5-82a7-74867a0f02b0

Error: (09/09/2015 10:00:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: League of Legends.exe5.17.0.32955e8a593League of Legends.exe5.17.0.32955e8a593c000000500d7af2840f801d0eb04af6c80a9C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.103\deploy\League of Legends.exeC:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.103\deploy\League of Legends.exe18bdd342-56fb-11e5-82a7-74867a0f02b0

Error: (09/08/2015 10:58:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: League of Legends.exe5.17.0.32955e8a593League of Legends.exe5.17.0.32955e8a593c000000500d7af28ef001d0ea44d294ff4cC:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.103\deploy\League of Legends.exeC:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.103\deploy\League of Legends.exe0854c6e5-563a-11e5-82a7-74867a0f02b0

Error: (09/07/2015 05:42:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: egui.exe8.0.319.0559d2313ToastNotify.dll8.0.319.0559d2398c00000050000000000002f3e37401d0e8ea6c1c7487C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ToastNotify.dllbbbb7ede-5544-11e5-82a6-74867a0f02b0

Error: (09/07/2015 01:26:14 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1699397770-1706359949-1841341789-1001.bak)0x80070539, The security ID structure is invalid.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {5217d51a-fda1-417d-bbdf-07b93638f178}

Error: (09/07/2015 01:25:29 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1699397770-1706359949-1841341789-1001.bak)0x80070539, The security ID structure is invalid.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {5217d51a-fda1-417d-bbdf-07b93638f178}

Error: (09/07/2015 01:24:58 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1699397770-1706359949-1841341789-1001.bak)0x80070539, The security ID structure is invalid.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {5217d51a-fda1-417d-bbdf-07b93638f178}

Error: (09/07/2015 01:24:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1699397770-1706359949-1841341789-1001.bak)0x80070539, The security ID structure is invalid.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {5217d51a-fda1-417d-bbdf-07b93638f178}

Error: (09/07/2015 01:20:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe7.7.0.10355b7d8c2mshtml.dll11.0.9600.178425565cf99c00000050021f3d4e9001d0e92c56c389b3C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Windows\SYSTEM32\mshtml.dll28544f83-5520-11e5-82a6-74867a0f02b0

Error: (09/07/2015 01:15:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe7.7.0.10355b7d8c2mshtml.dll11.0.9600.178425565cf99c00000050021f3d43b001d0e8ea6c5a7380C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Windows\SYSTEM32\mshtml.dll72088e7d-551f-11e5-82a6-74867a0f02b0


CodeIntegrity:
===================================
Date: 2015-01-18 14:13:03.005
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-09 21:10:30.260
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-03 21:05:28.345
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-25 13:20:33.756
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-21 09:43:08.365
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-20 20:45:37.977
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-20 01:01:26.070
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-19 12:17:35.602
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-09 09:19:54.495
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-03 04:13:25.915
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU 1007U @ 1.50GHz
Percentage of memory in use: 66%
Total physical RAM: 4001.27 MB
Available physical RAM: 1329.07 MB
Total Virtual: 7353.48 MB
Available Virtual: 3641.75 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:287.29 GB) (Free:69.79 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: FCAA072E)

Partition: GPT.

==================== End of Addition.txt ============================

 

[Broni]

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

• Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
  
• Launch Malwarebytes Anti-Malware
• A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  
• Click Finish.
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Export'.
• Click 'Text file (*.txt)'
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
• Click Ok
• Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[Balanced]

Rogue Killer thought that my skype was potential malware but I let it delete it anyway.
________________________________________________________
RogueKiller V10.10.4.0 [Sep 4 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Vala [Administrator]
Started from : C:\Users\Vala\Downloads\RogueKiller.exe
Mode : Delete -- Date : 09/12/2015 18:30:32

¤¤¤ Processes : 1 ¤¤¤
[VT.Unknown] Skype.exe(51084) -- C:\Program Files (x86)\Skype\Phone\Skype.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 4 ¤¤¤
[VT.Unknown] (X64) HKEY_USERS\S-1-5-21-1699397770-1706359949-1841341789-1005\Software\Microsoft\Windows\CurrentVersion\Run | Skype : "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [7][x][x] -> ERROR [0]
[VT.Unknown] (X86) HKEY_USERS\S-1-5-21-1699397770-1706359949-1841341789-1005\Software\Microsoft\Windows\CurrentVersion\Run | Skype : "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [7][x][x] -> ERROR [2]
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1699397770-1706359949-1841341789-1005\Software\Microsoft\Internet Explorer\Main | Search Bar : http://search.msn.com/spbasic.htm -> Replaced (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1699397770-1706359949-1841341789-1005\Software\Microsoft\Internet Explorer\Main | Search Bar : http://search.msn.com/spbasic.htm -> Replaced (http://search.msn.com/spbasic.htm)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200LPVX-75V0TT0 +++++
--- User ---
[MBR] 727851618c9845ba070e1faa46a2ae47
[BSP] 7a9cc389ff519649f974198a647ced9f : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 500 MB
4 - Basic data partition | Offset (sectors): 2394112 | Size: 294184 MB
5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 604882944 | Size: 350 MB
6 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 605599744 | Size: 9541 MB
User = LL1 ... OK
User = LL2 ... OK

 

[Balanced]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/12/2015
Scan Time: 6:44 PM
Logfile: 0.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.12.04
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Vala

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 440379
Time Elapsed: 1 hr, 14 min, 11 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0

 

[Broni]

Go on...

 

[Broni]

Reopened.

 

[Balanced]

Sorry I did not know how to PM on here, my apologizes.
________________________________________________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.2 (09.14.2015:1)
OS: Windows 8.1 x64
Ran by Vala on Fri 09/18/2015 at 23:01:02.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Users\Vala\AppData\Roaming\imvuclient
Successfully deleted: [Folder] C:\Users\Vala\AppData\Roaming\3909



~~~ Chrome


[C:\Users\Vala\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Vala\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Vala\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Vala\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 09/18/2015 at 23:07:08.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Balanced]

# AdwCleaner v5.008 - Logfile created 18/09/2015 at 19:20:24
# Updated 18/09/2015 by Xplode
# Database : 2015-09-17.3 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Vala - NICK
# Running from : C:\Users\Vala\Downloads\adwcleaner_5.008.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
(I did multiple scans,V this is from first scan)
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [720 bytes] ##########

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[Balanced]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by Vala (administrator) on NICK (22-09-2015 02:32:23)
Running from C:\Users\Vala\Downloads
Loaded Profiles: Vala (Available Profiles: Vala & Open)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(MKGame) C:\Program Files (x86)\MKJogo\MK IM\Bin\pkponbw.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.255\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.39\deploy\LoLPatcher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.160\deploy\LolClient.exe
(Microsoft Corporation) C:\Windows\System32\SndVol.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Vala\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
() C:\Users\Vala\AppData\Roaming\IMVUClient\IMVUClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET)
HKLM-x32\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 1999-12-31] (Realtek Semiconductor)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [828888 2015-08-21] (Webroot)
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\Run: [Rocket Dock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{C7089D5D-2ECD-44CA-B7C1-A49412D3FCE4}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-11] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-11] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Vala\AppData\Roaming\Mozilla\Firefox\Profiles\6i5wi5in.Default User
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-20] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-11] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-20] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
FF Plugin HKU\S-1-5-21-1699397770-1706359949-1841341789-1005: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Vala\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-09] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [Player@Wondershare.com] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-24]
CHR Extension: (YouTube) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-24]
CHR Extension: (Adblock Plus) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-24]
CHR Extension: (Google Search) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-24]
CHR Extension: (Imagus) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2015-08-27]
CHR Extension: (Ghostery) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-06-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-24]
CHR Extension: (Marc Ecko) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjonmehjfmkejjifhhknofdnacklmjk [2015-09-20]
CHR Extension: (Gmail) - C:\Users\Vala\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-24]

Opera:
=======
OPR Extension: (Ghostery) - C:\Users\Vala\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbkekonodcdmedgffkkbgmnnekbainbg [2014-12-28]
OPR Extension: (HTTPS Everywhere) - C:\Users\Vala\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2014-12-21]
OPR Extension: (disconnectme) - C:\Users\Vala\AppData\Roaming\Opera Software\Opera Stable\Extensions\hciohocinlhbdkbjldffomiadmnhjnoj [2014-12-21]
OPR Extension: (quoctrinh) - C:\Users\Vala\AppData\Roaming\Opera Software\Opera Stable\Extensions\njffefebkflfmooaoohkhkddmhailjgj [2014-12-28]
OPR Extension: (Adblock Plus) - C:\Users\Vala\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-12-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-06-29] (Electronic Arts)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 1999-12-31] (Realtek Semiconductor)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-04-01] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-04-01] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-13] (ESET)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-13] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [178520 2015-07-13] (ESET)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [168208 2015-07-13] (ESET)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)
R0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 1999-12-31] (Realtek Semiconductor Corp.)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [476888 2014-03-21] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-11-22] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-09-12] ()
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-04-01] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-04-01] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-04-01] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-22 02:31 - 2015-09-22 02:31 - 02191360 _____ (Farbar) C:\Users\Vala\Downloads\FRST64.exe
2015-09-22 02:31 - 2015-09-22 02:31 - 00000000 ____D C:\Users\Vala\Downloads\FRST-OlderVersion
2015-09-22 02:16 - 2015-09-22 02:16 - 00001044 _____ C:\Users\Vala\Desktop\mal.txt
2015-09-21 06:35 - 2015-09-21 06:35 - 00001926 _____ C:\Users\Vala\Desktop\IMVU.lnk
2015-09-21 06:34 - 2015-09-21 06:35 - 00000000 ____D C:\Users\Vala\AppData\Roaming\IMVUClient
2015-09-21 06:33 - 2015-09-21 06:33 - 00244304 _____ C:\Users\Vala\Downloads\InstallIMVU_522.0_st.exe
2015-09-20 03:33 - 2015-09-20 03:33 - 00001255 _____ C:\Users\Vala\Desktop\TreeSize Free.lnk
2015-09-20 03:33 - 2015-09-20 03:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2015-09-20 03:32 - 2015-09-20 03:32 - 00000000 ____D C:\Program Files (x86)\JAM Software
2015-09-20 03:31 - 2015-09-20 03:31 - 06639264 _____ (JAM Software ) C:\Users\Vala\Downloads\TreeSizeFreeSetup.exe
2015-09-19 10:51 - 2015-09-19 10:51 - 01889600 _____ C:\Users\Vala\Desktop\egagaegaeg.psd
2015-09-19 08:30 - 2015-09-19 08:30 - 00801273 _____ C:\Users\Vala\Desktop\egagaegaeg.ora
2015-09-19 08:30 - 2015-09-19 08:30 - 00004823 _____ C:\Users\Vala\AppData\Local\recently-used.xbel
2015-09-19 06:29 - 2015-09-19 06:29 - 00000000 ____D C:\Users\Nick\Documents\MK-LOL
2015-09-18 23:07 - 2015-09-18 23:07 - 00001197 _____ C:\Users\Vala\Desktop\JRT.txt
2015-09-18 23:00 - 2015-09-18 23:00 - 01798976 _____ (Malwarebytes) C:\Users\Vala\Downloads\JRT (1).exe
2015-09-18 19:44 - 2015-09-18 19:45 - 00000000 ____D C:\KVRT_Data
2015-09-18 19:42 - 2015-09-18 19:43 - 93942432 _____ (Kaspersky Lab ZAO) C:\Users\Vala\Downloads\KVRT.exe
2015-09-18 19:32 - 2015-09-18 19:34 - 00003812 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1410125875
2015-09-18 19:32 - 2015-09-18 19:32 - 00001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-09-18 19:24 - 2015-09-18 19:24 - 00000798 _____ C:\Users\Vala\Desktop\AdwCleaner[C1].txt
2015-09-18 19:07 - 2015-09-18 19:07 - 00056332 _____ C:\Users\Vala\Desktop\Kindred.itemDevourer01.ogg
2015-09-18 19:05 - 2015-09-18 19:05 - 00301043 _____ C:\Users\Vala\Desktop\Kindred_Listen_to_their_tale.ogg
2015-09-18 18:41 - 2015-09-18 20:24 - 00000000 ____D C:\AdwCleaner
2015-09-18 18:40 - 2015-05-11 13:56 - 02508432 _____ (Sysinternals - www.sysinternals.com) C:\Users\Vala\Desktop\procexp.exe
2015-09-18 18:39 - 2015-09-18 18:39 - 01662976 _____ C:\Users\Vala\Downloads\adwcleaner_5.008.exe
2015-09-18 18:34 - 2015-09-18 18:34 - 01186640 _____ C:\Users\Vala\Downloads\ProcessExplorer.zip
2015-09-18 11:28 - 2015-09-18 18:46 - 00000323 _____ C:\Users\Vala\Desktop\New Text Document.txt
2015-09-18 05:05 - 2015-09-18 05:05 - 00472839 _____ C:\Users\Vala\Desktop\Untitled-1.psd
2015-09-18 02:55 - 2015-09-18 02:56 - 00000000 ____D C:\Users\Vala\Desktop\New folder
2015-09-12 20:16 - 2015-09-12 20:16 - 01800104 _____ (Malwarebytes Corporation) C:\Users\Vala\Downloads\JRT.exe
2015-09-12 18:40 - 2015-09-21 22:24 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-12 18:40 - 2015-09-12 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-12 18:39 - 2015-09-12 18:39 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Vala\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-09-12 18:39 - 2015-09-12 18:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-12 18:39 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-09-12 18:39 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-12 18:39 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-12 18:38 - 2015-09-12 18:39 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Vala\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-12 18:00 - 2015-09-12 18:00 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-09-12 17:58 - 2015-09-12 17:59 - 18779208 _____ C:\Users\Vala\Downloads\RogueKiller.exe
2015-09-09 22:20 - 2015-09-09 22:24 - 00055978 _____ C:\Users\Vala\Downloads\Addition.txt
2015-09-09 22:16 - 2015-09-22 02:35 - 00014328 _____ C:\Users\Vala\Downloads\FRST.txt
2015-09-09 22:15 - 2015-09-22 02:32 - 00000000 ____D C:\FRST
2015-09-09 22:11 - 2015-09-09 22:11 - 00001001 _____ C:\DelFix.txt
2015-09-08 15:16 - 2015-09-21 22:08 - 00000000 ____D C:\Users\Vala\AppData\Roaming\IMVU
2015-09-08 15:16 - 2015-09-08 15:16 - 00000000 ____D C:\Users\Vala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU
2015-09-07 06:29 - 2015-09-07 06:29 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-09-07 01:51 - 2015-09-07 01:51 - 00000000 ____D C:\Users\Vala\AppData\Roaming\PDAppFlex
2015-09-07 01:49 - 2015-09-11 10:44 - 00003494 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-Nick-Vala
2015-09-07 01:37 - 2015-09-07 01:37 - 00001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2015-09-07 01:37 - 2015-09-07 01:37 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-09-07 01:29 - 2015-09-07 01:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-09-07 01:21 - 2015-09-07 01:21 - 00000000 ____D C:\Program Files\Adobe
2015-09-06 18:06 - 2015-09-06 18:16 - 00000000 ____D C:\Users\Vala\Desktop\Adobe Photoshop CC 2015 (20150529.r.88) (32+64Bit) + Crack
2015-09-06 17:23 - 2015-09-18 20:35 - 00000928 _____ C:\WINDOWS\setupact.log
2015-09-06 17:23 - 2015-09-06 17:23 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-06 17:22 - 2015-09-14 00:20 - 00003760 _____ C:\WINDOWS\PFRO.log
2015-09-06 17:22 - 2015-09-06 17:23 - 04959032 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-06 00:58 - 2015-09-06 00:58 - 00208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\02719820.sys
2015-09-05 13:13 - 2015-09-05 13:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-09-05 13:10 - 2013-04-08 15:13 - 00017920 _____ C:\Users\Vala\Desktop\RunAsDate.exe
2015-09-05 13:08 - 2015-09-05 13:09 - 00024791 _____ C:\Users\Vala\Downloads\runasdate.zip
2015-09-05 05:31 - 2015-09-05 05:31 - 00000000 ____D C:\SUPERDelete
2015-09-05 05:17 - 2015-09-14 00:20 - 00000518 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 1846d608-a8d3-44e2-aa3c-1776865fb73e.job
2015-09-05 05:17 - 2015-09-11 10:43 - 00003482 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task d3907744-da3e-464f-b879-4172389e63b6
2015-09-05 05:17 - 2015-09-11 10:42 - 00003564 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 1846d608-a8d3-44e2-aa3c-1776865fb73e
2015-09-05 05:16 - 2015-09-14 00:20 - 00000518 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d3907744-da3e-464f-b879-4172389e63b6.job
2015-09-05 05:16 - 2015-09-05 05:16 - 00000000 ____D C:\Users\Vala\AppData\Roaming\SUPERAntiSpyware.com
2015-09-05 05:16 - 2015-09-05 05:16 - 00000000 ____D C:\Users\Vala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-09-05 05:15 - 2015-09-05 05:16 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-09-05 05:15 - 2015-09-05 05:15 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-09-04 14:47 - 2015-05-25 04:39 - 00680600 _____ (Sysinternals - www.sysinternals.com) C:\Users\Vala\Desktop\Autoruns.exe
2015-09-04 14:46 - 2015-09-04 14:46 - 00593693 _____ C:\Users\Vala\Downloads\Autoruns.zip
2015-09-03 07:53 - 2015-09-18 22:44 - 00000000 ____D C:\ProgramData\Temp
2015-09-02 12:20 - 2015-09-02 12:20 - 124655843 _____ C:\Users\Vala\Downloads\Evil_Red_Flame_Mixtape-(DatPiff.com).zip
2015-09-02 06:31 - 2015-09-02 06:31 - 00001183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-02 06:31 - 2015-09-02 06:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-01 01:32 - 2015-09-01 01:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-01 01:32 - 2015-09-01 01:32 - 00000000 ____D C:\Program Files\iTunes
2015-09-01 01:32 - 2015-09-01 01:32 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-09-01 01:02 - 2015-09-01 01:02 - 00000000 ____D C:\Users\Vala\AppData\Local\CEF
2015-08-29 13:33 - 2015-08-29 13:34 - 00000000 ____D C:\Users\Vala\Desktop\Bob's Burgers Season 3 (1280x720) [Phr0stY]
2015-08-23 10:01 - 2015-08-30 01:17 - 00000000 ____D C:\Users\Vala\Desktop\Bar Rescue Seasons 1-3
2015-08-23 07:47 - 2015-08-23 07:47 - 01077920 _____ C:\Users\Vala\Downloads\Augustus - Imgur.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-22 02:40 - 2014-12-21 08:44 - 00000000 ____D C:\Users\Vala\AppData\Roaming\Skype
2015-09-22 02:40 - 2014-12-21 08:32 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1699397770-1706359949-1841341789-1005
2015-09-22 02:02 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-21 23:42 - 2015-07-15 07:16 - 01846246 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-20 11:03 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-20 03:34 - 2015-06-11 02:31 - 00000000 ____D C:\Users\Vala\AppData\Roaming\vlc
2015-09-20 03:33 - 2015-03-17 05:42 - 00000000 ____D C:\Users\Vala\AppData\Roaming\JAM Software
2015-09-20 03:07 - 2014-12-21 08:42 - 12109824 ___SH C:\Users\Vala\Desktop\Thumbs.db
2015-09-19 08:33 - 2015-06-30 00:17 - 00001543 _____ C:\Users\Vala\AppData\Roaming\PureRef.ini
2015-09-19 06:29 - 2014-09-07 17:31 - 00000000 ____D C:\Users\Nick
2015-09-19 02:38 - 2015-06-16 20:02 - 00000000 ____D C:\Users\Vala\AppData\Local\CrashDumps
2015-09-18 20:38 - 2014-09-16 05:09 - 00006468 _____ C:\WINDOWS\SysWOW64\Gms.log
2015-09-18 20:35 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-18 20:25 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-09-18 19:32 - 2014-09-07 17:37 - 00000000 ____D C:\Program Files (x86)\Opera
2015-09-18 14:22 - 2015-05-08 14:01 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-18 11:39 - 2015-06-23 14:41 - 00007651 _____ C:\Users\Vala\AppData\Local\Resmon.ResmonCfg
2015-09-18 02:43 - 2015-04-01 21:05 - 00000000 ____D C:\Users\Open
2015-09-17 11:05 - 2014-10-07 05:30 - 00000000 ____D C:\ProgramData\Origin
2015-09-17 04:34 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-17 03:51 - 2014-09-16 00:15 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-17 03:50 - 2015-06-13 22:49 - 00000000 ____D C:\Users\Vala\Documents\Stuff
2015-09-16 12:27 - 2015-01-02 23:39 - 00000000 ____D C:\Users\Vala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-09-16 12:05 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-09-16 07:55 - 2014-12-21 08:49 - 00000000 ___RD C:\Users\Vala\Documents\Eventually
2015-09-15 17:55 - 2015-08-01 06:10 - 00000000 ____D C:\Users\Vala\AppData\Roaming\Audacity
2015-09-15 17:39 - 2014-12-21 09:00 - 03494912 ___SH C:\Users\Vala\Downloads\Thumbs.db
2015-09-15 03:52 - 2014-09-18 12:44 - 00000000 ____D C:\Program Files (x86)\Mod Organizer
2015-09-15 03:44 - 2014-12-24 15:58 - 00000000 ____D C:\Users\Vala\AppData\Local\Google
2015-09-15 03:30 - 2014-10-08 17:10 - 00000000 ____D C:\Games
2015-09-14 00:21 - 2014-12-21 08:26 - 00000000 ____D C:\Users\Vala
2015-09-11 10:44 - 2015-04-01 21:11 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1699397770-1706359949-1841341789-1006
2015-09-11 02:01 - 2015-06-17 02:00 - 00000000 ____D C:\Users\Vala\AppData\Local\Adobe
2015-09-07 01:37 - 2015-03-15 09:06 - 00000000 ____D C:\Users\Vala\Documents\Adobe
2015-09-07 01:30 - 2014-09-07 18:13 - 00000000 ____D C:\ProgramData\Skype
2015-09-07 01:29 - 2014-09-07 18:13 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-09-07 01:26 - 2014-09-29 14:45 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-09-06 18:18 - 2014-12-21 13:10 - 00000000 ____D C:\Users\Vala\AppData\Roaming\uTorrent
2015-09-06 17:22 - 2015-06-12 15:22 - 00000000 ____D C:\Program Files\Webroot
2015-09-05 13:33 - 2014-09-09 09:38 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-05 13:31 - 2015-08-02 01:36 - 00000000 ____D C:\ProgramData\CyberLink
2015-09-05 13:30 - 2015-08-02 01:45 - 00000000 ____D C:\Users\Vala\AppData\Local\CyberLink
2015-09-05 02:06 - 2015-06-11 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-09-05 02:06 - 2015-01-03 12:55 - 00000000 ____D C:\Users\Vala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-09-04 16:34 - 2014-12-21 08:52 - 00000000 ____D C:\Users\Vala\Documents\My Games
2015-09-04 16:29 - 2014-12-18 05:08 - 00000000 ____D C:\GOG Games
2015-09-04 16:09 - 2015-08-21 11:53 - 00000000 ____D C:\ProgramData\WRData
2015-09-04 15:09 - 2014-10-06 18:34 - 00002990 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2015-09-01 04:01 - 2015-03-15 04:45 - 00000000 ____D C:\Users\Vala\AppData\Roaming\Apple Computer
2015-09-01 01:32 - 2015-05-08 00:29 - 00000000 ____D C:\Program Files\iPod
2015-09-01 01:32 - 2015-05-08 00:26 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-01 01:31 - 2015-06-21 17:25 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-08-31 20:21 - 2015-07-12 20:27 - 00000000 ____D C:\Users\Vala\AppData\Local\Battle.net
2015-08-31 14:59 - 2015-07-12 20:37 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-08-31 14:50 - 2015-07-12 20:26 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-08-30 01:17 - 2015-08-21 12:21 - 00000000 ____D C:\Users\Vala\Desktop\[AliQ] Steven Universe Season 1 [1080p WEB_DL x264]

==================== Files in the root of some directories =======

2015-06-30 00:17 - 2015-09-19 08:33 - 0001543 _____ () C:\Users\Vala\AppData\Roaming\PureRef.ini
2015-09-19 08:30 - 2015-09-19 08:30 - 0004823 _____ () C:\Users\Vala\AppData\Local\recently-used.xbel
2015-06-23 14:41 - 2015-09-18 11:39 - 0007651 _____ () C:\Users\Vala\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Vala\AppData\Local\Temp\InstallIMVU_522.0.exe
C:\Users\Vala\AppData\Local\Temp\procexp64.exe
C:\Users\Vala\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-19 08:39

==================== End of FRST.txt ============================

 

[Balanced]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Vala (2015-09-22 02:42:38)
Running from C:\Users\Vala\Downloads
Windows 8.1 (X64) (2014-09-07 21:32:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1699397770-1706359949-1841341789-500 - Administrator - Disabled)
Guest (S-1-5-21-1699397770-1706359949-1841341789-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1699397770-1706359949-1841341789-1003 - Limited - Enabled)
Open (S-1-5-21-1699397770-1706359949-1841341789-1006 - Limited - Enabled) => C:\Users\Open
Vala (S-1-5-21-1699397770-1706359949-1841341789-1005 - Administrator - Enabled) => C:\Users\Vala

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\uTorrent) (Version: 3.4.4.40911 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Banished (HKLM-x32\...\GOGPACKBANISHED_is1) (Version: 2.0.0.3 - GOG.com)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.1.0 - Synaptics Incorporated)
Don't Starve (HKLM-x32\...\GOGPACKDONTSTARVE_is1) (Version: 2.7.0.16 - GOG.com)
ESET NOD32 Antivirus (HKLM\...\{5F2AE448-CD4B-40BD-B245-5F0CD06A09B0}) (Version: 8.0.319.0 - ESET, spol s r. o.)
FastStone Image Viewer 5.3 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.3 - FastStone Soft)
Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version: - Fistful of Frags Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
IMVU Avatar Chat Software (HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\IMVU Avatar chat client software BETA) (Version: - )
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MediBang Paint Pro 4.0 (HKLM-x32\...\MediBang Paint Pro_is1) (Version: 4.0 - Medibang)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
MyPaint 1.0.0 (HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\MyPaint) (Version: 1.0.0 - Martin Renold & MyPaint Development Team)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
nomacs 2.4.5 (HKLM-x32\...\nomacs) (Version: 2.4.5 - )
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Opera Stable 32.0.1948.25 (HKLM-x32\...\Opera 32.0.1948.25) (Version: 32.0.1948.25 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Papers, Please (HKLM-x32\...\GOGPACKPAPERSPLEASE_is1) (Version: 2.0.0.4 - GOG.com)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
PureRef (HKLM-x32\...\PureRef) (Version: 1.6.0 - Idyllic Pixel)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.012 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.43 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7240 - Realtek Semiconductor Corp.)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software)
Shovel Knight (HKLM-x32\...\1207664823_is1) (Version: 2.6.0.13 - GOG.com)
Skype™ 7.9 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.9.103 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43174 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
This War of Mine (HKLM-x32\...\1207666873_is1) (Version: 2.0.0.2 - GOG.com)
TreeSize Free V3.3.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software)
Unity Web Player (HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Zombies Monsters Robots (HKLM-x32\...\Steam App 306830) (Version: - Yingpei Games)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

07-09-2015 01:26:13 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
14-09-2015 21:46:20 Scheduled Checkpoint
18-09-2015 23:01:11 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2AE5C956-72F6-47D7-BD9F-AF681E10FDD9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {6DDF1087-8018-44BB-B5CE-4926AAF50729} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {830F2AC1-C4BB-41CF-AFF7-7F29A400CF62} - System32\Tasks\SUPERAntiSpyware Scheduled Task 1846d608-a8d3-44e2-aa3c-1776865fb73e => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {9763B52D-131F-468B-B644-53B466672220} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {9DC579C7-0164-4C62-A028-27BF5DC9E41B} - System32\Tasks\Opera scheduled Autoupdate 1410125875 => C:\Program Files (x86)\Opera\launcher.exe [2015-09-11] (Opera Software)
Task: {AC745D74-E436-436A-8B0A-F31896F069E3} - System32\Tasks\AdobeAAMUpdater-1.0-Nick-Vala => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {C5BDEF03-4CF1-4B81-B611-829BE85D3E9F} - System32\Tasks\SUPERAntiSpyware Scheduled Task d3907744-da3e-464f-b879-4172389e63b6 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {E4C36EB6-6732-47C3-A80A-3914FD6ECE98} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-11-22] (Synaptics Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 1846d608-a8d3-44e2-aa3c-1776865fb73e.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d3907744-da3e-464f-b879-4172389e63b6.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (Whitelisted) ==============

2014-10-21 06:54 - 2007-09-02 16:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2015-09-03 20:57 - 2015-08-27 21:56 - 01868104 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libglesv2.dll
2015-09-03 20:57 - 2015-08-27 21:56 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libegl.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00306984 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2010-07-15 00:44 - 2010-07-15 00:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2014-01-21 16:54 - 2014-01-21 16:54 - 01301688 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2015-09-18 23:25 - 2015-09-18 23:25 - 02221048 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.255\deploy\LoLLauncher.exe
2015-09-18 23:25 - 2015-09-18 23:25 - 04049400 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.39\deploy\LoLPatcher.exe
2015-09-02 07:40 - 2015-04-27 09:53 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.160\deploy\LolClient.exe
2015-09-03 20:57 - 2015-08-27 21:56 - 28659016 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll
2015-08-13 13:47 - 2015-08-13 13:47 - 00217568 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
2015-08-13 13:47 - 2015-08-13 13:47 - 00221152 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\IMVUClient.exe
2014-11-10 12:12 - 2014-11-10 12:12 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-10-21 06:54 - 2007-09-02 16:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2014-12-08 03:21 - 2014-12-08 03:21 - 00799232 _____ () C:\Program Files (x86)\MKJogo\MK IM\Bin\sqlite3.dll
2014-12-08 03:21 - 2014-12-08 03:21 - 01721856 _____ () C:\Program Files (x86)\MKJogo\MK IM\Bin\RLib.dll
2014-12-08 03:21 - 2014-12-08 03:21 - 01191936 _____ () C:\Program Files (x86)\MKJogo\MK IM\Bin\ACE.dll
2014-12-08 03:21 - 2015-08-31 21:55 - 01017544 _____ () C:\Program Files (x86)\MKJogo\MK IM\LOL\AddonSkin-LOL.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-12-08 03:21 - 2014-12-08 03:21 - 00108744 _____ () C:\Program Files (x86)\MKJogo\MK IM\LOL\LauncherTransit.dll
2015-09-18 23:26 - 2015-09-18 23:26 - 01581048 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.39\deploy\RiotLauncher.dll
2014-12-08 03:21 - 2015-08-31 21:55 - 00460488 _____ () C:\Program Files (x86)\MKJogo\MK IM\LOL\AirTransit.dll
2015-09-02 07:32 - 2015-04-27 09:44 - 04774248 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.160\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
2015-05-20 21:19 - 2015-05-20 21:19 - 00098304 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\win32api.pyd
2015-05-20 21:19 - 2015-05-20 21:19 - 00109568 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\pywintypes27.dll
2015-05-20 21:19 - 2015-05-20 21:19 - 00110592 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\win32file.pyd
2015-05-20 21:18 - 2015-05-20 21:18 - 00016896 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\win32event.pyd
2015-05-20 21:19 - 2015-05-20 21:19 - 00087040 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\_ctypes.pyd
2015-05-20 21:18 - 2015-05-20 21:18 - 00166912 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\win32gui.pyd
2015-05-20 21:19 - 2015-05-20 21:19 - 00046080 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\_socket.pyd
2015-05-20 21:19 - 2015-05-20 21:19 - 00028160 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\_ssl.pyd
2015-05-20 21:18 - 2015-05-20 21:18 - 00659456 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\_imaging.pyd
2015-05-20 22:06 - 2015-05-20 22:06 - 00911872 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\_cal3d.pyd
2015-05-20 21:29 - 2015-05-20 21:29 - 00216576 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\boost_python.dll
2015-05-20 21:30 - 2015-05-20 21:30 - 00360960 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\cal3d.dll
2015-05-20 21:29 - 2015-05-20 21:29 - 00031744 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\CallStack.dll
2015-08-06 13:48 - 2015-08-06 13:48 - 01892352 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\_avatarwindow.pyd
2015-05-20 21:35 - 2015-05-20 21:35 - 00169984 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\zero.dll
2015-05-20 21:35 - 2015-05-20 21:35 - 00052736 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\pixmap.dll
2015-08-06 13:46 - 2015-08-06 13:46 - 00920064 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\SceneWindow.dll
2015-05-20 21:34 - 2015-05-20 21:34 - 00072704 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\ParticleLib.dll
2015-05-20 21:37 - 2015-05-20 21:37 - 00014336 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\MemoryHook.dll
2015-05-20 21:19 - 2015-05-20 21:19 - 00126976 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\pyexpat.pyd
2015-05-20 21:18 - 2015-05-20 21:18 - 00357888 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\pythoncom27.dll
2015-05-20 21:18 - 2015-05-20 21:18 - 00265216 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\win32com.shell.shell.pyd
2015-05-20 21:19 - 2015-05-20 21:19 - 00016384 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\win32clipboard.pyd
2015-05-20 21:19 - 2015-05-20 21:19 - 00034816 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\win32process.pyd
2015-05-20 22:08 - 2015-05-20 22:08 - 00059392 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\_sqlite3.pyd
2015-05-20 21:52 - 2015-05-20 21:52 - 00506368 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\sqlite3.dll
2015-05-20 21:19 - 2015-05-20 21:19 - 00010240 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\select.pyd
2015-05-20 22:08 - 2015-05-20 22:08 - 00044032 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\_pylzma.pyd
2015-08-06 13:49 - 2015-08-06 13:49 - 00131072 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\_imvugecko.pyd
2015-08-06 13:47 - 2015-08-06 13:47 - 00190976 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\imvugecko.dll
2015-05-20 21:07 - 2015-05-20 21:07 - 00872448 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\js3250.dll
2015-05-20 22:08 - 2015-05-20 22:08 - 00135680 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\_libzero.pyd
2015-08-06 13:49 - 2015-08-06 13:49 - 00083968 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\_imvuflash.pyd
2015-08-06 13:47 - 2015-08-06 13:47 - 00111104 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\imvuflash.dll
2015-05-20 21:45 - 2015-05-20 21:45 - 00010752 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\nphwndproxy.dll
2015-05-20 21:24 - 2015-05-20 21:24 - 17024688 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\NPSWF32.dll
2015-05-20 21:19 - 2015-05-20 21:19 - 00686080 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\unicodedata.pyd
2015-05-20 22:01 - 2015-05-20 22:01 - 00068096 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\_audiere.pyd
2015-05-20 21:28 - 2015-05-20 21:28 - 00249344 _____ () C:\Users\Vala\AppData\Roaming\IMVUClient\audiere.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\27263692.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\32013379.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\53930880.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\59487981.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\59540859.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\61987929.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\75870151.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77961255.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\80515704.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\81722075.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UnsignedThemes => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\27263692.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\32013379.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\53930880.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\59487981.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\59540859.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\61987929.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\75870151.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\77961255.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\80515704.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\81722075.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UnsignedThemes => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 11405 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Vala\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdvancedSystemCareService7 => 3
MSCONFIG\Services: ekrn => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\startupreg: AdobeCS6ServiceManager => "c:\program files (x86)\common files\adobe\cs6servicemanager\cs6servicemanager.exe" -launchedbylogin
MSCONFIG\startupreg: BlueStacks Agent => c:\program files (x86)\bluestacks\hd-agent.exe
MSCONFIG\startupreg: Dxtory Update Checker 2.0 =>
MSCONFIG\startupreg: MouseDriver =>
MSCONFIG\startupreg: RtHDVBg => "c:\program files\realtek\audio\hda\ravbg64.exe" /maxx4
MSCONFIG\startupreg: Skype =>
MSCONFIG\startupreg: SwitchBoard => c:\program files (x86)\common files\adobe\switchboard\switchboard.exe
MSCONFIG\startupreg: uTorrent =>
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "D3DOverrider"
HKLM\...\StartupApproved\Run32: => "uTorrent"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "RtHDVBg_PushButton"
HKLM\...\StartupApproved\Run32: => "WRSVC"
HKLM\...\StartupApproved\Run32: => "UXTheme Launcher"
HKLM\...\StartupApproved\Run32: => "DelaypluginInstall"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "MouseDriver"
HKLM\...\StartupApproved\Run32: => "PowerDVD15Agent"
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "RocketDock"
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "ASCTray.exe"
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "ASC.exe"
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "GameBooster.exe"
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "launcher.exe"
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "Advanced SystemCare 8"
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "CCleaner"
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "Process Hacker 2"
HKU\S-1-5-21-1699397770-1706359949-1841341789-1005\...\StartupApproved\Run: => "SUPERAntiSpyware"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{B0C26D87-DFF9-497C-A69F-7F4598236976}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{2DC76815-2D26-4A59-BD67-6D1FC165C9BF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{D8C0D86B-9B7C-4359-9A4B-ACFD8BF71ECF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A066DE20-33A8-4C43-BBD3-48DF251FAACA}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{732FF684-EFA4-4D50-BF03-C154ED171FBA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F58AD488-2E23-4924-BD0A-D0E0812782B3}] => (Allow) LPort=2869
FirewallRules: [{8A0B7691-3A37-4A76-935E-9DEBA2A8CA58}] => (Allow) LPort=1900
FirewallRules: [{5762D2FB-EB17-4DE1-9F2A-D88140A837DE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7F0DB825-BCA6-495C-8419-9FFD3E7DE5A8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{795524D8-D277-4587-9232-24410F04BAE1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C321CD08-402E-4878-B79C-5B530A02F96D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E320C745-75BB-4920-8FFF-D012F69D0FF6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5198B202-3731-49C0-AE75-3C76238F5B07}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6A9A32EA-D582-45E0-98E6-52F5329C28E5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{2A8CF148-5FFC-4534-8FE4-DC5F731BB8D8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{0532BB4E-0328-4171-85EC-A8366ABDD1DA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{F56BA8D9-CF19-4BE1-A668-BBA7D8551C20}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{08015EFD-85FE-4368-B395-3BBC2F63D86A}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{433CEA71-757D-4394-8366-02370C902E2E}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{7F9F1F20-1A79-4633-906A-1CA2EF28EE64}] => (Allow) C:\Users\Vala\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CDF34A80-9350-4AFA-8E3B-BBBD43327C22}] => (Allow) C:\Users\Vala\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8832BAA9-34FC-44A7-96B4-CBF16F8C91C6}] => (Allow) %SystemDrive%\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{706989A1-EE0E-4800-BFC9-A58FAA700D5B}] => (Allow) %SystemDrive%\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{492D1A93-86A2-45EC-B09C-0D383DFBB9D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{F1EB0A55-968F-4242-B8BD-ACA3B4F1B962}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{F37EF24A-ECA4-4949-9408-7740F6082D02}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0D1CD10D-8B54-4D9B-AF13-7930D6985345}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{82F72679-A078-4279-9BEF-CFBED42AF969}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{5E789CBB-5017-4079-8E04-F6B9008DA058}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{F00BF2A4-99D6-4685-BCDF-806291EBB969}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A52BA5C6-8EBF-4558-963A-CBF0EC7BD5A2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4593F805-0A8C-45C2-B26E-426AD06ECCF1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{80590668-F7C5-4EC1-85A5-A27C1D47816A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{2BC3CF39-2B5A-4856-93BA-7179D8F1262E}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{97C15DE6-6C01-44F9-90E7-6464750DB3AF}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{991A258E-F01D-4D7D-B12D-8F864C09CF39}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{D0C4BC97-363C-4634-BC1A-6963361A01E3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{E3A0E76F-4985-4E6E-A876-EDC14338E718}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8CFAB8F5-772A-436F-85B2-3139CB00C240}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A79B8270-FA6F-49EF-BE68-F78D3A1FBF9B}] => (Allow) C:\Program Files (x86)\Origin Games\Peggle Deluxe\Peggle.exe
FirewallRules: [{F34E2B90-C198-454E-B365-8621ACBF1993}] => (Allow) C:\Program Files (x86)\Origin Games\Peggle Deluxe\Peggle.exe
FirewallRules: [{97BC925E-8BA9-40B8-BFAF-C1BF061E20AF}] => (Allow) C:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{C8972B06-44E6-4AF3-80EE-0325CCD54FE1}] => (Allow) C:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{F6E4ED8D-7475-4355-8353-5DE83C59733A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{08BB8D10-1D58-42C8-B6C3-A59F45020BE6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{E80BF7A6-7C66-4D00-A691-493C53CCF04A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{69B114FA-A677-4538-87EA-CAA2684641E7}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{780BA432-2237-4249-92AC-9A3AAF3F59AE}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{C094E686-BAD0-4E0A-9CCB-91E236CDA41A}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{7A8070E2-A2BA-4583-ACB0-F3678B24408B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2AD21110-C905-4499-B91D-B67163E3DB73}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{92BADAB4-CA82-4EF2-AC73-39C145ADCF75}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{31E72819-1BD4-493F-BE83-2F233909C84C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6028C91F-580D-4743-B14D-B1EF1EA77752}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{CC4DDA64-F81C-447C-87DD-C52C96852AE6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Dell Touchpad
Description: Dell Touchpad
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Synaptics
Service: i8042prt
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Toshiba USB 109 Japanese keyboard
Description: Toshiba USB 109 Japanese keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: Toshiba
Service: kbdhid
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

[Balanced]

==================== Event log errors: =========================

Application errors:
==================
Error: (09/19/2015 02:38:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 7.9.64.103, time stamp: 0x55ddec33
Faulting module name: mshtml.dll, version: 11.0.9600.17842, time stamp: 0x5565cf99
Exception code: 0xc0000005
Fault offset: 0x0021f3d4
Faulting process id: 0xd50
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3
Faulting package full name: Skype.exe4
Faulting package-relative application ID: Skype.exe5

Error: (09/18/2015 11:01:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary D28B5456.

System Error:
The system cannot find the file specified.
.

Error: (09/18/2015 11:01:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1699397770-1706359949-1841341789-1001.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {6aa3316f-e96d-40ae-a3f4-f8ac5c1948a6}

Error: (09/18/2015 08:34:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: egui.exe, version: 8.0.319.0, time stamp: 0x559d2313
Faulting module name: ToastNotify.dll, version: 8.0.319.0, time stamp: 0x559d2398
Exception code: 0xc0000005
Fault offset: 0x0000000000002f3e
Faulting process id: 0x4e4
Faulting application start time: 0xegui.exe0
Faulting application path: egui.exe1
Faulting module path: egui.exe2
Report Id: egui.exe3
Faulting package full name: egui.exe4
Faulting package-relative application ID: egui.exe5

Error: (09/18/2015 08:25:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: egui.exe, version: 8.0.319.0, time stamp: 0x559d2313
Faulting module name: ToastNotify.dll, version: 8.0.319.0, time stamp: 0x559d2398
Exception code: 0xc0000005
Fault offset: 0x0000000000002f3e
Faulting process id: 0xae0
Faulting application start time: 0xegui.exe0
Faulting application path: egui.exe1
Faulting module path: egui.exe2
Report Id: egui.exe3
Faulting package full name: egui.exe4
Faulting package-relative application ID: egui.exe5

Error: (09/18/2015 07:21:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: egui.exe, version: 8.0.319.0, time stamp: 0x559d2313
Faulting module name: ToastNotify.dll, version: 8.0.319.0, time stamp: 0x559d2398
Exception code: 0xc0000005
Fault offset: 0x0000000000002f3e
Faulting process id: 0x670
Faulting application start time: 0xegui.exe0
Faulting application path: egui.exe1
Faulting module path: egui.exe2
Report Id: egui.exe3
Faulting package full name: egui.exe4
Faulting package-relative application ID: egui.exe5

Error: (09/18/2015 05:51:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 7.9.64.103, time stamp: 0x55ddec33
Faulting module name: mshtml.dll, version: 11.0.9600.17842, time stamp: 0x5565cf99
Exception code: 0xc0000005
Fault offset: 0x0021f3d4
Faulting process id: 0x31cc
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3
Faulting package full name: Skype.exe4
Faulting package-relative application ID: Skype.exe5

Error: (09/18/2015 03:12:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbar.exe, version: 1.9.1.1004, time stamp: 0x54d5665f
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f42c2
Exception code: 0xc00000fd
Fault offset: 0x00048e18
Faulting process id: 0x9dc
Faulting application start time: 0xmbar.exe0
Faulting application path: mbar.exe1
Faulting module path: mbar.exe2
Report Id: mbar.exe3
Faulting package full name: mbar.exe4
Faulting package-relative application ID: mbar.exe5

Error: (09/18/2015 01:20:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbar.exe, version: 1.9.1.1004, time stamp: 0x54d5665f
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f42c2
Exception code: 0xc00000fd
Fault offset: 0x00048209
Faulting process id: 0x430c
Faulting application start time: 0xmbar.exe0
Faulting application path: mbar.exe1
Faulting module path: mbar.exe2
Report Id: mbar.exe3
Faulting package full name: mbar.exe4
Faulting package-relative application ID: mbar.exe5

Error: (09/17/2015 06:47:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program vlc.exe version 2.2.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3fcc

Start Time: 01d0f135bcdf303c

Termination Time: 77

Application Path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

Report Id: 84c346a7-5d29-11e5-82aa-74867a0f02b0

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (09/21/2015 11:37:40 PM) (Source: DCOM) (EventID: 10010) (User: Nick)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (09/21/2015 11:37:09 PM) (Source: DCOM) (EventID: 10010) (User: Nick)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (09/21/2015 10:25:26 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: Nick)
Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-1699397770-1706359949-1841341789-1005-0-ntuser.dat

Error: (09/21/2015 10:24:38 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: Nick)
Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-1699397770-1706359949-1841341789-1005-0-ntuser.dat

Error: (09/21/2015 03:49:04 AM) (Source: DCOM) (EventID: 10010) (User: Nick)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (09/21/2015 03:48:32 AM) (Source: DCOM) (EventID: 10010) (User: Nick)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (09/19/2015 02:09:37 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (09/19/2015 02:09:36 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (09/19/2015 08:39:50 AM) (Source: DCOM) (EventID: 10010) (User: Nick)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (09/19/2015 08:39:20 AM) (Source: DCOM) (EventID: 10010) (User: Nick)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


CodeIntegrity:
===================================
Date: 2015-01-18 14:13:03.005
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-09 21:10:30.260
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-03 21:05:28.345
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-25 13:20:33.756
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-21 09:43:08.365
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-20 20:45:37.977
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-20 01:01:26.070
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-19 12:17:35.602
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-09 09:19:54.495
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-03 04:13:25.915
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU 1007U @ 1.50GHz
Percentage of memory in use: 58%
Total physical RAM: 4001.27 MB
Available physical RAM: 1641.47 MB
Total Virtual: 7353.23 MB
Available Virtual: 3282.04 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:287.29 GB) (Free:86.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: FCAA072E)

Partition: GPT.

==================== End of Addition.txt ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[Balanced]

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Vala (2015-09-22 22:39:41) Run:1
Running from C:\Users\Vala\Downloads
Loaded Profiles: Vala (Available Profiles: Vala & Open)
Boot Mode: Normal
==============================================

fixlist content:
*****************
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
2015-06-30 00:17 - 2015-09-19 08:33 - 0001543 _____ () C:\Users\Vala\AppData\Roaming\PureRef.ini
2015-09-19 08:30 - 2015-09-19 08:30 - 0004823 _____ () C:\Users\Vala\AppData\Local\recently-used.xbel
2015-06-23 14:41 - 2015-09-18 11:39 - 0007651 _____ () C:\Users\Vala\AppData\Local\Resmon.ResmonCfg
C:\Users\Vala\AppData\Local\Temp\InstallIMVU_522.0.exe
C:\Users\Vala\AppData\Local\Temp\procexp64.exe
C:\Users\Vala\AppData\Local\Temp\sqlite3.dll

*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect" => key removed successfully
C:\Users\Vala\AppData\Roaming\PureRef.ini => moved successfully
C:\Users\Vala\AppData\Local\recently-used.xbel => moved successfully
C:\Users\Vala\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\Users\Vala\AppData\Local\Temp\InstallIMVU_522.0.exe => moved successfully
C:\Users\Vala\AppData\Local\Temp\procexp64.exe => moved successfully
C:\Users\Vala\AppData\Local\Temp\sqlite3.dll => moved successfully

==== End of Fixlog 22:39:42 ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[Balanced]

Results of screen317's Security Check version 1.008
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET NOD32 Antivirus 8.0
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Adobe Flash Player 17.0.0.188 Flash Player out of Date!
Mozilla Firefox (40.0.3)
Google Chrome (45.0.2454.85)
Google Chrome (45.0.2454.99)
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

 

[Balanced]

Farbar Service Scanner Version: 26-07-2015
Ran by Vala (administrator) on 24-09-2015 at 03:37:38
Running from "C:\Users\Vala\Downloads"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

[Broni]

Sophos?

 

[Balanced]

Nothing from Sophos, It said im clean.
Didn't let me click details.

 

[Broni]

Update Firefox to the current version.

Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

 

[Broni]

The issue seems to be resolved.