CloseProcesses:
CreateRestorePoint:
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-986212026-379418426-1859886101-1000\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-986212026-379418426-1859886101-1000 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
SearchScopes: HKU\S-1-5-21-986212026-379418426-1859886101-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
Toolbar: HKLM - No Name - {BA3E8250-8530-434F-B82F-B15AE5168E0A} -  No File
Winsock: Catalog5 01 mswsock.dll File not foundATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 06 mswsock.dll File not foundATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not ' & $found1 & 'ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 06 mswsock.dll File Not ' & $found1 & 'ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
FF Extension: AllSaveer - C:\Users\Val\AppData\Roaming\Mozilla\Firefox\Profiles\lay4lng0.default\Extensions\rWplhdc@RSf.net [2015-07-24]
2015-08-11 00:33 - 2015-08-11 16:20 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2015-07-24 03:21 - 2015-07-24 03:21 - 00000000 ____D C:\Program Files (x86)\AllSaveer
2015-07-24 03:01 - 2015-07-24 10:49 - 00000000 ____D C:\Program Files (x86)\UpgraderLite
2015-07-13 02:56 - 2015-07-24 03:22 - 00000000 ____D C:\ProgramData\3746226442181077489
2015-07-13 02:56 - 2015-07-17 22:27 - 00000000 ____D C:\Program Files (x86)\CutTheeePPricie
2015-07-13 02:54 - 2015-08-11 14:54 - 00000418 _____ C:\Windows\Tasks\YogaLite.job
2015-07-13 02:54 - 2015-07-13 02:54 - 00003326 _____ C:\Windows\System32\Tasks\YogaLite
2015-07-13 02:54 - 2015-07-13 02:54 - 00000000 ____D C:\ProgramData\{538c2888-fe67-11e2-538c-c2888fe6a223}
C:\$Recycle.Bin\S-1-5-21-986212026-379418426-1859886101-1000\$b59c2d2b86ada98909b69bf192f30e8c
C:\$Recycle.Bin\S-1-5-18\$b59c2d2b86ada98909b69bf192f30e8c
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
Task: {018567D4-21EE-42D0-BA7B-1628FB10060B} - \APSnotifierPP1 -> No File <==== ATTENTION
Task: {393BBB8D-441C-4C4F-8AF1-6C82E3AA690E} - \RocketTab -> No File <==== ATTENTION
Task: {48F56E4C-F2E2-4FD1-884C-89375100CBAF} - System32\Tasks\YogaLite => c:\programdata\{538c2888-fe67-11e2-538c-c2888fe6a223}\teredotunnelingpseudointerfacedriver.exe-1436720063717.exe <==== ATTENTION
Task: {4E22B097-D3DA-4787-B4F0-58B23EE2D230} - \APSnotifierPP2 -> No File <==== ATTENTION
Task: {60A91ADB-F825-4877-AA9F-8247B79F339D} - System32\Tasks\Malware Cleaner => C:\Users\Val\AppData\Roaming\3C86.tmp.exe <==== ATTENTION
Task: {8E1863F5-29A3-45C0-AA9E-5A0B2E08C3FB} - System32\Tasks\Security Installer => C:\Users\Val\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
Task: {B3B302CA-6F56-41DE-93AF-795CA9E90D62} - \RocketTab Update Task -> No File <==== ATTENTION
Task: {D0DC214B-07FF-48A0-B3A7-CB94AF555CF3} - \APSnotifierPP3 -> No File <==== ATTENTION
Task: {F69B4BD1-EE36-4A66-BDA8-BCFB75F755EE} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-11-11] ()
Task: C:\Windows\Tasks\YogaLite.job => c:\programdata\{538c2888-fe67-11e2-538c-c2888fe6a223}\teredotunnelingpseudointerfacedriver.exe-1436720063717.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Val\Cookies:AWOvEjCeixwoghHetITiPPRP
AlternateDataStreams: C:\Users\Val\AppData\Local\6cyPRKj9G:dgV72Q0w8TYtF2X6pc7J
AlternateDataStreams: C:\Users\Val\AppData\Local\Temporary Internet Files:MP8Uflmc0xnGiVYhhUU06AxEM0kz
File: C:\Windows\System32\Tasks\{28C46AD1-F540-4E51-BCA1-8438E5601D95}
EmptyTemp:
CMD: bitsadmin /reset /allusers
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew