Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast pop up windows blocking random URLs from explorer.exe


  • This topic is locked This topic is locked
21 replies to this topic

#1 Mat28

Mat28

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 01 July 2015 - 03:24 AM

Hey just as the title says I have encountered problem where my avast keeps spamming me with infinite number of never ending pop-up windows that It has blocked dangerous site or file.

 

Object: always random url

Infection: URL:Mal

Process: C:\Windows\explorer.exe

 

I suspect it could be rootkit.

 

For any tips on how to get rid off this, I would be greatful.



BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:30 AM

Posted 01 July 2015 - 04:07 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Mat28

Mat28
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 01 July 2015 - 08:17 AM

Here are the logs you asked for:

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Mateusz (administrator) on MAT on 01-07-2015 11:34:45
Running from C:\Users\Mateusz\Downloads
Loaded Profiles: Mateusz (Available Profiles: Mateusz)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
() C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Spotify Ltd) C:\Users\Mateusz\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Toaster.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Alienware Corp) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
(Creative Technology Ltd) C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Alienware Corporation) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.4150\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5952\Battle.net.exe
(Blizzard Entertainment, Inc.) C:\Program Files (x86)\Heroes of the Storm\Versions\Base36144\HeroesOfTheStorm_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392872 2010-11-29] (Synaptics Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13256 2011-04-14] (Microsoft)
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-28] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-17] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-14] (Intel Corporation)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [1636208 2011-09-03] ()
HKLM-x32\...\Run: [Integrated Webcam Live! Central] => C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [RemoteControl9] => c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-02] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-18] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2011-08-12] (cyberlink)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-06] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKU\S-1-5-21-2983942405-1184955024-1870986945-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28917376 2015-05-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2983942405-1184955024-1870986945-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-2983942405-1184955024-1870986945-1002\...\Run: [GoogleChromeAutoLaunch_AD39DCBBF0C8E335115CF32EE510DE61] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-20] (Google Inc.)
HKU\S-1-5-21-2983942405-1184955024-1870986945-1002\...\Run: [icq] => C:\Users\Mateusz\AppData\Roaming\ICQM\icq.exe [36705800 2015-05-04] (ICQ)
HKU\S-1-5-21-2983942405-1184955024-1870986945-1002\...\Run: [Spotify Web Helper] => C:\Users\Mateusz\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030648 2015-07-01] (Spotify Ltd)
HKU\S-1-5-21-2983942405-1184955024-1870986945-1002\...\Run: [Spotify] => C:\Users\Mateusz\AppData\Roaming\Spotify\Spotify.exe [7504952 2015-07-01] (Spotify Ltd)
HKU\S-1-5-21-2983942405-1184955024-1870986945-1002\...\Run: [Dropbox Update] => C:\Users\Mateusz\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-01] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bigfoot Killer Network Manager.lnk [2012-02-02]
ShortcutTarget: Bigfoot Killer Network Manager.lnk -> C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe ()
Startup: C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-03-03]
ShortcutTarget: Dropbox.lnk -> C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-06] (Avast Software s.r.o.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2983942405-1184955024-1870986945-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=pl-pl
HKU\S-1-5-21-2983942405-1184955024-1870986945-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-06] (Avast Software s.r.o.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-27] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-06] (Avast Software s.r.o.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-27] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.155.1 8.8.8.8
Tcpip\..\Interfaces\{9E099954-E198-445A-92E4-4AB9524D7FE0}: [DhcpNameServer] 192.168.155.1 8.8.8.8
Tcpip\..\Interfaces\{FFA7673C-BD51-4B28-8E0D-B9D64F20E793}: [DhcpNameServer] 192.168.155.1 8.8.8.8
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-01]
 
Chrome: 
=======
CHR Profile: C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-19]
CHR Extension: (Google Docs) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-19]
CHR Extension: (Google Drive) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-19]
CHR Extension: (YouTube) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-19]
CHR Extension: (Google Search) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-19]
CHR Extension: (Avast SafePrice) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-03-08]
CHR Extension: (Google Sheets) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-19]
CHR Extension: (AdBlock) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-20]
CHR Extension: (Avast Online Security) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-03]
CHR Extension: (Google Wallet) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-19]
CHR Extension: (Gmail) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-19]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-06] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-03-17] (Avast Software)
R2 Bigfoot Networks Killer Service; C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [763904 2011-03-30] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 CLKMSVC10_9EC60124; c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-12] (CyberLink)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-16] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-01-16] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Ak27x64; C:\Windows\System32\DRIVERS\Ak27x64.sys [2705000 2011-03-30] (Bigfoot Networks, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-06] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-06] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-06] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-06] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-06] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-06] ()
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [68712 2011-03-30] (Bigfoot Networks, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
U3 TrueSight; C:\WINDOWS\System32\drivers\TrueSight.sys [35064 2015-07-01] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-03-17] (Avast Software)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-01 11:34 - 2015-07-01 11:35 - 00021803 _____ C:\Users\Mateusz\Downloads\FRST.txt
2015-07-01 11:34 - 2015-07-01 11:34 - 00000000 ____D C:\FRST
2015-07-01 11:31 - 2015-07-01 11:32 - 02112512 _____ (Farbar) C:\Users\Mateusz\Downloads\FRST64.exe
2015-07-01 09:06 - 2015-07-01 09:56 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-01 09:06 - 2015-07-01 09:06 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-07-01 09:05 - 2015-07-01 09:05 - 17853688 _____ C:\Users\Mateusz\Downloads\RogueKiller.exe
2015-07-01 08:06 - 2015-07-01 08:07 - 00000000 ____D C:\AdwCleaner
2015-07-01 08:05 - 2015-07-01 08:05 - 02244096 _____ C:\Users\Mateusz\Downloads\adwcleaner_4.207.exe
2015-07-01 07:46 - 2015-07-01 07:46 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-07-01 07:44 - 2015-07-01 07:44 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Mateusz\Downloads\tdsskiller.exe
2015-07-01 07:34 - 2015-07-01 07:34 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-01 07:33 - 2015-07-01 10:38 - 00001170 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2983942405-1184955024-1870986945-1002UA.job
2015-07-01 07:33 - 2015-07-01 07:38 - 00001118 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2983942405-1184955024-1870986945-1002Core.job
2015-07-01 07:33 - 2015-07-01 07:33 - 00004144 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2983942405-1184955024-1870986945-1002UA
2015-07-01 07:33 - 2015-07-01 07:33 - 00003748 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2983942405-1184955024-1870986945-1002Core
2015-07-01 07:33 - 2015-07-01 07:33 - 00000000 ____D C:\Users\Mateusz\AppData\Local\Dropbox
2015-07-01 07:33 - 2015-07-01 07:33 - 00000000 ____D C:\ProgramData\Dropbox
2015-07-01 07:06 - 2015-07-01 07:51 - 00000000 ___HD C:\Users\Mateusz\AppData\Roaming\A0ABCFA6
2015-07-01 07:06 - 2015-07-01 07:07 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-06-30 11:15 - 2015-06-30 11:15 - 00108544 _____ C:\Users\Mateusz\Downloads\NIESTACJONARNE_I st_20_06.xls
2015-06-28 23:15 - 2015-06-28 23:15 - 00016747 _____ C:\Users\Mateusz\Downloads\1632354.htm
2015-06-28 16:43 - 2015-06-28 16:43 - 00519874 _____ C:\Users\Mateusz\Desktop\Garden of Terror (43).StormReplay
2015-06-27 21:10 - 2015-06-27 21:10 - 00051749 _____ C:\Users\Mateusz\Downloads\directory.htm
2015-06-27 17:57 - 2015-06-27 17:57 - 00052209 _____ C:\Users\Mateusz\Downloads\smaczne.htm
2015-06-25 16:40 - 2015-06-25 16:40 - 00034465 _____ C:\Users\Mateusz\Downloads\zuna-tierlist.htm
2015-06-25 10:03 - 2015-06-25 10:03 - 09238338 _____ C:\Users\Mateusz\Downloads\Fixed-wow-exe-6.2.0-20173-64bit.zip
2015-06-24 00:35 - 2015-06-24 00:35 - 00001363 _____ C:\Users\Public\Desktop\Heroes of the Storm Public Test.lnk
2015-06-24 00:35 - 2015-06-24 00:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm Public Test
2015-06-24 00:27 - 2015-06-28 13:18 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm Public Test
2015-06-11 21:46 - 2015-06-23 11:51 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\vlc
2015-06-11 21:44 - 2015-06-11 21:44 - 00001072 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-06-11 21:44 - 2015-06-11 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-06-11 21:44 - 2015-06-11 21:44 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2015-06-11 21:43 - 2015-06-11 21:46 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\livestreamer
2015-06-11 21:43 - 2015-06-11 21:44 - 21221376 _____ C:\Users\Mateusz\Downloads\python-3.3.5.amd64.msi
2015-06-11 21:43 - 2015-06-11 21:43 - 00000000 ____D C:\Program Files (x86)\Livestreamer
2015-06-11 21:41 - 2015-06-11 21:42 - 04239793 _____ C:\Users\Mateusz\Downloads\livestreamer-v1.12.2-win32-setup.exe
2015-06-11 21:39 - 2015-06-11 21:40 - 28849904 _____ C:\Users\Mateusz\Downloads\vlc-2.2.1-win32.exe
2015-06-10 08:23 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 08:23 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 08:23 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 08:23 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 08:23 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 08:23 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 08:23 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 08:23 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 08:23 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 08:23 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 08:23 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 08:23 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 08:23 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 08:23 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 08:23 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 08:23 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 08:23 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 08:23 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 08:23 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 08:23 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 08:23 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 08:23 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 08:23 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 08:23 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 08:23 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 08:23 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 08:23 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 08:23 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 08:23 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 08:23 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 08:23 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 08:23 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 08:23 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 08:23 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 08:23 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 08:23 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 08:23 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 08:23 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 08:23 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 08:23 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 08:23 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 08:23 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 08:23 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 08:23 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 08:23 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 08:23 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 08:23 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 08:23 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 08:23 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 08:23 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 08:23 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 08:23 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 08:23 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 08:23 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 08:23 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 08:23 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 08:23 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 08:23 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 08:23 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 08:23 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 07:41 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 07:41 - 2015-05-09 05:27 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 07:41 - 2015-05-09 05:27 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 07:41 - 2015-05-09 05:27 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 07:41 - 2015-05-09 05:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 07:41 - 2015-05-09 05:26 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 07:41 - 2015-05-09 05:26 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 07:41 - 2015-05-09 05:26 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 07:41 - 2015-05-09 05:25 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 07:41 - 2015-05-09 05:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 07:41 - 2015-05-09 05:13 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 07:41 - 2015-05-09 05:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 07:41 - 2015-05-09 05:12 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 07:41 - 2015-05-09 05:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 07:41 - 2015-05-09 05:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 04:01 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 07:41 - 2015-05-09 04:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 07:41 - 2015-05-09 03:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 03:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 03:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 07:41 - 2015-05-09 03:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 07:41 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 07:41 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 07:41 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 07:41 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 07:41 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 07:41 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 07:41 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 07:41 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 07:41 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 07:41 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 07:41 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 07:41 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-04 22:38 - 2015-06-04 22:38 - 01460272 _____ C:\Users\Mateusz\Downloads\1433449509610.webm
2015-06-02 01:27 - 2015-06-28 13:19 - 00000000 ____D C:\Users\Mateusz\Documents\Heroes of the Storm
2015-06-02 01:09 - 2015-06-02 01:09 - 00001195 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk
2015-06-02 01:09 - 2015-06-02 01:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-06-02 00:54 - 2015-06-02 00:54 - 02511360 _____ (Skillbrains ) C:\Users\Mateusz\Downloads\setup-lightshot.exe
2015-06-01 23:09 - 2015-07-01 09:10 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-01 11:32 - 2015-02-19 05:07 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\Skype
2015-07-01 11:32 - 2015-02-19 01:24 - 00000000 ____D C:\Users\Mateusz\AppData\Local\Battle.net
2015-07-01 11:24 - 2015-04-27 14:48 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-01 08:51 - 2015-05-31 04:57 - 00000000 ____D C:\Users\Mateusz\AppData\Local\Spotify
2015-07-01 08:51 - 2015-02-20 02:56 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-01 08:19 - 2009-07-14 06:45 - 00025008 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-01 08:19 - 2009-07-14 06:45 - 00025008 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-01 08:14 - 2015-03-03 20:49 - 00000000 ___RD C:\Users\Mateusz\Dropbox
2015-07-01 08:14 - 2012-02-02 09:14 - 01440189 _____ C:\Windows\WindowsUpdate.log
2015-07-01 08:12 - 2015-05-31 04:57 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\Spotify
2015-07-01 08:12 - 2015-03-03 20:46 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\Dropbox
2015-07-01 08:10 - 2012-02-02 16:54 - 00000000 ____D C:\Program Files (x86)\AlienRespawn
2015-07-01 08:09 - 2012-02-02 16:59 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-07-01 08:09 - 2009-07-14 06:51 - 00051165 _____ C:\Windows\setupact.log
2015-07-01 08:08 - 2015-02-19 05:07 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-01 08:08 - 2012-02-02 09:12 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-01 08:08 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-01 07:55 - 2015-03-01 17:11 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-01 07:29 - 2015-02-19 04:36 - 00000536 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-07-01 07:28 - 2010-11-21 05:47 - 00410206 _____ C:\Windows\PFRO.log
2015-07-01 02:17 - 2015-05-14 14:56 - 00000000 ____D C:\Program Files (x86)\World of Warcraft Public Test
2015-06-30 23:21 - 2015-02-20 03:18 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\TS3Client
2015-06-30 14:01 - 2015-02-19 04:36 - 00000394 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2015-06-30 14:00 - 2015-02-19 16:00 - 00003460 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2015-06-30 14:00 - 2015-02-19 04:36 - 00003414 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-06-29 20:33 - 2015-02-19 01:24 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-06-28 02:19 - 2015-02-19 16:39 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2015-06-27 22:17 - 2015-03-10 05:03 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-06-24 12:23 - 2015-02-19 23:13 - 00001668 _____ C:\Users\Mateusz\Desktop\Config.wtf
2015-06-12 11:00 - 2015-02-19 04:36 - 00004234 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-06-11 07:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-11 03:36 - 2015-02-19 05:07 - 00000000 ____D C:\ProgramData\Skype
2015-06-11 03:33 - 2012-02-02 17:05 - 00000000 ____D C:\ProgramData\Sonic
2015-06-11 03:33 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-11 03:31 - 2009-07-14 06:45 - 00319400 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 03:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-11 03:11 - 2015-02-28 14:37 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 03:02 - 2015-02-28 14:37 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-07 00:06 - 2015-04-02 01:12 - 00000000 ____D C:\Users\Mateusz\Desktop\Snide sheet
2015-06-07 00:06 - 2015-03-31 16:04 - 00000000 ____D C:\Users\Mateusz\Desktop\Flamebender Mythic
2015-06-02 01:27 - 2015-02-19 01:24 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2015-06-01 16:47 - 2015-02-19 22:00 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\OBS
2015-06-01 06:32 - 2015-04-03 02:48 - 00000000 ____D C:\Users\Mateusz\Desktop\Render Folder
2015-06-01 06:23 - 2015-04-03 23:25 - 00000000 ____D C:\Users\Mateusz\Desktop\Muzyka
2015-06-01 05:23 - 2015-03-08 20:57 - 00000000 ____D C:\Users\Mateusz\Desktop\Pulplit Marzec
 
==================== Files in the root of some directories =======
 
2015-03-21 01:48 - 2015-03-21 01:48 - 0003584 _____ () C:\Users\Mateusz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-16 20:44 - 2015-05-16 20:45 - 0042968 _____ () C:\ProgramData\dxdiag.txt
 
Some files in TEMP:
====================
C:\Users\Mateusz\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Mateusz\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvkcycw.dll
C:\Users\Mateusz\AppData\Local\Temp\nvStInst.exe
C:\Users\Mateusz\AppData\Local\Temp\Quarantine.exe
C:\Users\Mateusz\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Mateusz\AppData\Local\Temp\sqlite3.dll
C:\Users\Mateusz\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-23 01:14
 
==================== End of log ============================
 
 

 

 

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Mateusz at 2015-07-01 11:36:17
Running from C:\Users\Mateusz\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2983942405-1184955024-1870986945-500 - Administrator - Disabled)
Gość (S-1-5-21-2983942405-1184955024-1870986945-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2983942405-1184955024-1870986945-1001 - Limited - Enabled)
Mateusz (S-1-5-21-2983942405-1184955024-1870986945-1002 - Administrator - Enabled) => C:\Users\Mateusz
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Aimersoft DRM Media Converter(Build 1.4.7.2) (HKLM-x32\...\Aimersoft DRM Media Converter_is1) (Version:  - Aimersoft Software)
Aktualizacje NVIDIA 17.12.8 (Version: 17.12.8 - NVIDIA Corporation) Hidden
Alien: Isolation (HKLM-x32\...\Steam App 214490) (Version:  - Creative Assembly)
AlienAutopsy (HKLM\...\AlienAutopsy) (Version: 3.1.5803.11 - Dell Inc.)
AlienAutopsy (Version: 3.1.5803.11 - PC-Doctor, Inc.) Hidden
AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Alienware)
AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Alienware)
Alienware M17x Manual (HKLM-x32\...\InstallShield_{A140A094-942E-4F76-B8F4-850EC146170F}) (Version: 1.0.0.1 - Alienware Corp.)
Alienware M17x Manual (Version: 1.0.0.1 - Alienware Corp.) Hidden
Alienware On-Screen Display (HKLM-x32\...\InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.31.0.15C - )
Alienware On-Screen Display (x32 Version: 0.31.0.15C - ) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bigfoot Networks Killer Network Manager (HKLM-x32\...\InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}) (Version:  - )
Bigfoot Networks Killer Network Manager (Version: 6.0.1.0 - Bigfoot Networks) Hidden
ChrisPC Free VideoTube Downloader 7.65 (HKLM-x32\...\{6006089C-84B5-4F18-8113-1234567890DE}_is1) (Version:  - Chris P.C. srl)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version:  - Colossal Order)
Combined Community Codec Pack 2013-11-27 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2013.11.27.0 - CCCP Project)
Command Center (HKLM-x32\...\InstallShield_{F36C7898-22FA-4584-B9DF-C51737ADF702}) (Version: 2.6.14.0 - Nazwa firmy)
Command Center (Version: 2.6.14.0 - Nazwa firmy) Hidden
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.4418 - CyberLink Corp.)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell System Detect (HKU\S-1-5-21-2983942405-1184955024-1870986945-1002\...\73f463568823ebbe) (Version: 6.0.0.18 - Dell)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKU\S-1-5-21-2983942405-1184955024-1870986945-1002\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
EMSC (x32 Version: 0.0.0.22C - Compal Electronics, Inc.) Hidden
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
FFMPEG Addon (HKLM-x32\...\{111124AF-1ED4-44EF-B674-111111985342}_is1) (Version: 1.00 - FFMPEG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Heroes of the Storm Public Test (HKLM-x32\...\Heroes of the Storm Public Test) (Version:  - Blizzard Entertainment)
ICQ 8.3 (build 7317) (HKU\S-1-5-21-2983942405-1184955024-1870986945-1002\...\ICQ) (Version: 8.3.7317.0 - ICQ)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6330.0 - IDT)
Integrated Webcam Live! Central (HKLM-x32\...\Integrated Webcam Live! Central) (Version: 2.00.44 - Creative Technology Ltd)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Livestreamer 1.12.2 (HKLM-x32\...\Livestreamer) (Version:  - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Oprogramowanie systemu PhysX 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Sterownik 3D Vision 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Sterownik dźwięku HD 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Sterownik graficzny 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Sterownik kontrolera 3D Vision 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
osu! (HKLM-x32\...\{b01bf7ad-cc96-4c34-97e0-5feb9c82878f}) (Version: latest - ppy Pty Ltd)
Panel sterowania NVIDIA 347.52 (Version: 347.52 - NVIDIA Corporation) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - ##COMPANY_NAME##) Hidden
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spotify (HKU\S-1-5-21-2983942405-1184955024-1870986945-1002\...\Spotify) (Version: 1.0.8.59.gee82e7e6 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.19.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.20 (32-bitowy) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2983942405-1184955024-1870986945-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2983942405-1184955024-1870986945-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2983942405-1184955024-1870986945-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2983942405-1184955024-1870986945-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2983942405-1184955024-1870986945-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2983942405-1184955024-1870986945-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2983942405-1184955024-1870986945-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2983942405-1184955024-1870986945-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2983942405-1184955024-1870986945-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2983942405-1184955024-1870986945-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
06-05-2015 00:49:25 Windows Update
12-05-2015 12:00:36 Windows Update
14-05-2015 03:00:23 Windows Update
19-05-2015 21:11:35 Windows Update
26-05-2015 11:38:12 Windows Update
29-05-2015 16:43:49 Windows Update
02-06-2015 22:53:32 Windows Update
09-06-2015 11:53:15 Windows Update
11-06-2015 03:00:13 Windows Update
17-06-2015 02:14:06 Windows Update
23-06-2015 13:10:04 Windows Update
26-06-2015 18:53:39 Windows Update
30-06-2015 17:29:17 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {10E41976-E9C2-4BA2-BCEF-DEBB40DDDDB9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-27] (Adobe Systems Incorporated)
Task: {226F1A07-ECFF-403E-A51A-058ACED27BDE} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\AlienAutopsy\pcdrcui.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {3D8DD27B-9DAC-41A0-B211-38C5D396A40E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2983942405-1184955024-1870986945-1002Core => C:\Users\Mateusz\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-01] (Dropbox, Inc.)
Task: {83B30EB0-7DA3-4D4A-8EDE-084BA5392FAD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-19] (Google Inc.)
Task: {863CA4B1-06DC-41BD-B2EC-51BC701EA6DF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2983942405-1184955024-1870986945-1002UA => C:\Users\Mateusz\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-01] (Dropbox, Inc.)
Task: {990D8C99-686C-4A7F-83AB-B39F92FC903E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-19] (Google Inc.)
Task: {DB8F2B33-7172-4995-973C-B23A994863FC} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\AlienAutopsy\uaclauncher.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {DC52F9DF-98C6-46D4-8FC2-05F7CADD2CB3} - System32\Tasks\PCDEventLauncher => C:\Program Files\AlienAutopsy\sessionchecker.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {DE259FE9-CD59-4689-AFB8-B243CC82C514} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2983942405-1184955024-1870986945-1002Core.job => C:\Users\Mateusz\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2983942405-1184955024-1870986945-1002UA.job => C:\Users\Mateusz\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\AlienAutopsy\uaclauncher.exeo-backgroundmon scripts\defaultscan.xml
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\AlienAutopsy\pcdrcui.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-02-22 07:59 - 2015-02-05 21:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2011-03-30 02:50 - 2011-03-30 02:50 - 00763904 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
2010-06-14 09:16 - 2010-06-14 09:16 - 02765312 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\QtCore4.dll
2010-06-14 09:31 - 2010-06-14 09:31 - 10373120 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\QtGui4.dll
2010-06-14 09:16 - 2010-06-14 09:16 - 00448512 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\QtXml4.dll
2011-03-30 02:50 - 2011-03-30 02:50 - 00256512 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\BFCommon.dll
2010-02-08 23:48 - 2010-02-08 23:48 - 00685568 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\qwt5.dll
2010-06-14 09:17 - 2010-06-14 09:17 - 00919552 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\QtNetwork4.dll
2011-06-28 03:26 - 2011-06-28 03:26 - 02022976 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
2012-02-02 16:55 - 2011-09-22 18:14 - 02751808 _____ () C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-02-02 16:47 - 2012-02-02 16:49 - 00090552 _____ () C:\Windows\Microsoft.Net\assembly\GAC_MSIL\AlienLabsTools\v4.0_2.6.14.0__bebb3c8816410241\AlienLabsTools.dll
2012-02-02 16:49 - 2012-02-02 16:49 - 00038352 _____ () C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\v4.0_2.6.14.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll
2011-06-29 16:52 - 2011-06-29 16:52 - 00474176 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
2011-09-03 02:24 - 2011-09-03 02:24 - 01636208 _____ () C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
2010-11-17 18:35 - 2010-11-17 18:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2011-03-22 22:26 - 2011-03-22 22:26 - 00156088 _____ () C:\Program Files\Alienware\Command Center\AlienFusionDomain.dll
2011-03-22 22:26 - 2011-03-22 22:26 - 00009680 _____ () C:\Program Files\Alienware\Command Center\pl\AlienFusionDomain.resources.dll
2011-03-22 22:26 - 2011-03-22 22:26 - 00016832 _____ () C:\Program Files\Alienware\Command Center\AlienFusionController.exe
2015-04-06 14:03 - 2015-04-06 14:03 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-06 14:03 - 2015-04-06 14:03 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-30 19:54 - 2015-06-30 19:54 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15063001\algo.dll
2015-07-01 11:35 - 2015-07-01 11:35 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15070100\algo.dll
2010-03-17 04:28 - 2010-03-17 04:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
2010-03-22 23:52 - 2010-03-22 23:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
2010-03-17 04:28 - 2010-03-17 04:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
2010-03-17 04:28 - 2010-03-17 04:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
2011-06-25 07:20 - 2011-06-25 07:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
2011-06-28 03:25 - 2011-06-28 03:25 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
2011-06-25 07:21 - 2011-06-25 07:21 - 00322624 _____ () C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll
2010-03-12 03:52 - 2010-03-12 03:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
2010-03-05 23:07 - 2010-03-05 23:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
2010-03-05 23:07 - 2010-03-05 23:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
2010-03-12 03:52 - 2010-03-12 03:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
2015-06-22 23:26 - 2015-06-20 07:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-22 23:26 - 2015-06-20 07:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
2009-12-18 19:07 - 2009-12-18 19:07 - 00577536 _____ () C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll
2010-11-25 06:44 - 2010-11-25 06:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2015-03-17 09:15 - 2015-03-17 09:15 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-20 19:33 - 2015-02-20 19:33 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll
2012-02-02 16:39 - 2010-09-14 02:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-03-17 09:15 - 2015-03-17 09:15 - 00985600 _____ () C:\Program Files\AVAST Software\Avast\ffmpegsumo.dll
2015-06-29 20:29 - 2015-06-29 20:29 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5952\libcef.dll
2015-06-29 20:29 - 2015-06-29 20:29 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5952\libGLESv2.dll
2015-06-29 20:29 - 2015-06-29 20:29 - 00909312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5952\platforms\qwindows.dll
2015-06-29 20:29 - 2015-06-29 20:29 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5952\libEGL.dll
2015-06-29 20:29 - 2015-06-29 20:29 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5952\imageformats\qgif.dll
2015-06-29 20:29 - 2015-06-29 20:29 - 00021504 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5952\imageformats\qico.dll
2015-06-29 20:29 - 2015-06-29 20:29 - 00205312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5952\imageformats\qjpeg.dll
2015-06-29 20:29 - 2015-06-29 20:29 - 00225792 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5952\imageformats\qmng.dll
2015-06-29 20:29 - 2015-06-29 20:29 - 00015872 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5952\imageformats\qsvg.dll
2015-06-29 20:29 - 2015-06-29 20:29 - 00312832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5952\imageformats\qtiff.dll
2015-06-29 20:29 - 2015-06-29 20:29 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5952\qml\QtQuick.2\qtquick2plugin.dll
2015-06-29 20:29 - 2015-06-29 20:29 - 00054272 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5952\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-29 20:29 - 2015-06-29 20:29 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5952\qml\QtQml\Models.2\modelsplugin.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\42884803.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\42884803.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2983942405-1184955024-1870986945-1002\...\dell.com -> dell.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2983942405-1184955024-1870986945-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.155.1 - 8.8.8.8
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{81662C00-CCA2-4B0A-A086-90B7B1A777DB}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{16D78CB0-81D9-4BBD-B55F-3E051CF77855}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{71CCA7F4-8261-432A-8FE6-CCA0B3128A09}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
FirewallRules: [{F734281E-AA16-4063-BF9F-B5F55E72495E}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
FirewallRules: [{1AD69FD7-DBB4-475D-8535-7876FF62249D}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
FirewallRules: [{90328896-52A5-43CF-ACB4-113936BDFE3A}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe
FirewallRules: [{C546E3AC-C35D-4037-961F-6390926C76C3}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe
FirewallRules: [{FA61B811-AEDA-4329-8626-F4852A703461}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
FirewallRules: [{AEC2B1CA-F008-4D01-9AA5-42D2AAF548AF}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
FirewallRules: [{92A3C2F4-05BD-479C-89E1-D585B7455CB4}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
FirewallRules: [{FA526FB0-9785-45AC-92F6-7F21413232F4}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe
FirewallRules: [{4AC75874-1AAE-4B50-BA45-A76A88B77068}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe
FirewallRules: [{1C454E24-FDA6-4AE0-B402-ACB5F2FC406B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8E28EAA3-452A-41F5-94F7-8794CDE93C58}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{D9C2C8F9-3A38-4FAC-9D64-A87927CD900E}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{FF8212D9-F96A-4F80-8A4B-3726031BB4D2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8D00CA14-400A-4929-9FE4-1F50B86195B8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{805CD9EC-F930-466C-BA97-F20A3CA5E34F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{965BA377-4C96-4247-96CC-5F06DE8F178C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1A4716F5-033B-4009-93C7-DA255FEC225E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2C58AF71-7580-43C6-B084-4C63DB5B0F7C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{31510689-3E03-4287-B950-A5E3FE295555}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{6A5CD044-5225-40BE-8431-D803923B8F0B}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{637AF2F9-A2CE-458A-B839-49F1E8EBD89C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E1BA9E8D-6D53-4561-98E4-0482DD3429BD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{084DFD30-B30A-4326-9D4E-5A068D62DCCA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A7AF9476-D3C9-4EC4-B400-C8C1B74A0D24}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AD4CBBEE-8F5A-43AC-9AAD-778A5240195C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alien Isolation\AI.exe
FirewallRules: [{1B5C4E1F-C1BF-4642-89E4-78AFAF4B4C31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alien Isolation\AI.exe
FirewallRules: [{136B1DAB-63B7-41E4-926F-6D2D1198B9A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{8FAAAA29-1B9A-4573-9634-48BCFB7E13FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [TCP Query User{11C031EF-7B1F-485F-9BEF-C16C14D5448D}C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [UDP Query User{3F3FC20D-8E22-4665-B54F-220DA4036FA6}C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [{DB9F475E-8820-44AC-8D07-EACDC8DA93D3}] => (Allow) C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{3910B617-E6AB-4202-BB6B-A4059705C27D}] => (Allow) C:\Users\Mateusz\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{74E7B28E-072C-470D-A83B-3F311872CB2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4C56A22B-236D-45B2-952D-8273B7FD9662}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F52D93DE-D059-4BF4-B59A-87D24B3B5E0D}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{617E34F8-BBB0-436C-AC85-0A438DBF4950}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{56FEE1B0-6230-498B-8911-DF840CB340D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{757A0898-2E35-4707-8A0F-D2D697D572C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [TCP Query User{03B91D94-690B-4895-86B0-B38441AE15B5}C:\users\mateusz\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\mateusz\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{359440FD-E2AE-4266-BA9E-9517B789B7EF}C:\users\mateusz\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\mateusz\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{CBE662F8-0917-486A-886A-896C27954F15}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{7DC4CF38-D8B8-420D-92C1-5709AB0CD802}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{B3E3453A-022F-450C-BD07-21C1FF045234}C:\program files (x86)\Java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\Java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [UDP Query User{9B2ED91F-D5FF-4F23-B38A-514D117E5F3A}C:\program files (x86)\Java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\Java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [{FFC8E2F2-1D0A-407D-ADD5-9E1CF176B0BD}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A4C570E0-93DA-43E9-994A-23AAF51818A8}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{13D58397-A71C-4765-A343-C4745AD5F85D}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{ACFB65EE-AA62-4935-9A43-A3EA917917BF}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{93B3EE3A-5226-4159-8381-218E438A2290}C:\users\mateusz\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mateusz\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{45C0D9FC-CD25-427A-A3EF-76334AE4175B}C:\users\mateusz\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mateusz\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{05459ACC-6260-4E19-BCFE-ADFFEB251323}C:\program files (x86)\heroes of the storm\versions\base35634\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35634\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{42D95E86-2424-4665-9160-05242D00D83E}C:\program files (x86)\heroes of the storm\versions\base35634\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35634\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{518D451B-19BC-44C4-AE51-B425CA39F6C1}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{858DB133-1BFB-4287-9835-88194A049EEE}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [{79B1CBC2-965C-45AA-ADB8-684DFBE67703}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{F8A3964B-3501-4997-A2B7-331960C1593A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{A697BF95-2325-4A68-B864-EEE6904B4867}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{A30EF78B-E1F3-4026-B153-2FF60ED1409A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [TCP Query User{72A60937-8225-406C-8C9E-49F19DD771CA}C:\program files (x86)\Java\jre1.8.0_45\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\Java\jre1.8.0_45\bin\jp2launcher.exe
FirewallRules: [UDP Query User{E2F87402-FF18-4D56-A703-AC57374CEA0A}C:\program files (x86)\Java\jre1.8.0_45\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\Java\jre1.8.0_45\bin\jp2launcher.exe
FirewallRules: [{01FB8797-D3F7-4EF9-A311-882B9F34F2A7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{8816644A-A248-42C4-99B2-93D3ADE0248E}C:\program files (x86)\heroes of the storm public test\versions\base36023\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm public test\versions\base36023\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{6A643DBA-AAEB-425A-B08B-0389FBABD7CF}C:\program files (x86)\heroes of the storm public test\versions\base36023\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm public test\versions\base36023\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{87D8EC7E-367E-4724-AD3A-4451EED04DBB}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{C27299FF-8E8F-457D-8084-77C601267026}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/01/2015 08:10:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/01/2015 07:53:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/01/2015 07:30:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/01/2015 01:05:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program HeroesOfTheStorm_x64.exe w wersji 0.11.1.35702 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.
 
Identyfikator procesu: 5e98
 
Godzina rozpoczęcia: 01d0b36b8d6c9095
 
Godzina zakończenia: 17117
 
Ścieżka aplikacji: C:\Program Files (x86)\Heroes of the Storm\Versions\Base35702\HeroesOfTheStorm_x64.exe
 
Identyfikator raportu: 571ca059-1f7c-11e5-acf9-9cb70d02aee7
 
Error: (06/28/2015 00:38:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Wow-64.exe w wersji 6.2.0.20182 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.
 
Identyfikator procesu: 3d58
 
Godzina rozpoczęcia: 01d0b18e25d609f3
 
Godzina zakończenia: 93
 
Ścieżka aplikacji: C:\Program Files (x86)\World of Warcraft\Wow-64.exe
 
Identyfikator raportu: ba58009b-1d81-11e5-acf9-9cb70d02aee7
 
Error: (06/25/2015 03:41:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program HeroesOfTheStorm_x64.exe w wersji 0.11.1.35702 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.
 
Identyfikator procesu: 1f20
 
Godzina rozpoczęcia: 01d0af1cf2601fc3
 
Godzina zakończenia: 14530
 
Ścieżka aplikacji: C:\Program Files (x86)\Heroes of the Storm\Versions\Base35702\HeroesOfTheStorm_x64.exe
 
Identyfikator raportu: d0ce8e4e-1b3f-11e5-acf9-9cb70d02aee7
 
Error: (06/24/2015 00:19:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Wow-64.exe w wersji 6.2.0.20173 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.
 
Identyfikator procesu: 4c8c
 
Godzina rozpoczęcia: 01d0ae6734e3bdcc
 
Godzina zakończenia: 114
 
Ścieżka aplikacji: C:\Program Files (x86)\World of Warcraft\Wow-64.exe
 
Identyfikator raportu:
 
Error: (06/24/2015 00:17:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Wow-64.exe w wersji 6.2.0.20173 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.
 
Identyfikator procesu: 2ce8
 
Godzina rozpoczęcia: 01d0ae66d4d4a4c9
 
Godzina zakończenia: 95
 
Ścieżka aplikacji: C:\Program Files (x86)\World of Warcraft\Wow-64.exe
 
Identyfikator raportu:
 
Error: (06/24/2015 00:14:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Wow-64.exe w wersji 6.2.0.20173 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.
 
Identyfikator procesu: 19e0
 
Godzina rozpoczęcia: 01d0ae666c7c9b09
 
Godzina zakończenia: 79
 
Ścieżka aplikacji: C:\Program Files (x86)\World of Warcraft\Wow-64.exe
 
Identyfikator raportu: dba0979f-1a59-11e5-acf9-9cb70d02aee7
 
Error: (06/24/2015 00:09:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Wow-64.exe w wersji 6.2.0.20173 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.
 
Identyfikator procesu: 3ea4
 
Godzina rozpoczęcia: 01d0ae655c6e0ac4
 
Godzina zakończenia: 116
 
Ścieżka aplikacji: C:\Program Files (x86)\World of Warcraft\Wow-64.exe
 
Identyfikator raportu: 09744df2-1a59-11e5-acf9-9cb70d02aee7
 
 
System errors:
=============
Error: (07/01/2015 09:06:17 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Ładowanie sterownika \??\C:\WINDOWS\System32\drivers\TrueSight.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika.
 
Error: (07/01/2015 08:09:04 AM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video5CMDre 00000000 00000080 00000000 00000005 00000005
 
Error: (07/01/2015 08:09:04 AM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video5CMDre 00000000 00000080 00000000 00000005 00000005
 
Error: (07/01/2015 08:09:04 AM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video5CMDre 00000000 00000080 00000000 00000005 00000005
 
Error: (07/01/2015 08:09:04 AM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video5CMDre 00000000 00000080 00000000 00000005 00000005
 
Error: (07/01/2015 08:09:04 AM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video5CMDre 00000000 00000080 00000000 00000005 00000005
 
Error: (07/01/2015 08:09:04 AM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video5CMDre 00000000 00000080 00000000 00000005 00000005
 
Error: (07/01/2015 08:09:04 AM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video5CMDre 00000000 00000080 00000000 00000005 00000005
 
Error: (07/01/2015 08:09:04 AM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video5CMDre 00000000 00000080 00000000 00000005 00000005
 
Error: (07/01/2015 08:09:04 AM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video5CMDre 00000000 00000080 00000000 00000005 00000005
 
 
Microsoft Office:
=========================
Error: (07/01/2015 08:10:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/01/2015 07:53:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/01/2015 07:30:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/01/2015 01:05:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: HeroesOfTheStorm_x64.exe0.11.1.357025e9801d0b36b8d6c909517117C:\Program Files (x86)\Heroes of the Storm\Versions\Base35702\HeroesOfTheStorm_x64.exe571ca059-1f7c-11e5-acf9-9cb70d02aee7
 
Error: (06/28/2015 00:38:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Wow-64.exe6.2.0.201823d5801d0b18e25d609f393C:\Program Files (x86)\World of Warcraft\Wow-64.exeba58009b-1d81-11e5-acf9-9cb70d02aee7
 
Error: (06/25/2015 03:41:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: HeroesOfTheStorm_x64.exe0.11.1.357021f2001d0af1cf2601fc314530C:\Program Files (x86)\Heroes of the Storm\Versions\Base35702\HeroesOfTheStorm_x64.exed0ce8e4e-1b3f-11e5-acf9-9cb70d02aee7
 
Error: (06/24/2015 00:19:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Wow-64.exe6.2.0.201734c8c01d0ae6734e3bdcc114C:\Program Files (x86)\World of Warcraft\Wow-64.exe
 
Error: (06/24/2015 00:17:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Wow-64.exe6.2.0.201732ce801d0ae66d4d4a4c995C:\Program Files (x86)\World of Warcraft\Wow-64.exe
 
Error: (06/24/2015 00:14:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Wow-64.exe6.2.0.2017319e001d0ae666c7c9b0979C:\Program Files (x86)\World of Warcraft\Wow-64.exedba0979f-1a59-11e5-acf9-9cb70d02aee7
 
Error: (06/24/2015 00:09:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Wow-64.exe6.2.0.201733ea401d0ae655c6e0ac4116C:\Program Files (x86)\World of Warcraft\Wow-64.exe09744df2-1a59-11e5-acf9-9cb70d02aee7
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2760QM CPU @ 2.40GHz
Percentage of memory in use: 86%
Total physical RAM: 8173.82 MB
Available physical RAM: 1138.49 MB
Total Pagefile: 16345.84 MB
Available Pagefile: 7512.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:455.98 GB) (Free:83.53 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 9617F221)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=9.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=456 GB) - (Type=07 NTFS)
 
==================== End of log ============================

 



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:30 AM

Posted 01 July 2015 - 08:43 AM

Step 1

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Mat28

Mat28
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 01 July 2015 - 10:13 AM

Hey here is the result of Combofix:

 

 

ComboFix 15-06-30.01 - Mateusz 2015-07-01  16:11:12.1.8 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1250.48.1045.18.8174.3800 [GMT 2:00]
Uruchomiony z: c:\users\Mateusz\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
c:\windows\RPSETUP.EXE.LOG
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2015-06-01 do 2015-07-01  )))))))))))))))))))))))))))))))
.
.
2015-07-01 14:47 . 2015-07-01 14:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-01 09:34 . 2015-07-01 09:37 -------- d-----w- C:\FRST
2015-07-01 07:06 . 2015-07-01 07:06 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-07-01 07:06 . 2015-07-01 07:56 -------- d-----w- c:\programdata\RogueKiller
2015-07-01 06:06 . 2015-07-01 06:07 -------- d-----w- C:\AdwCleaner
2015-07-01 05:46 . 2015-07-01 05:46 -------- d-----w- C:\TDSSKiller_Quarantine
2015-07-01 05:33 . 2015-07-01 05:33 -------- d-----w- c:\users\Mateusz\AppData\Local\Dropbox
2015-07-01 05:33 . 2015-07-01 05:33 -------- d-----w- c:\programdata\Dropbox
2015-07-01 05:06 . 2015-07-01 05:51 -------- d--h--w- c:\users\Mateusz\AppData\Roaming\A0ABCFA6
2015-07-01 05:06 . 2015-07-01 05:07 -------- d--h--w- c:\programdata\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-07-01 02:38 . 2015-07-01 02:38 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A096A4C0-1956-4CCA-8845-C76C3E685AE8}\offreg.2044.dll
2015-06-30 15:30 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A096A4C0-1956-4CCA-8845-C76C3E685AE8}\mpengine.dll
2015-06-23 22:27 . 2015-06-28 11:18 -------- d-----w- c:\program files (x86)\Heroes of the Storm Public Test
2015-06-11 19:46 . 2015-07-01 14:31 -------- d-----w- c:\users\Mateusz\AppData\Roaming\vlc
2015-06-11 19:44 . 2015-06-11 19:44 -------- d-----w- c:\program files (x86)\VideoLAN
2015-06-11 19:43 . 2015-06-11 19:46 -------- d-----w- c:\users\Mateusz\AppData\Roaming\livestreamer
2015-06-11 19:43 . 2015-06-11 19:43 -------- d-----w- c:\program files (x86)\Livestreamer
2015-06-10 05:41 . 2015-04-29 18:22 14635008 ----a-w- c:\windows\system32\wmp.dll
2015-06-01 21:09 . 2015-07-01 13:17 -------- d-----w- c:\program files (x86)\Heroes of the Storm
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-11 01:02 . 2015-02-28 12:37 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-05-09 03:13 . 2015-06-10 05:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-05 01:29 . 2015-05-13 04:03 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-05 01:12 . 2015-05-13 04:03 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-01 13:17 . 2015-05-14 01:05 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-14 01:05 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-27 13:55 . 2015-02-21 18:56 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-04-27 12:48 . 2015-04-27 12:48 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-27 12:48 . 2012-02-02 14:22 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-20 03:17 . 2015-05-13 04:03 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-04-20 03:17 . 2015-05-13 04:03 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 02:56 . 2015-05-13 04:03 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-13 04:03 460800 ----a-w- c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-13 04:03 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-04-13 03:28 . 2015-05-13 04:03 328704 ----a-w- c:\windows\system32\services.exe
2015-04-08 03:29 . 2015-05-13 04:02 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-13 04:02 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-13 04:02 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2015-04-06 12:03 . 2015-04-06 12:03 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-04-06 12:03 . 2015-03-01 15:11 136752 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-04-06 12:03 . 2015-03-01 15:11 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-04-06 12:03 . 2015-03-01 15:11 88408 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-04-06 12:03 . 2015-03-01 15:11 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-04-06 12:03 . 2015-03-01 15:11 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-04-06 12:03 . 2015-03-01 15:11 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-04-06 12:03 . 2015-03-01 15:11 271200 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-04-06 12:03 . 2015-04-06 12:03 43112 ----a-w- c:\windows\avastSS.scr
2015-04-06 12:03 . 2015-03-01 15:11 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-04-04 03:29 . 2015-05-13 04:03 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-04-04 03:29 . 2015-05-13 04:03 155576 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-04-04 03:22 . 2015-05-13 04:03 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-04-04 03:22 . 2015-05-13 04:03 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-04-04 03:22 . 2015-05-13 04:03 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-04-04 03:22 . 2015-05-13 04:03 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-04-04 03:22 . 2015-05-13 04:03 28160 ----a-w- c:\windows\system32\secur32.dll
2015-04-04 03:22 . 2015-05-13 04:03 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-04-04 03:22 . 2015-05-13 04:03 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-04-04 03:22 . 2015-05-13 04:03 728064 ----a-w- c:\windows\system32\kerberos.dll
2015-04-04 03:22 . 2015-05-13 04:03 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-04-04 03:22 . 2015-05-13 04:03 22016 ----a-w- c:\windows\system32\credssp.dll
2015-04-04 03:20 . 2015-05-13 04:03 31232 ----a-w- c:\windows\system32\lsass.exe
2015-04-04 03:20 . 2015-05-13 04:03 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-04-04 03:17 . 2015-05-13 04:03 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-04-04 03:17 . 2015-05-13 04:03 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-04-04 03:15 . 2015-05-13 04:03 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-04-04 03:05 . 2015-05-13 04:03 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-04-04 03:05 . 2015-05-13 04:03 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-04-04 03:05 . 2015-05-13 04:03 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-04-04 03:05 . 2015-05-13 04:03 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-04-04 03:05 . 2015-05-13 04:03 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-04-04 03:05 . 2015-05-13 04:03 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-04-04 03:05 . 2015-05-13 04:03 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-04-04 03:04 . 2015-05-13 04:03 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2015-04-04 03:04 . 2015-05-13 04:03 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2015-04-04 03:01 . 2015-05-13 04:03 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2015-04-04 03:01 . 2015-05-13 04:03 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-04-04 02:59 . 2015-05-13 04:03 686080 ----a-w- c:\windows\SysWow64\adtschema.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-05-14 28917376]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-06-04 2892992]
"GoogleChromeAutoLaunch_AD39DCBBF0C8E335115CF32EE510DE61"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-06-20 813896]
"icq"="c:\users\Mateusz\AppData\Roaming\ICQM\icq.exe" [2015-05-04 36705800]
"Spotify Web Helper"="c:\users\Mateusz\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-07-01 2030648]
"Spotify"="c:\users\Mateusz\AppData\Roaming\Spotify\Spotify.exe" [2015-07-01 7504952]
"Dropbox Update"="c:\users\Mateusz\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-07-01 134512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2011-09-03 1636208]
"Integrated Webcam Live! Central"="c:\program files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" [2011-04-13 503942]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2011-08-12 75048]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2014-12-03 40336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-04-06 5512912]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-10 335232]
.
c:\users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mateusz\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 43871584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bigfoot Killer Network Manager.lnk - c:\program files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe -minimized [2011-3-30 778752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/02/02 09:01;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS;c:\windows\SYSNATIVE\DRIVERS\EMSC.SYS [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 BfLwf;Bigfoot Networks Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe;c:\program files\Alienware\Command Center\AlienFusionService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE;c:\program files (x86)\AlienRespawn\sftservice.EXE [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 Ak27x64;Killer Wireless-N 1102 device driver;c:\windows\system32\DRIVERS\Ak27x64.sys;c:\windows\SYSNATIVE\DRIVERS\Ak27x64.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys;c:\windows\SYSNATIVE\DRIVERS\nvstusb.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(1).sys [x]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(2).sys [x]
.
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - NVSTREAMKMS
*Deregistered* - CLKMDRV10_9EC60124
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-22 21:26 990024 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2015-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-27 12:48]
.
2015-07-01 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2983942405-1184955024-1870986945-1002Core.job
- c:\users\Mateusz\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-01 05:33]
.
2015-07-01 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2983942405-1184955024-1870986945-1002UA.job
- c:\users\Mateusz\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-01 05:33]
.
2015-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-19 03:07]
.
2015-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-19 03:07]
.
2015-07-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\AlienAutopsy\uaclauncher.exe [2011-03-22 17:20]
.
2015-07-01 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\AlienAutopsy\pcdrcui.exe [2011-03-22 17:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\Mateusz\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-04-06 12:03 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2011-04-13 13256]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-01-16 2585744]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-01-16 1514528]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-17 1128448]
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.155.1 8.8.8.8
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-Aimersoft Helper Compact.exe - c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
SafeBoot-42884803.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1e,ac,9e,45,b6,f3,29,4a,8c,8f,14,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1e,ac,9e,45,b6,f3,29,4a,8c,8f,14,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2015-07-01  16:50:13
ComboFix-quarantined-files.txt  2015-07-01 14:50
.
Przed: 88 782 745 600 bajtów wolnych
Po: 89 714 229 248 bajtów wolnych
.
- - End Of File - - 76265A12565531C3B71FA92DD54E7E8A
 

Edited by Mat28, 01 July 2015 - 10:13 AM.


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:30 AM

Posted 01 July 2015 - 10:26 AM

Step 1

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Mat28

Mat28
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 01 July 2015 - 11:33 AM

Results of Malwarebytes:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2015-07-01
Scan Time: 18:09
Logfile: 
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.07.01.03
Rootkit Database: v2015.06.30.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mateusz
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 388744
Time Elapsed: 19 min, 33 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
Trojan.Bedep.64, HKLM\SOFTWARE\CLASSES\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}, , [851259832763ec4a667ef350d036738d], 
Trojan.Bedep.64, HKU\S-1-5-21-2983942405-1184955024-1870986945-1002_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}, , [851259832763ec4a667ef350d036738d], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
Trojan.Clicker.FMS, C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}, , [04935b816129072f7d197b72c53ea759], 
 
Files: 2
Trojan.Bedep.64, C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\vfnws.dll, , [851259832763ec4a667ef350d036738d], 
Trojan.Clicker.FMS, C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\8afc49b02429a, , [04935b816129072f7d197b72c53ea759], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

 



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:30 AM

Posted 01 July 2015 - 11:36 AM

Did you select "quarantine" for the items?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 Mat28

Mat28
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 01 July 2015 - 11:38 AM

I dont think there was optuion for quarantine, I just deleted the selected ones.



#10 Mat28

Mat28
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 01 July 2015 - 11:42 AM

Ah ye they are all in quarantine I just browsed program and found them.



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:30 AM

Posted 01 July 2015 - 12:57 PM

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 Mat28

Mat28
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 01 July 2015 - 01:52 PM

To be added


Edited by Mat28, 01 July 2015 - 01:54 PM.


#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:30 AM

Posted 01 July 2015 - 01:56 PM

Why do you ask? :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 Mat28

Mat28
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 01 July 2015 - 01:57 PM

Why do you ask? :)

I missed the part where you asked to post logs from ESET scanner, I thought I was to scan and just be done with it. But was my bad I didn't read carefuly. Nevermind, just finishing scan as I type this. Should be up soon.



#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:30 AM

Posted 01 July 2015 - 01:59 PM

You have to post the ESET log as instructed.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users