Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

explorer.exe virus and ads popping up


  • This topic is locked This topic is locked
10 replies to this topic

#1 Supremee

Supremee

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 01 July 2015 - 07:17 AM

Hello again. I was advised to create topic on this forum. As I mentioned in my last thread my explorer is working really slow and yesterday I had ads popping up out of nowhere. I also have 2 explorer.exe files running in the background and everything is working really slowly and my cpu usage is way higher than it should be. The system I'm using is windows 7 64x. I used combofix, tdsskiller and fixpowerliks64 but I can't find logs from combofix. If you have any other questions that might speed up fixing process feel free to ask them. 

FRST.txt log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by ROBERT (administrator) on ROBERT-XNOTE on 01-07-2015 14:04:35
Running from C:\Users\ROBERT\Desktop
Loaded Profiles: ROBERT (Available Profiles: ROBERT)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(SparkLabs) C:\Program Files\LiquidVPN\LiquidViscosityService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(SparkLabs) C:\Program Files\WiTopia\WiTopiaService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Authentec) C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) F:\Steam\Steam.exe
() C:\Program Files (x86)\screenSHU\screenSHU.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Flux Software LLC) C:\Users\ROBERT\AppData\Local\FluxSoftware\Flux\flux.exe
(Spotify Ltd) C:\Users\ROBERT\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
() C:\Program Files (x86)\Tiger At Work\tigerVPN\tigervpn.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
() C:\Program Files (x86)\Tiger At Work\tigerVPN\tigervpn.exe
(Disc Soft Ltd) F:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Razer, Inc.) C:\Users\ROBERT\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Valve Corporation) F:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(GOG.com) F:\GalaxyClient\GalaxyClient.exe
() C:\Program Files (x86)\Tiger At Work\tigerVPN\tigervpn.exe
(GOG.com) F:\GalaxyClient\GalaxyClient Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13449288 2013-09-25] (Realtek Semiconductor)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [KeepSafe] => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe [38728 2011-10-21] (Authentec)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-12-01] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [FWS_FlawlessWidescreen] => F:\Flawless Widescreen\FlawlessWidescreen.exe [2607104 2014-05-30] (Flawless Widescreen)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Sound Blaster X-Fi MB 3] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe [2109440 2013-04-23] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1684360 2015-05-26] (APN)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2015-05-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-05-05] (Raptr, Inc)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-01] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Run: [Steam] => F:\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Run: [DAEMON Tools Lite] => F:\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Run: [{38BC312C-B7A0-47AD-B591-81EDE177D2E6}] => E:\DOWNLOAD\AetherFlyffSetup.exe [880504238 2014-06-09] (AetherNet)
HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Run: [AceStream] => C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\ace_engine.exe [27904 2014-09-25] ()
HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Run: [screenSHU] => C:\Program Files (x86)\screenSHU\screenSHU.exe [2112000 2013-09-04] ()
HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28787840 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Run: [f.lux] => C:\Users\ROBERT\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Run: [Spotify Web Helper] => C:\Users\ROBERT\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030648 2015-06-21] (Spotify Ltd)
HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Run: [WiTopia] => C:\Program Files\WiTopia\WiTopia.exe [814368 2014-06-06] (SparkLabs)
HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Run: [Liquid Viscosity] => C:\Program Files\LiquidVPN\Liquid Viscosity.exe [1730848 2015-03-20] (SparkLabs)
HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Run: [GalaxyClient] => F:\GalaxyClient\GalaxyClient.exe [7457336 2015-05-28] (GOG.com)
HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Run: [DAEMON Tools Lite Automount] => F:\Program Files\DAEMON Tools Lite\DTAgent.exe [4471536 2015-05-21] (Disc Soft Ltd)
HKU\S-1-5-21-202827098-3153037104-392958406-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174856 2014-09-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-09-14] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2013-09-25]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\tigerVPN.lnk [2015-05-01]
ShortcutTarget: tigerVPN.lnk -> C:\Windows\SysWOW64\schtasks.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-01] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [2015-03-07] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [2015-03-07] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [2015-03-07] (Symantec Corporation)
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {BC6D10E6-AE59-4cef-83DB-FD4C9BC7B7F2} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll [2011-10-21] (Authentec)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {93BB455E-3D52-4fba-9733-E5103B30FC12} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll [2011-10-21] (Authentec)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-202827098-3153037104-392958406-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-202827098-3153037104-392958406-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-202827098-3153037104-392958406-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.pl/
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-202827098-3153037104-392958406-1000 -> DefaultScope {7D05FC49-07E7-4EDC-A3EE-58A81A73AD0B} URL = http://www.google.com/search?hl=pl&q={searchTerms}
SearchScopes: HKU\S-1-5-21-202827098-3153037104-392958406-1000 -> {7D05FC49-07E7-4EDC-A3EE-58A81A73AD0B} URL = http://www.google.com/search?hl=pl&q={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-07] (Oracle Corporation)
BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\AuthenTec TrueSuite\IEBHO.DLL [2012-08-24] (AuthenTec Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-01] (Avast Software s.r.o.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-07] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-05] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-07] (Oracle Corporation)
BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll [2012-08-24] (AuthenTec Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-01] (Avast Software s.r.o.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-07] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1E14F613-5E9A-4C4B-AF3D-C6153CA8E7AE}: [NameServer] 10.10.10.10
Tcpip\..\Interfaces\{25C93C65-C701-49F6-9550-693FB10019BA}: [NameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{25C93C65-C701-49F6-9550-693FB10019BA}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4BADEE7C-A07E-464F-BE34-06C289672380}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{785064F6-68A9-4E1A-9408-E8D84614AE01}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{78804D21-6499-4F52-8EDB-1D4D39E506D8}: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{78804D21-6499-4F52-8EDB-1D4D39E506D8}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{852B1717-E02C-4618-8846-58FAC0E95E7E}: [NameServer] 10.10.10.10
Tcpip\..\Interfaces\{95CC21B2-F381-400F-BC56-78652A7B0FDA}: [NameServer] 10.10.10.10
Tcpip\..\Interfaces\{98883E9F-2651-47FA-94D1-E728B1F5C66B}: [NameServer] 10.10.10.10
 
FireFox:
========
FF ProfilePath: C:\Users\ROBERT\AppData\Roaming\Mozilla\Firefox\Profiles\zdj916pz.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-15] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-07] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\AuthenTec TrueSuite\x86\npffwloplugin.dll [2012-08-24] (AuthenTec, Inc)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-202827098-3153037104-392958406-1000: @acestream.net/acestreamplugin,version=2.1.5.3 -> C:\Users\ROBERT\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-06-13] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-202827098-3153037104-392958406-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2012-10-17] (Ubisoft)
FF Extension: ProxTube - C:\Users\ROBERT\AppData\Roaming\Mozilla\Firefox\Profiles\zdj916pz.default\Extensions\ich@maltegoetz.de.xpi [2014-09-13]
FF Extension: Adblock Plus - C:\Users\ROBERT\AppData\Roaming\Mozilla\Firefox\Profiles\zdj916pz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-27]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2015-05-06]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\coFFPlgn [2015-07-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-02-27]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-01]
FF HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\ROBERT\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Users\ROBERT\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org [2014-06-17]
 
Chrome: 
=======
CHR Profile: C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-04]
CHR Extension: (Google Drive) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-04]
CHR Extension: (YouTube) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-04]
CHR Extension: (Google Search) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-04]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-03-02]
CHR Extension: (iCloud Bookmarks) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2014-11-23]
CHR Extension: (AdBlock) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-04]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-05-10]
CHR Extension: (No Name) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2014-10-10]
CHR Extension: (Google Wallet) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-04]
CHR Extension: (Website Logon) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelloajafbopojkjmieelljfkcmdpdhf [2014-02-04]
CHR Extension: (Page Monitor) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2014-04-25]
CHR Extension: (Gmail) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-04]
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-05-26]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-24]
CHR HKLM-x32\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-05-26]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-01]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-24]
CHR HKLM-x32\...\Chrome\Extension: [oelloajafbopojkjmieelljfkcmdpdhf] - C:\Program Files\AuthenTec TrueSuite\x86\tschrome.crx [2012-08-13]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [178568 2015-04-28] (APN LLC.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-01] (Avast Software s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [760192 2015-01-10] ()
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-09-25] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-09-25] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [406016 2011-09-14] (Creative Technology Ltd) [File not signed]
R3 Disc Soft Lite Bus Service; F:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272560 2015-05-21] (Disc Soft Ltd)
R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [2125160 2012-08-24] (AuthenTec, Inc)
S3 GalaxyClientService; F:\GalaxyClient\GalaxyClientService.exe [1751096 2015-05-28] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6677048 2015-06-18] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-02-23] (Intel Corporation)
R2 LiquidViscosityService; C:\Program Files\LiquidVPN\LiquidViscosityService.exe [88864 2015-03-20] (SparkLabs)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-06-13] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\N360.exe [265000 2015-03-07] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-09-27] ()
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [46592 2013-05-29] () [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-11-01] ()
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WiTopiaService; C:\Program Files\WiTopia\WiTopiaService.exe [70432 2014-06-06] (SparkLabs)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3376880 2013-06-13] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-01] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-01] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-01] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [88376 2013-03-18] (Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [132920 2013-03-25] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1366328 2013-03-28] (Motorola Solutions, Inc.)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1507000.00B\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-06-15] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-09-27] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-22] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\IPSDefs\20140717.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20140718.002\ENG64.SYS [126040 2014-07-04] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20140718.002\EX64.SYS [2099288 2014-07-04] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-11-01] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31032 2012-12-01] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1507000.00B\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1507000.00B\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-25] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 visctap0901; C:\Windows\System32\DRIVERS\visctap0901.sys [39048 2015-03-20] (The OpenVPN Project)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Users\ROBERT\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-01 14:04 - 2015-07-01 14:04 - 00039535 _____ C:\Users\ROBERT\Desktop\FRST.txt
2015-07-01 14:04 - 2015-07-01 14:04 - 00000000 ____D C:\FRST
2015-07-01 14:03 - 2015-07-01 14:03 - 02112512 _____ (Farbar) C:\Users\ROBERT\Desktop\FRST64.exe
2015-07-01 13:06 - 2015-07-01 13:08 - 00000050 _____ C:\Users\ROBERT\Desktop\FixPoweliks64.log
2015-07-01 13:03 - 2015-07-01 13:03 - 02747488 _____ (Symantec Corporation) C:\Users\ROBERT\Desktop\FixPoweliks64.exe
2015-07-01 12:50 - 2015-07-01 12:50 - 00025793 _____ C:\ComboFix.txt
2015-07-01 01:03 - 2015-07-01 12:50 - 00000000 ____D C:\Windows\erdnt
2015-07-01 01:03 - 2015-07-01 12:50 - 00000000 ____D C:\Qoobox
2015-07-01 01:03 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-01 01:03 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-01 01:03 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-01 01:03 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-01 01:03 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-01 01:03 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-01 01:03 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-01 01:03 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-01 01:01 - 2015-07-01 01:02 - 05631262 ____R (Swearware) C:\Users\ROBERT\Desktop\ComboFix.exe
2015-07-01 00:55 - 2015-07-01 00:55 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-07-01 00:29 - 2015-07-01 00:29 - 00000000 ____D C:\Users\ROBERT\AppData\Roaming\AVAST Software
2015-07-01 00:28 - 2015-07-01 00:28 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-01 00:28 - 2015-07-01 00:28 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-07-01 00:28 - 2015-07-01 00:28 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-07-01 00:28 - 2015-07-01 00:28 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-07-01 00:28 - 2015-07-01 00:28 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-07-01 00:28 - 2015-07-01 00:28 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-07-01 00:28 - 2015-07-01 00:28 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-01 00:28 - 2015-07-01 00:28 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-01 00:28 - 2015-07-01 00:28 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-07-01 00:28 - 2015-07-01 00:28 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys
2015-07-01 00:28 - 2015-07-01 00:28 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-01 00:28 - 2015-07-01 00:28 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-07-01 00:28 - 2015-07-01 00:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-01 00:25 - 2015-07-01 00:25 - 00000000 ____D C:\Program Files\AVAST Software
2015-07-01 00:24 - 2015-07-01 00:24 - 00000000 ____D C:\ProgramData\AVAST Software
2015-06-30 17:16 - 2015-07-01 00:56 - 00000000 ___HD C:\Users\ROBERT\AppData\Roaming\922B2820
2015-06-30 17:15 - 2015-06-30 17:17 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-06-22 21:15 - 2015-06-22 21:48 - 00000000 ____D C:\Users\ROBERT\Desktop\studia
2015-06-16 15:37 - 2015-06-16 15:37 - 00000000 ____D C:\Users\ROBERT\AppData\Roaming\Shooter
2015-06-15 20:53 - 2015-06-15 20:53 - 00000631 _____ C:\Users\Public\Desktop\Black & White 2.lnk
2015-06-15 20:48 - 2015-06-15 20:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black & White 2
2015-06-15 20:41 - 2015-06-15 20:41 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-06-15 17:46 - 2015-06-15 20:01 - 00000000 ____D C:\Users\ROBERT\AppData\Roaming\BitTorrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-01 14:05 - 2014-02-04 04:07 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-01 14:04 - 2013-09-26 17:18 - 00000000 ____D C:\Users\ROBERT\AppData\Roaming\Skype
2015-07-01 13:06 - 2015-05-01 01:38 - 00000000 ____D C:\Users\ROBERT\AppData\Local\tigerVPN
2015-07-01 13:06 - 2014-08-22 23:19 - 00000000 ____D C:\Users\ROBERT\AppData\Local\screenSHU
2015-07-01 13:06 - 2014-04-22 14:23 - 00000000 ____D C:\Users\ROBERT\AppData\Roaming\Raptr
2015-07-01 13:06 - 2013-09-25 16:48 - 01106781 _____ C:\Windows\WindowsUpdate.log
2015-07-01 13:05 - 2014-11-23 14:01 - 00000000 ___RD C:\Users\ROBERT\iCloudDrive
2015-07-01 13:05 - 2014-02-04 04:07 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-01 12:55 - 2009-07-14 19:55 - 00741386 _____ C:\Windows\system32\perfh015.dat
2015-07-01 12:55 - 2009-07-14 19:55 - 00156426 _____ C:\Windows\system32\perfc015.dat
2015-07-01 12:55 - 2009-07-14 07:13 - 01672612 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-01 12:55 - 2009-07-14 06:45 - 00013632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-01 12:55 - 2009-07-14 06:45 - 00013632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-01 12:50 - 2014-04-23 03:13 - 00000000 ____D C:\Users\dub_cm_auto
2015-07-01 12:50 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-07-01 12:49 - 2014-04-24 14:07 - 00093018 _____ C:\Windows\setupact.log
2015-07-01 12:49 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-01 12:48 - 2014-04-30 20:51 - 00105418 _____ C:\Windows\PFRO.log
2015-07-01 12:48 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-01 10:19 - 2015-05-25 02:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-06-28 02:48 - 2013-09-26 23:33 - 00000000 ____D C:\Users\ROBERT\AppData\Roaming\Mumble
2015-06-25 20:20 - 2013-09-27 16:45 - 00000000 ____D C:\Users\ROBERT\AppData\Local\CrashDumps
2015-06-24 04:05 - 2013-09-29 18:50 - 00000000 ____D C:\Users\ROBERT\AppData\Roaming\TS3Client
2015-06-23 23:32 - 2014-12-25 00:01 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-23 13:50 - 2015-01-21 12:00 - 00000000 ____D C:\Users\ROBERT\AppData\Roaming\ViscosityVPP_smrhosting
2015-06-22 23:09 - 2014-02-04 04:08 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-21 21:28 - 2014-10-09 21:39 - 00000000 ____D C:\Users\ROBERT\AppData\Roaming\Spotify
2015-06-21 16:48 - 2014-10-09 21:42 - 00000000 ____D C:\Users\ROBERT\AppData\Local\Spotify
2015-06-15 20:58 - 2014-06-21 00:42 - 00000000 ____D C:\Users\ROBERT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-06-15 20:48 - 2014-05-22 00:03 - 00134739 _____ C:\Windows\DirectX.log
2015-06-15 20:48 - 2013-09-25 16:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-14 17:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-12 09:52 - 2013-09-26 17:18 - 00000000 ____D C:\ProgramData\Skype
2015-06-07 08:59 - 2015-05-15 18:22 - 00000000 ____D C:\Users\ROBERT\Desktop\ch
 
==================== Files in the root of some directories =======
 
2013-10-05 23:15 - 2013-10-05 23:15 - 0002979 _____ () C:\Users\ROBERT\AppData\Local\recently-used.xbel
2014-04-12 10:40 - 2014-04-12 10:40 - 0007602 _____ () C:\Users\ROBERT\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-23 13:07
 
==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:30 AM

Posted 06 July 2015 - 07:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/581501 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Supremee

Supremee
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 06 July 2015 - 11:04 AM

Explorer.exe is constantly crashing and working really slow in general, I don't have any ads popping up as of now, I have original windows dvd available if it's going to be needed to fix the problem. If you have any other questions feel free to ask them and I will provide needed information.
Here is the frst.exe log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by ROBERT (administrator) on ROBERT-XNOTE on 06-07-2015 17:58:15
Running from C:\Users\ROBERT\Desktop
Loaded Profiles: ROBERT (Available Profiles: ROBERT)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(SparkLabs) C:\Program Files\LiquidVPN\LiquidViscosityService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(SparkLabs) C:\Program Files\WiTopia\WiTopiaService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Authentec) C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Valve Corporation) F:\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\ace_engine.exe
() C:\Program Files (x86)\screenSHU\screenSHU.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Flux Software LLC) C:\Users\ROBERT\AppData\Local\FluxSoftware\Flux\flux.exe
(Spotify Ltd) C:\Users\ROBERT\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(SparkLabs) C:\Program Files\WiTopia\WiTopia.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
(Disc Soft Ltd) F:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\ROBERT\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Valve Corporation) F:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(GOG.com) F:\GalaxyClient\GalaxyClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(GOG.com) F:\GalaxyClient\GalaxyClient Helper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
() C:\Users\ROBERT\AppData\Roaming\ACEStream\updater\ace_update.exe
(Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13449288 2013-09-25] (Realtek Semiconductor)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [KeepSafe] => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe [38728 2011-10-21] (Authentec)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-12-01] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [FWS_FlawlessWidescreen] => F:\Flawless Widescreen\FlawlessWidescreen.exe [2607104 2014-05-30] (Flawless Widescreen)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Sound Blaster X-Fi MB 3] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe [2109440 2013-04-23] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1684360 2015-05-26] (APN)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2015-05-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-05-05] (Raptr, Inc)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-01] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Run: [Steam] => F:\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Run: [DAEMON Tools Lite] => F:\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Run: [{38BC312C-B7A0-47AD-B591-81EDE177D2E6}] => E:\DOWNLOAD\AetherFlyffSetup.exe [880504238 2014-06-09] (AetherNet)
HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Run: [AceStream] => C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\ace_engine.exe [27904 2014-09-25] ()
HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Run: [screenSHU] => C:\Program Files (x86)\screenSHU\screenSHU.exe [2112000 2013-09-04] ()
HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28787840 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Run: [f.lux] => C:\Users\ROBERT\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Run: [Spotify Web Helper] => C:\Users\ROBERT\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030648 2015-06-21] (Spotify Ltd)
HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Run: [WiTopia] => C:\Program Files\WiTopia\WiTopia.exe [814368 2014-06-06] (SparkLabs)
HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Run: [Liquid Viscosity] => C:\Program Files\LiquidVPN\Liquid Viscosity.exe [1730848 2015-03-20] (SparkLabs)
HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Run: [GalaxyClient] => F:\GalaxyClient\GalaxyClient.exe [7246904 2015-07-03] (GOG.com)
HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Run: [DAEMON Tools Lite Automount] => F:\Program Files\DAEMON Tools Lite\DTAgent.exe [4471536 2015-05-21] (Disc Soft Ltd)
HKU\S-1-5-21-202827098-3153037104-392958406-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174856 2014-09-14] (NVIDIA Corporation)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-09-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-09-14] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2013-09-25]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\tigerVPN.lnk [2015-05-01]
ShortcutTarget: tigerVPN.lnk -> C:\Windows\SysWOW64\schtasks.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-01] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [2015-03-07] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [2015-03-07] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [2015-03-07] (Symantec Corporation)
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {BC6D10E6-AE59-4cef-83DB-FD4C9BC7B7F2} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll [2011-10-21] (Authentec)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {93BB455E-3D52-4fba-9733-E5103B30FC12} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll [2011-10-21] (Authentec)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-202827098-3153037104-392958406-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-202827098-3153037104-392958406-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-202827098-3153037104-392958406-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.pl/
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-202827098-3153037104-392958406-1000 -> DefaultScope {7D05FC49-07E7-4EDC-A3EE-58A81A73AD0B} URL = http://www.google.com/search?hl=pl&q={searchTerms}
SearchScopes: HKU\S-1-5-21-202827098-3153037104-392958406-1000 -> {7D05FC49-07E7-4EDC-A3EE-58A81A73AD0B} URL = http://www.google.com/search?hl=pl&q={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-07] (Oracle Corporation)
BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\AuthenTec TrueSuite\IEBHO.DLL [2012-08-24] (AuthenTec Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-01] (Avast Software s.r.o.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-07] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-05] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-07] (Oracle Corporation)
BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll [2012-08-24] (AuthenTec Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-01] (Avast Software s.r.o.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-07] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1E14F613-5E9A-4C4B-AF3D-C6153CA8E7AE}: [NameServer] 10.10.10.10
Tcpip\..\Interfaces\{25C93C65-C701-49F6-9550-693FB10019BA}: [NameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{25C93C65-C701-49F6-9550-693FB10019BA}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4BADEE7C-A07E-464F-BE34-06C289672380}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{785064F6-68A9-4E1A-9408-E8D84614AE01}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{78804D21-6499-4F52-8EDB-1D4D39E506D8}: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{78804D21-6499-4F52-8EDB-1D4D39E506D8}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{852B1717-E02C-4618-8846-58FAC0E95E7E}: [NameServer] 10.10.10.10
Tcpip\..\Interfaces\{95CC21B2-F381-400F-BC56-78652A7B0FDA}: [NameServer] 10.10.10.10
Tcpip\..\Interfaces\{98883E9F-2651-47FA-94D1-E728B1F5C66B}: [NameServer] 10.10.10.10
 
FireFox:
========
FF ProfilePath: C:\Users\ROBERT\AppData\Roaming\Mozilla\Firefox\Profiles\zdj916pz.default
FF Homepage: https://www.google.pl/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-15] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-07] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\AuthenTec TrueSuite\x86\npffwloplugin.dll [2012-08-24] (AuthenTec, Inc)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-202827098-3153037104-392958406-1000: @acestream.net/acestreamplugin,version=2.1.5.3 -> C:\Users\ROBERT\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-06-13] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-202827098-3153037104-392958406-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2012-10-17] (Ubisoft)
FF Extension: ProxTube - C:\Users\ROBERT\AppData\Roaming\Mozilla\Firefox\Profiles\zdj916pz.default\Extensions\ich@maltegoetz.de.xpi [2014-09-13]
FF Extension: Adblock Plus - C:\Users\ROBERT\AppData\Roaming\Mozilla\Firefox\Profiles\zdj916pz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-27]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2015-05-06]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\coFFPlgn [2015-07-06]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-02-27]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-01]
FF HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\ROBERT\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Users\ROBERT\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org [2014-06-17]
 
Chrome: 
=======
CHR Profile: C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-04]
CHR Extension: (Google Drive) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-04]
CHR Extension: (YouTube) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-04]
CHR Extension: (Google Search) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-04]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-03-02]
CHR Extension: (Avast SafePrice) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-07-06]
CHR Extension: (iCloud Bookmarks) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2014-11-23]
CHR Extension: (AdBlock) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-04]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-05-10]
CHR Extension: (No Name) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2014-10-10]
CHR Extension: (Google Wallet) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-04]
CHR Extension: (Website Logon) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelloajafbopojkjmieelljfkcmdpdhf [2014-02-04]
CHR Extension: (Page Monitor) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2014-04-25]
CHR Extension: (Gmail) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-04]
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-05-26]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-24]
CHR HKLM-x32\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-05-26]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-01]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-24]
CHR HKLM-x32\...\Chrome\Extension: [oelloajafbopojkjmieelljfkcmdpdhf] - C:\Program Files\AuthenTec TrueSuite\x86\tschrome.crx [2012-08-13]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [178568 2015-04-28] (APN LLC.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-01] (Avast Software s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [760192 2015-01-10] ()
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-09-25] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-09-25] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [406016 2011-09-14] (Creative Technology Ltd) [File not signed]
R3 Disc Soft Lite Bus Service; F:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272560 2015-05-21] (Disc Soft Ltd)
R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [2125160 2012-08-24] (AuthenTec, Inc)
S3 GalaxyClientService; F:\GalaxyClient\GalaxyClientService.exe [1718840 2015-07-03] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6677048 2015-07-03] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-02-23] (Intel Corporation)
R2 LiquidViscosityService; C:\Program Files\LiquidVPN\LiquidViscosityService.exe [88864 2015-03-20] (SparkLabs)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-06-13] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\N360.exe [265000 2015-03-07] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-09-27] ()
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [46592 2013-05-29] () [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-11-01] ()
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WiTopiaService; C:\Program Files\WiTopia\WiTopiaService.exe [70432 2014-06-06] (SparkLabs)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3376880 2013-06-13] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-01] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-01] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-01] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [88376 2013-03-18] (Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [132920 2013-03-25] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1366328 2013-03-28] (Motorola Solutions, Inc.)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1507000.00B\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-06-15] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-09-27] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-22] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\IPSDefs\20140717.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20140718.002\ENG64.SYS [126040 2014-07-04] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20140718.002\EX64.SYS [2099288 2014-07-04] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-11-01] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31032 2012-12-01] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1507000.00B\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1507000.00B\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-25] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 visctap0901; C:\Windows\System32\DRIVERS\visctap0901.sys [39048 2015-03-20] (The OpenVPN Project)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Users\ROBERT\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-06 17:58 - 2015-07-06 17:58 - 00038701 _____ C:\Users\ROBERT\Desktop\FRST.txt
2015-07-01 14:04 - 2015-07-06 17:58 - 00000000 ____D C:\FRST
2015-07-01 14:03 - 2015-07-01 14:03 - 02112512 _____ (Farbar) C:\Users\ROBERT\Desktop\FRST64.exe
2015-07-01 13:06 - 2015-07-01 13:08 - 00000050 _____ C:\Users\ROBERT\Desktop\FixPoweliks64.log
2015-07-01 13:03 - 2015-07-01 13:03 - 02747488 _____ (Symantec Corporation) C:\Users\ROBERT\Desktop\FixPoweliks64.exe
2015-07-01 12:50 - 2015-07-01 12:50 - 00025793 _____ C:\ComboFix.txt
2015-07-01 01:03 - 2015-07-01 12:50 - 00000000 ____D C:\Windows\erdnt
2015-07-01 01:03 - 2015-07-01 12:50 - 00000000 ____D C:\Qoobox
2015-07-01 01:03 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-01 01:03 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-01 01:03 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-01 01:03 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-01 01:03 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-01 01:03 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-01 01:03 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-01 01:03 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-01 01:01 - 2015-07-01 01:02 - 05631262 ____R (Swearware) C:\Users\ROBERT\Desktop\ComboFix.exe
2015-07-01 00:55 - 2015-07-01 00:55 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-07-01 00:29 - 2015-07-01 00:29 - 00000000 ____D C:\Users\ROBERT\AppData\Roaming\AVAST Software
2015-07-01 00:28 - 2015-07-01 00:28 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-01 00:28 - 2015-07-01 00:28 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-07-01 00:28 - 2015-07-01 00:28 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-07-01 00:28 - 2015-07-01 00:28 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-07-01 00:28 - 2015-07-01 00:28 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-07-01 00:28 - 2015-07-01 00:28 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-07-01 00:28 - 2015-07-01 00:28 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-01 00:28 - 2015-07-01 00:28 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-01 00:28 - 2015-07-01 00:28 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-07-01 00:28 - 2015-07-01 00:28 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys
2015-07-01 00:28 - 2015-07-01 00:28 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-01 00:28 - 2015-07-01 00:28 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-07-01 00:28 - 2015-07-01 00:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-01 00:25 - 2015-07-01 00:25 - 00000000 ____D C:\Program Files\AVAST Software
2015-07-01 00:24 - 2015-07-01 00:24 - 00000000 ____D C:\ProgramData\AVAST Software
2015-06-30 17:16 - 2015-07-01 00:56 - 00000000 ___HD C:\Users\ROBERT\AppData\Roaming\922B2820
2015-06-30 17:15 - 2015-06-30 17:17 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-06-22 21:15 - 2015-06-22 21:48 - 00000000 ____D C:\Users\ROBERT\Desktop\studia
2015-06-16 15:37 - 2015-06-16 15:37 - 00000000 ____D C:\Users\ROBERT\AppData\Roaming\Shooter
2015-06-15 20:53 - 2015-06-15 20:53 - 00000631 _____ C:\Users\Public\Desktop\Black & White 2.lnk
2015-06-15 20:48 - 2015-06-15 20:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black & White 2
2015-06-15 20:41 - 2015-06-15 20:41 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-06-15 17:46 - 2015-06-15 20:01 - 00000000 ____D C:\Users\ROBERT\AppData\Roaming\BitTorrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-06 17:58 - 2013-09-26 17:18 - 00000000 ____D C:\Users\ROBERT\AppData\Roaming\Skype
2015-07-06 17:58 - 2009-07-14 06:45 - 00013632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-06 17:58 - 2009-07-14 06:45 - 00013632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-06 17:56 - 2009-07-14 19:55 - 00741386 _____ C:\Windows\system32\perfh015.dat
2015-07-06 17:56 - 2009-07-14 19:55 - 00156426 _____ C:\Windows\system32\perfc015.dat
2015-07-06 17:56 - 2009-07-14 07:13 - 01672612 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-06 17:55 - 2015-05-01 01:38 - 00000000 ____D C:\Users\ROBERT\AppData\Local\tigerVPN
2015-07-06 17:53 - 2013-09-25 16:48 - 01241551 _____ C:\Windows\WindowsUpdate.log
2015-07-06 17:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-06 17:52 - 2014-04-24 14:07 - 00094082 _____ C:\Windows\setupact.log
2015-07-06 17:51 - 2014-11-23 14:01 - 00000000 ___RD C:\Users\ROBERT\iCloudDrive
2015-07-06 17:51 - 2014-08-22 23:19 - 00000000 ____D C:\Users\ROBERT\AppData\Local\screenSHU
2015-07-06 17:51 - 2014-04-22 14:23 - 00000000 ____D C:\Users\ROBERT\AppData\Roaming\Raptr
2015-07-06 17:51 - 2014-02-04 04:07 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-06 17:49 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-04 18:05 - 2014-02-04 04:07 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-04 02:48 - 2013-09-25 17:58 - 00000000 ____D C:\ProgramData\Norton
2015-07-04 02:46 - 2013-09-25 19:00 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-07-03 17:03 - 2014-04-12 10:40 - 00007626 _____ C:\Users\ROBERT\AppData\Local\Resmon.ResmonCfg
2015-07-01 12:50 - 2014-04-23 03:13 - 00000000 ____D C:\Users\dub_cm_auto
2015-07-01 12:50 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-07-01 12:49 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-01 12:48 - 2014-04-30 20:51 - 00105418 _____ C:\Windows\PFRO.log
2015-07-01 10:19 - 2015-05-25 02:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-06-28 02:48 - 2013-09-26 23:33 - 00000000 ____D C:\Users\ROBERT\AppData\Roaming\Mumble
2015-06-25 20:20 - 2013-09-27 16:45 - 00000000 ____D C:\Users\ROBERT\AppData\Local\CrashDumps
2015-06-24 04:05 - 2013-09-29 18:50 - 00000000 ____D C:\Users\ROBERT\AppData\Roaming\TS3Client
2015-06-23 23:32 - 2014-12-25 00:01 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-23 13:50 - 2015-01-21 12:00 - 00000000 ____D C:\Users\ROBERT\AppData\Roaming\ViscosityVPP_smrhosting
2015-06-22 23:09 - 2014-02-04 04:08 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-21 21:28 - 2014-10-09 21:39 - 00000000 ____D C:\Users\ROBERT\AppData\Roaming\Spotify
2015-06-21 16:48 - 2014-10-09 21:42 - 00000000 ____D C:\Users\ROBERT\AppData\Local\Spotify
2015-06-15 20:58 - 2014-06-21 00:42 - 00000000 ____D C:\Users\ROBERT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-06-15 20:48 - 2014-05-22 00:03 - 00134739 _____ C:\Windows\DirectX.log
2015-06-15 20:48 - 2013-09-25 16:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-12 09:52 - 2013-09-26 17:18 - 00000000 ____D C:\ProgramData\Skype
2015-06-07 08:59 - 2015-05-15 18:22 - 00000000 ____D C:\Users\ROBERT\Desktop\ch
 
==================== Files in the root of some directories =======
 
2013-10-05 23:15 - 2013-10-05 23:15 - 0002979 _____ () C:\Users\ROBERT\AppData\Local\recently-used.xbel
2014-04-12 10:40 - 2015-07-03 17:03 - 0007626 _____ () C:\Users\ROBERT\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-03 18:54
 
==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by ROBERT at 2015-07-06 17:59:02
Running from C:\Users\ROBERT\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-202827098-3153037104-392958406-500 - Administrator - Disabled)
Gość (S-1-5-21-202827098-3153037104-392958406-501 - Limited - Disabled)
ROBERT (S-1-5-21-202827098-3153037104-392958406-1000 - Administrator - Enabled) => C:\Users\ROBERT

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 Premier Edition (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Norton 360 Premier Edition (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 Premier Edition (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
Ace Stream Media 2.1.5.3 (HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\AceStream) (Version: 2.1.5.3 - Ace Stream Media) <==== ATTENTION!
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.11 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
AetherFlyff (HKLM-x32\...\{38BC312C-B7A0-47AD-B591-81EDE177D2E6}) (Version: 1.0.0 - AetherNet)
AirVPN (HKLM-x32\...\AirVPN) (Version: - AirVPN - https://airvpn.org)
Aktualizacje NVIDIA 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audition (HKLM-x32\...\{EA9B4B3E-4C46-4A5F-8D12-6A1331C114A6}) (Version: 1.00.0000 - Redbana)
AuthenTec Fingerprint Driver (Version: 1.6.1.0342 - AuthenTec) Hidden
AuthenTec TrueSuite (HKLM\...\{9A4D399F-F790-4326-A9E4-64DF25E0EBE1}) (Version: 5.2.500.16 - Nazwa firmy)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - )
Beard and Hairstyle Set (HKLM-x32\...\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com)
BisonCam (HKLM-x32\...\{5BBC4803-C96E-4D3E-9D1D-2E43774C4062}) (Version: - BisonCam)
BitTorrent (HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\BitTorrent) (Version: 7.9.3.40299 - BitTorrent Inc.)
Black & White® 2 (HKLM-x32\...\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}) (Version: 1.00.0000 - Lionhead Studios)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bully: Scholarship Edition (HKLM-x32\...\Steam App 12200) (Version: - Rockstar New England)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Cryptostorm Client (HKLM-x32\...\{35A52EE3-6D23-4AA6-B881-3F10658D626C}_is1) (Version: 2.22 - Cryptostorm)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.0.0.0054 - Disc Soft Ltd)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0337 - Disc Soft Ltd)
Deponia (HKLM-x32\...\Steam App 214340) (Version: - Daedalic Entertainment)
Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version: - Splash Damage®)
Divinity: Original Sin (HKLM-x32\...\Steam App 230230) (Version: - Larian Studios)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - Klei Entertainment)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version: - Klei Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version: - Humble Hearts LLC)
EA Sports™ FIFA World (HKLM-x32\...\{8F9AC744-EEF6-43DB-A4B6-FA1A18F1C640}) (Version: 7.0.0.45489 - Electronic Arts, Inc.)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version: - SCS Software)
f.lux (HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Flux) (Version: - )
Finger Printer (HKLM-x32\...\InstallShield_{793C03D1-884D-4C11-A7F6-07F3FDF10066}) (Version: 2.01.0000 - )
Finger Printer (x32 Version: 2.01.0000 - ) Hidden
Flawless Widescreen version 1.0.15 (HKLM-x32\...\{7348D82E-8C68-48FF-BA2D-8C97B5B4B3D8}_is1) (Version: 1.0.15 - Flawless Widescreen)
Freestyle GunZ version 7.0 (HKLM-x32\...\{B46FB5E0-11F2-4C63-A2A5-32E30106CD0C}_is1) (Version: 7.0 - FreestylersWorld)
FreeStyle2 (HKLM-x32\...\{67E8ED8C-0318-4F6B-BE6F-FC042EE9BD15}) (Version: 1.02.0000 - Joycity)
FreeStyle2: Street Basketball (HKLM-x32\...\Steam App 339610) (Version: - Joycity)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games)
GimpShop 2.8 (HKLM-x32\...\{3F1C9552-58E0-4AAC-A616-AE3A28720EC6}) (Version: 2.8 - GimpShop)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Hotkey 7.0026 (HKLM-x32\...\InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}) (Version: 7.0026 - NoteBook)
Hotkey 7.0026 (x32 Version: 7.0026 - NoteBook) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3257 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1304-148929CC1385}) (Version: 3.0.1304.0338 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
join.me (HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\JoinMe) (Version: 1.15.0.136 - LogMeIn, Inc.)
LibreOffice 4.1.1.2 (HKLM-x32\...\{F1EE568A-171F-4C06-9BE6-2395BED067A3}) (Version: 4.1.1.2 - The Document Foundation)
Liquid Viscosity 1.0.0 (1081) (HKLM\...\{6B859FAA-B180-4779-A754-086A308C49CC-ViscosityV~E1B16741_is1) (Version: 1.0.0 - S.M.R Hosting L.L.C.)
Loadout (HKLM-x32\...\Steam App 208090) (Version: - Edge of Reality)
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.7 - www.leaguereplays.com)
Mafia II (HKLM-x32\...\Steam App 50130) (Version: - 2K Czech)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version: - Klei Entertainment)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
Mozilla Firefox 37.0.2 (x86 pl) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 pl)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mullvad (HKLM-x32\...\Product) (Version: - )
Mumble 1.2.4 (HKLM-x32\...\{62C4063B-948A-4C89-801B-A0B64DE4FF5B}) (Version: 1.2.4 - Thorvald Natvig)
Norton 360 (HKLM-x32\...\N360) (Version: 21.7.0.11 - Symantec Corporation)
NVIDIA Cg Toolkit 3.1 April 2012 (HKLM-x32\...\Cg Toolkit_is1) (Version: - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Oprogramowanie systemu PhysX 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Sterownik graficzny 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
Obsługa programów Apple (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{B5373BA3-BAD7-4EAC-A9D2-B66B41B82C57}) (Version: 4.11.9775 - Apache Software Foundation)
Oprogramowanie Intel® PROSet/Wireless (HKLM-x32\...\{702b0b5f-bcbb-44fc-b613-e96f2a3006ed}) (Version: 16.1.0 - Intel Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.10.4710 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Panel sterowania NVIDIA 344.11 (Version: 344.11 - NVIDIA Corporation) Hidden
Polski pakiet językowy dla programu Microsoft .NET Framework 4.5 PLK (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.50709 - Microsoft Corporation)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6870 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.27036 - Realtek Semiconductor Corp.)
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version: - Cellar Door Games)
screenSHU - the fastest screen capture ever. (HKLM-x32\...\screenSHU) (Version: - )
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1D00}) (Version: 12.29.0.197 - APN, LLC) <==== ATTENTION
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Sid Meier's Pirates! (HKLM-x32\...\InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}) (Version: 1.00.0000 - Firaxis Games)
Sid Meier's Pirates! (x32 Version: 1.00.0000 - Firaxis Games) Hidden
Six Updater (HKLM-x32\...\{AD42165D-FF3C-4975-A130-7AA2801AB5DD}) (Version: 2.09.7042 - Six Projects)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
SNOW (HKLM-x32\...\Steam App 244930) (Version: - Poppermost Productions)
Sound Blaster X-Fi MB3 (HKLM-x32\...\{3689CE39-3173-4952-B7AF-F1A9D6F9A288}) (Version: 1.00.03 - Creative Technology Limited)
South Park The Stick of Truth - Update 1 version 1.0.1353 (HKLM-x32\...\{83736891-79AE-49BA-96F5-55DD6F2186AC}_is1) (Version: 1.0.1353 - Ubisoft)
Speccy (HKLM\...\Speccy) (Version: 1.23 - Piriform)
SpinTires Tech Demo (June 060613) (HKLM-x32\...\{9AF7D6F5-50A5-432C-9F7B-83BCE03B11A0}) (Version: 1.3 - Oovee)
Spore (HKLM-x32\...\Steam App 17390) (Version: - Maxis™)
Spore: Creepy & Cute Parts Pack (HKLM-x32\...\Steam App 17440) (Version: - Maxis™)
Spore: Galactic Adventures (HKLM-x32\...\Steam App 24720) (Version: - EA - Maxis)
Spotify (HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Spotify) (Version: 1.0.8.44.g2d463d4e - Spotify AB)
Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version: - BioWare)
Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.11 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
Temerian Armor Set (HKLM-x32\...\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.7.0.109 - KMP Media co., Ltd)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.6.0 - GOG.com)
tigerVPN (HKLM-x32\...\{E646334A-5B16-4690-A53D-F18975AD78AB}) (Version: 1.0 - Tiger At Work)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - Runic Games)
Toribash (HKLM-x32\...\Steam App 248570) (Version: - Nabi Studios)
Total War ROME II (HKLM-x32\...\VG90YWxXYXJST01FSUk=_is1) (Version: 1 - )
Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment)
WebCam Installer (HKLM-x32\...\InstallShield_{2A14D7BC-1876-4B38-830B-18856C27F550}) (Version: 4.041 - WebCam)
WebCam Installer (x32 Version: 4.041 - WebCam) Hidden
WildStar (HKLM-x32\...\WildStar) (Version: - NCSOFT)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WiTopia (HKLM\...\{9F59FA4D-E431-45FA-889F-EC68D998C7D2}_is1) (Version: 2.1.9.178 - WiTopia)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-202827098-3153037104-392958406-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-202827098-3153037104-392958406-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-202827098-3153037104-392958406-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-202827098-3153037104-392958406-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-202827098-3153037104-392958406-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-202827098-3153037104-392958406-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-202827098-3153037104-392958406-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\powercpl.dll (Mpotsraoor oictifnrCo) <==== ATTENTION

==================== Restore Points =========================

23-06-2015 13:14:28 Zaplanowany punkt kontrolny
30-06-2015 16:26:09 Zaplanowany punkt kontrolny
01-07-2015 00:25:44 avast! antivirus system restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-07-01 12:49 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C72D4EE-6078-47AC-83A8-9F28FF8FC7F1} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {0F6C0AA7-4FE9-4571-9690-94AE35CB7EE7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-04] (Google Inc.)
Task: {2355DBA3-1818-4C91-9ACA-7C6E4DA87A53} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {52914981-7181-48B4-91DA-CE98C5192E83} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-04] (Google Inc.)
Task: {55DC7712-774B-4094-B996-9DE57D505637} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {58981BAD-BCC5-4CCF-B70E-60CCE30A511B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {5A97F0DE-FFF8-4DED-80F5-B639EC3C76FD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-01] (Avast Software s.r.o.)
Task: {67D3F653-EECA-400D-BD6F-EF37B8FB212C} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {8858D192-6DD6-4C80-BABE-49E7FD527E00} - System32\Tasks\tigerVPN => C:\Program Files (x86)\Tiger At Work\tigerVPN\tigervpn.exe [2015-02-10] ()
Task: {F048C08A-68DB-4C71-A1DE-B228A1917B3A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-09-25 17:53 - 2014-09-13 23:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-15 12:58 - 2012-08-31 15:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL
2014-09-15 12:58 - 2012-08-31 15:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2014-09-15 12:58 - 2012-08-31 15:02 - 01038336 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1100GC.dll
2014-09-15 12:58 - 2012-08-31 15:03 - 03034112 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\hp1100su.dll
2013-09-26 19:39 - 2013-09-27 22:04 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-05-29 17:50 - 2013-05-29 17:50 - 00046592 _____ () C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
2014-11-01 00:27 - 2014-11-01 00:27 - 00183488 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2012-08-24 03:37 - 2012-08-24 03:37 - 01136488 _____ () C:\Program Files\AuthenTec TrueSuite\DataManager.dll
2012-08-24 03:38 - 2012-08-24 03:38 - 00087400 _____ () C:\Program Files\AuthenTec TrueSuite\ssutil.dll
2013-09-25 17:29 - 2013-01-25 11:08 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2013-09-25 17:29 - 2013-01-25 11:06 - 00328704 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2013-08-14 22:40 - 2014-09-25 13:57 - 00027904 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\ace_engine.exe
2013-09-04 19:21 - 2013-09-04 19:21 - 02112000 _____ () C:\Program Files (x86)\screenSHU\screenSHU.exe
2013-07-23 17:13 - 2013-07-23 17:13 - 04985856 _____ () C:\Program Files (x86)\Hotkey\Hotkey.exe
2014-11-07 04:23 - 2014-11-07 04:23 - 00289792 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2013-03-29 13:18 - 2013-03-29 13:18 - 00026744 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\updater\ace_update.exe
2015-07-01 00:28 - 2015-07-01 00:28 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-01 00:28 - 2015-07-01 00:28 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-04 13:39 - 2015-07-04 13:39 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15070400\algo.dll
2015-07-06 17:50 - 2015-07-06 17:50 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15070601\algo.dll
2014-07-31 13:16 - 2014-07-31 13:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-22 14:29 - 2014-09-14 01:48 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-08-21 14:18 - 2015-04-16 19:40 - 00776192 _____ () F:\Steam\SDL2.dll
2015-01-19 22:38 - 2015-04-23 04:16 - 04962816 _____ () F:\Steam\v8.dll
2015-01-19 22:38 - 2015-04-23 04:16 - 01556992 _____ () F:\Steam\icui18n.dll
2015-01-19 22:38 - 2015-04-23 04:16 - 01187840 _____ () F:\Steam\icuuc.dll
2014-05-22 06:59 - 2015-06-04 20:56 - 02407104 _____ () F:\Steam\video.dll
2014-08-29 23:52 - 2014-12-01 23:31 - 02396672 _____ () F:\Steam\libavcodec-56.dll
2014-08-29 23:52 - 2014-12-01 23:31 - 00442880 _____ () F:\Steam\libavutil-54.dll
2014-08-29 23:52 - 2014-12-01 23:31 - 00479744 _____ () F:\Steam\libavformat-56.dll
2014-08-29 23:52 - 2014-12-01 23:31 - 00332800 _____ () F:\Steam\libavresample-2.dll
2014-08-29 23:52 - 2014-12-01 23:31 - 00485888 _____ () F:\Steam\libswscale-3.dll
2013-09-21 10:35 - 2015-06-04 20:56 - 00703168 _____ () F:\Steam\bin\chromehtml.DLL
2013-08-14 22:40 - 2014-11-28 14:46 - 00249856 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd
2011-06-12 15:09 - 2011-06-12 15:09 - 00038400 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\lib\_socket.pyd
2011-06-12 15:09 - 2011-06-12 15:09 - 00720896 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd
2013-03-29 11:57 - 2013-03-29 11:57 - 00018944 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00287232 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd
2014-06-17 22:47 - 2014-11-28 14:46 - 01732096 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\lib\acestreamengine.live.pyd
2014-06-17 22:47 - 2014-06-13 16:54 - 00036352 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\lib\_psutil_mswindows.pyd
2014-06-17 22:47 - 2014-06-13 16:54 - 00053248 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\lib\_blist.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00106496 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd
2014-06-17 22:47 - 2014-06-13 16:54 - 00040448 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\lib\bitarray._bitarray.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00011776 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\lib\select.pyd
2011-01-18 23:56 - 2011-01-18 23:56 - 00334336 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00152576 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd
2011-02-13 17:02 - 2011-02-13 17:02 - 00031232 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd
2013-08-14 22:49 - 2014-11-28 14:46 - 03083264 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd
2012-02-07 18:37 - 2012-02-07 18:37 - 00098816 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\lib\win32api.pyd
2012-02-07 18:35 - 2012-02-07 18:35 - 00110080 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll
2012-02-07 18:38 - 2012-02-07 18:38 - 00358912 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll
2012-02-07 18:36 - 2012-02-07 18:36 - 00111616 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\lib\win32file.pyd
2012-02-07 18:36 - 2012-02-07 18:36 - 00024064 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd
2010-10-11 00:23 - 2010-10-11 00:23 - 00723968 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\lib\apsw.pyd
2013-01-29 18:20 - 2013-01-29 18:20 - 00082944 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd
2011-07-15 21:37 - 2011-07-15 21:37 - 00981504 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00746496 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00670720 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00966144 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00674816 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00688128 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd
2014-06-17 22:47 - 2014-06-13 16:54 - 00061952 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\lib\miniupnpc.pyd
2013-01-29 18:20 - 2013-01-29 18:20 - 00066048 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd
2011-06-08 09:32 - 2011-06-08 09:32 - 00011362 _____ () C:\Program Files (x86)\screenSHU\mingwm10.dll
2011-06-08 09:32 - 2011-06-08 09:32 - 00043008 _____ () C:\Program Files (x86)\screenSHU\libgcc_s_dw2-1.dll
2013-09-25 17:29 - 2013-01-25 11:07 - 00074240 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2013-09-25 17:29 - 2013-01-25 11:04 - 00248320 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2012-09-23 21:44 - 2012-09-23 21:44 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\pl_pl\acrotray.pol
2015-07-01 00:28 - 2015-07-01 00:28 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-06-06 14:50 - 2009-06-06 14:50 - 00019968 _____ () C:\Program Files (x86)\Hotkey\Audiodll.dll
2013-09-25 17:48 - 2013-02-16 08:17 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-11-24 02:02 - 2014-01-04 02:20 - 34755072 _____ () C:\Users\ROBERT\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2014-11-07 04:21 - 2014-11-07 04:21 - 00193024 _____ () C:\ProgramData\Razer\Synapse\RzStats\RigWrapper.dll
2014-11-24 02:02 - 2014-01-04 02:20 - 00970240 _____ () C:\Users\ROBERT\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\ffmpegsumo.dll
2013-09-10 14:20 - 2015-05-11 21:01 - 36302728 _____ () F:\Steam\bin\libcef.dll
2015-05-25 02:17 - 2015-05-16 18:01 - 00566272 _____ () F:\GalaxyClient\PocoUtil.dll
2015-05-25 02:17 - 2015-05-16 18:01 - 00415744 _____ () F:\GalaxyClient\PocoJSON.dll
2015-05-25 02:17 - 2015-05-16 18:01 - 01784320 _____ () F:\GalaxyClient\PocoFoundation.dll
2015-05-25 02:17 - 2015-05-16 18:01 - 00412672 _____ () F:\GalaxyClient\pcre.dll
2015-05-25 02:17 - 2015-05-16 18:01 - 00094208 _____ () F:\GalaxyClient\zlib.dll
2015-05-25 02:17 - 2015-05-16 18:01 - 00515584 _____ () F:\GalaxyClient\PocoXML.dll
2015-05-25 02:17 - 2015-05-16 18:00 - 00139776 _____ () F:\GalaxyClient\expat.dll
2015-05-25 02:17 - 2015-05-16 18:01 - 01202176 _____ () F:\GalaxyClient\PocoNet.dll
2015-05-25 02:17 - 2015-05-16 18:01 - 02577408 _____ () F:\GalaxyClient\PocoData.dll
2015-05-25 02:17 - 2015-05-16 18:01 - 00477184 _____ () F:\GalaxyClient\PocoDataSQLite.dll
2015-05-25 02:17 - 2015-05-16 18:01 - 00649728 _____ () F:\GalaxyClient\sqlite.dll
2015-05-25 02:17 - 2015-05-16 18:01 - 00340480 _____ () F:\GalaxyClient\PocoZip.dll
2015-05-25 02:17 - 2015-05-16 18:01 - 00332288 _____ () F:\GalaxyClient\PocoNetSSL.dll
2015-05-25 02:17 - 2015-05-16 18:01 - 00172032 _____ () F:\GalaxyClient\PocoCrypto.dll
2015-05-25 02:17 - 2015-05-16 18:01 - 41299456 _____ () F:\GalaxyClient\libcef.dll
2015-05-25 02:17 - 2015-05-16 18:01 - 00107520 _____ () F:\GalaxyClient\ZLIB1.dll
2015-06-22 23:09 - 2015-06-20 07:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-22 23:09 - 2015-06-20 07:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
2015-05-25 02:17 - 2015-05-16 18:00 - 00888832 _____ () F:\GalaxyClient\ffmpegsumo.dll
2011-06-12 15:09 - 2011-06-12 15:09 - 00038400 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\updater\lib\_socket.pyd
2011-06-12 15:09 - 2011-06-12 15:09 - 00720896 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\updater\lib\_ssl.pyd
2011-07-15 21:37 - 2011-07-15 21:37 - 00981504 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\updater\lib\wx._core_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00746496 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\updater\lib\wx._gdi_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00670720 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\updater\lib\wx._windows_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00966144 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\updater\lib\wx._controls_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00674816 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\updater\lib\wx._misc_.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00287232 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\updater\lib\_hashlib.pyd
2011-01-18 23:56 - 2011-01-18 23:56 - 00334336 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\updater\lib\M2Crypto.__m2crypto.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00011776 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\updater\lib\select.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00152576 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\updater\lib\pyexpat.pyd
2012-02-07 18:37 - 2012-02-07 18:37 - 00098816 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\updater\lib\win32api.pyd
2012-02-07 18:35 - 2012-02-07 18:35 - 00110080 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\updater\lib\pywintypes27.dll
2012-02-07 18:38 - 2012-02-07 18:38 - 00358912 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\updater\lib\pythoncom27.dll
2012-02-07 18:36 - 2012-02-07 18:36 - 00111616 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\updater\lib\win32file.pyd
2012-02-07 18:36 - 2012-02-07 18:36 - 00024064 _____ () C:\Users\ROBERT\AppData\Roaming\ACEStream\updater\lib\win32pdh.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\39117783.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\39117783.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-202827098-3153037104-392958406-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ROBERT\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.8.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E7645F47-F3FC-4F78-AC09-1D99BE8912A8}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{67F02521-7F49-4477-8241-F4DF69465417}] => (Allow) F:\Steam\Steam.exe
FirewallRules: [{C0DF2C21-219C-42BA-AA11-BDB1E22D391E}] => (Allow) F:\Steam\Steam.exe
FirewallRules: [{54EB5513-B906-4B35-A530-DAFB8A9B32C6}] => (Allow) F:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{8C4C44AD-6A12-4E40-A619-6BA63199F510}] => (Allow) F:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{E7A39198-08B9-4FF4-8C0D-2B6D372F6184}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{72C96397-DEBF-4BBB-BB50-355B35541204}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{E9B88FB9-4D80-4227-AD19-1B31BF2B5190}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0758C713-8A76-4885-838A-4998105C97D4}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C6392336-F79D-4E35-8B36-D28C2AE4AA89}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D9CB8EEF-7033-4A59-AE2B-5C848A781B6D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{AAF908C6-1CBA-4B5D-A098-947796D07917}] => (Allow) F:\Steam\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{1DF966DD-DA12-4AD4-AB75-080EA1908AA8}] => (Allow) F:\Steam\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{0FAA1513-1067-48B0-B58F-F765F138E36E}] => (Allow) F:\Steam\SteamApps\common\Mafia II\pc\mafia2.exe
FirewallRules: [{506F03B8-1B29-4756-9639-A9F6424B4C01}] => (Allow) F:\Steam\SteamApps\common\Mafia II\pc\mafia2.exe
FirewallRules: [{744C7B61-7EA8-400F-9F64-A9D206CC6A35}] => (Allow) F:\Steam\SteamApps\common\mark_of_the_ninja\bin\game.exe
FirewallRules: [{5C90C0F5-97EE-4E70-A150-1613289C46EF}] => (Allow) F:\Steam\SteamApps\common\mark_of_the_ninja\bin\game.exe
FirewallRules: [{153E7D82-5C75-40F0-8556-B9146B8256FF}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{38982B68-5CA8-41EA-8892-24762DB03951}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{2FA5BA1C-5288-4DF3-AB79-A9C996AE3598}] => (Allow) F:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{853A25DE-78E7-464E-AC3F-1C57F430E966}] => (Allow) F:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{98AF42BA-AC26-45F6-8385-A13BA15EA6DB}F:\steam\steam.exe] => (Allow) F:\steam\steam.exe
FirewallRules: [UDP Query User{1EF37BF5-0EE7-4C70-AC3A-E594DEDDED46}F:\steam\steam.exe] => (Allow) F:\steam\steam.exe
FirewallRules: [{13B38E26-DCBD-4931-BFF8-A66E66B4AD57}] => (Allow) F:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{EEBB1EF0-D8B3-4C81-A6C0-39C3B87A0FFC}] => (Allow) F:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{7BE6BA1D-8A04-4B64-8934-5DE5840DB09E}] => (Allow) F:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{CC33F7F8-E8BF-4F55-BDE7-A7CBFC301EC4}] => (Allow) F:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{BA4A525D-E5C8-4225-8208-3427D42919AA}] => (Allow) F:\Steam\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{821B66DF-08E3-4E9B-B0F5-B1D9E7B6E6B5}] => (Allow) F:\Steam\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{D544B914-0E05-49C2-9732-C633F8433072}] => (Allow) F:\Steam\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{CB2C542B-5796-4E1F-A3FD-3A643A3E4BAB}] => (Allow) F:\Steam\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{A62D411E-B603-49A3-8AFD-1827AD203971}] => (Allow) F:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{3E130D6C-8BEF-4876-B180-B8F16EE00CB9}] => (Allow) F:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{16050329-20B2-463D-B6CE-8C897EBEBA3F}] => (Allow) F:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{15D3602A-3092-4746-9E40-F864A573C9CF}] => (Allow) F:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D70A25C5-B2AB-4D47-B436-DD45C55F0F4F}] => (Allow) F:\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{6B9E2A9A-0DCB-42D9-B992-E2EE3B55AA3E}] => (Allow) F:\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{BF8C2AF2-C5D3-4C49-9005-91FF529CADB1}] => (Allow) F:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{E976AE8D-E426-4B24-BEB5-BFEBC2CA98FF}] => (Allow) F:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{54FFE357-53B8-4234-BDA6-3DC97DAFBB1D}] => (Allow) F:\Steam\SteamApps\common\Loadout\Loadout.exe
FirewallRules: [{10DEDF7D-E9E7-4081-92E4-1A39F4EAD118}] => (Allow) F:\Steam\SteamApps\common\Loadout\Loadout.exe
FirewallRules: [{F6C377B0-FB3D-4C12-BFE7-BBC1EF6A3445}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6D5EA2C7-B8AE-4AEE-BD43-3C2795185F80}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{994B747B-E62B-4EB9-8B1A-738D64EED1AD}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{7EB3DF9D-441C-46FA-A735-FC244FEAA9CC}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{4DBCED94-5207-4C80-9A3A-C9EE3A810B6C}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{1E3CBFFC-AAA6-4B61-99CA-E5317D82F052}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B02A7608-74D2-4C67-BC1F-77EF826CE4E1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D6705FA5-2B7B-4519-99CB-CC00E05B10DE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{A090A90B-B0DC-4C78-B8A2-AE23B1439902}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{AB0D34D0-D157-480F-BD2C-52A6F4D37938}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CE2BA155-6214-428C-A80A-541DCB92AF00}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{83F441A3-63D0-42AE-94C0-3660C1F37FA2}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{E41B54B3-CCF4-49F8-A108-D1234A99D5B1}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{C4B0A331-1343-4D7E-81C7-34D867534F5F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{5F125ECF-8647-47AE-9176-FFD7DACFB29C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{512E7689-BC17-4725-8257-E8F4E49B6769}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{737ACF1F-646F-4B58-B7C3-9DBF7C0FFA78}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{EA481B06-B469-4206-BB52-B4A113F0B271}] => (Allow) F:\Battle.net\Battle.net.exe
FirewallRules: [{831863F6-9B67-49FF-B98D-62D43E1418B5}] => (Allow) F:\Battle.net\Battle.net.exe
FirewallRules: [{D6EA29C8-1979-480E-96D9-7A45E8A6FB1A}] => (Allow) F:\Steam\SteamApps\common\SNOW\Bin32\playSNOW.exe
FirewallRules: [{D32B6A42-13B0-471A-A557-C50FA1F17DE7}] => (Allow) F:\Steam\SteamApps\common\SNOW\Bin32\playSNOW.exe
FirewallRules: [{2885DA50-43A0-41DE-A19F-22EADBB5CF26}] => (Allow) F:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{9CDC8A57-C031-4BDE-8BFF-78733A55C25D}] => (Allow) F:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{539C77B0-584C-4E4D-BA6C-3195554A79B9}] => (Allow) F:\Steam\SteamApps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{EDFC2489-C056-42FB-8628-D2868FF7F8D3}] => (Allow) F:\Steam\SteamApps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{78491D53-4CC6-4C28-8401-D55BB8694EF4}] => (Allow) F:\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{AB2C9CBE-A13A-499F-999A-7B8420469855}] => (Allow) F:\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [TCP Query User{688EE4AD-368F-41D7-9A1D-FD641A64EE45}C:\users\robert\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\robert\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{054B391B-B288-43D5-8C19-CF835A8752E8}C:\users\robert\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\robert\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{346ABAA3-9110-4FCB-8337-0A37D35F758D}] => (Allow) F:\Program Files (x86)\Origin Games\FIFA World\fifaworld.exe
FirewallRules: [{7F47B2D4-E031-4003-8B9F-0201423D7735}] => (Allow) F:\Program Files (x86)\Origin Games\FIFA World\fifaworld.exe
FirewallRules: [{257D203E-6873-4279-8375-C736D2134748}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{4A2211A0-E16F-4648-A2AB-3A12D3EBEEE0}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{B72E9C5A-AE33-4E15-B0A8-04414A60F59C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{2D3EBA46-F857-42C5-AEC7-5153A389C554}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{EE83A5F9-296D-416E-A583-0C55B9C8DBD4}] => (Allow) F:\Steam\bin\steamwebhelper.exe
FirewallRules: [{3989192F-8634-4CE1-8859-12573B9758E3}] => (Allow) F:\Steam\bin\steamwebhelper.exe
FirewallRules: [{D1F3022D-7E1E-453A-9B07-CFDDA284CA82}] => (Allow) F:\Steam\SteamApps\common\mark_of_the_ninja\bin\game.exe
FirewallRules: [{B159DE84-6579-4614-A7E6-718E4C10EC74}] => (Allow) F:\Steam\SteamApps\common\mark_of_the_ninja\bin\game.exe
FirewallRules: [{654CE762-7F5C-423B-9713-3604B7210070}] => (Allow) E:\SteamLibrary\SteamApps\common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [{97852495-F96F-44AF-8F2D-E4ED61C7CFBD}] => (Allow) E:\SteamLibrary\SteamApps\common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [TCP Query User{FADFECCD-9617-4A69-8AE0-1C7D9EA98877}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{2155D0AA-8B9B-429C-A9D8-0D02BEE205E2}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{73890BA5-450E-4D31-BEB2-E4ACB943A433}] => (Allow) F:\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{FC71EEFF-61B2-4921-BC89-57280ACF7739}] => (Allow) F:\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [TCP Query User{FACD84D7-F7CC-47F6-92DF-A5BE981D77DB}C:\users\robert\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\robert\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{2F669C3D-DA24-44CE-81CE-22BF5219B05C}C:\users\robert\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\robert\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{6F254421-0D84-4E93-9C99-58629DAAD9D1}] => (Allow) F:\Steam\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{2FBCC30B-E6DA-445A-AEF3-807DCED91BFA}] => (Allow) F:\Steam\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [TCP Query User{4B9E5550-06E6-48D1-8C2B-7355213CE634}F:\total war rome ii\rome2.exe] => (Block) F:\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{B6338700-1B4E-43AC-B89B-BFF7D0C95AE6}F:\total war rome ii\rome2.exe] => (Block) F:\total war rome ii\rome2.exe
FirewallRules: [TCP Query User{532E6024-BA55-4212-8486-D40040656963}E:\download\winbox.exe] => (Allow) E:\download\winbox.exe
FirewallRules: [UDP Query User{AA52E334-9A7F-48F5-9009-61D5736ACDDF}E:\download\winbox.exe] => (Allow) E:\download\winbox.exe
FirewallRules: [TCP Query User{40FCDFB2-B1B6-4CDC-A853-F4E241552617}C:\users\robert\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\robert\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E837A4AE-6F3F-46E0-B4C0-BA41DFCF1081}C:\users\robert\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\robert\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{8E9C270A-A7E5-441B-9B39-B13454DFC970}C:\users\robert\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\robert\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C6692FA0-E79D-40CF-A431-AA94C62AAB8C}C:\users\robert\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\robert\appdata\roaming\spotify\spotify.exe
FirewallRules: [{FB39DEE1-2E9F-4150-9FAD-5379B162A20F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{4E60E512-EEB6-41FF-A9F1-DB376B4F6C8B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{1A812AD6-2100-4BFD-8067-E0CBD4711394}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{E2AD7D81-386A-4DCC-A999-0A7C71EA4BA1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{658AA537-7E4C-4916-8A50-4644E00559B4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{425D4113-1819-4874-9A9F-DE0D475FD1B8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{C172EC9B-3F7D-4B2F-A1E5-1A7E059278CC}] => (Allow) E:\Hearthstone\Hearthstone.exe
FirewallRules: [{AFE9C467-23AD-4C3B-B9B7-4A2B6B88DDAD}] => (Allow) E:\Hearthstone\Hearthstone.exe
FirewallRules: [{6BDAAA40-3821-40F1-A6F7-0344573D2FD4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{739D67A6-20A4-4666-9221-F7768160239E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{0970A58A-C73B-4D97-B9BB-18C1EC13A7E8}] => (Allow) F:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{61EB7F05-37B0-49A3-B191-353D4B639177}] => (Allow) F:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{FA2AADD3-FC49-4507-A356-699BF0B52D84}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8609E2A2-D4A9-4191-8C43-924027C51E2C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D90D9ADC-A363-4853-967E-465EAC7E86F2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{41ABB471-4529-4018-BCBA-8F95B563D20C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{51098151-CCA3-4498-BB7B-BE79DA4FDCBB}F:\freestyle gunz version 7\gunz.exe] => (Allow) F:\freestyle gunz version 7\gunz.exe
FirewallRules: [UDP Query User{3CAE74FB-3B0C-40E1-8CD3-7F4EAD498A67}F:\freestyle gunz version 7\gunz.exe] => (Allow) F:\freestyle gunz version 7\gunz.exe
FirewallRules: [TCP Query User{BFCEAD80-23C2-4D10-B914-3A0A72BB23FD}F:\universegamers\gunzv10\uggunz.exe] => (Allow) F:\universegamers\gunzv10\uggunz.exe
FirewallRules: [UDP Query User{D048AB53-00D8-4381-B720-1DF444063774}F:\universegamers\gunzv10\uggunz.exe] => (Allow) F:\universegamers\gunzv10\uggunz.exe
FirewallRules: [{261774ED-34AC-4F62-930A-7557869D9539}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{8892EC67-F603-4E55-AA0F-7CAD67229DF9}F:\freestyle gunz version 7\gunz.exe] => (Allow) F:\freestyle gunz version 7\gunz.exe
FirewallRules: [UDP Query User{67F23768-32B5-42BC-A0ED-B63DCE9474F6}F:\freestyle gunz version 7\gunz.exe] => (Allow) F:\freestyle gunz version 7\gunz.exe
FirewallRules: [{06BC8733-ADB8-4814-B7A4-E67838D01A5F}] => (Allow) F:\Steam\SteamApps\common\Spore\SporeBin\SporeApp.exe
FirewallRules: [{BA224BC0-C68C-4824-9155-3D4A73494A22}] => (Allow) F:\Steam\SteamApps\common\Spore\SporeBin\SporeApp.exe
FirewallRules: [{C76C0393-B7AC-4795-B265-EF023B347B6A}] => (Allow) F:\Steam\SteamApps\common\Spore\runme.exe
FirewallRules: [{5FEFA3DF-6001-4D2C-B387-ACA090D29F72}] => (Allow) F:\Steam\SteamApps\common\Spore\runme.exe
FirewallRules: [{BBE7283D-CDEA-41EB-B8A0-4C096F4D3181}] => (Allow) F:\Steam\SteamApps\common\Spore\SporebinEP1\SporeApp.exe
FirewallRules: [{9542A280-1188-48A0-B08D-878B0FF8CBDF}] => (Allow) F:\Steam\SteamApps\common\Spore\SporebinEP1\SporeApp.exe
FirewallRules: [{78530FA9-6FE2-44EA-AE8B-3E2C2F5C4C47}] => (Allow) F:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{63F714C6-7A7D-4C86-BA92-1F97058CA079}] => (Allow) F:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{F1CEBDEC-6D30-4148-8C6C-432A12FAA15A}] => (Allow) F:\Steam\SteamApps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{5D3EAE40-6715-40AC-BA6F-18E766C0FE3D}] => (Allow) F:\Steam\SteamApps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{66F88CF1-1151-44F9-90B3-8C8B9F5515FC}] => (Allow) F:\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{883A11FF-B6E1-4CDA-9EBB-4BACC8EA3FBB}] => (Allow) F:\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{159E34B8-144A-423B-9455-C1B90E6D177E}] => (Allow) C:\Users\ROBERT\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E4743F73-E7D0-4145-B321-7075450FCC02}] => (Allow) C:\Users\ROBERT\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0968BFE4-41F7-4D76-B317-781C787584DE}] => (Allow) C:\Program Files\Redbana\Audition\patcher.exe
FirewallRules: [{04C1505C-2193-4B73-9F10-9AE4A4534DCB}] => (Allow) C:\Program Files\Redbana\Audition\patcher.exe
FirewallRules: [{A5544513-5239-4690-9AA6-9A7FD417C737}] => (Allow) C:\Program Files\Redbana\Audition\patcher.exe
FirewallRules: [{80565872-121F-43D0-A9E1-2BD4D8F3D99E}] => (Allow) C:\Program Files\Redbana\Audition\patcher.exe
FirewallRules: [{29640E06-CE37-46B8-B6C3-3F2ACE7DF1BE}] => (Allow) C:\Program Files\Redbana\Audition\Audition.exe
FirewallRules: [{9D4900C6-73E9-420F-9AF0-9236EC22BCB2}] => (Allow) C:\Program Files\Redbana\Audition\Audition.exe
FirewallRules: [{F2327910-2BB5-4CF1-8148-83F99FF7E86E}] => (Allow) C:\Program Files\Redbana\Audition\Audition.exe
FirewallRules: [{13DE04D7-4FC7-49C3-9B2F-51922FB20CE6}] => (Allow) C:\Program Files\Redbana\Audition\Audition.exe
FirewallRules: [{DEA042D6-A566-4D52-8459-8359D57AA406}] => (Allow) F:\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{11633485-2779-4E22-8AB6-35A889D212F0}] => (Allow) F:\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{48280694-63CF-4B10-AA89-95C19DDCCDC2}] => (Allow) F:\Steam\SteamApps\common\swkotor\swkotor.exe
FirewallRules: [{A65BC216-A801-419C-BB87-DB5D87BFCC47}] => (Allow) F:\Steam\SteamApps\common\swkotor\swkotor.exe
FirewallRules: [{56162FE9-63FE-4DC4-BE04-952598055925}] => (Allow) F:\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{0A6C831E-2CA1-4937-8C1C-A0E253659EA4}] => (Allow) F:\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [TCP Query User{E5E358D4-AEC0-4832-8164-0C09E2ECCAAE}F:\steam\steamapps\common\war thunder\aces.exe] => (Allow) F:\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{F2CAD55A-EA29-4B4C-9CBF-E5ABD06CA940}F:\steam\steamapps\common\war thunder\aces.exe] => (Allow) F:\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{962275CC-A6CB-43DA-913E-D06254D1C54F}] => (Block) F:\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{91D2B633-AD07-4DFF-A5B7-9648FFAFE23D}] => (Block) F:\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{D4E6BA28-A60A-4EA3-9776-CCCA607CB28A}] => (Allow) F:\Steam\SteamApps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{3544A335-9BC7-4FD9-AC4E-240B9B90F1CC}] => (Allow) F:\Steam\SteamApps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{29570A10-1B57-488B-96F1-C9078A8C5040}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{96F745A0-5A22-4F20-97D1-C3BD03F6B3A6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [TCP Query User{5312671E-0EC6-4751-A5EF-F7C83D411AC4}E:\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) E:\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{FC09D13B-6568-46AA-97D7-BB01AF5FD7CE}E:\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) E:\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{F29FBF74-93F4-4D49-BD09-743E6E024EB4}E:\heroes of the storm\versions\base34659\heroesofthestorm.exe] => (Allow) E:\heroes of the storm\versions\base34659\heroesofthestorm.exe
FirewallRules: [UDP Query User{0A65D0E5-6B7E-4047-8E6D-B269CB608014}E:\heroes of the storm\versions\base34659\heroesofthestorm.exe] => (Allow) E:\heroes of the storm\versions\base34659\heroesofthestorm.exe
FirewallRules: [{FF341DEB-F0D1-49BF-8FC6-282BDC4978BC}] => (Allow) C:\Program Files\AirVPN\AirVPN.exe
FirewallRules: [{02C93954-45B4-40A9-960A-37EEF80FC00F}] => (Allow) C:\Program Files\AirVPN\AirVPN.exe
FirewallRules: [{B499B09E-EA80-4486-ADE2-A1CA4111F4B0}] => (Allow) C:\Program Files\AirVPN\AirVPN.exe
FirewallRules: [{6DD1AE58-DEF1-4A40-B2E7-813184DB7A45}] => (Allow) C:\Program Files\AirVPN\AirVPN.exe
FirewallRules: [{E53D0178-6956-4259-AD55-6742CCD005C8}] => (Allow) F:\Steam\SteamApps\common\Deponia\deponia.exe
FirewallRules: [{532AD5D0-A353-4D43-8BAF-4966FF0E821B}] => (Allow) F:\Steam\SteamApps\common\Deponia\deponia.exe
FirewallRules: [{3719D71B-EDC4-473E-AE68-2E360B35F014}] => (Allow) F:\Steam\SteamApps\common\Deponia\VisionaireConfigurationTool.exe
FirewallRules: [{E7B24119-20BE-46B6-9424-83968BE03ACE}] => (Allow) F:\Steam\SteamApps\common\Deponia\VisionaireConfigurationTool.exe
FirewallRules: [{02BBBFB7-B971-4C2B-90D5-E152BD4411AF}] => (Allow) F:\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{2865D373-738D-48A3-9B07-EA8CBBF3A7AD}] => (Allow) F:\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{AD8197B5-F8A0-4F13-9849-4FC034744233}] => (Allow) C:\Program Files (x86)\Tiger At Work\tigerVPN\tigervpn.exe
FirewallRules: [{DD47D914-E4B9-4F83-8E2B-96450C5DD77D}] => (Allow) LPort=500
FirewallRules: [{5648533C-F43B-416A-8014-D171668F0844}] => (Allow) LPort=4500
FirewallRules: [{7FCD22F6-2193-4D1D-B57B-0E692C423B12}] => (Allow) LPort=1701
FirewallRules: [{718C924A-7BD3-41D3-9F16-1E4B6BC0E8B9}] => (Allow) LPort=1723
FirewallRules: [{105FC2E7-2513-42DA-BADD-A59191504595}] => (Allow) LPort=1723
FirewallRules: [{F68476EF-FD22-4013-9638-3600CB6D87C5}] => (Allow) C:\Program Files (x86)\Tiger At Work\tigerVPN\openvpn.exe
FirewallRules: [{FF9BA4B5-B9E2-469C-BC70-FEF7D97E1C0D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{509F903B-1A2A-44B1-8C32-3AE9A9D1A88C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B335ABBF-AD36-4716-AF2D-8BE6FA768F58}] => (Allow) F:\Steam\SteamApps\common\FreeStyle2\LauncherSteam.exe
FirewallRules: [{233ED26D-CDD5-42A7-9B2B-57AD47CDC0EB}] => (Allow) F:\Steam\SteamApps\common\FreeStyle2\LauncherSteam.exe
FirewallRules: [{F94CEE03-2797-4B86-A4B9-A12156C22C4A}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{F47CF251-E2D3-41C4-8732-3461B387152C}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{A83E34A6-A7A7-42B0-8123-2AE2E1A56527}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{036A8EDA-3292-43BF-B190-BB9CB6347F5D}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{F5E5C73C-EEA0-4B35-B0E3-8A87D039D96C}] => (Allow) F:\Steam\SteamApps\common\SNOW\Bin64\playSNOW_Release.exe
FirewallRules: [{7C5B7C38-775D-4AD6-9293-0F8BECA1450D}] => (Allow) F:\Steam\SteamApps\common\SNOW\Bin64\playSNOW_Release.exe
FirewallRules: [{5B00B97B-AEA1-4D09-856D-62ADAD023C0F}] => (Allow) F:\Steam\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{B28090E4-472F-4B39-B1DD-64A56070F311}] => (Allow) F:\Steam\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{6A2C30C4-E4FC-4F0C-837C-84382E7AF0C4}] => (Allow) F:\Steam\SteamApps\common\SNOW\Bin64\playSNOW_Release.exe
FirewallRules: [{9117F69E-D545-4C79-B61E-DD812D79AEEE}] => (Allow) F:\Steam\SteamApps\common\SNOW\Bin64\playSNOW_Release.exe
FirewallRules: [{C7294CE4-0E11-4990-A23F-97290F5D426C}] => (Allow) F:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{90E73E77-EEEE-4AE4-B51A-9F938EC276DD}] => (Allow) F:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{48BBC55A-4DC6-400B-9585-4F8F3E0BC1C1}] => (Allow) F:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{904590C5-A3EE-4B4D-872F-E43ADACFB06C}] => (Allow) F:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{EDAC906F-48D9-4550-99EE-C6B0803E3988}] => (Allow) F:\Steam\SteamApps\common\Bully Scholarship Edition\Bully.exe
FirewallRules: [{08E7FEB9-961D-489B-9015-9F6B142A88F8}] => (Allow) F:\Steam\SteamApps\common\Bully Scholarship Edition\Bully.exe
FirewallRules: [{84D15004-4414-49B5-8722-6A99C2ACD3C2}] => (Allow) C:\Users\ROBERT\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{66CE01D5-1464-4BBB-81BA-637B613B111D}] => (Allow) C:\Users\ROBERT\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B1125091-6F7E-46B8-A223-FB8E1A353132}] => (Allow) F:\Steam\SteamApps\common\Dust An Elysian Tail\DustAET.exe
FirewallRules: [{8D4908B8-6716-403C-B03B-95D011964547}] => (Allow) F:\Steam\SteamApps\common\Dust An Elysian Tail\DustAET.exe
FirewallRules: [{17779CB6-D4F3-467E-A857-102CED5FA713}] => (Allow) F:\Steam\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{A76992E4-CD05-4955-A194-F6DDBEA6FF98}] => (Allow) F:\Steam\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{FACFE0FF-C93F-47B4-AC7B-7D4566C9B5C3}] => (Allow) F:\Steam\SteamApps\common\Toribash\toribash.exe
FirewallRules: [{B4BAE3EE-7908-4B2B-A5AC-4C29DEBFF0D9}] => (Allow) F:\Steam\SteamApps\common\Toribash\toribash.exe
FirewallRules: [{18932EE7-5218-42CF-9728-7B9166FF5F54}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4EB51478-F94F-48CA-AF5A-C2188854B2BF}] => (Allow) F:\Steam\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{F3AFE993-5BD5-4B7E-A7A4-8CADDE176FA6}] => (Allow) F:\Steam\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2015 02:01:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Explorer.EXE w wersji 6.1.7601.17567 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

Identyfikator procesu: 1164

Godzina rozpoczęcia: 01d0b64fb6ae8de0

Godzina zakończenia: 31

Ścieżka aplikacji: C:\Windows\Explorer.EXE

Identyfikator raportu: 5b8ab91f-2244-11e5-9794-c8f733f3ebce

Error: (07/04/2015 01:39:06 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (07/04/2015 01:39:06 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (07/04/2015 01:39:06 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (07/03/2015 11:12:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program explorer.exe w wersji 6.1.7601.17567 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

Identyfikator procesu: 31d0

Godzina rozpoczęcia: 01d0b5a05687ecbe

Godzina zakończenia: 40

Ścieżka aplikacji: C:\Windows\explorer.exe

Identyfikator raportu: 1f0f86d3-21c8-11e5-b166-c8f733f3ebce

Error: (07/03/2015 02:37:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Explorer.EXE w wersji 6.1.7601.17567 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

Identyfikator procesu: 1350

Godzina rozpoczęcia: 01d0b587cf777d97

Godzina zakończenia: 30

Ścieżka aplikacji: C:\Windows\Explorer.EXE

Identyfikator raportu: 39d3d8a3-2180-11e5-b166-c8f733f3ebce

Error: (07/03/2015 01:45:43 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (07/03/2015 01:45:43 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (07/03/2015 01:45:43 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (07/02/2015 11:29:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Explorer.EXE w wersji 6.1.7601.17567 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

Identyfikator procesu: 34f4

Godzina rozpoczęcia: 01d0b3ede1944271

Godzina zakończenia: 21

Ścieżka aplikacji: C:\Windows\Explorer.EXE

Identyfikator raportu: 72e4b02e-2101-11e5-a003-c8f733f3ebce


System errors:
=============
Error: (07/04/2015 01:35:23 AM) (Source: Schannel) (EventID: 4120) (User: ZARZĄDZANIE NT)
Description: Został wygenerowany następujący alert krytyczny: 10. Stan błędu wewnętrznego: 10.

Error: (07/04/2015 01:35:23 AM) (Source: Schannel) (EventID: 4120) (User: ZARZĄDZANIE NT)
Description: Został wygenerowany następujący alert krytyczny: 10. Stan błędu wewnętrznego: 10.

Error: (07/04/2015 01:35:23 AM) (Source: Schannel) (EventID: 4120) (User: ZARZĄDZANIE NT)
Description: Został wygenerowany następujący alert krytyczny: 10. Stan błędu wewnętrznego: 10.

Error: (07/02/2015 08:04:56 PM) (Source: Schannel) (EventID: 4120) (User: ZARZĄDZANIE NT)
Description: Został wygenerowany następujący alert krytyczny: 40. Stan błędu wewnętrznego: 252.

Error: (07/02/2015 08:04:56 PM) (Source: Schannel) (EventID: 4120) (User: ZARZĄDZANIE NT)
Description: Został wygenerowany następujący alert krytyczny: 40. Stan błędu wewnętrznego: 252.

Error: (07/02/2015 08:04:56 PM) (Source: Schannel) (EventID: 4120) (User: ZARZĄDZANIE NT)
Description: Został wygenerowany następujący alert krytyczny: 40. Stan błędu wewnętrznego: 252.

Error: (07/02/2015 08:04:55 PM) (Source: Schannel) (EventID: 4119) (User: ZARZĄDZANIE NT)
Description: Odebrano następujący alert krytyczny: 20.

Error: (07/02/2015 08:04:52 PM) (Source: Schannel) (EventID: 4120) (User: ZARZĄDZANIE NT)
Description: Został wygenerowany następujący alert krytyczny: 40. Stan błędu wewnętrznego: 252.

Error: (07/02/2015 08:04:52 PM) (Source: Schannel) (EventID: 4120) (User: ZARZĄDZANIE NT)
Description: Został wygenerowany następujący alert krytyczny: 40. Stan błędu wewnętrznego: 252.

Error: (07/02/2015 08:04:51 PM) (Source: Schannel) (EventID: 4120) (User: ZARZĄDZANIE NT)
Description: Został wygenerowany następujący alert krytyczny: 40. Stan błędu wewnętrznego: 252.


Microsoft Office:
=========================
Error: (07/04/2015 02:01:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567116401d0b64fb6ae8de031C:\Windows\Explorer.EXE5b8ab91f-2244-11e5-9794-c8f733f3ebce

Error: (07/04/2015 01:39:06 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (07/04/2015 01:39:06 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (07/04/2015 01:39:06 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (07/03/2015 11:12:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.1.7601.1756731d001d0b5a05687ecbe40C:\Windows\explorer.exe1f0f86d3-21c8-11e5-b166-c8f733f3ebce

Error: (07/03/2015 02:37:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567135001d0b587cf777d9730C:\Windows\Explorer.EXE39d3d8a3-2180-11e5-b166-c8f733f3ebce

Error: (07/03/2015 01:45:43 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (07/03/2015 01:45:43 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (07/03/2015 01:45:43 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (07/02/2015 11:29:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.1756734f401d0b3ede194427121C:\Windows\Explorer.EXE72e4b02e-2101-11e5-a003-c8f733f3ebce


CodeIntegrity Errors:
===================================
Date: 2015-07-01 04:51:51.403
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-07-01 04:51:51.206
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 62%
Total physical RAM: 8112.11 MB
Available physical RAM: 3009.84 MB
Total Pagefile: 16222.4 MB
Available Pagefile: 9970.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.43 GB) (Free:7.59 GB) NTFS
Drive e: (PLIKI INTERNETOWE) (Fixed) (Total:78.12 GB) (Free:5.81 GB) NTFS
Drive f: (WSZYSTKO) (Fixed) (Total:282.04 GB) (Free:70.93 GB) NTFS
Drive g: (DOKUMENTY) (Fixed) (Total:105.47 GB) (Free:52.98 GB) NTFS
Drive h: (BW2) (CDROM) (Total:3.53 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 21ADE8CD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)

==================== End of log ============================

Attached Files


Edited by Oh My!, 07 July 2015 - 10:43 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:30 AM

Posted 07 July 2015 - 10:55 PM

Greetings Supremee and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

You have very little available space on your C: drive which may cause performance issues.
 

Drive c: () (Fixed) (Total:74.43 GB) (Free:7.59 GB) NTFS


I want to accomplish quite a bit in this first post. Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have Bit Torrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Bit Torrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove all but one of the Antivirus programs currently on your computer, even if only one is running. You can do this via Add/Remove Programs, or Programs and Features in the Control Panel.
 

Norton 360 Premier Edition
avast! Antivirus


===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-202827098-3153037104-392958406-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing
FF HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\ROBERT\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Users\ROBERT\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org [2014-06-17]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Users\ROBERT\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
CustomCLSID: HKU\S-1-5-21-202827098-3153037104-392958406-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\powercpl.dll (Mpotsraoor oictifnrCo) <==== ATTENTION
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
C:\Users\ROBERT\AppData\Roaming\922B2820
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Were you able to remove an Antivirus program?
  • AdwCleaner log
  • Junkware log
  • Fixlog
  • System Summary Information
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Supremee

Supremee
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 08 July 2015 - 06:57 AM

Hello Gary, my name is Rob and I'm really happy to "meet you". I decided to uninstall Bit Torrent and Norton 360 Premier Edition. Here is the log of AdwCleaner by Xplode:
# AdwCleaner v4.207 - Utworzono raport 08/07/2015 o 13:13:26
# Ostatnia aktualizacja 21/06/2015 przez Xplode
# Baza danych : 2015-07-05.2 [Serwer]
# System operacyjny : Windows 7 Home Premium Service Pack 1 (x64)
# Nazwa użytkownika : ROBERT - ROBERT-XNOTE
# Uruchomiony z : C:\Users\ROBERT\Desktop\AdwCleaner.exe
# Działanie : Usuń
 
***** [ Usługi ] *****
 
Usługa usunięto : APNMCP
 
***** [ Pliki / Foldery ] *****
 
Folder usunięto : C:\ProgramData\apn
Folder usunięto : C:\ProgramData\AskPartnerNetwork
Folder usunięto : C:\Program Files (x86)\AskPartnerNetwork
Folder usunięto : C:\Users\ROBERT\AppData\Local\Temp\apn
Folder usunięto : C:\Users\ROBERT\AppData\Local\AskPartnerNetwork
Folder usunięto : C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim
Plik usunięto : C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mfhnkgpdlogbknkhlgdjlejeljbhflim_0.localstorage
Plik usunięto : C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mfhnkgpdlogbknkhlgdjlejeljbhflim_0.localstorage-journal
Plik usunięto : C:\Users\ROBERT\AppData\Roaming\Mozilla\Firefox\Profiles\zdj916pz.default\foxydeal.sqlite
Plik usunięto : C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
Plik usunięto : C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
Plik usunięto : C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.movshare.net_0.localstorage
Plik usunięto : C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.movshare.net_0.localstorage-journal
 
***** [ Zaplanowane zadania ] *****
 
 
***** [ Skróty ] *****
 
 
***** [ Rejestr ] *****
 
Wartość usunięto : HKCU\Software\Mozilla\Firefox\Extensions [magicplayer@torrentstream.org]
Klucz usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
Klucz usunięto : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
Wartość usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Klucz usunięto : HKCU\Software\AskPartnerNetwork
Klucz usunięto : HKCU\Software\ilivid
Klucz usunięto : HKCU\Software\AceStream
Klucz usunięto : HKLM\SOFTWARE\AskPartnerNetwork
Klucz usunięto : HKU\.DEFAULT\Software\AskPartnerNetwork
Klucz usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
Klucz usunięto : HKLM\SOFTWARE\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E
Klucz usunięto : HKLM\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E
Klucz usunięto : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E
Klucz usunięto : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Dane usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Przeglądarki internetowe ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Mozilla Firefox v37.0.2 (x86 pl)
 
 
-\\ Google Chrome v43.0.2357.132
 
[C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - usunięto [Homepage] : management","nativeMessaging","searchProvider","startupPages","storage","tabs","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"manifest_permissions":[],"scriptable_host":["*://*.ask.com/
 
*************************
 
AdwCleaner[R0].txt - [1456 bajty] - [05/10/2013 20:01:34]
AdwCleaner[R1].txt - [4139 bajty] - [08/07/2015 13:12:16]
AdwCleaner[S0].txt - [1353 bajty] - [05/10/2013 20:01:56]
AdwCleaner[S1].txt - [3831 bajty] - [08/07/2015 13:13:26]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3890  bajty] ##########
 
JRT log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.3.6 (07.08.2015:1)
OS: Windows 7 Home Premium x64
Ran by ROBERT on 2015-07-08 at 13:27:42,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\ROBERT\appdata\local\google\chrome\user data\default\local storage\hxxp_www.biznesfinder.pl_0.localstorage
Successfully deleted: [File] C:\Users\ROBERT\appdata\local\google\chrome\user data\default\local storage\hxxp_www.biznesfinder.pl_0.localstorage-journal
Successfully deleted: [File] C:\Users\ROBERT\appdata\local\google\chrome\user data\default\local storage\hxxp_www.metrolyrics.com_0.localstorage
Successfully deleted: [File] C:\Users\ROBERT\appdata\local\google\chrome\user data\default\local storage\hxxp_www.metrolyrics.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\ROBERT\appdata\local\google\chrome\user data\default\local storage\hxxp_www.similarsitesearch.com_0.localstorage
Successfully deleted: [File] C:\Users\ROBERT\appdata\local\google\chrome\user data\default\local storage\hxxp_www.similarsitesearch.com_0.localstorage-journal
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Windows\syswow64\ai_recyclebin
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\ROBERT\AppData\Roaming\mozilla\firefox\profiles\zdj916pz.default\minidumps [97 files]
 
 
 
~~~ Chrome
 
 
[C:\Users\ROBERT\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\ROBERT\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\ROBERT\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\ROBERT\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  mkfokfffehpeedafpekjeddnmnjhmcmk
]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-07-08 at 13:34:17,72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fixlog.txt:
Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by ROBERT at 2015-07-08 13:40:30 Run:1
Running from C:\Users\ROBERT\Desktop
Loaded Profiles: ROBERT (Available Profiles: ROBERT)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-202827098-3153037104-392958406-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing
FF HKU\S-1-5-21-202827098-3153037104-392958406-1000\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\ROBERT\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Users\ROBERT\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org [2014-06-17]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Users\ROBERT\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
CustomCLSID: HKU\S-1-5-21-202827098-3153037104-392958406-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\powercpl.dll (Mpotsraoor oictifnrCo) <==== ATTENTION
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
C:\Users\ROBERT\AppData\Roaming\922B2820
*****************
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
"HKU\S-1-5-21-202827098-3153037104-392958406-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-202827098-3153037104-392958406-1000\Software\Mozilla\Firefox\Extensions\\magicplayer@torrentstream.org => value not found.
C:\Users\ROBERT\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org => moved successfully.
catchme => Service removed successfully
cpuz136 => Service removed successfully
EagleX64 => Service removed successfully
X6va029 => Service removed successfully
"HKU\S-1-5-21-202827098-3153037104-392958406-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}" => key removed successfully
 
"C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}" folder move:
 
Could not move "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}" folder => Scheduled to move on reboot.
 
C:\Users\ROBERT\AppData\Roaming\922B2820 => moved successfully.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-08 13:43:23)<=
 
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} => Is moved successfully
 
==== End of Fixlog 13:43:23 ====
I also wanted to let you know that the fixes you suggested completely removed problems I had with explorer.exe and ads, everything is working properly right now, if you have any other suggestions how can I improve my pc safety feel free to share them with me. Thank you for your time and help.
Rob

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:30 AM

Posted 08 July 2015 - 08:35 PM

Dziękuję Rob! (was just in Poland :) )

That is a great start but we are not quite finished yet. Please do these things.

===================================================

Malwarebytes Anti-Malware Free and Malwarebytes Chameleon

----------
  • Download Malwarebytes Anti-Malware Free and save it to your desktop
  • Double click the desktop icon, click Run, then OK
  • Click Next
  • Select I accept the agreement then continue to click Next then finally click Install
  • Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
  • If you are notified the Database is out of date click Update Now
  • Click Scan Now >>

----------
Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
Click Start (Start, Search, All files and folders for Windows XP) then type mbam
Double click one of the four following files (if one does not work try the next one, and so on) - A black command window will open. Follow those instructions until the Malwarebytes program starts the scan

mbam-chameleon.scr
mbam-chameleon
mbam-chameleon.exe
mbam-chameleon.com

----------

  • When completed click Save Results in the lower right hand corner of the screen then select Text file (.txt)
  • Save the file to your desktop as MBAM
  • Click Apply Actions then restart your computer if requested
  • Copy and past the contents of MBAM.txt in your reply
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • MBAM results
  • ESET results
  • How is your computer running now? Any issues?
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Malwarebytes log
  • ESET log
  • Security Check log

Edited by Oh My!, 08 July 2015 - 09:03 PM.
Modified post

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Supremee

Supremee
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 10 July 2015 - 02:10 PM

Hello again Gary, sorry for replying a little bit slower but I was out of town for one day. Here are the logs:

MBAM.txt:

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Data skanowania: 2015-07-10
Czas skanowania: 16:26
Raport: MBAM.txt
Administrator: Tak
 
Wersja: 2.1.8.1057
Baza szkodliwego oprogramowania: v2015.07.10.04
Baza danych rootkitów: v2015.07.10.01
Licencja: Darmowa
Ochrona przed złośliwym oprogramowaniem: Wyłączony
Ochrona przed szkodliwymi stronami: Wyłączony
Samoobrona: Wyłączony
 
System operacyjny: Windows 7 Service Pack 1
Procesor: x64
System plików: NTFS
Użytkownik: ROBERT
 
Typ skanowania: Dokładne skanowanie
Wynik: Zakończono
Obiekty przeskanowane: 399935
Czas, który upłynął: 13 min, 13 s
 
Pamięć: Włączony
Autostart: Włączony
System plików: Włączony
Archiwa: Włączony
Rootkity: Wyłączony
Heurystyka: Włączony
PUP: Włączony
PUM: Włączony
 
Procesy: 0
(Nie wykryto zagrożeń)
 
Moduły: 0
(Nie wykryto zagrożeń)
 
Klucze rejestru: 1
PUP.Optional.AskAPN.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F524A2D-5350-4500-76A7-A758B70C1D00}, , [36e65090365442f49ea136c9ea18f20e], 
 
Wartości rejestru: 1
PUP.Optional.AskAPN.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F524A2D-5350-4500-76A7-A758B70C1D00}|InstallSource, C:\ProgramData\APN\APN-Stub\ORJ-SPE\, , [36e65090365442f49ea136c9ea18f20e]
 
Dane rejestru: 0
(Nie wykryto zagrożeń)
 
Foldery: 20
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\icons, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\pages, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\pages\css, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\pages\img, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\pages\js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\adme, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\common, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\css, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\lib, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\lib\cufon, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\lib\jquery, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\lib\ts, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\_locales, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\_locales\en_US, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\_locales\ru, , [9884dd03e7a377bf5dc654a8b2509d63], 
 
Pliki: 167
PUP.Optional.OpenCandy, C:\Users\ROBERT\AppData\Local\Temp\HYD8F45.tmp.1436353293\HTA\install.1436353293.zip, , [0814855be7a3ed498559fb56e12439c7], 
PUP.Optional.OpenCandy, C:\Users\ROBERT\AppData\Local\Temp\HYD8F45.tmp.1436353293\HTA\3rdparty\OCSetupHlp.dll, , [48d4da0629614aecc31b5ef3d332619f], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\background.html, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\bg.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\bootstrap.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\init.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\manifest.json, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\icons\magicplayer128.png, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\icons\magicplayer16.png, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\icons\magicplayer48.png, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\pages\options.html, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\pages\css\options.css, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\pages\img\logo.png, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\pages\js\options.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\adme\bg.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\common\core.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\common\prefs.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\common\utils.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\bg.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\utils.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\css\magicplayer.css, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\css\ts-buttons.css, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\lib\jquery\jquery-1.7.min.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\lib\ts\button.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\lib\ts\core.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\lib\ts\magicplayer.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\lib\ts\player.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\1337x.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\adminko.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\animelayer.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\animereactor.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\arenabg.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\baibako.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\bakabt.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\beeretracker.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\berloga.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\bete.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\big-boss.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\bigfangroup.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\bigtorrent.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\bithumen.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\bitmanija.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\bitsnoop.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\bitsoup.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\btscene.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\coda.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\dark-os.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\demonoid.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\dimeadozen.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\divxtotal.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\dontracker.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\dxp.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\elitetorrent.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\ex.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\extratorrent.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\eztv.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\fast-torrent.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\fasttorrent.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\fat.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\fenopy.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\fex.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\file.lu.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\filebag.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\filebase.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\free-torrents.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\freekino.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\fulldls.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\goldenshara.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\hdclub.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\hdclub.org.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\hdreactor.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\hilm.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\hq-video.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\hqclub.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\jc-club.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\jesus-torrent.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\kat.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\katushka.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\kinokopilka.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\kinoshek.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\kinozal.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\kinsburg.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\limetorrents.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\linkomanija.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\lostfilm.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\masters-tb.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\maxnet.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\mediastore.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\mininova.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\monova.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\movietorrents.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\multiestrenos.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\bithq.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\estrenosdtl.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\frenchtorrentdb.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\piratbit.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\seedpeer.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\toloka.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\mytorrento.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\newtorr.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\nice-media.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\nigma.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\nnm.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\nnportal.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\novafilm.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\novaset.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\nyaa.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\oday.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\opensharing.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\opentorrent.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\picktorrent.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\pirat.ca.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\planefilm.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\powertracker.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\pravtor.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\publichd.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\rarbg.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\rgfootball.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\riper.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\rt-tracker.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\rustorka.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\rutor.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\rutracker.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\scenefz.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\starbit.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\stepashka.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\streamzone.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\sumotorrent.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\take.fm.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\tapochek.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\tfile.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\thepiratebay.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torlock.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\tormovies.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrent73.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrentbit.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrentdownloads.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrentfunk.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrentom.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrentreactor.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrents.by.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrents.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrents.net.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrentsmd.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrentstream.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrentzap.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrnado-ru.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrnado.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\treckera-net.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\uatracker.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\undelete.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\uniongang.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\unionpeer.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\uraltrack.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\vertor.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\x-torrents.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\yify.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\yourbittorent.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\youtor.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\youtube.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\youtube_pre.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\zamunda.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\zlofenix.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\zoneland.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\_conf.js, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\_locales\en_US\messages.json, , [9884dd03e7a377bf5dc654a8b2509d63], 
PUP.Optional.ASMagicPlayer.A, C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\_locales\ru\messages.json, , [9884dd03e7a377bf5dc654a8b2509d63], 
 
Sektory fizyczne: 0
(Nie wykryto zagrożeń)
 
 
(end)
Eset log:

C:\FRST\Quarantine\C\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\powercpl.dll a variant of Win64/Kryptik.XF trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.07.2015_00.54.55\uds0000\file0000\tsk0000.dta Win32/Tinba.BE trojan cleaned by deleting - quarantined
C:\Users\ROBERT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNLCB7IB\a[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\ROBERT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VH6KEXAK\37CZ3YIF.htm JS/Exploit.Agent.NJR trojan cleaned by deleting - quarantined
C:\Users\ROBERT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VH6KEXAK\PUAQREPZ.htm JS/Kryptik.AVE trojan cleaned by deleting - quarantined
C:\Users\ROBERT\Local Settings\Application Data\Bundled software uninstaller\bi_client.exe Win32/Somoto.A potentially unwanted application cleaned by deleting - quarantined
E:\DOWNLOAD\DAEMON-Tools-Lite(12708).exe a variant of Win32/InstallCore.CH potentially unwanted application cleaned by deleting - quarantined
E:\DOWNLOAD\gimp-setup.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
E:\DOWNLOAD\iLividSetup-r484-n-bc.exe a variant of Win32/iLivid.A potentially unwanted application cleaned by deleting - quarantined
E:\sidmeierspirates\[ 3. CRACK ]\pirates!.exe a variant of Generik.MNGJLBF trojan cleaned by deleting - quarantined
F:\AetherFlyff\Launcher.exe a variant of Win32/Packed.Themida suspicious application cleaned by deleting - quarantined
F:\AetherFlyff\Neuz.exe a variant of Win32/Packed.Themida suspicious application cleaned by deleting - quarantined
Security check log:

Results of screen317's Security Check version 1.005  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
  Adobe Flash Player 16.0.0.305 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox 37.0.2 Firefox out of Date!  
 Google Chrome (43.0.2357.130) 
 Google Chrome (43.0.2357.132) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
Overall computer performance is great right now, after using Malwarebytes Anti-Malware I had a problem with bluescreen but it's working properly right now. Thank you for your help again and if there is anything else you need to know I will provide information for you as fast as I can. Hopefully you enjoyed your stay in Poland.
 
 
 


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:30 AM

Posted 10 July 2015 - 02:24 PM

We loved Poland. :)

It is hard for me to know what MBAM did with those entries. If you want to keep ASMagicPlayer you can remove that from being quarantined. Quarantine the rest if MBAM hasn't already done that.

We need to update a couple things.

===================================================

Update Adobe Flash Player

--------------------
  • Download Adobe Flash Player here and save it to your desktop. Uncheck "Yes, install McAfee Security Scan Plus - optional"
  • Close any open browsers
  • Click on Install Now
  • Click Save File and save the file to your Desktop
  • Double click the Desktop icon
  • Select either Allow Adobe to install updates (recommended) or Notify me to install updates then click Next
  • When completed click Finish
===================================================

Firefox Update

--------------------

I recommend you consider updating Firefox to the newest version. If you desire to do so please click this link to begin the process.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the updates go well?
  • Any remaining concerns or questions before I offer a final step?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Supremee

Supremee
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 10 July 2015 - 02:36 PM

Updates went well and I don't have any questions so we can move on with the process.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:30 AM

Posted 10 July 2015 - 02:45 PM

Very good. Looks like we are all set so here is some final information.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder. For everything else you simply delete the log files or desktop icons.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a brief period of time in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:30 AM

Posted 11 July 2015 - 07:16 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users