Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unable to start malwarebytes neither using chameleon


  • This topic is locked This topic is locked
15 replies to this topic

#1 neonxc

neonxc

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 14 July 2016 - 04:19 AM

hello,
it seems my pc has been infected with some kind of malware. the log files from farbar are attached. thank you for any help in advance :).
 
best regards. tom

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-07-2016 02
Ran by t (administrator) on DESKTOP-OLQHCKU (14-07-2016 10:36:03)
Running from C:\Users\t\Desktop
Loaded Profiles: t (Available Profiles: t)
Platform: Windows 10 Pro Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Spotify Ltd) C:\Users\t\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-04-08] (AVAST Software)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [523144 2015-09-07] (Autodesk Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-10-23] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-387406936-2736644126-3192766593-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23496872 2016-05-17] (Google)
HKU\S-1-5-21-387406936-2736644126-3192766593-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2851408 2016-07-09] (Valve Corporation)
HKU\S-1-5-21-387406936-2736644126-3192766593-1001\...\Run: [Spotify Web Helper] => C:\Users\t\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1553520 2016-07-10] (Spotify Ltd)
HKU\S-1-5-21-387406936-2736644126-3192766593-1001\...\Policies\Explorer: []
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-20] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{c52486e5-d75e-412a-a9bb-625a88333c75}: [DhcpNameServer] 10.200.1.1
Tcpip\..\Interfaces\{ce01549f-819c-41e4-bf16-0f914bb2c114}: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{d0ad3bb2-a591-44a1-b97a-c426413f4496}: [DhcpNameServer] 10.192.2.2

Internet Explorer:
==================
HKU\S-1-5-21-387406936-2736644126-3192766593-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://idnes.cz/
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-06-24] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-24] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-06-24] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-04] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-06-24] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-04] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-24] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-24] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-24] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-24] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-387406936-2736644126-3192766593-1001 -> hxxp://idnes.cz/
Edge Session Restore: HKU\S-1-5-21-387406936-2736644126-3192766593-1001 -> is enabled.

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-06-24] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-11]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-05-11]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1136520 2015-09-07] (Autodesk Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-20] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2855152 2016-06-05] (Microsoft Corporation)
R2 HvHost; C:\Windows\System32\hvhostsvc.dll [61440 2015-11-12] (Microsoft Corporation)
S2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2016-03-29] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [137216 2016-03-29] (Microsoft Corporation) [File not signed]
S3 vmcompute; C:\Windows\system32\vmcompute.exe [1142272 2015-11-12] (Microsoft Corporation)
R2 vmms; C:\Windows\system32\vmms.exe [14384128 2015-11-13] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-11] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-11] (AVAST Software)
S3 athr; C:\Windows\System32\drivers\athwnx.sys [4207104 2015-10-30] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [111120 2016-03-01] (Advanced Micro Devices)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2011-11-04] (www.winchiphead.com)
R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [71008 2015-11-12] (Microsoft Corporation)
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [22528 2015-11-12] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [23552 2015-11-12] (Microsoft Corporation)
S3 pcip; C:\Windows\System32\drivers\pcip.sys [44544 2015-11-12] (Microsoft Corporation)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [50176 2015-11-12] (Microsoft Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
R3 Synth3dVsp; C:\Windows\System32\drivers\synth3dvsp.sys [101888 2015-11-12] (Microsoft Corporation)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [26624 2015-11-12] (Microsoft Corporation)
R3 vmsmp; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
R2 VMSP; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
R0 vmsproxy; C:\Windows\System32\drivers\vmsproxy.sys [22016 2015-11-12] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2014-10-16] (Cisco Systems, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 WinNat; C:\Windows\System32\drivers\winnat.sys [350720 2016-01-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-14 10:36 - 2016-07-14 10:37 - 00015377 _____ C:\Users\t\Desktop\FRST.txt
2016-07-14 10:35 - 2016-07-14 10:36 - 00000000 ____D C:\FRST
2016-07-14 10:31 - 2016-07-14 10:35 - 02390528 _____ (Farbar) C:\Users\t\Desktop\FRST64.exe
2016-07-14 08:25 - 2016-07-14 10:15 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-07-14 08:25 - 2016-07-14 08:25 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-14 08:25 - 2016-07-14 08:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-14 08:25 - 2016-07-14 08:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-14 08:25 - 2016-07-14 08:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-14 08:25 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-07-14 08:25 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-07-14 08:21 - 2016-07-14 08:22 - 22851472 _____ (Malwarebytes ) C:\Users\t\Downloads\mbam-setup-2.2.1.1043.exe
2016-07-11 23:55 - 2016-07-11 23:59 - 00000000 ____D C:\Users\t\AppData\Local\Microsoft_Corporation
2016-07-11 17:59 - 2016-07-12 15:25 - 00060928 _____ C:\Users\t\Desktop\Hering.xls
2016-06-26 11:09 - 2016-06-26 11:09 - 00000000 ___DL C:\Users\t\AppData\LocalLow\PlayReady
2016-06-25 19:14 - 2016-06-30 00:10 - 00000000 ____D C:\Users\t\Documents\my games
2016-06-25 18:52 - 2016-06-25 18:52 - 00000516 _____ C:\Users\t\Downloads\select_car.php
2016-06-20 21:03 - 2016-06-20 21:03 - 00002559 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-06-20 21:03 - 2016-06-20 21:03 - 00002558 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive pro firmy.lnk
2016-06-20 21:03 - 2016-06-20 21:03 - 00002553 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-06-20 21:03 - 2016-06-20 21:03 - 00002530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-06-20 21:03 - 2016-06-20 21:03 - 00002525 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-06-20 21:03 - 2016-06-20 21:03 - 00002518 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype pro firmy 2016.lnk
2016-06-20 21:03 - 2016-06-20 21:03 - 00002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-06-20 21:03 - 2016-06-20 21:03 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-06-20 21:03 - 2016-06-20 21:03 - 00002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-06-20 21:03 - 2016-06-20 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office 2016
2016-06-20 20:57 - 2016-06-20 21:02 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-06-20 09:05 - 2016-06-20 09:05 - 00382810 _____ C:\Users\t\Downloads\SKMBT_C35216062007560.zip
2016-06-20 09:00 - 2016-06-20 09:00 - 00259904 _____ C:\Users\t\Downloads\SKMBT_C35216062007560.pdf
2016-06-20 00:40 - 2016-05-28 08:13 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-20 00:40 - 2016-05-28 08:13 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-20 00:40 - 2016-05-28 06:29 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-06-20 00:40 - 2016-05-28 06:19 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-20 00:40 - 2016-05-28 06:18 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-06-20 00:40 - 2016-05-28 06:17 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-06-20 00:40 - 2016-05-28 06:06 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-06-20 00:40 - 2016-05-28 06:04 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-20 00:39 - 2016-05-28 06:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-06-20 00:39 - 2016-05-28 06:18 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-20 00:39 - 2016-05-28 06:16 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-20 00:39 - 2016-05-28 06:14 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-06-20 00:39 - 2016-05-28 06:08 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-20 00:39 - 2016-05-28 06:08 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-06-20 00:39 - 2016-05-28 06:06 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-20 00:39 - 2016-05-28 06:05 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-06-20 00:39 - 2016-05-28 06:03 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-06-20 00:39 - 2016-05-28 06:02 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-06-20 00:39 - 2016-05-28 06:00 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-06-20 00:39 - 2016-05-28 06:00 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-20 00:39 - 2016-05-28 06:00 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-06-20 00:39 - 2016-05-28 06:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-06-20 00:39 - 2016-05-28 05:58 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-06-20 00:38 - 2016-05-28 08:13 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-20 00:38 - 2016-05-28 07:25 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2016-06-20 00:38 - 2016-05-28 07:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-06-20 00:38 - 2016-05-28 07:22 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2016-06-20 00:38 - 2016-05-28 07:20 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-20 00:38 - 2016-05-28 07:09 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-06-20 00:38 - 2016-05-28 07:08 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-06-20 00:38 - 2016-05-28 07:07 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-20 00:38 - 2016-05-28 07:07 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-20 00:38 - 2016-05-28 07:07 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-06-20 00:38 - 2016-05-28 07:07 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-06-20 00:38 - 2016-05-28 07:07 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-06-20 00:38 - 2016-05-28 07:06 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-06-20 00:38 - 2016-05-28 07:05 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-06-20 00:38 - 2016-05-28 06:58 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-06-20 00:38 - 2016-05-28 06:58 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-20 00:38 - 2016-05-28 06:57 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-06-20 00:38 - 2016-05-28 06:57 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-06-20 00:38 - 2016-05-28 06:57 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-20 00:38 - 2016-05-28 06:57 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-20 00:38 - 2016-05-28 06:57 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-06-20 00:38 - 2016-05-28 06:57 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-06-20 00:38 - 2016-05-28 06:57 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-06-20 00:38 - 2016-05-28 06:57 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-06-20 00:38 - 2016-05-28 06:57 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-20 00:38 - 2016-05-28 06:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
2016-06-20 00:38 - 2016-05-28 06:31 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-06-20 00:38 - 2016-05-28 06:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-06-20 00:38 - 2016-05-28 06:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-06-20 00:38 - 2016-05-28 06:18 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2016-06-20 00:38 - 2016-05-28 06:18 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-06-20 00:38 - 2016-05-28 06:18 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-06-20 00:38 - 2016-05-28 06:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-06-20 00:38 - 2016-05-28 06:17 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-20 00:38 - 2016-05-28 06:17 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-06-20 00:38 - 2016-05-28 06:16 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-20 00:38 - 2016-05-28 06:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-06-20 00:38 - 2016-05-28 06:16 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-06-20 00:38 - 2016-05-28 06:15 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-06-20 00:38 - 2016-05-28 06:15 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-06-20 00:38 - 2016-05-28 06:15 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-20 00:38 - 2016-05-28 06:14 - 03292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12warp.dll
2016-06-20 00:38 - 2016-05-28 06:14 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-06-20 00:38 - 2016-05-28 06:14 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-06-20 00:38 - 2016-05-28 06:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-06-20 00:38 - 2016-05-28 06:14 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-20 00:38 - 2016-05-28 06:13 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-06-20 00:38 - 2016-05-28 06:13 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-06-20 00:38 - 2016-05-28 06:13 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-06-20 00:38 - 2016-05-28 06:13 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2016-06-20 00:38 - 2016-05-28 06:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-20 00:38 - 2016-05-28 06:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-20 00:38 - 2016-05-28 06:11 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-06-20 00:38 - 2016-05-28 06:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-20 00:38 - 2016-05-28 06:06 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-20 00:38 - 2016-05-28 06:05 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-20 00:38 - 2016-05-28 06:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-06-20 00:38 - 2016-05-28 06:05 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-06-20 00:38 - 2016-05-28 06:03 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-20 00:38 - 2016-05-28 06:03 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-06-20 00:38 - 2016-05-28 06:03 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll
2016-06-20 00:38 - 2016-05-28 06:02 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-06-20 00:38 - 2016-05-28 06:02 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-06-20 00:38 - 2016-05-28 06:01 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-06-20 00:38 - 2016-05-28 06:01 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-06-20 00:38 - 2016-05-28 06:01 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-20 00:38 - 2016-05-28 06:00 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-20 00:38 - 2016-05-28 06:00 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-06-20 00:38 - 2016-05-28 05:58 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-20 00:38 - 2016-05-28 05:58 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-06-20 00:38 - 2016-05-28 05:58 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-06-20 00:38 - 2016-05-28 05:57 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-06-20 00:38 - 2016-05-28 05:55 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-06-20 00:37 - 2016-05-28 08:13 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-20 00:37 - 2016-05-28 08:13 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-20 00:37 - 2016-05-28 08:13 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-20 00:37 - 2016-05-28 07:23 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-20 00:37 - 2016-05-28 07:23 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-20 00:37 - 2016-05-28 07:22 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-06-20 00:37 - 2016-05-28 07:22 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-06-20 00:37 - 2016-05-28 07:22 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-06-20 00:37 - 2016-05-28 07:18 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-20 00:37 - 2016-05-28 07:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-06-20 00:37 - 2016-05-28 07:09 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2016-06-20 00:37 - 2016-05-28 07:09 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-06-20 00:37 - 2016-05-28 07:08 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-06-20 00:37 - 2016-05-28 07:08 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-06-20 00:37 - 2016-05-28 07:07 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-06-20 00:37 - 2016-05-28 07:07 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-06-20 00:37 - 2016-05-28 07:06 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-06-20 00:37 - 2016-05-28 07:06 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-06-20 00:37 - 2016-05-28 07:06 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-06-20 00:37 - 2016-05-28 07:06 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-06-20 00:37 - 2016-05-28 07:04 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-20 00:37 - 2016-05-28 07:04 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-20 00:37 - 2016-05-28 07:04 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-20 00:37 - 2016-05-28 07:04 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-20 00:37 - 2016-05-28 07:04 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-06-20 00:37 - 2016-05-28 07:04 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-06-20 00:37 - 2016-05-28 07:03 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-20 00:37 - 2016-05-28 06:57 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-06-20 00:37 - 2016-05-28 06:35 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-06-20 00:37 - 2016-05-28 06:31 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-06-20 00:37 - 2016-05-28 06:31 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-06-20 00:37 - 2016-05-28 06:29 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARP12Debug.dll
2016-06-20 00:37 - 2016-05-28 06:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-06-20 00:37 - 2016-05-28 06:29 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-06-20 00:37 - 2016-05-28 06:28 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-06-20 00:37 - 2016-05-28 06:28 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-06-20 00:37 - 2016-05-28 06:28 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-20 00:37 - 2016-05-28 06:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-06-20 00:37 - 2016-05-28 06:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-06-20 00:37 - 2016-05-28 06:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-06-20 00:37 - 2016-05-28 06:26 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-06-20 00:37 - 2016-05-28 06:26 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-06-20 00:37 - 2016-05-28 06:26 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-06-20 00:37 - 2016-05-28 06:25 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARPDebug.dll
2016-06-20 00:37 - 2016-05-28 06:25 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARP12Debug.dll
2016-06-20 00:37 - 2016-05-28 06:25 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.dll
2016-06-20 00:37 - 2016-05-28 06:24 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-06-20 00:37 - 2016-05-28 06:24 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
2016-06-20 00:37 - 2016-05-28 06:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-06-20 00:37 - 2016-05-28 06:24 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-06-20 00:37 - 2016-05-28 06:24 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-06-20 00:37 - 2016-05-28 06:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-06-20 00:37 - 2016-05-28 06:24 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-20 00:37 - 2016-05-28 06:23 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-06-20 00:37 - 2016-05-28 06:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-06-20 00:37 - 2016-05-28 06:22 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-06-20 00:37 - 2016-05-28 06:22 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-06-20 00:37 - 2016-05-28 06:22 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-20 00:37 - 2016-05-28 06:22 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-06-20 00:37 - 2016-05-28 06:22 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-06-20 00:37 - 2016-05-28 06:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2016-06-20 00:37 - 2016-05-28 06:22 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-06-20 00:37 - 2016-05-28 06:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-06-20 00:37 - 2016-05-28 06:21 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2016-06-20 00:37 - 2016-05-28 06:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-06-20 00:37 - 2016-05-28 06:21 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARPDebug.dll
2016-06-20 00:37 - 2016-05-28 06:21 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.dll
2016-06-20 00:37 - 2016-05-28 06:20 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-06-20 00:37 - 2016-05-28 06:20 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2016-06-20 00:37 - 2016-05-28 06:20 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-20 00:37 - 2016-05-28 06:20 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-06-20 00:37 - 2016-05-28 06:20 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
2016-06-20 00:37 - 2016-05-28 06:20 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2016-06-20 00:37 - 2016-05-28 06:20 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2016-06-20 00:37 - 2016-05-28 06:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-06-20 00:37 - 2016-05-28 06:19 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-06-20 00:37 - 2016-05-28 06:19 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2016-06-20 00:37 - 2016-05-28 06:18 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-06-20 00:37 - 2016-05-28 06:18 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-06-20 00:37 - 2016-05-28 06:18 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-20 00:37 - 2016-05-28 06:17 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2016-06-20 00:37 - 2016-05-28 06:17 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-06-20 00:37 - 2016-05-28 06:17 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-06-20 00:37 - 2016-05-28 06:17 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-06-20 00:37 - 2016-05-28 06:17 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-06-20 00:37 - 2016-05-28 06:16 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-20 00:37 - 2016-05-28 06:16 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-20 00:37 - 2016-05-28 06:16 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-20 00:37 - 2016-05-28 06:16 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-06-20 00:37 - 2016-05-28 06:15 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2016-06-20 00:37 - 2016-05-28 06:15 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-06-20 00:37 - 2016-05-28 06:15 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-06-20 00:37 - 2016-05-28 06:15 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2016-06-20 00:37 - 2016-05-28 06:15 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-20 00:37 - 2016-05-28 06:14 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-20 00:37 - 2016-05-28 06:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-06-20 00:37 - 2016-05-28 06:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-06-20 00:37 - 2016-05-28 06:14 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-06-20 00:37 - 2016-05-28 06:13 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-06-20 00:37 - 2016-05-28 06:13 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-06-20 00:37 - 2016-05-28 06:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-06-20 00:37 - 2016-05-28 06:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-06-20 00:37 - 2016-05-28 06:11 - 02470912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12warp.dll
2016-06-20 00:37 - 2016-05-28 06:11 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-06-20 00:37 - 2016-05-28 06:11 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-06-20 00:37 - 2016-05-28 06:11 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-06-20 00:37 - 2016-05-28 06:11 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-06-20 00:37 - 2016-05-28 06:11 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-20 00:37 - 2016-05-28 06:11 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-06-20 00:37 - 2016-05-28 06:09 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-06-20 00:37 - 2016-05-28 06:04 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-06-20 00:37 - 2016-05-28 06:04 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-06-20 00:37 - 2016-05-28 06:03 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2016-06-20 00:37 - 2016-05-28 06:03 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-06-20 00:37 - 2016-05-28 06:02 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-06-20 00:37 - 2016-05-28 06:01 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-06-20 00:37 - 2016-05-28 06:00 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-20 00:37 - 2016-05-28 06:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-06-20 00:37 - 2016-05-28 06:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-06-20 00:37 - 2016-05-28 06:00 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-06-20 00:37 - 2016-05-28 05:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-06-20 00:37 - 2016-05-28 05:58 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-20 00:37 - 2016-05-28 05:53 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-06-20 00:36 - 2016-05-28 06:29 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-20 00:36 - 2016-05-28 06:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-06-20 00:36 - 2016-05-28 06:25 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-06-20 00:36 - 2016-05-28 06:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-20 00:36 - 2016-05-28 06:24 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-06-20 00:36 - 2016-05-28 06:22 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-06-20 00:36 - 2016-05-28 06:21 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-06-20 00:36 - 2016-05-28 06:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-06-20 00:36 - 2016-05-28 06:13 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-14 10:34 - 2015-10-27 14:03 - 00004202 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E98AA75E-B3FE-4F7C-8F3D-31AEAECA6C94}
2016-07-14 10:06 - 2015-10-12 22:44 - 00000992 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-14 09:12 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-07-14 08:56 - 2015-10-12 22:47 - 00000000 ___RD C:\Users\t\Disk Google
2016-07-14 08:53 - 2015-10-12 22:44 - 00000988 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-14 08:52 - 2015-11-29 13:29 - 00000715 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2016-07-14 08:50 - 2015-11-12 23:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-14 08:49 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-07-14 08:48 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-07-14 07:47 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-13 15:30 - 2015-10-31 21:36 - 00000000 ____D C:\Users\t\AppData\Roaming\Skype
2016-07-13 13:37 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-07-13 12:55 - 2015-11-12 22:15 - 00000000 ____D C:\Users\t
2016-07-13 10:39 - 2015-10-27 14:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-13 10:39 - 2015-10-27 14:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-07-12 21:35 - 2015-12-26 22:54 - 00000000 ____D C:\Users\t\AppData\Local\Spotify
2016-07-12 21:35 - 2015-12-26 22:52 - 00000000 ____D C:\Users\t\AppData\Roaming\Spotify
2016-07-12 15:58 - 2015-10-12 23:20 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-07-12 14:54 - 2015-10-12 15:59 - 00000000 ____D C:\Users\t\AppData\Local\Packages
2016-07-11 20:28 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-07-11 06:48 - 2015-10-12 20:12 - 00000000 ____D C:\Users\t\Documents\Visual Studio 2015
2016-07-09 17:04 - 2015-11-03 01:28 - 00000000 ____D C:\Program Files (x86)\Steam
2016-07-06 12:19 - 2015-10-31 21:34 - 00000000 ____D C:\ProgramData\Skype
2016-07-02 06:37 - 2015-10-30 09:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-07-02 06:37 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-29 22:31 - 2015-10-30 20:31 - 01266032 _____ C:\WINDOWS\system32\perfh005.dat
2016-06-29 22:31 - 2015-10-30 20:31 - 00320406 _____ C:\WINDOWS\system32\perfc005.dat
2016-06-29 22:31 - 2015-10-12 10:01 - 00006542 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-27 00:51 - 2015-10-27 14:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-24 11:08 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-24 11:00 - 2015-10-14 17:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-06-23 16:25 - 2015-11-12 22:02 - 00415200 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-20 21:09 - 2015-10-12 16:03 - 00002346 _____ C:\Users\t\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-06-20 21:09 - 2015-10-12 16:03 - 00000000 ___RD C:\Users\t\OneDrive
2016-06-20 16:35 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-06-20 08:04 - 2015-09-10 07:44 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-20 03:32 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-06-20 03:32 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-06-20 03:32 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-06-20 01:54 - 2015-10-12 18:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-20 01:42 - 2015-10-12 18:44 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-20 00:14 - 2015-10-31 21:35 - 00000000 ___RD C:\Program Files (x86)\Skype

==================== Files in the root of some directories =======

2016-02-04 17:19 - 2016-02-04 17:19 - 0007602 _____ () C:\Users\t\AppData\Local\Resmon.ResmonCfg
2015-11-20 11:46 - 2015-11-20 11:46 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some files in TEMP:
====================
C:\Users\t\AppData\Local\Temp\AcDeltree.exe
C:\Users\t\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\t\AppData\Local\Temp\tmpF8B3.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-09 17:38

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-07-2016 02
Ran by t (2016-07-14 10:40:15)
Running from C:\Users\t\Desktop
Windows 10 Pro Version 1511 (X64) (2015-11-12 21:22:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-387406936-2736644126-3192766593-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-387406936-2736644126-3192766593-503 - Limited - Disabled)
Guest (S-1-5-21-387406936-2736644126-3192766593-501 - Limited - Disabled)
t (S-1-5-21-387406936-2736644126-3192766593-1001 - Administrator - Enabled) => C:\Users\t

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{981F324E-98F4-4784-B76F-04E92039F3F6}) (Version: 5.2.60328.3 - Microsoft Corporation)
Arduino (HKLM-x32\...\Arduino) (Version: 1.6.9 - Arduino LLC)
AutoCAD 2015 – Čeština (Czech) (Version: 20.0.210.0 - Autodesk) Hidden
AutoCAD 2015 – Čeština (Czech) (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 Language Pack – Čeština (Czech) (Version: 20.0.51.0 - Autodesk) Hidden
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 5.0.142.5 - Autodesk)
Autodesk AutoCAD 2015 – Čeština (Czech) (HKLM\...\AutoCAD 2015 – Čeština (Czech)) (Version: 20.0.51.0 - Autodesk)
Autodesk AutoCAD 2015 – Čeština (Czech) SP2 (HKLM\...\AutoCAD 2015 – Čeština (Czech) SP2) (Version: 20.0.210.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool Version 1.2.2 (HKLM-x32\...\{85735431-6CD3-4B16-BEC8-95332034E53B}) (Version: 1.2.2.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software)
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.51210.80 - Microsoft Corporation) Hidden
Black Mirror II (HKLM-x32\...\Steam App 286460) (Version: - Cranberry Production)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Build Tools for Windows 10 - ENU (x32 Version: 14.0.25208 - Microsoft Corporation) Hidden
Build Tools for Windows 10 (x32 Version: 14.0.25208 - Microsoft Corporation) Hidden
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.12020 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.12020 - Cisco Systems, Inc.) Hidden
CodedUITestUAP (x32 Version: 14.0.25208 - Microsoft Corporation) Hidden
Company of Heroes (HKLM\...\Steam App 4560) (Version: - Relic Entertainment)
Dotfuscator and Analytics Community Edition 5.19.1 (x32 Version: 5.19.1.3091 - PreEmptive Solutions) Hidden
Ferramentas do Windows Phone 8.1 para Visual Studio 2015 - PTB (x32 Version: 14.0.25123 - Microsoft Corporation) Hidden
Git version 1.9.5-preview20141217 (HKLM-x32\...\Git_is1) (Version: 1.9.5-preview20141217 - The Git Development Community)
Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Herramientas de Windows Phone 8.1 para Visual Studio 2015 - ESN (x32 Version: 14.0.25123 - Microsoft Corporation) Hidden
IDE Tools for Windows 10 - ENU (x32 Version: 14.0.25208 - Microsoft Corporation) Hidden
IDE Tools for Windows 10 (x32 Version: 14.0.25208 - Microsoft Corporation) Hidden
Import souborů SketchUp (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
Intellisense Lang Pack Mobile Extension SDK 10.0.10586.0 (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Kits Configuration Installer (x32 Version: 10.1.10586.212 - Microsoft) Hidden
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MATLAB R2011b (32-bit) (HKLM-x32\...\Matlab R2011b) (Version: 7.13 - The MathWorks, Inc.)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (čeština) (HKLM-x32\...\{E249803A-BD5B-4FDC-A630-976C2971F5B4}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (čeština) (HKLM-x32\...\{25C7677B-0398-46A3-A0EE-7B393D20FA30}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Emulator - Windows 10.0.26624 (HKLM-x32\...\{5a671758-b843-4cb0-872f-5a7d92908c83}) (Version: 10.0.26624 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25123 - Microsoft Corporation)
Microsoft Office 365 ProPlus - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.6741.2048 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM-x32\...\{4f075c79-8ee3-4c85-9408-828736d1f7f3}) (Version: 14.0.23107.178 - Microsoft Corporation)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25123 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Nástroje Windows Phone 8.1 pro sadu Visual Studio 2015 – CSY (x32 Version: 14.0.25123 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6701.1029 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6701.1029 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6701.1029 - Microsoft Corporation) Hidden
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation)
Outils Windows Phone 8.1 pour Visual Studio 2015 - FRA (x32 Version: 14.0.25123 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Project and Item Templates for Visual Studio Express 2015 for Windows 10 - ENU (x32 Version: 14.0.25208 - Microsoft Corporation) Hidden
Project and Item Templates for Visual Studio Professionald 2015 - ENU (x32 Version: 14.0.25208 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25123 - Microsoft Corporation) Hidden
SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-387406936-2736644126-3192766593-1001\...\Spotify) (Version: 1.0.32.96.g3c8a06e6 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Strumenti di Windows Phone 8.1 per Visual Studio 2015 - ITA (x32 Version: 14.0.25123 - Microsoft Corporation) Hidden
Team Explorer for Microsoft Visual Studio 2015 Update 2 (x32 Version: 14.95.25118 - Microsoft) Hidden
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
TypeScript Power Tool (x32 Version: 1.7.6.0 - Microsoft Corporation) Hidden
TypeScript Power Tool (x32 Version: 1.8.9.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.29.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.7.6.0 (HKLM-x32\...\{5ee9a47a-3630-4016-b76d-dc752e9218dd}) (Version: 1.7.24809.0 - Microsoft Corporation)
Universal CRT Extension SDK (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Redistributable (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2015 Update 2 (KB3022398) (HKLM-x32\...\{78c1b501-a6eb-4f29-88c5-84189564827e}) (Version: 14.0.25123 - Microsoft Corporation)
VS Update core components (x32 Version: 14.0.25123 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WinAppDeploy (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Windows 10 for Mobile Image - 10.0.10240.0 (HKLM-x32\...\{E50D6143-05C6-425C-B39D-9B04879BF618}) (Version: 10.0.10240.0 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{E65EDBCC-C437-45DF-96BE-46B672317F41}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.10586.15 (HKLM-x32\...\{28a123e5-1799-4f20-9bd8-7c46f30eb7bf}) (Version: 10.1.10586.15 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.10586.212 (HKLM-x32\...\{43d9f43d-c90b-4fdf-9dfe-ecf9990bfa2a}) (Version: 10.1.10586.212 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.26624 (HKLM-x32\...\{e7a0c8b6-b0e9-41e2-8a0a-a6784f88d1d4}) (Version: 10.0.26624 - Microsoft Corporation)
WinRT Intellisense Desktop - en-us (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - en-us (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - Other Languages (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Средства Windows Phone 8.1 для Visual Studio 2015 — RUS (x32 Version: 14.0.25123 - Microsoft Corporation) Hidden
用于 Visual Studio 2015 的 Windows Phone 8.1 工具 - 简体中文 (x32 Version: 14.0.25123 - Microsoft Corporation) Hidden
適用於 Visual Studio 2015 的 Windows Phone 8.1 工具 - 繁體中文 (x32 Version: 14.0.25123 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-387406936-2736644126-3192766593-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-387406936-2736644126-3192766593-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-387406936-2736644126-3192766593-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\cs-CZ\acadficn.dll (Autodesk, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B92ADE5-C37C-4CD3-8B81-FAB598EF79FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-12] (Google Inc.)
Task: {0DB737BE-B39D-48D3-BA79-E41845BE9EA1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-05] (Microsoft Corporation)
Task: {32575BF8-32AF-4457-A3AF-1F1F6172592B} - System32\Tasks\SafeZone scheduled Autoupdate 1458757141 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {67C08971-89B9-4C9C-8F62-2DEB66CF939B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-20] (Microsoft Corporation)
Task: {68F75F0D-B5CC-44C5-B796-3CB2CC7EA82D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-11] (AVAST Software)
Task: {94B3933F-8137-4B07-8BEF-8973C5B530C2} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-03-22] (Microsoft Corporation)
Task: {A7484CF5-5952-4143-94C1-6819FEF0B3B9} - System32\Tasks\MATLAB R2011b Startup Accelerator => C:\Program Files (x86)\MATLAB\R2011b\bin\win32\MATLABStartupAccelerator.exe [2011-07-08] ()
Task: {B79FF723-4AE7-41DB-BFF0-FF9FD5088272} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
Task: {CAFF2459-FBC9-45ED-A999-D08183B3CB16} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-06-24] (Microsoft Corporation)
Task: {DAB402E2-BBEB-49CA-B570-1B428E2A4056} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-06-24] (Microsoft Corporation)
Task: {DC404245-E3F2-4185-B9AF-90F8DCCE0B55} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-12] (Google Inc.)
Task: {E2E3E276-F453-4DD7-B755-58A8DBA57FDA} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {FCEB8920-EC7E-47A4-BFA6-3DDC4053F8DB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-05] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MATLAB R2011b Startup Accelerator.job => C:\Program Files (x86)\MATLAB\R2011b\bin\win32\MATLABStartupAccelerator.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-08-21 23:09 - 2015-08-21 23:09 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-10-30 09:18 - 2015-11-12 21:43 - 00263168 _____ () C:\WINDOWS\system32\wc_storage.dll
2016-04-21 14:08 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-21 14:08 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-21 15:26 - 2016-04-21 15:27 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-18 10:23 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 10:53 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 10:53 - 2016-04-23 06:25 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-06-20 00:38 - 2016-05-28 05:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-20 00:37 - 2016-05-28 05:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-20 00:40 - 2016-05-28 05:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-20 00:40 - 2016-05-28 05:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-04 21:11 - 2016-06-05 05:51 - 00173256 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-06-07 12:00 - 2016-06-07 12:01 - 00017920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-06-07 12:00 - 2016-06-07 12:01 - 13105152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-07 12:00 - 2016-06-07 12:01 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-03-09 09:41 - 2016-03-09 09:42 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-10-23 10:15 - 2015-10-23 10:15 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-02-20 12:15 - 2016-02-20 12:15 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-20 12:15 - 2016-02-20 12:15 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-07-14 07:48 - 2016-07-14 07:48 - 03000320 _____ () C:\Program Files\AVAST Software\Avast\defs\16071301\algo.dll
2016-04-21 14:29 - 2016-04-21 14:29 - 00509344 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-11-20 12:03 - 2015-09-07 05:33 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2015-11-20 12:03 - 2015-09-07 05:33 - 00055688 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2016-04-21 15:26 - 2016-04-21 15:27 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-21 15:26 - 2016-04-21 15:27 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-12-14 18:27 - 2015-12-14 18:27 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-07-14 08:53 - 2016-07-14 08:53 - 00098816 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\win32api.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00110080 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\pywintypes27.dll
2016-07-14 08:53 - 2016-07-14 08:53 - 00364544 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\pythoncom27.dll
2016-07-14 08:53 - 2016-07-14 08:53 - 00320512 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\win32com.shell.shell.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00776704 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\_hashlib.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 01176576 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\wx._core_.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00806400 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\wx._gdi_.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00816128 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\wx._windows_.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 01067008 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\wx._controls_.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00733184 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\wx._misc_.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00682496 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\pysqlite2._sqlite.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00088064 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\_ctypes.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00119808 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\win32file.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00108544 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\win32security.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00007168 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\hashobjs_ext.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00017920 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\thumbnails_ext.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00088064 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\usb_ext.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00012288 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\common.time34.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00018432 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\win32event.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00167936 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\win32gui.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00046080 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\_socket.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 01208320 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\_ssl.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00128512 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\_elementtree.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00127488 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\pyexpat.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00038912 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\win32inet.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00036864 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\_psutil_windows.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00525208 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\windows._lib_cacheinvalidation.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00011264 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\win32crypt.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00077312 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\wx._html2.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00027136 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\_multiprocessing.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00020480 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\_yappi.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00035840 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\win32process.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00686080 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\unicodedata.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00078848 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\wx._animate.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00123392 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\wx._wizard.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00024064 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\win32pipe.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00010240 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\select.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00025600 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\win32pdh.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00017408 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\win32profile.pyd
2016-07-14 08:53 - 2016-07-14 08:53 - 00022528 ____R () C:\Users\t\AppData\Local\Temp\_MEI45522\win32ts.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-387406936-2736644126-3192766593-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-31 00:42 - 2015-07-31 00:39 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-387406936-2736644126-3192766593-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\t\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-387406936-2736644126-3192766593-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-387406936-2736644126-3192766593-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-387406936-2736644126-3192766593-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-387406936-2736644126-3192766593-1001\...\StartupApproved\Run: => "Spotify"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [{B3F42586-3D07-40F8-813E-8B8552F27026}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4327A88E-2CF4-4CFD-929F-F2CF0DF76D03}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7EF00A26-946E-48C2-AFEE-3BBEA8C514B9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8B199EFB-957E-4DBC-A416-AA62F6BD75D2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{241A8EA7-CFFF-4E46-B204-147F1650DF44}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CFB4CEAC-3F18-47B1-8489-B7BFC3137765}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{F5B4ADAB-89B0-484E-A61E-4848925AB2D9}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{598A576B-6268-4306-9AC1-35CFBE3EB5A4}] => (Allow) LPort=50248
FirewallRules: [{029C2881-EAB0-4638-9003-43C51F9EC282}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{A13E985E-49BE-408D-B865-CD8D727356A6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{008673A9-08F0-43BB-9C1A-19D44A65CBBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Mirror 2 - Reigning Evil\BlackMirror2.exe
FirewallRules: [{62C6B465-C470-4A8B-BC9D-BDE9EEDE446A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Mirror 2 - Reigning Evil\BlackMirror2.exe
FirewallRules: [TCP Query User{448838AD-4AF8-4567-BB56-303BB58CA47F}C:\users\t\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\t\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{F7A53687-34BB-49F1-AE29-F60FF784B48D}C:\users\t\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\t\appdata\roaming\spotify\spotify.exe
FirewallRules: [{926E0CE5-B4F7-42A1-9844-9A431785B0A3}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [TCP Query User{8D4F49AF-3324-4AA5-ABC8-E6A0139A28C6}C:\users\t\disk google\schu\c++\server\release\server.exe] => (Allow) C:\users\t\disk google\schu\c++\server\release\server.exe
FirewallRules: [UDP Query User{E299769A-1AD2-456A-B46F-1C7B56F2C252}C:\users\t\disk google\schu\c++\server\release\server.exe] => (Allow) C:\users\t\disk google\schu\c++\server\release\server.exe
FirewallRules: [TCP Query User{92CF9E1A-5124-4749-B728-BBBE62DA81E3}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{47FF1397-522A-46FB-9B4D-CCA9C37ED1FD}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [{401A107F-B044-43A1-AC55-6164D3AEDD1D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{0F1A1616-CF9A-4573-B9E1-E26A1B498BD2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{2BC81C9B-3730-45EA-AC11-F97D486D94E8}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{9BE93E07-23C0-4310-BF08-57EBC71B29C0}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{19342756-5201-4120-AA74-B5B9056FC570}] => (Block) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{19DCBD6B-84EE-44B2-A869-CDA987100839}] => (Block) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{65AAA818-C659-4EC7-BE8A-6A48490CA36A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D3D003EB-E4F1-452F-9439-06716CFEFD3C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{107B27C4-8F57-4180-ACAA-A16AEAB2766A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{69A2C219-7D1D-484A-84AC-ED94A957D41E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes\RelicCOH.exe
FirewallRules: [{AD2FB6F4-D621-4D62-86E6-74A3B50FE919}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes\RelicCOH.exe
FirewallRules: [TCP Query User{BA5F9D5E-00DD-4578-B95E-579A96D8F156}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe
FirewallRules: [UDP Query User{334B2F2E-FBB7-44D5-B396-CEA7A8C2D5E6}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe

==================== Restore Points =========================

27-06-2016 00:44:06 Windows Update
30-06-2016 00:06:41 Nainstalováno rozhraní DirectX
06-07-2016 12:14:31 ASU_MSI_TRAN
13-07-2016 15:02:00 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/14/2016 10:15:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbam.exe, verze: 2.3.173.0, časové razítko: 0x56e065b4
Název chybujícího modulu: mbam.exe, verze: 2.3.173.0, časové razítko: 0x56e065b4
Kód výjimky: 0xc0000005
Posun chyby: 0x001d3bba
ID chybujícího procesu: 0x1358
Čas spuštění chybující aplikace: 0xmbam.exe0
Cesta k chybující aplikaci: mbam.exe1
Cesta k chybujícímu modulu: mbam.exe2
ID zprávy: mbam.exe3
Úplný název chybujícího balíčku: mbam.exe4
ID aplikace související s chybujícím balíčkem: mbam.exe5

Error: (07/14/2016 09:58:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbam.exe, verze: 2.3.173.0, časové razítko: 0x56e065b4
Název chybujícího modulu: mbam.exe, verze: 2.3.173.0, časové razítko: 0x56e065b4
Kód výjimky: 0xc0000005
Posun chyby: 0x001d3bba
ID chybujícího procesu: 0x1b98
Čas spuštění chybující aplikace: 0xmbam.exe0
Cesta k chybující aplikaci: mbam.exe1
Cesta k chybujícímu modulu: mbam.exe2
ID zprávy: mbam.exe3
Úplný název chybujícího balíčku: mbam.exe4
ID aplikace související s chybujícím balíčkem: mbam.exe5

Error: (07/14/2016 09:47:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbam.exe, verze: 2.3.173.0, časové razítko: 0x56e065b4
Název chybujícího modulu: mbam.exe, verze: 2.3.173.0, časové razítko: 0x56e065b4
Kód výjimky: 0xc0000005
Posun chyby: 0x001d3bba
ID chybujícího procesu: 0x1254
Čas spuštění chybující aplikace: 0xmbam.exe0
Cesta k chybující aplikaci: mbam.exe1
Cesta k chybujícímu modulu: mbam.exe2
ID zprávy: mbam.exe3
Úplný název chybujícího balíčku: mbam.exe4
ID aplikace související s chybujícím balíčkem: mbam.exe5

Error: (07/14/2016 09:37:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbam.exe, verze: 2.3.173.0, časové razítko: 0x56e065b4
Název chybujícího modulu: mbam.exe, verze: 2.3.173.0, časové razítko: 0x56e065b4
Kód výjimky: 0xc0000005
Posun chyby: 0x001d3bba
ID chybujícího procesu: 0x18dc
Čas spuštění chybující aplikace: 0xmbam.exe0
Cesta k chybující aplikaci: mbam.exe1
Cesta k chybujícímu modulu: mbam.exe2
ID zprávy: mbam.exe3
Úplný název chybujícího balíčku: mbam.exe4
ID aplikace související s chybujícím balíčkem: mbam.exe5

Error: (07/14/2016 09:36:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbam.exe, verze: 2.3.173.0, časové razítko: 0x56e065b4
Název chybujícího modulu: mbam.exe, verze: 2.3.173.0, časové razítko: 0x56e065b4
Kód výjimky: 0xc0000005
Posun chyby: 0x001d3bba
ID chybujícího procesu: 0x1290
Čas spuštění chybující aplikace: 0xmbam.exe0
Cesta k chybující aplikaci: mbam.exe1
Cesta k chybujícímu modulu: mbam.exe2
ID zprávy: mbam.exe3
Úplný název chybujícího balíčku: mbam.exe4
ID aplikace související s chybujícím balíčkem: mbam.exe5

Error: (07/14/2016 09:25:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbam.exe, verze: 2.3.173.0, časové razítko: 0x56e065b4
Název chybujícího modulu: mbam.exe, verze: 2.3.173.0, časové razítko: 0x56e065b4
Kód výjimky: 0xc0000005
Posun chyby: 0x001d3bba
ID chybujícího procesu: 0x1130
Čas spuštění chybující aplikace: 0xmbam.exe0
Cesta k chybující aplikaci: mbam.exe1
Cesta k chybujícímu modulu: mbam.exe2
ID zprávy: mbam.exe3
Úplný název chybujícího balíčku: mbam.exe4
ID aplikace související s chybujícím balíčkem: mbam.exe5

Error: (07/14/2016 09:14:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbam.exe, verze: 2.3.173.0, časové razítko: 0x56e065b4
Název chybujícího modulu: mbam.exe, verze: 2.3.173.0, časové razítko: 0x56e065b4
Kód výjimky: 0xc0000005
Posun chyby: 0x001d3bba
ID chybujícího procesu: 0x1a50
Čas spuštění chybující aplikace: 0xmbam.exe0
Cesta k chybující aplikaci: mbam.exe1
Cesta k chybujícímu modulu: mbam.exe2
ID zprávy: mbam.exe3
Úplný název chybujícího balíčku: mbam.exe4
ID aplikace související s chybujícím balíčkem: mbam.exe5

Error: (07/14/2016 09:08:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: backgroundTaskHost.exe, verze: 10.0.10586.0, časové razítko: 0x5632d8f0
Název chybujícího modulu: AppCore.Windows.dll, verze: 16.526.11240.0, časové razítko: 0x574741e6
Kód výjimky: 0xc0000409
Posun chyby: 0x0000000000118ff2
ID chybujícího procesu: 0x1bc4
Čas spuštění chybující aplikace: 0xbackgroundTaskHost.exe0
Cesta k chybující aplikaci: backgroundTaskHost.exe1
Cesta k chybujícímu modulu: backgroundTaskHost.exe2
ID zprávy: backgroundTaskHost.exe3
Úplný název chybujícího balíčku: backgroundTaskHost.exe4
ID aplikace související s chybujícím balíčkem: backgroundTaskHost.exe5

Error: (07/14/2016 09:01:54 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-OLQHCKU)
Description: Aplikaci Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (07/14/2016 08:59:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbam.exe, verze: 2.3.173.0, časové razítko: 0x56e065b4
Název chybujícího modulu: mbam.exe, verze: 2.3.173.0, časové razítko: 0x56e065b4
Kód výjimky: 0xc0000005
Posun chyby: 0x001d3bba
ID chybujícího procesu: 0x1640
Čas spuštění chybující aplikace: 0xmbam.exe0
Cesta k chybující aplikaci: mbam.exe1
Cesta k chybujícímu modulu: mbam.exe2
ID zprávy: mbam.exe3
Úplný název chybujícího balíčku: mbam.exe4
ID aplikace související s chybujícím balíčkem: mbam.exe5


System errors:
=============
Error: (07/14/2016 10:17:02 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: DESKTOP-OLQHCKU)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-387406936-2736644126-3192766593-1001-0-ntuser.dat

Error: (07/14/2016 10:16:59 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: DESKTOP-OLQHCKU)
Description: 0x8000002a79\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-18-0-ntuser.dat

Error: (07/14/2016 10:16:13 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: DESKTOP-OLQHCKU)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-387406936-2736644126-3192766593-1001-0-ntuser.dat

Error: (07/14/2016 10:16:11 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: DESKTOP-OLQHCKU)
Description: 0x8000002a79\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-18-0-ntuser.dat

Error: (07/14/2016 10:00:19 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: DESKTOP-OLQHCKU)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-387406936-2736644126-3192766593-1001-0-ntuser.dat

Error: (07/14/2016 10:00:17 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: DESKTOP-OLQHCKU)
Description: 0x8000002a79\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-18-0-ntuser.dat

Error: (07/14/2016 09:59:24 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: DESKTOP-OLQHCKU)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-387406936-2736644126-3192766593-1001-0-ntuser.dat

Error: (07/14/2016 09:59:21 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: DESKTOP-OLQHCKU)
Description: 0x8000002a79\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-18-0-ntuser.dat

Error: (07/14/2016 09:49:01 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: DESKTOP-OLQHCKU)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-387406936-2736644126-3192766593-1001-0-ntuser.dat

Error: (07/14/2016 09:48:58 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: DESKTOP-OLQHCKU)
Description: 0x8000002a79\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-18-0-ntuser.dat


CodeIntegrity:
===================================
Date: 2016-07-14 09:05:35.636
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-30 01:56:57.489
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-25 17:44:11.862
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-24 11:03:44.855
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-20 20:00:25.226
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-20 19:16:21.302
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-20 08:01:41.381
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-20 02:27:04.842
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-09 11:59:05.635
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-15 08:31:12.547
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD C-50 Processor
Percentage of memory in use: 51%
Total physical RAM: 3692.39 MB
Available physical RAM: 1797.77 MB
Total Virtual: 4332.39 MB
Available Virtual: 2223.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.4 GB) (Free:139.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 1D4F48D2)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 16 July 2016 - 04:36 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:14 PM

Posted 16 July 2016 - 04:36 PM

Greetings Tom and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-387406936-2736644126-3192766593-1001\...\Policies\Explorer: []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-11]
2016-06-26 11:09 - 2016-06-26 11:09 - 00000000 ___DL C:\Users\t\AppData\LocalLow\PlayReady
C:\Users\t\AppData\Local\Temp\tmpF8B3.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer.

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Malwarebytes Anti-Malware verze 2.2.1.1043
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish
  • Download, install, and test a new copy of Malwarebytes
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Did Malwarebytes uninstall/reinstall properly?
  • System Summary Information
  • Update on computer behavior

Edited by Oh My!, 16 July 2016 - 04:37 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 neonxc

neonxc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 18 July 2016 - 02:41 PM

hello Oh My!,

thanks a lot for your helpful and professional post. it's superb clear and easy to follow.

 

I've run a fix as you proposed and here is the result (it asked for reboot, which I approved):

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-07-2016 02
Ran by t (2016-07-17 15:36:07) Run:1
Running from C:\Users\t\Desktop\frst
Loaded Profiles: t (Available Profiles: t)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-387406936-2736644126-3192766593-1001\...\Policies\Explorer: []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-11]
2016-06-26 11:09 -
2016-06-26 11:09 - 00000000 ___DL C:\Users\t\AppData\LocalLow\PlayReady
C:\Users\t\AppData\Local\Temp\tmpF8B3.exe
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-387406936-2736644126-3192766593-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value removed successfully
HKLM\Software\Mozilla\Firefox\Extensions\\wrc@avast.com => value removed successfully

"C:\Program Files\AVAST Software\Avast\WebRep\FF" folder move:

Could not move "C:\Program Files\AVAST Software\Avast\WebRep\FF" => Scheduled to move on reboot.

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-11] => not found
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\wrc@avast.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\sp@avast.com => value removed successfully

"C:\Program Files\AVAST Software\Avast\SafePrice\FF" folder move:

Could not move "C:\Program Files\AVAST Software\Avast\SafePrice\FF" => Scheduled to move on reboot.

FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-11] => not found
"2016-06-26 11:09 -" => not found.
Symbolic link found: "C:\Users\t\AppData\LocalLow\PlayReady" => "\\?\Global\C:\ProgramData\Microsoft\PlayReady"
"C:\Users\t\AppData\LocalLow\PlayReady" => Symbolic link removed successfully
C:\Users\t\AppData\LocalLow\PlayReady => moved successfully
C:\Users\t\AppData\Local\Temp\tmpF8B3.exe => moved successfully

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-07-17 15:43:36)

"C:\Program Files\AVAST Software\Avast\WebRep\FF" => Could not move
"C:\Program Files\AVAST Software\Avast\SafePrice\FF" => Could not move

==== End of Fixlog 15:43:38 ====

 

I went on to uninstall Malwarebytes, however the basic uninstallation process failed due to memory violation error. I'd like to point out, that I haven't encountered any problems regarding ram on this machine by now. I thought of running memtest to make sure, but rather stack to the list in the head of your message which contains the item: do not taky any steps, unless ... etc :). the uninstallation driven by Revo continued happily then and I followed all the steps you mentioned. but the tool's icon remained visible in the Revo apps list. I stopped here at the moment.
should I try to install a new copy of malwarebytes or try uninstalling once again?

thank you for your time & effort

Attached Files


Edited by neonxc, 18 July 2016 - 02:58 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:14 PM

Posted 18 July 2016 - 03:03 PM

Thank you for your kindness, it really is appreciated.

Thanks for pausing. Let's do this.

===================================================

Malwarebytes Cleanup Utility and Reinstall

--------------------
  • Download the Malwarebytes Anti-Malware Cleanup Tool and save it to your Desktop
  • Double click the icon to launch the program
  • Click Yes on any User Account Control screen
  • Click Yes on Are you sure you want to continue?
  • When completed click Yes on Do you want to reboot now?
  • Download and install a fresh version of Malwarebytes' Anti-Malware from here
  • Test Malwarebytes
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 neonxc

neonxc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 19 July 2016 - 02:03 PM

hello,

I did exactly, what you wrote, but with no success ... I managed to uninstall the program and put it back from the provided link, but it wouldn't start just like in the beginning :/.

I'm sorry to tell that.



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:14 PM

Posted 19 July 2016 - 03:38 PM

Please describe exactly what you see when you try to start Malwarebytes. Are you give any error codes, like exception code 0x40000015 or something similar?

Are you currently having any issues other than Malwarebytes?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:14 PM

Posted 22 July 2016 - 09:25 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 neonxc

neonxc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 23 July 2016 - 03:03 AM

Hello and sorry for my silence,

there is no error message shown at all. The application only asks for administrator's permission, but after a while disappears from the task window (ctrl + shift + esc). when using chameleon, it fails to start the update, then begins Mbam-killer and stops with a message "unable to start the scan".

 

In fact I haven't encountered anything else strange about the machine's behaviour.

 

tom



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:14 PM

Posted 23 July 2016 - 07:49 AM

Thank you Tom,

Please do this.

===================================================

Farbar's Recovery Scan Tool Search

--------------------
  • Launch FRST
  • Copy/paste the following in the Search Field
net.conf
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Search.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 neonxc

neonxc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 23 July 2016 - 07:37 PM

Thank you for your patience once more,

here is the result:

 

Farbar Recovery Scan Tool (x64) Version: 23-07-2016 02
Ran by t (2016-07-24 02:27:55)
Running from C:\Users\t\Desktop\frst
Boot Mode: Normal

================== Search Files: "net.conf" =============

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\net.conf
[2016-07-19 20:56][2016-07-23 09:47] 0007328 ____A () E0B6AF7BDAB7F999B9E7D8FF4D07C923 [File not signed]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\Restore\net.conf
[2016-07-19 20:56][2016-03-10 14:06] 0006530 ____A () 9FB4ACFDC11C7AF48A760DB4C7BFEBF0 [File not signed]

====== End of Search ======



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:14 PM

Posted 23 July 2016 - 08:59 PM

Those files can cause problems but they are legitimate.

Please do this.

===================================================

MBAM Check Log

--------------------
  • Download mbam-check.exe and save it to your desktop
  • Double-click on mbam-check.exe
  • When completed a CheckResults.txt file will appear on your Desktop
  • Attach the file to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Attached CheckResults.txt file

Edited by Oh My!, 23 July 2016 - 09:05 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 neonxc

neonxc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 24 July 2016 - 06:36 AM

hello,

please find the attached output..

Attached Files



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:14 PM

Posted 24 July 2016 - 03:35 PM

Greetings,

Are you sure that is the entire log?

Can you tell me if the date/time on your computer is correct?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 neonxc

neonxc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 25 July 2016 - 04:25 PM

Hello Gary,
I'm sorry for any inconvenience caused, but I won't be able to step forward in about 2 weeks now. I'm away from the computer now and no-one else will use it. Sorry again and thank you for your understanding. tom

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:14 PM

Posted 25 July 2016 - 05:14 PM

OK, thanks for letting me know. I am going to close the topic but send me a Personal Message when you return and I will open it up and we will continue on.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users