Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-08-2015 Ran by MateuszK (2015-08-14 11:43:48) Running from C:\FRST Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2447186742-3676154164-1405930604-500 - Administrator - Disabled) Guest (S-1-5-21-2447186742-3676154164-1405930604-501 - Limited - Disabled) MateuszK (S-1-5-21-2447186742-3676154164-1405930604-1001 - Administrator - Enabled) => C:\Users\MateuszK ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2447186742-3676154164-1405930604-1001\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated) Amazon 1Button App (HKLM-x32\...\{4D875057-4353-4B8F-93E5-8C3DC7F34EA9}) (Version: 1.0.8 - Amazon) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software) Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.227 - Broadcom Corporation) CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.38.57 - Conexant) CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4328.05 - CyberLink Corp.) DTS Sound (HKLM-x32\...\{BC95D4AF-4DAC-4350-8BCE-C8BF16A13AE0}) (Version: 1.01.8800 - DTS, Inc.) Evernote v. 5.4 (HKLM-x32\...\{59071464-DAEE-11E3-9080-00163E98E7D0}) (Version: 5.4.0.3698 - Evernote Corp.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.) Google Drive (HKLM-x32\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.) Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden Heroes of Might and Magic III - Złota Edycja (HKLM-x32\...\Heroes of Might and Magic III - Złota Edycja_is1) (Version: - ) Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation) Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation) McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4113 - McAfee, Inc.) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) OpenOffice 4.1.1 (HKLM-x32\...\{B5373BA3-BAD7-4EAC-A9D2-B66B41B82C57}) (Version: 4.11.9775 - Apache Software Foundation) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29077 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek) Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.) Spotify (HKLM-x32\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB) Symbaloo (HKLM-x32\...\Symbaloo) (Version: 1.0.0 - Symbaloo Launcher by Toshiba Europe GmbH) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.3.0 - Synaptics Incorporated) TOSHIBA Desktop Assist (HKLM\...\{C4CDCEF0-0A7A-4425-887C-33E39533D758}) (Version: 1.03.06.6403 - Toshiba Corporation) TOSHIBA Display Utility (HKLM\...\{484A4296-6F3D-4182-8CFA-D664F7DA34AA}) (Version: 1.1.17.0 - Toshiba Corporation) TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.5.3.6401 - Toshiba Corporation) TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation) TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.19 - TOSHIBA) TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 6.0.9.0 - Toshiba Corporation) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 3.01.02.6400 - Toshiba Corporation) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation) TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation) TOSHIBA Start Screen Option (HKLM\...\{06B71035-F19F-4F76-9875-FFCCD4FC3F83}) (Version: 1.00.01.6402 - Toshiba Corporation) TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation) TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation) Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.6.0 - Toshiba Europe GmbH) VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 13-08-2015 22:41:31 Scheduled Checkpoint ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {079CBBA7-200C-4FF4-8FD3-4EB468DA883E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-12] (Microsoft Corporation) Task: {0F974BFF-4E77-4030-9F81-7B31D04F473D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-09] (AVAST Software) Task: {142B5289-ABBB-4D2C-9BCE-BB0FE567BDAE} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent Task: {342F68CA-0A21-4401-A9C5-35E755E3832E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10] (Google Inc.) Task: {3DBE948E-46BD-4E36-9E3F-E0C2976B9629} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2014-08-05] (Toshiba Europe GmbH) Task: {4E6738EF-DDC7-4DE4-924A-6DBA6C8350E2} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-21] (Synaptics Incorporated) Task: {5A906A3F-F6BB-4ED5-AF6B-4E895F3C0821} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation) Task: {82095C9D-B692-4EFB-B873-FF5C0EB376DB} - System32\Tasks\snp => C:\ProgramData\RemoteSaver\2kbq1ycl.exe Task: {9216258E-1E98-4875-8012-579CCE773354} - System32\Tasks\NORWEWCFAEIREHUG => C:\ProgramData\Service1291\Service1291.exe [2015-08-09] () <==== ATTENTION Task: {9758B59F-18A3-4AF7-97CB-DE0028338239} - System32\Tasks\EKTCHDIZSV1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION Task: {AACF938B-0924-4851-9164-6166E008C56C} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [2014-06-04] () Task: {BF396396-D0F3-4EAA-B82C-416BF3D0185B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) Task: {D8F3FE40-0046-4738-AFE2-B28640954F44} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.) Task: {E5D53A49-14C6-4CC3-B2EA-3723497E9505} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd) Task: {F7AD80AB-DA7F-458E-B436-F3626CCD7A0A} - System32\Tasks\snf => C:\ProgramData\RemoteSaver\2kbq1ycl.exe Task: {FBE12B9C-644D-49A3-8F63-B058AE69F6F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10] (Google Inc.) Task: {FF1E2460-9206-4F70-8C2B-00E6F9F9C0A7} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2015-07-21] (McAfee, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\EKTCHDIZSV1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\NORWEWCFAEIREHUG.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION ==================== Loaded Modules (Whitelisted) ============== 2014-06-30 12:11 - 2014-06-30 12:11 - 00021840 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe 2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll 2015-07-17 18:34 - 2015-07-17 18:34 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1045.dll 2015-08-09 21:55 - 2015-08-09 21:55 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-08-09 21:55 - 2015-08-09 21:55 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-08-13 16:16 - 2015-08-13 16:16 - 02962432 _____ () C:\Program Files\AVAST Software\Avast\defs\15081302\algo.dll 2015-08-09 21:55 - 2015-08-09 21:55 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2015-08-13 16:37 - 2015-08-08 01:13 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libglesv2.dll 2015-08-13 16:37 - 2015-08-08 01:13 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libegl.dll 2015-08-13 23:52 - 2015-08-13 23:52 - 01240832 _____ () C:\ProgramData\qwUNTL\dat\WEkehOEB.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2447186742-3676154164-1405930604-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MateuszK\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 82.163.143.152 - 82.163.142.154 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{41E94444-1569-4B0D-99E9-1F19808D8CA5}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{6480E709-2617-47F2-92C4-4F31DF7A6DE4}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{D5B7140A-4485-4819-8D23-94E6519DA615}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{FCFEE1F3-C806-439D-A7D2-BA82C5F9386B}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{D9426492-6BBD-4CF3-98A7-39AF884D8FF7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe FirewallRules: [{A71803EF-22ED-4846-A81B-3B6ACD59196F}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{7A16717B-F022-457C-A231-647C33A02153}] => (Allow) C:\Users\MateuszK\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{14D95D14-877E-41F3-B464-378C402A1323}] => (Allow) C:\Users\MateuszK\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{A4150B34-3188-49F5-B252-76531AD9D078}] => (Allow) C:\Users\MateuszK\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{DCA1F968-0FBB-4463-B821-1F3D66B8A32B}] => (Allow) C:\Users\MateuszK\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{2CD6EFF6-2420-4362-B69B-F05FCC7E930A}] => (Allow) C:\Users\MateuszK\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{CD662FEC-01EB-43F3-889D-2F6F9A1BB1A0}] => (Allow) C:\Users\MateuszK\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{9A7F187D-9299-4E02-86EE-546EE9CECD9B}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{4F8A3D3F-EA49-4822-B022-365D391E9491}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{B1AAE066-ABF9-4256-8849-EF8FD41037D9}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe FirewallRules: [{752CDA42-6B94-45A4-9AC3-5FC6AC93FD0C}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe FirewallRules: [{CC1F0329-9950-4395-A71E-C9264850BDC4}] => (Allow) C:\Program Files (x86)\baidu\Baidu Browser\Spark.exe FirewallRules: [{8C7F4BDF-E0C2-41BE-A0CA-6C8CFFAC0552}] => (Allow) C:\Program Files (x86)\baidu\Baidu Browser\Spark.exe FirewallRules: [{AEFD7302-DAA3-4233-9E7B-6E8B2B37F491}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{C0424C1F-15CF-48A1-8BF3-45FF8AD5704D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [TCP Query User{9C3817DC-C397-4942-9730-7766D19CEE57}C:\users\mateuszk\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mateuszk\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{D387CE40-C309-4E15-B77C-4ED55282EE46}C:\users\mateuszk\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mateuszk\appdata\roaming\spotify\spotify.exe FirewallRules: [{BA569E29-3989-472A-BE08-4D05C9636628}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/13/2015 11:20:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: McSvHost.exe, version: 5.0.4062.0, time stamp: 0x55aee26a Faulting module name: ntdll.dll, version: 6.3.9600.17936, time stamp: 0x55a68e0c Exception code: 0xc0000374 Fault offset: 0x00000000000f1280 Faulting process ID: 0x88c Faulting application start time: 0xMcSvHost.exe0 Faulting application path: McSvHost.exe1 Faulting module path: McSvHost.exe2 Report ID: McSvHost.exe3 Faulting package full name: McSvHost.exe4 Faulting package-relative application ID: McSvHost.exe5 Error: (08/13/2015 07:44:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: McSvHost.exe, version: 5.0.4062.0, time stamp: 0x55aee26a Faulting module name: HOMENE~2.DLL, version: 8.0.4088.0, time stamp: 0x55a88b74 Exception code: 0xc0000005 Fault offset: 0x0000000000041cc3 Faulting process ID: 0x990 Faulting application start time: 0xMcSvHost.exe0 Faulting application path: McSvHost.exe1 Faulting module path: McSvHost.exe2 Report ID: McSvHost.exe3 Faulting package full name: McSvHost.exe4 Faulting package-relative application ID: McSvHost.exe5 Error: (08/12/2015 04:27:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: chrome.exe, version: 44.0.2403.130, time stamp: 0x55baf129 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc00001a5 Fault offset: 0x450c56a8 Faulting process ID: 0xfdc Faulting application start time: 0xchrome.exe0 Faulting application path: chrome.exe1 Faulting module path: chrome.exe2 Report ID: chrome.exe3 Faulting package full name: chrome.exe4 Faulting package-relative application ID: chrome.exe5 Error: (08/12/2015 01:15:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: McSvHost.exe, version: 5.0.4062.0, time stamp: 0x55aee26a Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336 Exception code: 0xc0000374 Fault offset: 0x00000000000f0f20 Faulting process ID: 0x15b0 Faulting application start time: 0xMcSvHost.exe0 Faulting application path: McSvHost.exe1 Faulting module path: McSvHost.exe2 Report ID: McSvHost.exe3 Faulting package full name: McSvHost.exe4 Faulting package-relative application ID: McSvHost.exe5 Error: (08/12/2015 12:59:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: McSvHost.exe, version: 5.0.4062.0, time stamp: 0x55aee26a Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336 Exception code: 0xc0000374 Fault offset: 0x00000000000f0f20 Faulting process ID: 0x144c Faulting application start time: 0xMcSvHost.exe0 Faulting application path: McSvHost.exe1 Faulting module path: McSvHost.exe2 Report ID: McSvHost.exe3 Faulting package full name: McSvHost.exe4 Faulting package-relative application ID: McSvHost.exe5 Error: (08/12/2015 12:19:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: McSvHost.exe, version: 5.0.4062.0, time stamp: 0x55aee26a Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336 Exception code: 0xc0000374 Fault offset: 0x00000000000f0f20 Faulting process ID: 0x980 Faulting application start time: 0xMcSvHost.exe0 Faulting application path: McSvHost.exe1 Faulting module path: McSvHost.exe2 Report ID: McSvHost.exe3 Faulting package full name: McSvHost.exe4 Faulting package-relative application ID: McSvHost.exe5 Error: (08/12/2015 11:23:39 AM) (Source: AVLogEvent) (EventID: 5010) (User: NT AUTHORITY) Description: McShield failed to start because it is not trusted. Error Code:a7f40905 Error: (08/12/2015 11:23:39 AM) (Source: AVLogEvent) (EventID: 5007) (User: NT AUTHORITY) Description: Failed to load a dependant module. Error Code:a7f42003 Error: (08/12/2015 11:23:16 AM) (Source: AVLogEvent) (EventID: 5010) (User: NT AUTHORITY) Description: McShield failed to start because it is not trusted. Error Code:a7f40905 Error: (08/12/2015 11:23:16 AM) (Source: AVLogEvent) (EventID: 5007) (User: NT AUTHORITY) Description: Failed to load a dependant module. Error Code:a7f42003 System errors: ============= Error: (08/13/2015 11:46:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Search service failed to start due to the following error: %%3 Error: (08/13/2015 11:46:32 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error: (08/13/2015 11:46:32 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error: (08/13/2015 11:46:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error: (08/13/2015 11:46:30 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: {209500FC-6B45-4693-8871-6296C4843751} Error: (08/13/2015 11:46:25 PM) (Source: DCOM) (EventID: 10010) (User: MK) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (08/13/2015 11:46:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (08/13/2015 11:46:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Intel(R) Capability Licensing Service Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (08/13/2015 11:46:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The TMachInfo service terminated unexpectedly. It has done this 1 time(s). Error: (08/13/2015 11:46:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The DTS APO Service service terminated unexpectedly. It has done this 1 time(s). Microsoft Office: ========================= Error: (08/13/2015 11:20:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: McSvHost.exe5.0.4062.055aee26antdll.dll6.3.9600.1793655a68e0cc000037400000000000f128088c01d0d60f3b6c5bbbC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeC:\Windows\SYSTEM32\ntdll.dll75fc41ba-4209-11e5-826e-4cbb586b2a18 Error: (08/13/2015 07:44:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: McSvHost.exe5.0.4062.055aee26aHOMENE~2.DLL8.0.4088.055a88b74c00000050000000000041cc399001d0d5dae22798e1C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exec:\PROGRA~1\COMMON~1\mcafee\mhn\HOMENE~2.DLL43dd80f5-41eb-11e5-826d-4cbb586b2a18 Error: (08/12/2015 04:27:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: chrome.exe44.0.2403.13055baf129unknown0.0.0.000000000c00001a5450c56a8fdc01d0d4f131eb5525C:\Program Files (x86)\Google\Chrome\Application\chrome.exeunknownb1f4b9b5-4106-11e5-826c-4cbb586b2a18 Error: (08/12/2015 01:15:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: McSvHost.exe5.0.4062.055aee26antdll.dll6.3.9600.17736550f4336c000037400000000000f0f2015b001d0d4f68a60b4ebC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeC:\Windows\SYSTEM32\ntdll.dllcf8b2895-40eb-11e5-826c-4cbb586b2a18 Error: (08/12/2015 12:59:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: McSvHost.exe5.0.4062.055aee26antdll.dll6.3.9600.17736550f4336c000037400000000000f0f20144c01d0d4f0d5ed6279C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeC:\Windows\SYSTEM32\ntdll.dlla24e1d4a-40e9-11e5-826c-4cbb586b2a18 Error: (08/12/2015 12:19:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: McSvHost.exe5.0.4062.055aee26antdll.dll6.3.9600.17736550f4336c000037400000000000f0f2098001d0d4ea28c2589cC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeC:\Windows\SYSTEM32\ntdll.dllee5b605a-40e3-11e5-826c-4cbb586b2a18 Error: (08/12/2015 11:23:39 AM) (Source: AVLogEvent) (EventID: 5010) (User: NT AUTHORITY) Description: a7f40905 Error: (08/12/2015 11:23:39 AM) (Source: AVLogEvent) (EventID: 5007) (User: NT AUTHORITY) Description: a7f42003 Error: (08/12/2015 11:23:16 AM) (Source: AVLogEvent) (EventID: 5010) (User: NT AUTHORITY) Description: a7f40905 Error: (08/12/2015 11:23:16 AM) (Source: AVLogEvent) (EventID: 5007) (User: NT AUTHORITY) Description: a7f42003 ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz Percentage of memory in use: 24% Total physical RAM: 8074.95 MB Available physical RAM: 6057.27 MB Total Virtual: 9354.95 MB Available Virtual: 7068.16 MB ==================== Drives ================================ Drive c: (Dysk Twardy) (Fixed) (Total:919.47 GB) (Free:866.27 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of log ============================