PDA

View Full Version : Barowwsoe2Save



duczos1
2014-08-06, 17:12
Hello there
I have been run Spybot - Search & Destroy 2.2 and results is malware Barowwsoe2Save.
Follow by links i hope i good understand and start this topic. ( run spybot many times and still get this malware)

FRST notepad:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014
Ran by Piotrek (administrator) on PIOTREK-PC on 06-08-2014 13:39:15
Running from C:\Users\Piotrek\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Roccat GmbH) C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11774568 2011-01-13] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [RoccatKova+] => C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.EXE [539688 2011-03-17] (Roccat GmbH)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3482807897-1788646732-514403234-1001\...\Run: [Reminder] => C:\Program Files (x86)\TTG\Reminder\Reminder.exe [1638496 2010-11-25] (DSG Retail Ltd)
HKU\S-1-5-21-3482807897-1788646732-514403234-1001\...\Run: [DockBar] => C:\Applications\Tools\DockBar\DockBar.exe [2964480 2010-11-25] (DSG Retail Ltd)
HKU\S-1-5-21-3482807897-1788646732-514403234-1001\...\Run: [Recovery Backup Wizard] => C:\Program Files (x86)\TTG\Reminder\Reminder.exe [1638496 2010-11-25] (DSG Retail Ltd)
HKU\S-1-5-21-3482807897-1788646732-514403234-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
AppInit_DLLs: C:\PROGRA~3\BROWSE~1\BROWSE~2.DLL => C:\ProgramData\Browser System Enahncer\BrowserSystemEnahncer_x64.dll [4302848 2014-08-05] ()
AppInit_DLLs-x32: c:\progra~3\browse~1\browse~1.dll => c:\ProgramData\Browser System Enahncer\BrowserSystemEnahncer.dll [4124160 2014-08-05] ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
BHO: deaill4me -> {5A55077E-9A8F-F6FB-67AD-19115988838A} -> C:\ProgramData\deaill4me\V4w.x64.dll ()
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: deaill4me -> {5A55077E-9A8F-F6FB-67AD-19115988838A} -> C:\ProgramData\deaill4me\V4w.dll ()
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\dygn9tla.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Extension: deaal4mE - C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\dygn9tla.default\Extensions\ymvjkw@dbbgvospr.com [2014-08-06]

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV="
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: http://search.conduit.com/Results.aspx?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&q={searchTerms}&SSPV=
CHR DefaultNewTabURL:
CHR Extension: (Scroll Bar 1 Blue) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\affmlfjaccgajlhglnhfhfaiohelbmec [2014-08-05]
CHR Extension: (Google Wallet) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-18]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 671c50b0; c:\ProgramData\Browser System Enahncer\BrowserSystemEnahncerSvc.dll [186192 2014-08-05] () [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 Websteroids; "C:\ProgramData\Websteroids\up\2.6.80\WebsteroidsService.exe" "C:\ProgramData\Websteroids\up\2.6.80\Websteroids.exe"

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 KovaPlusFltr; C:\Windows\System32\drivers\KovaPlusFltr.sys [15104 2010-01-25] (ROCCAT Development, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 cpuz134; \??\C:\Users\Piotrek\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S0 nvpciflt; system32\DRIVERS\nvpciflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-06 13:39 - 2014-08-06 13:39 - 00014623 _____ () C:\Users\Piotrek\Downloads\FRST.txt
2014-08-06 13:38 - 2014-08-06 13:39 - 00000000 ____D () C:\FRST
2014-08-06 13:37 - 2014-08-06 13:37 - 02094080 _____ (Farbar) C:\Users\Piotrek\Downloads\FRST64.exe
2014-08-06 13:28 - 2014-08-06 13:28 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PIOTREK-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-08-06 13:28 - 2014-08-06 13:28 - 00000000 ____D () C:\RegBackup
2014-08-06 13:22 - 2014-08-06 13:22 - 00002242 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-08-06 13:22 - 2014-08-06 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-08-06 13:22 - 2014-08-06 13:22 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-08-06 13:21 - 2014-08-06 13:22 - 04057608 _____ () C:\Users\Piotrek\Downloads\tweaking.com_registry_backup_setup.exe
2014-08-06 11:47 - 2014-08-06 11:47 - 00001271 _____ () C:\Users\Piotrek\Desktop\Revo Uninstaller.lnk
2014-08-06 11:47 - 2014-08-06 11:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-06 11:45 - 2014-08-06 11:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Piotrek\Downloads\revosetup.exe
2014-08-06 11:45 - 2014-08-06 11:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-05 22:30 - 2014-08-05 22:30 - 00000000 ____D () C:\ProgramData\bd1c007db4678b70
2014-08-05 22:29 - 2014-08-05 22:30 - 00000000 ____D () C:\ProgramData\deaill4me
2014-08-05 22:29 - 2014-08-05 22:29 - 00000000 ____D () C:\Users\Piotrek\AppData\Local\Packages
2014-08-05 22:26 - 2014-08-05 22:26 - 00000045 _____ () C:\Users\Piotrek\AppData\Roaming\WB.CFG
2014-08-05 22:22 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-08-05 22:22 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-05 22:22 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-05 22:22 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-08-05 22:22 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-08-05 22:22 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-08-05 22:22 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-08-05 22:22 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-08-05 22:22 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-08-05 22:22 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-08-05 22:22 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-08-05 22:22 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-08-05 22:22 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-08-05 22:22 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-08-05 22:22 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-08-05 22:22 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-08-05 22:22 - 2013-10-01 21:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-05 22:22 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-05 22:20 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-08-05 22:20 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-08-05 22:20 - 2012-05-04 12:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-08-05 22:20 - 2012-05-04 10:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-08-05 22:07 - 2014-08-05 22:07 - 00000000 ____D () C:\ProgramData\Browser System Enahncer
2014-07-19 15:35 - 2014-08-06 09:09 - 00000504 _____ () C:\Windows\setupact.log
2014-07-19 15:35 - 2014-07-19 15:35 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-18 21:15 - 2014-07-18 21:15 - 04812672 _____ (Piriform Ltd) C:\Users\Piotrek\Downloads\ccsetup415.exe
2014-07-09 18:30 - 2014-06-30 03:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 18:30 - 2014-06-30 03:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 18:30 - 2014-06-20 21:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 18:30 - 2014-06-20 20:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 18:30 - 2014-06-19 02:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 18:30 - 2014-06-19 02:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 18:30 - 2014-06-19 02:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 18:30 - 2014-06-19 01:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 18:30 - 2014-06-19 01:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 18:30 - 2014-06-19 01:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 18:30 - 2014-06-19 01:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 18:30 - 2014-06-19 01:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 18:30 - 2014-06-19 01:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 18:30 - 2014-06-19 01:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 18:30 - 2014-06-19 01:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 18:30 - 2014-06-19 01:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 18:30 - 2014-06-19 01:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 18:30 - 2014-06-19 01:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 18:30 - 2014-06-19 01:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 18:30 - 2014-06-19 01:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 18:30 - 2014-06-19 01:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 18:30 - 2014-06-19 00:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 18:30 - 2014-06-19 00:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 18:30 - 2014-06-19 00:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 18:30 - 2014-06-19 00:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 18:30 - 2014-06-19 00:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 18:30 - 2014-06-19 00:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 18:30 - 2014-06-19 00:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 18:30 - 2014-06-19 00:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 18:30 - 2014-06-19 00:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 18:30 - 2014-06-19 00:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 18:30 - 2014-06-19 00:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 18:30 - 2014-06-19 00:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 18:30 - 2014-06-19 00:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 18:30 - 2014-06-19 00:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 18:30 - 2014-06-19 00:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 18:30 - 2014-06-19 00:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 18:30 - 2014-06-19 00:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 18:30 - 2014-06-19 00:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 18:30 - 2014-06-19 00:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 18:30 - 2014-06-19 00:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 18:30 - 2014-06-19 00:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 18:30 - 2014-06-19 00:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 18:30 - 2014-06-19 00:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 18:30 - 2014-06-18 23:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 18:30 - 2014-06-18 23:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 18:30 - 2014-06-18 23:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 18:30 - 2014-06-18 23:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 18:30 - 2014-06-18 23:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 18:30 - 2014-06-18 23:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 18:30 - 2014-06-18 23:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 18:30 - 2014-06-18 23:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 18:30 - 2014-06-18 23:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 18:30 - 2014-06-18 23:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 18:30 - 2014-06-18 23:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 18:30 - 2014-06-18 23:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 18:30 - 2014-06-18 23:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 18:30 - 2014-06-18 23:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 18:30 - 2014-06-18 03:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 18:30 - 2014-06-18 02:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 18:30 - 2014-06-18 02:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 18:30 - 2014-06-06 11:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 18:30 - 2014-06-06 10:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 18:30 - 2014-05-30 09:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 18:30 - 2014-05-30 09:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 18:30 - 2014-05-30 09:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 18:30 - 2014-05-30 09:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 18:30 - 2014-05-30 09:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 18:30 - 2014-05-30 09:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 18:30 - 2014-05-30 09:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 18:30 - 2014-05-30 08:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 18:30 - 2014-05-30 08:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 18:30 - 2014-05-30 08:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 18:30 - 2014-05-30 08:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 18:30 - 2014-05-30 08:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 18:30 - 2014-05-30 08:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 18:30 - 2014-05-30 08:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 18:30 - 2014-05-30 07:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 18:29 - 2014-06-05 15:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 18:29 - 2014-06-05 15:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 18:29 - 2014-06-05 15:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-06 13:39 - 2014-08-06 13:39 - 00014623 _____ () C:\Users\Piotrek\Downloads\FRST.txt
2014-08-06 13:39 - 2014-08-06 13:38 - 00000000 ____D () C:\FRST
2014-08-06 13:37 - 2014-08-06 13:37 - 02094080 _____ (Farbar) C:\Users\Piotrek\Downloads\FRST64.exe
2014-08-06 13:28 - 2014-08-06 13:28 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PIOTREK-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-08-06 13:28 - 2014-08-06 13:28 - 00000000 ____D () C:\RegBackup
2014-08-06 13:26 - 2014-07-02 19:26 - 00000300 _____ () C:\Windows\Tasks\Rocket Updater.job
2014-08-06 13:22 - 2014-08-06 13:22 - 00002242 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-08-06 13:22 - 2014-08-06 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-08-06 13:22 - 2014-08-06 13:22 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-08-06 13:22 - 2014-08-06 13:21 - 04057608 _____ () C:\Users\Piotrek\Downloads\tweaking.com_registry_backup_setup.exe
2014-08-06 13:20 - 2011-05-25 11:51 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-06 13:13 - 2014-03-25 00:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-06 13:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-08-06 11:47 - 2014-08-06 11:47 - 00001271 _____ () C:\Users\Piotrek\Desktop\Revo Uninstaller.lnk
2014-08-06 11:47 - 2014-08-06 11:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-06 11:47 - 2014-07-06 14:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-06 11:45 - 2014-08-06 11:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Piotrek\Downloads\revosetup.exe
2014-08-06 11:45 - 2014-08-06 11:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-06 11:06 - 2014-04-11 20:07 - 00000000 ___RD () C:\Users\Piotrek\Desktop\piatek
2014-08-06 09:21 - 2014-03-21 22:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-06 09:16 - 2009-07-14 05:45 - 00027744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-06 09:16 - 2009-07-14 05:45 - 00027744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-06 09:15 - 2009-07-14 06:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-06 09:13 - 2014-03-18 18:54 - 02001155 _____ () C:\Windows\WindowsUpdate.log
2014-08-06 09:10 - 2014-03-18 18:57 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar
2014-08-06 09:09 - 2014-07-19 15:35 - 00000504 _____ () C:\Windows\setupact.log
2014-08-06 09:09 - 2011-05-25 16:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-06 09:09 - 2011-05-25 11:51 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-06 09:09 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-05 22:30 - 2014-08-05 22:30 - 00000000 ____D () C:\ProgramData\bd1c007db4678b70
2014-08-05 22:30 - 2014-08-05 22:29 - 00000000 ____D () C:\ProgramData\deaill4me
2014-08-05 22:29 - 2014-08-05 22:29 - 00000000 ____D () C:\Users\Piotrek\AppData\Local\Packages
2014-08-05 22:26 - 2014-08-05 22:26 - 00000045 _____ () C:\Users\Piotrek\AppData\Roaming\WB.CFG
2014-08-05 22:24 - 2014-03-21 00:42 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-05 22:24 - 2014-03-21 00:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-05 22:24 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-05 22:22 - 2014-03-21 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-05 22:07 - 2014-08-05 22:07 - 00000000 ____D () C:\ProgramData\Browser System Enahncer
2014-08-05 22:07 - 2014-07-02 19:35 - 00000000 ____D () C:\ProgramData\374311380
2014-07-19 15:35 - 2014-07-19 15:35 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-18 21:16 - 2014-03-21 20:24 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-18 21:16 - 2014-03-21 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-18 21:16 - 2014-03-21 20:24 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-18 21:15 - 2014-07-18 21:15 - 04812672 _____ (Piriform Ltd) C:\Users\Piotrek\Downloads\ccsetup415.exe
2014-07-11 11:02 - 2014-05-04 13:18 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\TS3Client
2014-07-10 09:58 - 2009-07-14 05:45 - 00276200 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 09:56 - 2014-04-30 02:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 09:56 - 2010-11-21 08:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 09:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 09:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 02:23 - 2014-03-24 22:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 02:22 - 2014-03-24 22:21 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 14:13 - 2014-03-25 00:32 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 14:13 - 2014-03-25 00:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 14:13 - 2014-03-25 00:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-06 12:36

==================== End Of Log ============================



:confused: second results from notepad:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2014
Ran by Piotrek at 2014-08-06 13:39:37
Running from C:\Users\Piotrek\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.0.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
Arma: Cold War Assault (HKLM-x32\...\Steam App 65790) (Version: - Bohemia Interactive)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
Browser System Enahncer (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{671c50b0}) (Version: - WorldLoad) <==== ATTENTION
Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version: - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
deaill4me (HKLM-x32\...\{09854D8E-46B5-057B-5B6E-BFD2A04AD5AB}) (Version: - deaal4me) <==== ATTENTION
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dziobas Rar Player 0.009.52 (HKLM-x32\...\Dziobas Rar Player_is1) (Version: - Kamil Dzióbek)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Half-Life (HKLM-x32\...\Steam App 70) (Version: - Valve)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
March of War (HKLM-x32\...\Steam App 234310) (Version: - ISOTX)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NVIDIA 3D Vision Controller Driver (x32 Version: 270.61 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 270.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 270.61 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6285 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
ROCCAT Kova[+] Mouse Driver (HKLM-x32\...\{A86DDFE3-F661-461C-9BF2-876AC2CA57DE}) (Version: 1.10 - Roccat GmbH)
SoftwareWatcher bundle (HKLM-x32\...\SoftwareWatcher bundle) (Version: 2.0.0.3 - SoftwareWatcher)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)
Websteroids (x32 Version: 2.6.63 - Creative Island Media, LLC) Hidden <==== ATTENTION
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 5.01 (32-bit) (x32 Version: 5.01.0 - win.rar GmbH) Hidden
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

05-07-2014 21:25:03 Windows Update
09-07-2014 09:36:41 Windows Update
10-07-2014 01:21:35 Windows Update
13-07-2014 20:55:12 Windows Update
17-07-2014 17:42:57 Windows Update
22-07-2014 10:33:12 Windows Update
05-08-2014 21:09:12 Windows Update
05-08-2014 21:20:59 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-07-15 21:43 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04689C78-D5E3-4CC0-B0D7-669961099C15} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {2612853A-CB1B-4345-8CAF-DFC637A193CD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {4D210953-C671-4674-A07B-B3E4E583E6A4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {4DA40ADD-FAA4-4F85-A811-1C54EC3814F9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {56AC4133-B1F0-4A55-899D-01B60BA4EA89} - System32\Tasks\Rocket Updater => C:\Users\Piotrek\AppData\Roaming\RocketUpdater\UpdateProc\UpdateTask.exe [2013-04-12] ()
Task: {66306778-DA2F-4D0E-9A16-31BEF5155C33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-25] (Google Inc.)
Task: {6C91A5A7-1EDB-4F94-B874-9A1985AC1664} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-25] (Google Inc.)
Task: {789D9A1F-7D4D-4C6E-974A-93DBD5621D58} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {9BC37C6F-560C-40F9-AD8F-3579349FF1F5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Rocket Updater.job => C:\Users\Piotrek\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2011-04-08 00:19 - 2013-10-23 09:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-05 22:07 - 2014-08-05 22:07 - 04302848 _____ () C:\ProgramData\Browser System Enahncer\BrowserSystemEnahncer_x64.dll
2014-08-05 22:07 - 2014-08-05 22:07 - 04124160 _____ () c:\ProgramData\Browser System Enahncer\BrowserSystemEnahncer.dll
2014-08-05 22:07 - 2014-08-05 22:07 - 00186192 _____ () c:\ProgramData\Browser System Enahncer\BrowserSystemEnahncerSvc.dll
2014-03-21 22:42 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-21 22:42 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-03-21 22:42 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-03-21 22:42 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-21 22:42 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-06-28 16:22 - 2010-05-29 14:57 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\hiddriver.dll
2014-08-06 11:45 - 2014-08-06 11:45 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/06/2014 09:09:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2014 10:39:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2014 10:24:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2014 10:16:30 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (08/05/2014 10:06:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/22/2014 10:38:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 09:09:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 00:00:00 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (07/20/2014 11:38:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/19/2014 03:36:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/06/2014 09:09:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Websteroids service failed to start due to the following error:
%%2

Error: (08/05/2014 10:39:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Websteroids service failed to start due to the following error:
%%2

Error: (08/05/2014 10:24:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Websteroids service failed to start due to the following error:
%%2

Error: (08/05/2014 10:06:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Websteroids service failed to start due to the following error:
%%2

Error: (08/05/2014 10:06:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (08/05/2014 10:06:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (07/22/2014 10:38:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Websteroids service failed to start due to the following error:
%%2

Error: (07/21/2014 09:08:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Websteroids service failed to start due to the following error:
%%2

Error: (07/20/2014 11:38:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Websteroids service failed to start due to the following error:
%%2

Error: (07/19/2014 03:35:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Websteroids service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (08/06/2014 09:09:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2014 10:39:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2014 10:24:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2014 10:16:30 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (08/05/2014 10:06:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/22/2014 10:38:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 09:09:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 00:00:00 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (07/20/2014 11:38:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/19/2014 03:36:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 33%
Total physical RAM: 8173.64 MB
Available physical RAM: 5411.98 MB
Total Pagefile: 16345.46 MB
Available Pagefile: 13494.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:119.72 GB) (Free:74.37 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:644.53 GB) (Free:584.14 GB) NTFS
Drive h: (New Volume) (Fixed) (Total:625 GB) (Free:601.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 12374DF0)
Partition 1: (Active) - (Size=8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=120 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=645 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=625 GB) - (Type=OF Extended)

==================== End Of Log ============================


:confused:
and results aswMBR


aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-08-06 14:33:21
-----------------------------
14:33:21.514 OS Version: Windows x64 6.1.7601 Service Pack 1
14:33:21.514 Number of processors: 4 586 0x2A07
14:33:21.514 ComputerName: PIOTREK-PC UserName: Piotrek
14:33:22.138 Initialize success
14:33:22.185 VM: initialized successfully
14:33:22.200 VM: Intel CPU supported
14:33:26.622 VM: supported disk I/O ataport.SYS
14:38:18.042 AVAST engine defs: 14080500
14:40:25.323 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
14:40:25.323 Disk 0 Vendor: ST1500DL003-9VT16L CC4A Size: 1430799MB BusType: 11
14:40:25.448 VM: Disk 0 MBR read successfully
14:40:25.463 Disk 0 MBR scan
14:40:25.494 Disk 0 Windows 7 default MBR code
14:40:25.510 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 8201 MB offset 2048
14:40:25.526 Disk 0 default boot code
14:40:25.541 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122595 MB offset 16797696
14:40:25.572 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 660000 MB offset 267872256
14:40:25.588 Disk 0 Partition - 00 0F Extended LBA 640001 MB offset 1619552256
14:40:26.118 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 640000 MB offset 1619554304
14:40:26.212 Disk 0 scanning C:\Windows\system32\drivers
14:40:38.879 Service scanning
14:41:02.825 Modules scanning
14:41:02.825 Disk 0 trace - called modules:
14:41:02.841 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
14:41:02.841 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e04060]
14:41:02.856 3 CLASSPNP.SYS[fffff88001bc943f] -> nt!IofCallDriver -> [0xfffffa80077563f0]
14:41:02.856 5 ACPI.sys[fffff88000f4b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007b45060]
14:41:05.056 AVAST engine scan C:\Windows
14:41:09.065 AVAST engine scan C:\Windows\system32
14:44:35.610 AVAST engine scan C:\Windows\system32\drivers
14:44:51.054 AVAST engine scan C:\Users\Piotrek
14:46:20.645 AVAST engine scan C:\ProgramData
14:46:22.095 File: C:\ProgramData\Browser System Enahncer\BrowserSystemEnahncer.dll **INFECTED** Win32:Malware-gen
14:46:56.681 Scan finished successfully
14:51:49.056 Disk 0 MBR has been saved successfully to "C:\Users\Piotrek\Downloads\MBR.dat"
14:51:49.088 The log file has been saved successfully to "C:\Users\Piotrek\Downloads\aswMBR.txt"

from now i dont know what to do now ?:confused:

Thanks for your patience (I poorly understand English)

shelf life
2014-08-06, 21:23
hi duczos1,

We will do two things:

1)Look in your add/remove programs panel and uninstall:
Browser System Enahncer

2) Please download Adwcleaner.exe (http://www.bleepingcomputer.com/download/adwcleaner/) to your desktop.
Double click on AdwCleaner.exe, select OK, then Run
Click on the Scan button
Once the scan is done click on the Report button
Copy and paste the contents of the log file in your reply
You can also find the logfile at C:\AdwCleaner[R1].txt as well
Exit AdwCleaner with the X (close) button. click ok at the final prompt.

duczos1
2014-08-07, 03:30
:thanks: :thanks: :thanks:
so quick reapley to my post , again thanks a lot.:bigthumb::bigthumb::bigthumb:
Report from AdwCleaner :
# AdwCleaner v3.303 - Report created 07/08/2014 at 01:21:32
# Updated 06/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Piotrek - PIOTREK-PC
# Running from : C:\Users\Piotrek\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : Websteroids

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\searchplugins\WSE Rocket.xml
File Found : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\user.js
Folder Found : C:\Program Files (x86)\PC Cleaner
Folder Found : C:\ProgramData\374311380
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\Websteroids
Folder Found : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\Extensions\staged\{ecaa9181-d92a-47b9-8e14-bef9680f204b}
Folder Found : C:\Users\Piotrek\AppData\Local\Rocket
Folder Found : C:\Users\Piotrek\AppData\Local\Websteroids
Folder Found : C:\Users\Piotrek\AppData\Roaming\RocketUpdater

***** [ Scheduled Tasks ] *****

Task Found : Rocket Updater

***** [ Shortcuts ] *****

Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle\SoftwareWatcher bundle.lnk ( "C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe" "/appName=SoftwareWatcher bundle" "/linkurl=hxxp://lp.sweetim.com/SweetPacksBundleUninstaller/" "/searchProviderApp=SoftwareWatcher" "/searchProvider=a different" )

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\Software\DynConIE
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Rocket Browser
Key Found : HKCU\Software\RocketUpdater
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKCU\Software\Rocket Browser
Key Found : [x64] HKCU\Software\RocketUpdater
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\prefs.js ]

Line Found : user_pref("browser.startup.homepage", "hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1[...]

[ File : C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\dygn9tla.default\prefs.js ]

Line Found : user_pref("extensions.kAM0rmpK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]

-\\ Google Chrome v

[ File : C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
Found [Homepage] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [7260 octets] - [07/08/2014 01:21:32]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7320 octets] ##########

shelf life
2014-08-07, 04:48
Ok Your welcome. Go back to the add/remove programs panel and uninstall these two:

deaill4me
Websteroids
After you uninstall them both restart your machine.

Start Adwcleaner again, click on the scan button. When the scan is done, click the clean button. Machine will restart to finish the process. At restart it will display another log that you can copy/paste in your reply.

duczos1
2014-08-07, 05:55
unfortunately deaill4me can't uninstall, and dont know why ?? looks like cursor start "thinking" after click uninstall and nothing happens.
second Websteroids is not exist on program list to uninstall.:confused:

shelf life
2014-08-07, 13:25
Ok forget the uninstalls and use adwcleaner, Scan then clean. Post the log in your reply. After you finish with adwcleaner you can get another download:

Please download Junkware (http://thisisudax.org/downloads/JRT.exe) Removal Tool to your desktop.
Right click and select "run as admin"
The tool will scan and may take some time to finish
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your reply.

duczos1
2014-08-07, 14:17
Ok forget the uninstalls and use adwcleaner, Scan then clean. Post the log in your reply. After you finish with adwcleaner you can get another download:

Please download Junkware (http://thisisudax.org/downloads/JRT.exe) Removal Tool to your desktop.
Right click and select "run as admin"
The tool will scan and may take some time to finish
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your reply.

Too late.
Websteroids clean by AdwCleaner
deal4me uninstall by Revo uninstaller.
Looks like all done correctly and spybot can not find any disconcerting programs ,viruses or malware.


now ,when i click for example on tab "reply with quote" firefox is opening window with this replay and new window with some advertise from deal4mE. Its means i still have this worm?
and one question more: if I buy antivirus from Spybot S&D , this program will stop all adv. ?
for example :when the cursor invades example: [URL = "http://thisisudax.org/downloads/JRT.exe"] Junkware [/ URL], small window pops up with the rapid buying advertising,
before i have no this pops up :mad::trample::scratch:

However i would like to Thank You for You help.

P.S
I think was 2 way when i get this malware , or both together :crazy:
1 I started to play the World of Tanks with not enough good antivirus or
2 I buy new mouse Roccat Kova+ , and as soon i download drivers, the problems start appear to my PC.

shelf life
2014-08-07, 14:39
Ok your welcome but not done yet. Can you post the log that was made after you used adwcleaner the last time, (Clean). So you did not use JRT.exe?

We will get another download to use. Its called Malwarebytes. You can keep it and use as another anti-malware tool. The directions below are slighlty old as the Malwarebytes GUI has changed.

Please download the free version of Malwarebytes (http://www.malwarebytes.org/products/malwarebytes_free) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

duczos1
2014-08-08, 14:15
Ok your welcome but not done yet. Can you post the log that was made after you used adwcleaner the last time, (Clean). So you did not use JRT.exe?

We will get another download to use. Its called Malwarebytes. You can keep it and use as another anti-malware tool. The directions below are slighlty old as the Malwarebytes GUI has changed.

Please download the free version of Malwarebytes (http://www.malwarebytes.org/products/malwarebytes_free) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.


Ok your welcome but not done yet. Can you post the log that was made after you used adwcleaner the last time, (Clean). So you did not use JRT.exe?
Hi
I dont know where to finde now this log from adwcleaner and NO i not use JRT.exe
meantime i have use Ccleaner and maybe this program remove some logs.
Till now i use spybot 3-4 times and no malware , few times scan use malwarebytes chameleon and looks ok , but each time when i open new window or click some link , is opening extra more windows with some unwanted websites.
logs from malwarebytes ? can't find it
history reports is clean as well .

shelf life
2014-08-09, 02:32
Ok thanks for the information.

1) Open up firefox and at the top go to Tools> addons> Extensions. Disable all the extensions.

2) If you have JRT.exe downloaded, go ahead and run it:

Right click and select "run as admin"
The tool will scan and may take some time to finish
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your reply.

3) Using Wndows explorer. Right click on Start>Open Windows Explorer. Then look in C:/ Adwcleaner. Its a folder with the logs labeled as Adwcleaner [R0],[R1] etc.

4) Last: after the above please re-run FRST again like you did in your first post.

-----------------------------------------------------------------------------------
So if possible run and post JRT log,
Last Adwcleaner log if possible
and new FRST log

duczos1
2014-08-09, 13:55
Hello again
JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Piotrek on 09/08/2014 at 10:54:35.72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Piotrek\appdata\locallow\boost_interprocess"



~~~ FireFox

Successfully deleted the following from C:\Users\Piotrek\AppData\Roaming\mozilla\firefox\profiles\dygn9tla.default\prefs.js

user_pref("extensions.kAM0rmpK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>
Emptied folder: C:\Users\Piotrek\AppData\Roaming\mozilla\firefox\profiles\dygn9tla.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/08/2014 at 10:59:54.55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Adwcleaner logs:
# AdwCleaner v3.303 - Report created 07/08/2014 at 01:21:32
# Updated 06/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Piotrek - PIOTREK-PC
# Running from : C:\Users\Piotrek\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : Websteroids

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\searchplugins\WSE Rocket.xml
File Found : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\user.js
Folder Found : C:\Program Files (x86)\PC Cleaner
Folder Found : C:\ProgramData\374311380
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\Websteroids
Folder Found : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\Extensions\staged\{ecaa9181-d92a-47b9-8e14-bef9680f204b}
Folder Found : C:\Users\Piotrek\AppData\Local\Rocket
Folder Found : C:\Users\Piotrek\AppData\Local\Websteroids
Folder Found : C:\Users\Piotrek\AppData\Roaming\RocketUpdater

***** [ Scheduled Tasks ] *****

Task Found : Rocket Updater

***** [ Shortcuts ] *****

Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle\SoftwareWatcher bundle.lnk ( "C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe" "/appName=SoftwareWatcher bundle" "/linkurl=hxxp://lp.sweetim.com/SweetPacksBundleUninstaller/" "/searchProviderApp=SoftwareWatcher" "/searchProvider=a different" )

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\Software\DynConIE
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Rocket Browser
Key Found : HKCU\Software\RocketUpdater
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKCU\Software\Rocket Browser
Key Found : [x64] HKCU\Software\RocketUpdater
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\prefs.js ]

Line Found : user_pref("browser.startup.homepage", "hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1[...]

[ File : C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\dygn9tla.default\prefs.js ]

Line Found : user_pref("extensions.kAM0rmpK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]

-\\ Google Chrome v

[ File : C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
Found [Homepage] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [7260 octets] - [07/08/2014 01:21:32]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7320 octets] ##########



# AdwCleaner v3.303 - Report created 07/08/2014 at 10:48:57
# Updated 06/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Piotrek - PIOTREK-PC
# Running from : C:\Users\Piotrek\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : Websteroids

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\searchplugins\WSE Rocket.xml
File Found : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\user.js
Folder Found : C:\Program Files (x86)\PC Cleaner
Folder Found : C:\ProgramData\374311380
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\Websteroids
Folder Found : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\Extensions\staged\{ecaa9181-d92a-47b9-8e14-bef9680f204b}
Folder Found : C:\Users\Piotrek\AppData\Local\Rocket
Folder Found : C:\Users\Piotrek\AppData\Local\Websteroids
Folder Found : C:\Users\Piotrek\AppData\Roaming\RocketUpdater

***** [ Scheduled Tasks ] *****

Task Found : Rocket Updater

***** [ Shortcuts ] *****

Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle\SoftwareWatcher bundle.lnk ( "C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe" "/appName=SoftwareWatcher bundle" "/linkurl=hxxp://lp.sweetim.com/SweetPacksBundleUninstaller/" "/searchProviderApp=SoftwareWatcher" "/searchProvider=a different" )

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\Software\DynConIE
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Rocket Browser
Key Found : HKCU\Software\RocketUpdater
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKCU\Software\Rocket Browser
Key Found : [x64] HKCU\Software\RocketUpdater
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\prefs.js ]

Line Found : user_pref("browser.startup.homepage", "hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1[...]

[ File : C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\dygn9tla.default\prefs.js ]

Line Found : user_pref("extensions.kAM0rmpK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]

-\\ Google Chrome v

[ File : C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
Found [Homepage] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [7444 octets] - [07/08/2014 01:21:32]
AdwCleaner[R1].txt - [7320 octets] - [07/08/2014 10:48:57]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [7380 octets] ##########


# AdwCleaner v3.303 - Report created 07/08/2014 at 10:51:41
# Updated 06/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Piotrek - PIOTREK-PC
# Running from : C:\Users\Piotrek\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\prefs.js ]


[ File : C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\dygn9tla.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
Found [Homepage] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [7444 octets] - [07/08/2014 01:21:32]
AdwCleaner[R1].txt - [7504 octets] - [07/08/2014 10:48:57]
AdwCleaner[R2].txt - [1447 octets] - [07/08/2014 10:51:41]
AdwCleaner[S0].txt - [5609 octets] - [07/08/2014 10:49:30]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1567 octets] ##########


# AdwCleaner v3.303 - Report created 07/08/2014 at 11:02:32
# Updated 06/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Piotrek - PIOTREK-PC
# Running from : C:\Users\Piotrek\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\prefs.js ]


[ File : C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\dygn9tla.default\prefs.js ]

Line Found : user_pref("extensions.kAM0rmpK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]

-\\ Google Chrome v

[ File : C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
Found [Homepage] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [7444 octets] - [07/08/2014 01:21:32]
AdwCleaner[R1].txt - [7504 octets] - [07/08/2014 10:48:57]
AdwCleaner[R2].txt - [1647 octets] - [07/08/2014 10:51:41]
AdwCleaner[R3].txt - [1727 octets] - [07/08/2014 11:02:32]
AdwCleaner[S0].txt - [5609 octets] - [07/08/2014 10:49:30]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1847 octets] ##########



# AdwCleaner v3.303 - Report created 07/08/2014 at 10:49:30
# Updated 06/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Piotrek - PIOTREK-PC
# Running from : C:\Users\Piotrek\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Websteroids

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\374311380
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Websteroids
Folder Deleted : C:\Program Files (x86)\PC Cleaner
Folder Deleted : C:\Users\Piotrek\AppData\Local\Rocket
Folder Deleted : C:\Users\Piotrek\AppData\Local\Websteroids
Folder Deleted : C:\Users\Piotrek\AppData\Roaming\RocketUpdater
Folder Deleted : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\Extensions\staged\{ecaa9181-d92a-47b9-8e14-bef9680f204b}
File Deleted : C:\END
File Deleted : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\searchplugins\WSE Rocket.xml
File Deleted : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : Rocket Updater

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle\SoftwareWatcher bundle.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASMANCS
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKLM64\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM64\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM64\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Rocket Browser
Key Deleted : HKCU\Software\RocketUpdater
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\prefs.js ]

Line Deleted : user_pref("browser.startup.homepage", "http://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1[...]

[ File : C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\dygn9tla.default\prefs.js ]

Line Deleted : user_pref("extensions.kAM0rmpK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]

-\\ Google Chrome v

[ File : C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Startup_urls] : http://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
Deleted [Homepage] : http://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014
Ran by Piotrek (administrator) on PIOTREK-PC on 09-08-2014 11:12:22
Running from C:\Users\Piotrek\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Roccat GmbH) C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Valve Corporation) G:\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11774568 2011-01-13] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [RoccatKova+] => C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.EXE [539688 2011-03-17] (Roccat GmbH)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3482807897-1788646732-514403234-1001\...\Run: [Reminder] => C:\Program Files (x86)\TTG\Reminder\Reminder.exe [1638496 2010-11-25] (DSG Retail Ltd)
HKU\S-1-5-21-3482807897-1788646732-514403234-1001\...\Run: [DockBar] => C:\Applications\Tools\DockBar\DockBar.exe [2964480 2010-11-25] (DSG Retail Ltd)
HKU\S-1-5-21-3482807897-1788646732-514403234-1001\...\Run: [Recovery Backup Wizard] => C:\Program Files (x86)\TTG\Reminder\Reminder.exe [1638496 2010-11-25] (DSG Retail Ltd)
HKU\S-1-5-21-3482807897-1788646732-514403234-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-3482807897-1788646732-514403234-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: deaill4me -> {5A55077E-9A8F-F6FB-67AD-19115988838A} -> C:\ProgramData\deaill4me\V4w.x64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\dygn9tla.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV="
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultNewTabURL:
CHR Extension: (Scroll Bar 1 Blue) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\affmlfjaccgajlhglnhfhfaiohelbmec [2014-08-05]
CHR Extension: (Google Wallet) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-18]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 KovaPlusFltr; C:\Windows\System32\drivers\KovaPlusFltr.sys [15104 2010-01-25] (ROCCAT Development, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 cpuz134; \??\C:\Users\Piotrek\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S0 nvpciflt; system32\DRIVERS\nvpciflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-09 10:59 - 2014-08-09 10:59 - 00001153 _____ () C:\Users\Piotrek\Desktop\JRT.txt
2014-08-09 10:54 - 2014-08-09 10:54 - 00000000 ____D () C:\Windows\ERUNT
2014-08-09 10:53 - 2014-08-09 10:53 - 01016261 _____ (Thisisu) C:\Users\Piotrek\Downloads\JRT.exe
2014-08-09 10:51 - 2014-08-09 10:51 - 00001166 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-09 10:51 - 2014-08-09 10:51 - 00001154 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-09 10:51 - 2014-08-09 10:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-09 10:51 - 2014-08-09 10:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-09 10:49 - 2014-08-09 10:50 - 00244320 _____ () C:\Users\Piotrek\Downloads\Firefox Setup Stub 31.0.exe
2014-08-08 12:55 - 2014-08-08 12:55 - 00001084 _____ () C:\Users\Piotrek\Desktop\Kaspersky Security Scan.lnk
2014-08-08 12:55 - 2014-08-08 12:55 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-08-08 12:55 - 2014-08-08 12:55 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-08 12:55 - 2014-08-08 12:55 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-08-08 12:53 - 2014-08-08 12:53 - 00189320 _____ (Kaspersky Lab) C:\Users\Piotrek\Downloads\kss12.0.1.881de_en_es_fr_it_ja_ko_pl_pt_ru_zh_6220.exe
2014-08-07 15:18 - 2014-08-07 15:18 - 00000000 ____D () C:\Users\Piotrek\Documents\ProcAlyzer Dumps
2014-08-07 15:02 - 2014-08-08 10:41 - 00000112 _____ () C:\Windows\setupact.log
2014-08-07 15:02 - 2014-08-07 15:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-07 15:01 - 2014-08-08 10:41 - 00002566 _____ () C:\Windows\PFRO.log
2014-08-07 14:52 - 2014-08-09 09:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-07 14:52 - 2014-08-08 11:45 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-07 14:52 - 2014-08-07 14:52 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-07 14:52 - 2014-08-07 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-07 14:52 - 2014-08-07 14:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-07 14:52 - 2014-08-07 14:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-07 14:52 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-07 14:52 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-07 14:50 - 2014-08-07 14:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Piotrek\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-07 12:21 - 2014-08-07 12:21 - 04813544 _____ (Piriform Ltd) C:\Users\Piotrek\Downloads\ccsetup416.exe
2014-08-07 01:20 - 2014-08-07 11:02 - 00000000 ____D () C:\AdwCleaner
2014-08-07 01:02 - 2014-08-07 01:02 - 01475072 _____ () C:\Users\Piotrek\Downloads\AdwCleaner.exe
2014-08-07 00:48 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-07 00:48 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-06 14:51 - 2014-08-06 14:51 - 00002554 _____ () C:\Users\Piotrek\Downloads\aswMBR.txt
2014-08-06 14:51 - 2014-08-06 14:51 - 00000512 _____ () C:\Users\Piotrek\Downloads\MBR.dat
2014-08-06 14:24 - 2014-08-06 14:24 - 05185536 _____ (AVAST Software) C:\Users\Piotrek\Downloads\aswMBR.exe
2014-08-06 13:39 - 2014-08-09 11:12 - 00012386 _____ () C:\Users\Piotrek\Downloads\FRST.txt
2014-08-06 13:39 - 2014-08-06 13:39 - 00025337 _____ () C:\Users\Piotrek\Downloads\Addition.txt
2014-08-06 13:38 - 2014-08-09 11:12 - 00000000 ____D () C:\FRST
2014-08-06 13:37 - 2014-08-06 13:37 - 02094080 _____ (Farbar) C:\Users\Piotrek\Downloads\FRST64.exe
2014-08-06 13:28 - 2014-08-06 13:28 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PIOTREK-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-08-06 13:28 - 2014-08-06 13:28 - 00000000 ____D () C:\RegBackup
2014-08-06 13:22 - 2014-08-06 13:22 - 00002242 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-08-06 13:22 - 2014-08-06 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-08-06 13:22 - 2014-08-06 13:22 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-08-06 13:21 - 2014-08-06 13:22 - 04057608 _____ () C:\Users\Piotrek\Downloads\tweaking.com_registry_backup_setup.exe
2014-08-06 11:47 - 2014-08-06 11:47 - 00001271 _____ () C:\Users\Piotrek\Desktop\Revo Uninstaller.lnk
2014-08-06 11:47 - 2014-08-06 11:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-06 11:45 - 2014-08-06 11:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Piotrek\Downloads\revosetup.exe
2014-08-05 22:30 - 2014-08-07 10:54 - 00000000 ____D () C:\ProgramData\bd1c007db4678b70
2014-08-05 22:29 - 2014-08-05 22:29 - 00000000 ____D () C:\Users\Piotrek\AppData\Local\Packages
2014-08-05 22:26 - 2014-08-05 22:26 - 00000045 _____ () C:\Users\Piotrek\AppData\Roaming\WB.CFG
2014-08-05 22:22 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-08-05 22:22 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-05 22:22 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-05 22:22 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-08-05 22:22 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-08-05 22:22 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-08-05 22:22 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-08-05 22:22 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-08-05 22:22 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-08-05 22:22 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-08-05 22:22 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-08-05 22:22 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-08-05 22:22 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-08-05 22:22 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-08-05 22:22 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-08-05 22:22 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-08-05 22:20 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-08-05 22:20 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-08-05 22:20 - 2012-05-04 12:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-08-05 22:20 - 2012-05-04 10:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-07-18 21:15 - 2014-07-18 21:15 - 04812672 _____ (Piriform Ltd) C:\Users\Piotrek\Downloads\ccsetup415.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-09 11:12 - 2014-08-06 13:39 - 00012386 _____ () C:\Users\Piotrek\Downloads\FRST.txt
2014-08-09 11:12 - 2014-08-06 13:38 - 00000000 ____D () C:\FRST
2014-08-09 10:59 - 2014-08-09 10:59 - 00001153 _____ () C:\Users\Piotrek\Desktop\JRT.txt
2014-08-09 10:55 - 2014-03-18 18:54 - 01102355 _____ () C:\Windows\WindowsUpdate.log
2014-08-09 10:54 - 2014-08-09 10:54 - 00000000 ____D () C:\Windows\ERUNT
2014-08-09 10:53 - 2014-08-09 10:53 - 01016261 _____ (Thisisu) C:\Users\Piotrek\Downloads\JRT.exe
2014-08-09 10:51 - 2014-08-09 10:51 - 00001166 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-09 10:51 - 2014-08-09 10:51 - 00001154 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-09 10:51 - 2014-08-09 10:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-09 10:51 - 2014-08-09 10:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-09 10:50 - 2014-08-09 10:49 - 00244320 _____ () C:\Users\Piotrek\Downloads\Firefox Setup Stub 31.0.exe
2014-08-09 10:20 - 2011-05-25 11:51 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-09 10:13 - 2014-03-25 00:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-09 09:22 - 2014-08-07 14:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-09 03:17 - 2014-03-20 14:09 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-08-08 15:20 - 2011-05-25 11:51 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-08 12:55 - 2014-08-08 12:55 - 00001084 _____ () C:\Users\Piotrek\Desktop\Kaspersky Security Scan.lnk
2014-08-08 12:55 - 2014-08-08 12:55 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-08-08 12:55 - 2014-08-08 12:55 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-08 12:55 - 2014-08-08 12:55 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-08-08 12:53 - 2014-08-08 12:53 - 00189320 _____ (Kaspersky Lab) C:\Users\Piotrek\Downloads\kss12.0.1.881de_en_es_fr_it_ja_ko_pl_pt_ru_zh_6220.exe
2014-08-08 11:45 - 2014-08-07 14:52 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-08 10:49 - 2009-07-14 05:45 - 00027744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-08 10:49 - 2009-07-14 05:45 - 00027744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-08 10:47 - 2009-07-14 06:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-08 10:42 - 2014-03-18 18:57 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar
2014-08-08 10:41 - 2014-08-07 15:02 - 00000112 _____ () C:\Windows\setupact.log
2014-08-08 10:41 - 2014-08-07 15:01 - 00002566 _____ () C:\Windows\PFRO.log
2014-08-08 10:41 - 2011-05-25 16:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-08 10:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-07 16:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-08-07 15:18 - 2014-08-07 15:18 - 00000000 ____D () C:\Users\Piotrek\Documents\ProcAlyzer Dumps
2014-08-07 15:18 - 2014-03-21 22:42 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-07 15:02 - 2014-08-07 15:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-07 15:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Speech
2014-08-07 14:52 - 2014-08-07 14:52 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-07 14:52 - 2014-08-07 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-07 14:52 - 2014-08-07 14:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-07 14:52 - 2014-08-07 14:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-07 14:51 - 2014-08-07 14:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Piotrek\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-07 12:22 - 2014-03-21 20:24 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-07 12:22 - 2014-03-21 20:24 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-07 12:21 - 2014-08-07 12:21 - 04813544 _____ (Piriform Ltd) C:\Users\Piotrek\Downloads\ccsetup416.exe
2014-08-07 11:02 - 2014-08-07 01:20 - 00000000 ____D () C:\AdwCleaner
2014-08-07 10:54 - 2014-08-05 22:30 - 00000000 ____D () C:\ProgramData\bd1c007db4678b70
2014-08-07 10:49 - 2014-03-18 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle
2014-08-07 01:02 - 2014-08-07 01:02 - 01475072 _____ () C:\Users\Piotrek\Downloads\AdwCleaner.exe
2014-08-06 14:51 - 2014-08-06 14:51 - 00002554 _____ () C:\Users\Piotrek\Downloads\aswMBR.txt
2014-08-06 14:51 - 2014-08-06 14:51 - 00000512 _____ () C:\Users\Piotrek\Downloads\MBR.dat
2014-08-06 14:24 - 2014-08-06 14:24 - 05185536 _____ (AVAST Software) C:\Users\Piotrek\Downloads\aswMBR.exe
2014-08-06 13:39 - 2014-08-06 13:39 - 00025337 _____ () C:\Users\Piotrek\Downloads\Addition.txt
2014-08-06 13:37 - 2014-08-06 13:37 - 02094080 _____ (Farbar) C:\Users\Piotrek\Downloads\FRST64.exe
2014-08-06 13:28 - 2014-08-06 13:28 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PIOTREK-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-08-06 13:28 - 2014-08-06 13:28 - 00000000 ____D () C:\RegBackup
2014-08-06 13:22 - 2014-08-06 13:22 - 00002242 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-08-06 13:22 - 2014-08-06 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-08-06 13:22 - 2014-08-06 13:22 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-08-06 13:22 - 2014-08-06 13:21 - 04057608 _____ () C:\Users\Piotrek\Downloads\tweaking.com_registry_backup_setup.exe
2014-08-06 11:47 - 2014-08-06 11:47 - 00001271 _____ () C:\Users\Piotrek\Desktop\Revo Uninstaller.lnk
2014-08-06 11:47 - 2014-08-06 11:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-06 11:45 - 2014-08-06 11:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Piotrek\Downloads\revosetup.exe
2014-08-06 11:06 - 2014-04-11 20:07 - 00000000 ___RD () C:\Users\Piotrek\Desktop\piatek
2014-08-06 09:21 - 2014-03-21 22:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-05 22:29 - 2014-08-05 22:29 - 00000000 ____D () C:\Users\Piotrek\AppData\Local\Packages
2014-08-05 22:26 - 2014-08-05 22:26 - 00000045 _____ () C:\Users\Piotrek\AppData\Roaming\WB.CFG
2014-08-05 22:24 - 2014-03-21 00:42 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-05 22:24 - 2014-03-21 00:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-05 22:24 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-05 22:22 - 2014-03-21 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-18 21:16 - 2014-03-21 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-18 21:15 - 2014-07-18 21:15 - 04812672 _____ (Piriform Ltd) C:\Users\Piotrek\Downloads\ccsetup415.exe
2014-07-11 11:02 - 2014-05-04 13:18 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\TS3Client
2014-07-10 09:58 - 2009-07-14 05:45 - 00276200 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 09:56 - 2014-04-30 02:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 09:56 - 2010-11-21 08:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 09:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 09:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 02:23 - 2014-03-24 22:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 02:22 - 2014-03-24 22:21 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 16:49

==================== End Of Log ============================


Anything more?
this ads deal4me I can't remove , and still opening some sexchat window or something like that :scratch:
when try to replay to this post again -> click to replay but opened 2 new windows - clickcompare.... and second window, live chat with naked girll:rockon::red:
no more websteroids ads, before this websteroids i saw as running process on windows task menager . Now nothing like that.
Thanks for help btw :)

shelf life
2014-08-09, 15:45
do this;

Click on start and in the search field type in notepad. Copy paste whats below in the code box and save it to your desktop as fixlist.txt


SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: deaill4me -> {5A55077E-9A8F-F6FB-67AD-19115988838A} -> C:\ProgramData\deaill4me\V4w.x64.dll No File
CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV="
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultNewTabURL:
CHR Extension: (Scroll Bar 1 Blue) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\affmlfjaccgajlhglnhfhfaiohelbmec [2014-08-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

Launch the FRST icon and press the Fix button just once and wait, the program will automatically launch and run fixlist.txt script.
The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

duczos1
2014-08-10, 12:53
Hi ,
FRST results:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-08-2014 01
Ran by Piotrek at 2014-08-10 10:46:08 Run:1
Running from C:\Users\Piotrek\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: deaill4me -> {5A55077E-9A8F-F6FB-67AD-19115988838A} -> C:\ProgramData\deaill4me\V4w.x64.dll No File
CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV="
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultNewTabURL:
CHR Extension: (Scroll Bar 1 Blue) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\affmlfjaccgajlhglnhfhfaiohelbmec [2014-08-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A55077E-9A8F-F6FB-67AD-19115988838A}" => Key deleted successfully.
"HKCR\CLSID\{5A55077E-9A8F-F6FB-67AD-19115988838A}" => Key deleted successfully.
CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=" ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchKeyword: conduit.search ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: Conduit Search ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultNewTabURL: => Error: No automatic fix found for this entry.
C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\affmlfjaccgajlhglnhfhfaiohelbmec => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

==== End of Fixlog ====

thx again

shelf life
2014-08-10, 14:35
ok. Next:

Reset Chrome settings:

Click the Chrome menu Chrome menu on the browser toolbar.
Select Settings.
Click Show advanced settings and find the "Reset browser settings” section.
Click Reset browser settings.
In the dialog that appears, click Reset. Note: When the "Help make Google Chrome better by reporting the current settings" checkbox is selected you are anonymously sending Google your Chrome settings. Reporting these settings allows us to analyze trends and work to prevent future unwanted settings changes.

Source (https://support.google.com/chrome/answer/3296214?hl=en)

duczos1
2014-08-10, 15:46
I dont have chrome istalled, when installing firefox i dont whant to have chrome.

shelf life
2014-08-10, 16:03
ok reset FF to its defaults:

https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

duczos1
2014-08-10, 17:20
done!!!:bigthumb:
I have been opened some websites and dont see anymore this ads.
Working fine . Thank You again ang hope last time.
Please , can you tell me wich antiviruses is good enoughe :
1Spybot AV
2 kaspersky
3 norton
4 mcafee ?
As far as i know , i need to buy some antivirus but not sure wich one.
any suggestion ?

shelf life
2014-08-10, 18:36
Ok, good. I think we are done. You can uninstall adwcleaner by starting it and clicking the uninstall button. The JRT icon just delete as well as the JRT folder @ C:/

Malwarebytes you can keep and use. Remember the free version must be updated manually and a scan started manually.

Yes you do need antivirus but the adware you had most likely was installed when you installed some other software. Pay attention to where you download software. There are many download portals that will bundle all kinds of "offers." Check my link below.

As far as AV goes: You only need one on your computer. Free versions are just as good as the paid versions. Try one out for a few days, if you like it-keep it. If not uninstall it and try another one. Free AV in no special order:

Avast (http://www.avast.com/en-us/index#upgrade)
Avria (https://www.avira.com/en/avira-free-antivirus)
Comodo (http://www.comodo.com/home/internet-security/antivirus.php)
AVG (http://free.avg.com/us-en/homepage)
Bitdefender (http://www.bitdefender.com/solutions/free.html)

If all is good- then happy safe surfing out there.