Worried about possible malware [Archive]

Kingault

2014-11-14, 21:57

Recently, a friend sent me a link on steam that turned out to be some sort of malware thing that sent the same message to all of my steam friends. I changed my password and did some scans with Malwarebytes and Spybot and found nothing, but I decided to do the scans with the programs mentioned in the "BEFORE You POST" topic. If someone could go over the logs and see if there's anything, I would be grateful.

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2014-11-14 15:50:44
-----------------------------
15:50:44.785 OS Version: Windows x64 6.2.9200
15:50:44.785 Number of processors: 4 586 0x1301
15:50:44.786 ComputerName: LIQUIDPC UserName: Tomasz
15:50:47.883 Initialize success
15:50:47.884 VM: initialized successfully
15:50:47.886 VM: Amd CPU supported
15:50:56.117 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000027
15:50:56.121 Disk 0 Vendor: ST2000DM001-1CH164 HP34 Size: 1907729MB BusType: 11
15:50:56.368 Disk 0 MBR read successfully
15:50:56.374 Disk 0 MBR scan
15:50:56.380 Disk 0 unknown MBR code
15:50:56.385 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
15:50:56.451 Disk 0 scanning C:\WINDOWS\system32\drivers
15:51:07.202 Service scanning
15:51:28.978 Modules scanning
15:51:28.992 Disk 0 trace - called modules:
15:51:29.246 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll storahci.sys
15:51:29.254 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00016f615e0]
15:51:29.266 3 CLASSPNP.SYS[fffff800edb9527b] -> nt!IofCallDriver -> \Device\00000027[0xffffe00016da0720]
15:51:29.275 Disk 0 statistics 110265/0/0 @ 5.23 MB/s
15:51:29.284 Scan finished successfully
15:54:21.821 Disk 0 MBR has been saved successfully to "C:\Users\Tomasz\Downloads\MBR.dat"
15:54:21.826 The log file has been saved successfully to "C:\Users\Tomasz\Downloads\aswMBR.txt"

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2014 02
Ran by Tomasz (administrator) on LIQUIDPC on 14-11-2014 15:48:04
Running from C:\Users\Tomasz\Downloads
Loaded Profile: Tomasz (Available profiles: Tomasz)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
() C:\Program Files (x86)\puush\puush.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Desura Net Pty Ltd) C:\Program Files (x86)\Desura\desura.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Desura Net Pty Ltd) C:\Program Files (x86)\Common Files\Desura\desura_service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\HexChat\hexchat.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(HP) C:\Program Files\WindowsApps\AD2F1837.HPScanandCapture_40.0.245.0_x64__v10z8vjag6ke6\HPScanandCapture.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Akamai Technologies, Inc.) C:\Users\Tomasz\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Tomasz\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-04] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-08-26] ()
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKLM-x32\...\RunOnce: [SpybotDeletingA3024] => command.com /c del "C:\end"
HKLM-x32\...\RunOnce: [SpybotDeletingC9745] => cmd.exe /c del "C:\end"
HKLM-x32\...\RunOnce: [SpybotDeletingA5820] => command.com /c del "C:\end"
HKLM-x32\...\RunOnce: [SpybotDeletingC8107] => cmd.exe /c del "C:\end"
HKLM-x32\...\RunOnce: [SpybotDeletingA8549] => command.com /c del "C:\end"
HKLM-x32\...\RunOnce: [SpybotDeletingC1066] => cmd.exe /c del "C:\end"
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-10-01] (Malwarebytes Corporation)
HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\Run: [Desura] => C:\Program Files (x86)\Desura\desura.exe [2668496 2014-09-21] (Desura Net Pty Ltd)
HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [2990304 2013-10-30] (Nota Inc.)
HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-08-19] (Raptr, Inc)
HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-02-21] ()
HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\Run: [f.lux] => C:\Users\Tomasz\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Tomasz\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\RunOnce: [SpybotDeletingB6980] => command.com /c del "C:\end"
HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\RunOnce: [SpybotDeletingD4495] => cmd.exe /c del "C:\end"
HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\RunOnce: [SpybotDeletingB8798] => command.com /c del "C:\end"
HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\RunOnce: [SpybotDeletingD6185] => cmd.exe /c del "C:\end"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={487F7308-D65C-49CC-AF02-AEFACE533447}&mid=8c4cd3bc894447d2a1f54dff125d0e61-9d6ff237c15da783288781e1ddc56f3db02fe907&lang=&ds=&coid=&cmpid=&pr=&d=&v=18.0.0.248&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={487F7308-D65C-49CC-AF02-AEFACE533447}&mid=8c4cd3bc894447d2a1f54dff125d0e61-9d6ff237c15da783288781e1ddc56f3db02fe907&lang=&ds=&coid=&cmpid=&pr=&d=&v=18.0.0.248&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Tomasz\AppData\Roaming\Mozilla\Firefox\Profiles\zoce48cl.default
FF Homepage: about:home
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-2883957329-2792123602-793195274-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tomasz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2883957329-2792123602-793195274-1001: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Extension: HTTPS-Everywhere - C:\Users\Tomasz\AppData\Roaming\Mozilla\Firefox\Profiles\zoce48cl.default\Extensions\https-everywhere@eff.org [2014-08-22]
FF Extension: Ghostery - C:\Users\Tomasz\AppData\Roaming\Mozilla\Firefox\Profiles\zoce48cl.default\Extensions\firefox@ghostery.com.xpi [2014-02-28]
FF Extension: BetterTTV - C:\Users\Tomasz\AppData\Roaming\Mozilla\Firefox\Profiles\zoce48cl.default\Extensions\jid0-OeCFXKAPh2tC0bN3Li9ajRAZx6c@jetpack.xpi [2014-02-23]
FF Extension: YouTube High Definition - C:\Users\Tomasz\AppData\Roaming\Mozilla\Firefox\Profiles\zoce48cl.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-07-10]
FF Extension: Adblock Plus - C:\Users\Tomasz\AppData\Roaming\Mozilla\Firefox\Profiles\zoce48cl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-03]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.91
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Nightly\firefox.exe

Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-01]
CHR Extension: (Google Drive) - C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (YouTube) - C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-01]
CHR Extension: (Google Search) - C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-01]
CHR Extension: (AdBlock) - C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-17]
CHR Extension: (Center'd - Center the new YT) - C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkgjcknlnbcciacdklmnafmfcfjnpcja [2014-10-25]
CHR Extension: (AVG Security Toolbar) - C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-03-07]
CHR Extension: (Google Wallet) - C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01]
CHR Extension: (Gmail) - C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-01]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-06-29] (BitRaider, LLC)
R2 CLHNServiceForPowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-06-09] (CyberLink Corp.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-09] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-09] (CyberLink)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-08-22] (Hi-Rez Studios) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-06-07] (Hewlett-Packard Company) [File not signed]
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [5267776 2014-01-22] (INCA Internet Co., Ltd.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-04] (IDT, Inc.) [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-02-16] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
S2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [270104 2014-06-30] (AVG Technologies CZ, s.r.o.)
U0 aywipp; C:\Windows\System32\drivers\yafdb.sys [79064 2014-11-01] (Malwarebytes Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R2 ntk_PowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [84168 2013-03-12] (Cyberlink Corp.)
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [29696 2014-07-07] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 X6va021; \??\C:\WINDOWS\SysWOW64\Drivers\X6va021 [X]
U3 aswMBR; \??\C:\Users\Tomasz\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Tomasz\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-14 15:48 - 2014-11-14 15:49 - 00025804 _____ () C:\Users\Tomasz\Downloads\FRST.txt
2014-11-14 15:47 - 2014-11-14 15:48 - 00000000 ____D () C:\FRST
2014-11-14 15:46 - 2014-11-14 15:46 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-LIQUIDPC-Microsoft-Windows-8.1-(64-bit).dat
2014-11-14 15:44 - 2014-11-14 15:44 - 00002258 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-11-14 15:44 - 2014-11-14 15:44 - 00000000 ____D () C:\RegBackup
2014-11-14 15:44 - 2014-11-14 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-11-14 15:44 - 2014-11-14 15:44 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-11-14 15:43 - 2014-11-14 15:43 - 04215584 _____ () C:\Users\Tomasz\Downloads\tweaking.com_registry_backup_setup.exe
2014-11-14 15:41 - 2014-11-14 15:42 - 02116608 _____ (Farbar) C:\Users\Tomasz\Downloads\FRST64.exe
2014-11-14 15:41 - 2014-11-14 15:41 - 05198336 _____ (AVAST Software) C:\Users\Tomasz\Downloads\aswMBR.exe
2014-11-13 00:08 - 2014-11-13 00:08 - 00020404 _____ () C:\Users\Tomasz\Documents\US Gov 111314.odt
2014-11-11 23:00 - 2014-11-11 23:00 - 00013166 _____ () C:\Users\Tomasz\Documents\AP Bio Lab report 111114.odt
2014-11-11 19:17 - 2014-10-23 00:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-11-11 19:17 - 2014-10-23 00:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-11-11 10:05 - 2014-11-11 10:05 - 00059666 _____ () C:\Users\Tomasz\Downloads\a0a08da100c48fc0de52f440c0bc601b.torrent
2014-11-11 09:43 - 2014-11-11 09:43 - 00651264 _____ () C:\Users\Tomasz\Downloads\Detection.msi
2014-11-11 09:43 - 2014-11-11 09:43 - 00651264 _____ () C:\Users\Tomasz\Downloads\Detection (1).msi
2014-11-10 20:05 - 2014-11-10 20:05 - 00000218 _____ () C:\Users\Tomasz\AppData\Local\recently-used.xbel
2014-11-10 19:53 - 2014-11-10 19:57 - 697014865 _____ () C:\Users\Tomasz\Downloads\Game Center CX - 178 - Mega Man X (Part 1) 60fps [SAGCCX].mp4
2014-11-10 19:53 - 2014-11-10 19:53 - 00013705 _____ () C:\Users\Tomasz\Downloads\Game Center CX - 178 - Mega Man X (Part 1) 60fps [SAGCCX].mp4.torrent
2014-11-10 02:24 - 2014-11-10 02:24 - 00025036 _____ () C:\Users\Tomasz\Documents\HW 11914.odt
2014-11-08 06:52 - 2014-11-08 06:52 - 15886792 _____ () C:\Users\Tomasz\Downloads\OSP18(Final)_HorribleTrans.zip
2014-11-07 21:17 - 2014-11-07 21:17 - 00490135 _____ () C:\Users\Tomasz\Downloads\38493.zip
2014-11-07 21:17 - 2014-11-07 21:17 - 00092003 _____ () C:\Users\Tomasz\Downloads\34083.zip
2014-11-07 21:12 - 2014-11-07 21:12 - 01251372 _____ () C:\Users\Tomasz\Downloads\Skins.rar
2014-11-07 21:12 - 2014-11-07 21:12 - 01251372 _____ () C:\Users\Tomasz\Downloads\Skins (1).rar
2014-11-07 21:08 - 2014-11-07 21:26 - 00000000 ____D () C:\Users\Tomasz\Documents\Skin Installer Ultimate
2014-11-07 21:06 - 2014-11-07 21:07 - 07916654 _____ () C:\Users\Tomasz\Downloads\SIU 4.34-Lite.zip
2014-11-07 00:45 - 2014-11-07 00:45 - 00020552 _____ () C:\Users\Tomasz\Documents\US Gov 11614.odt
2014-11-04 01:16 - 2014-11-04 01:16 - 00013258 _____ () C:\Users\Tomasz\Documents\HW 11314.odt
2014-11-03 23:19 - 2014-11-03 23:20 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-11-03 23:19 - 2014-11-03 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-03 23:19 - 2014-11-03 23:19 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-11-03 23:18 - 2014-11-03 23:18 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-11-03 23:18 - 2014-11-03 23:18 - 00000000 ____D () C:\Users\Tomasz\AppData\Local\Apple
2014-11-03 23:18 - 2014-11-03 23:18 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-11-03 23:17 - 2014-11-03 23:18 - 39401336 _____ (Apple Inc.) C:\Users\Tomasz\Downloads\QuickTimeInstaller.exe
2014-11-02 17:46 - 2014-11-02 17:48 - 00000000 ____D () C:\Users\Tomasz\Documents\Strife
2014-11-02 17:40 - 2014-11-02 17:40 - 00001962 _____ () C:\Users\Tomasz\Desktop\Strife.lnk
2014-11-02 17:40 - 2014-11-02 17:40 - 00000000 ____D () C:\Users\Tomasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strife
2014-11-02 17:40 - 2014-11-02 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strife
2014-11-02 17:34 - 2014-11-02 17:34 - 00000000 ____D () C:\Users\Tomasz\AppData\Roaming\Awesomium
2014-11-02 17:33 - 2014-11-02 17:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2014-11-02 17:33 - 2014-11-02 17:33 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-11-02 17:33 - 2014-11-02 17:33 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
2014-11-02 17:27 - 2014-11-02 17:48 - 00000000 ____D () C:\Program Files (x86)\Strife
2014-11-02 17:26 - 2014-11-02 17:27 - 46860733 _____ (Hi-Rez Studios) C:\Users\Tomasz\Downloads\InstallHiRezGamesEnglish.exe
2014-11-02 13:14 - 2014-11-02 13:27 - 00000000 ____D () C:\Users\Tomasz\AppData\Roaming\deluge
2014-11-02 13:14 - 2014-11-02 13:26 - 1673055576 _____ () C:\Users\Tomasz\Downloads\StrifeWindows-0.4.5.1.exe
2014-11-02 13:13 - 2014-11-02 13:13 - 00127996 _____ () C:\Users\Tomasz\Downloads\StrifeWindows-0.4.5.1.torrent
2014-11-01 23:49 - 2014-11-01 23:49 - 00000000 ____D () C:\Users\Tomasz\AppData\Local\Freelancer
2014-11-01 23:43 - 2014-11-01 23:44 - 95042659 _____ () C:\Users\Tomasz\Downloads\discovery_4.87.0.exe
2014-11-01 23:37 - 2014-11-01 23:37 - 01187586 _____ () C:\Users\Tomasz\Downloads\FLMM1.5beta1Installer.exe
2014-11-01 21:15 - 2014-11-01 21:15 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\yafdb.sys
2014-11-01 18:59 - 2014-11-01 19:01 - 111970304 _____ (SQUARE ENIX CO., LTD.) C:\Users\Tomasz\Downloads\ffxivsetup.exe
2014-10-30 23:30 - 2014-10-30 23:32 - 00023139 _____ () C:\Users\Tomasz\Documents\Theology Research Paper 103014.odt
2014-10-30 17:33 - 2014-11-09 09:36 - 00000000 ____D () C:\Program Files (x86)\Nightly
2014-10-29 22:14 - 2014-10-29 22:14 - 00021535 _____ () C:\Users\Tomasz\Documents\US Gov 102914.odt
2014-10-28 21:56 - 2014-10-28 21:56 - 00016767 _____ () C:\Users\Tomasz\Documents\English 102814.odt
2014-10-24 14:34 - 2014-10-24 14:34 - 02038576 _____ () C:\Users\Tomasz\Downloads\Earthbound.zip
2014-10-24 00:36 - 2014-10-24 00:36 - 01174016 _____ () C:\Users\Tomasz\Downloads\enzymes (1).ppt
2014-10-21 22:58 - 2014-10-21 22:58 - 00016026 _____ () C:\Users\Tomasz\Documents\English 102114.odt
2014-10-20 23:37 - 2014-10-20 23:37 - 00045492 _____ () C:\Users\Tomasz\Documents\HW 102014.odt
2014-10-20 20:43 - 2014-10-20 20:46 - 12739584 _____ () C:\Users\Tomasz\Downloads\Biochemistry_presentation (1).ppt
2014-10-20 20:43 - 2014-10-20 20:43 - 01174016 _____ () C:\Users\Tomasz\Downloads\enzymes.ppt
2014-10-18 15:39 - 2014-10-22 18:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-18 15:39 - 2014-10-18 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-18 15:36 - 2014-09-29 17:45 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-10-18 15:36 - 2014-09-29 17:45 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-17 22:09 - 2014-10-17 22:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine
2014-10-17 22:07 - 2014-10-17 22:08 - 130258496 _____ () C:\Users\Tomasz\Downloads\ddolive.exe
2014-10-17 20:32 - 1997-08-26 11:06 - 00315904 _____ (InstallShield Software Corporation) C:\WINDOWS\IsUninst.exe
2014-10-17 05:30 - 2014-10-17 05:30 - 00003552 _____ () C:\WINDOWS\System32\Tasks\HP AR Program Upload - a84c848a1659461f9446762520251da8aab7d8b40a1b4969a32f1266472c26fa
2014-10-17 00:02 - 2014-10-17 05:30 - 00023538 _____ () C:\Users\Tomasz\Documents\Theo 101614.odt
2014-10-15 23:03 - 2014-10-15 23:03 - 00020457 _____ () C:\Users\Tomasz\Documents\AP Bio 101514.odt
2014-10-15 22:48 - 2014-10-15 22:49 - 12739584 _____ () C:\Users\Tomasz\Downloads\Biochemistry_presentation.ppt
2014-10-15 09:33 - 2014-08-15 23:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-10-15 09:33 - 2014-08-15 23:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-10-15 09:33 - 2014-08-15 23:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-10-15 09:33 - 2014-08-15 22:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-10-15 09:33 - 2014-08-15 22:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-10-15 09:33 - 2014-08-15 22:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-10-15 09:33 - 2014-08-15 22:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-10-15 09:33 - 2014-08-15 22:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-10-15 09:33 - 2014-08-15 22:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-10-15 09:33 - 2014-08-15 20:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-10-15 09:33 - 2014-08-15 20:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2014-10-15 09:33 - 2014-08-15 19:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-10-15 09:33 - 2014-08-15 19:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-10-15 09:33 - 2014-08-15 19:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2014-10-15 09:33 - 2014-08-15 19:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-10-15 09:33 - 2014-08-15 19:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2014-10-15 09:33 - 2014-08-15 19:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-10-15 09:33 - 2014-08-15 19:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-10-15 09:33 - 2014-08-15 19:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2014-10-15 09:33 - 2014-08-15 19:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 09:33 - 2014-08-15 19:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-10-15 09:33 - 2014-08-15 19:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-10-15 09:33 - 2014-08-15 19:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-10-15 09:33 - 2014-08-15 19:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 09:33 - 2014-08-15 19:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-10-15 09:33 - 2014-08-15 19:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-10-15 09:33 - 2014-08-15 19:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-10-15 09:33 - 2014-08-15 19:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-10-15 09:33 - 2014-08-15 19:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-10-15 09:33 - 2014-08-15 19:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-10-15 09:33 - 2014-08-15 19:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-10-15 09:33 - 2014-08-15 19:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-10-15 09:33 - 2014-08-15 19:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-10-15 09:33 - 2014-08-15 19:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-10-15 09:33 - 2014-07-31 18:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-10-15 09:32 - 2014-09-27 17:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-10-15 09:31 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-15 09:31 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-15 09:31 - 2014-09-13 01:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-15 09:31 - 2014-09-13 00:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-15 09:31 - 2014-09-07 22:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-10-15 09:31 - 2014-09-07 20:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-10-15 09:31 - 2014-09-07 20:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-10-15 09:31 - 2014-09-07 19:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-10-15 09:31 - 2014-09-07 19:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-10-15 09:31 - 2014-09-07 19:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-10-15 09:31 - 2014-09-07 19:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-10-15 09:31 - 2014-09-07 19:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-10-15 09:31 - 2014-09-07 19:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-10-15 09:31 - 2014-09-07 19:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-10-15 09:31 - 2014-09-07 18:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-10-15 09:31 - 2014-09-07 18:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-10-15 09:31 - 2014-09-07 18:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-10-15 09:31 - 2014-09-07 18:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-10-15 09:31 - 2014-09-03 19:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-10-15 09:31 - 2014-09-03 18:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-10-15 09:31 - 2014-09-03 18:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-10-15 09:31 - 2014-08-28 20:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-10-15 09:31 - 2014-08-28 18:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-10-15 09:31 - 2014-08-28 18:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-10-15 09:30 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-15 09:30 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-15 09:30 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-15 09:30 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-15 09:30 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-15 09:30 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-15 09:30 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-15 09:30 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-10-15 09:30 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-10-15 09:30 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-15 09:30 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-15 09:30 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-10-15 09:30 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-10-15 09:30 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-15 09:30 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-10-15 09:30 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-15 09:30 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-15 09:30 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-15 09:30 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-15 09:30 - 2014-09-18 19:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-15 09:30 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-15 09:30 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-15 09:30 - 2014-09-18 19:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-15 09:30 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-15 09:30 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-15 09:30 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-10-15 09:30 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-15 09:30 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-10-15 09:30 - 2014-09-03 19:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-15 09:30 - 2014-09-03 19:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-14 15:39 - 2014-02-03 15:17 - 00000000 ____D () C:\Users\Tomasz\AppData\Roaming\ClassicShell
2014-11-14 15:35 - 2014-02-21 18:04 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-14 15:23 - 2014-04-07 19:09 - 00000000 ____D () C:\Users\Tomasz\AppData\Roaming\Skype
2014-11-14 15:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-14 12:51 - 2014-02-02 13:56 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F8041DA0-2BE8-494B-8E09-951293D6D6B2}
2014-11-14 09:52 - 2014-02-03 15:23 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-14 07:15 - 2014-07-07 15:31 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-14 07:09 - 2014-02-04 21:11 - 00000024 _____ () C:\Users\Tomasz\random.dat
2014-11-14 07:03 - 2014-02-03 15:34 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-14 06:57 - 2014-02-04 21:11 - 00000045 _____ () C:\Users\Tomasz\jagex_cl_runescape_LIVE.dat
2014-11-14 06:50 - 2014-02-16 14:03 - 02092289 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-14 06:44 - 2014-02-02 14:04 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2883957329-2792123602-793195274-1001
2014-11-14 04:28 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-11-13 21:36 - 2014-09-20 19:03 - 00000024 _____ () C:\Users\Tomasz\jagexappletviewer.preferences
2014-11-13 19:35 - 2014-02-21 18:04 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-13 19:30 - 2014-02-21 18:04 - 00003896 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 19:30 - 2014-02-21 18:04 - 00003660 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 18:52 - 2014-06-21 20:18 - 00000000 ____D () C:\Users\Tomasz\AppData\Local\Akamai
2014-11-13 16:53 - 2014-02-08 16:24 - 00000000 ____D () C:\Users\Tomasz\AppData\Local\CrashDumps
2014-11-13 16:52 - 2014-02-19 18:31 - 00000000 ____D () C:\ProgramData\HappyCloud
2014-11-12 05:01 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-11 15:43 - 2014-02-03 15:14 - 00354304 ___SH () C:\Users\Tomasz\Desktop\Thumbs.db
2014-11-11 11:03 - 2014-08-14 08:50 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-11-11 09:44 - 2014-02-08 23:43 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-11-10 23:38 - 2014-06-02 16:38 - 00003170 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForTomasz
2014-11-10 23:38 - 2014-06-02 16:38 - 00000354 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForTomasz.job
2014-11-10 18:04 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-11-10 17:32 - 2014-02-03 20:07 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-11-10 17:31 - 2014-02-03 20:07 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-09 09:30 - 2014-07-18 15:19 - 00000000 ____D () C:\Program Files (x86)\WarThunder
2014-11-09 09:30 - 2014-02-21 21:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2014-11-09 09:30 - 2014-02-03 22:12 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
2014-11-06 17:51 - 2014-03-11 22:23 - 00000000 ____D () C:\Users\Tomasz\AppData\Roaming\HexChat
2014-11-05 23:50 - 2014-02-21 15:30 - 00000000 ____D () C:\Users\Tomasz\AppData\Local\Turbine
2014-11-04 15:30 - 2014-07-31 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-03 15:47 - 2013-11-14 02:28 - 00969092 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-03 15:44 - 2013-08-22 09:46 - 00299538 _____ () C:\WINDOWS\setupact.log
2014-11-02 17:38 - 2013-10-17 14:01 - 00234284 _____ () C:\WINDOWS\DirectX.log
2014-11-02 17:33 - 2013-10-17 13:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-02 00:21 - 2014-02-03 20:23 - 00000000 ____D () C:\Users\Tomasz\Documents\My Games
2014-11-01 21:15 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\L2Schemas
2014-11-01 20:48 - 2014-07-07 15:31 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-01 20:48 - 2014-07-07 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-01 20:48 - 2014-07-07 15:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-30 18:08 - 2014-04-21 10:26 - 00000000 ____D () C:\Users\Tomasz\Documents\Scanned
2014-10-27 11:38 - 2014-02-03 15:41 - 00000000 ____D () C:\Users\Tomasz\AppData\Roaming\Raptr
2014-10-24 16:25 - 2014-02-03 19:15 - 00000000 ____D () C:\Users\Tomasz\Documents\ZNES
2014-10-22 18:22 - 2014-04-07 19:08 - 00000000 ____D () C:\ProgramData\Skype
2014-10-19 04:16 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-18 23:13 - 2014-07-07 15:10 - 00000147 _____ () C:\WINDOWS\wininit.ini
2014-10-18 22:14 - 2014-02-03 19:12 - 00000000 ____D () C:\Users\Tomasz\AppData\Local\Adobe
2014-10-18 22:00 - 2014-02-03 13:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-18 15:39 - 2014-04-07 19:08 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-18 15:39 - 2014-02-16 14:08 - 00000000 ___DO () C:\Users\Tomasz\SkyDrive
2014-10-18 15:38 - 2014-02-03 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desura
2014-10-18 15:35 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-18 15:35 - 2013-08-22 09:44 - 00383496 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-18 15:34 - 2013-11-14 02:20 - 00202256 _____ () C:\WINDOWS\PFRO.log
2014-10-18 15:32 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-18 15:30 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-18 15:30 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-10-18 15:30 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-10-18 15:30 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-10-18 15:30 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-10-18 15:29 - 2013-11-14 02:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-18 15:29 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-10-18 15:29 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-18 15:29 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-18 15:29 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2014-10-18 15:29 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod
2014-10-18 15:29 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-10-18 15:29 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-10-17 22:09 - 2014-06-21 15:47 - 00000000 ____D () C:\Program Files (x86)\Turbine
2014-10-15 19:30 - 2014-09-29 22:49 - 00031667 _____ () C:\Users\Tomasz\Documents\92914 HW.odt
2014-10-15 19:30 - 2014-09-23 00:22 - 00023029 _____ () C:\Users\Tomasz\Documents\AP Bio Lab Report 92214.odt
2014-10-15 15:05 - 2014-02-03 20:54 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-15 15:00 - 2014-02-03 20:54 - 103265616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\Tomasz\jagex_cl_runescape_LIVE.dat
C:\Users\Tomasz\jagex_cl_runescape_LIVE1.dat
C:\Users\Tomasz\jagex_cl_runescape_LIVE_BETA.dat
C:\Users\Tomasz\random.dat

Some content of TEMP:
====================
C:\Users\Tomasz\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Tomasz\AppData\Local\Temp\comver.dll
C:\Users\Tomasz\AppData\Local\Temp\ddxx_MesHoooooook.dll
C:\Users\Tomasz\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Tomasz\AppData\Local\Temp\Gw2.exe
C:\Users\Tomasz\AppData\Local\Temp\hcuninstaller_20140220_101735_79512.exe
C:\Users\Tomasz\AppData\Local\Temp\hcuninstaller_20140221_115845_29792.exe
C:\Users\Tomasz\AppData\Local\Temp\HssInstaller.exe
C:\Users\Tomasz\AppData\Local\Temp\hsspk.exe
C:\Users\Tomasz\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Tomasz\AppData\Local\Temp\NGMDll.dll
C:\Users\Tomasz\AppData\Local\Temp\NGMResource.dll
C:\Users\Tomasz\AppData\Local\Temp\oi_{0E265131-8FF4-4AE9-A952-7BDA4E96DEA1}.exe
C:\Users\Tomasz\AppData\Local\Temp\SIntf16.dll
C:\Users\Tomasz\AppData\Local\Temp\SIntf32.dll
C:\Users\Tomasz\AppData\Local\Temp\SIntfNT.dll
C:\Users\Tomasz\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Tomasz\AppData\Local\Temp\SRLDetectionLibrary4822007644872002210.dll
C:\Users\Tomasz\AppData\Local\Temp\unicows.dll
C:\Users\Tomasz\AppData\Local\Temp\war3_Install.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-14 04:27

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-11-2014 02
Ran by Tomasz at 2014-11-14 15:49:25
Running from C:\Users\Tomasz\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Akamai NetSession Interface (HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{0DEB2EEB-BE9A-44B1-9D90-183250B61785}) (Version: 20.13.3317.03143 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.13.3317.03143 - Alcor Micro Corp.) Hidden
AMD Catalyst Install Manager (HKLM\...\{40959651-122E-1A16-9011-40629C01703F}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
APB Reloaded (HKLM-x32\...\Steam App 113400) (Version: - Reloaded Productions)
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Archeage Beta (HKLM-x32\...\Glyph Archeage Beta) (Version: - Trion Worlds, Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version: - Dylan Fitterer)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4189 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 17.3.1.91 - AVG Technologies)
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Beat Hazard (HKLM-x32\...\Steam App 49600) (Version: - Cold Beam Games)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Caveman2Cosmos (HKLM-x32\...\Caveman2Cosmos) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6522 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.3003 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4016 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.2921 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3007 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1.3007 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version: - FromSoftware)
Defense Grid: The Awakening (HKLM-x32\...\Steam App 18500) (Version: - Hidden Path Entertainment)
Deluge 1.3.6 (HKLM-x32\...\Deluge) (Version: - )
Desura (HKLM-x32\...\Desura) (Version: 100.57 - Desura)
Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version: - Eidos Montreal)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Double Dragon Neon (HKLM-x32\...\Steam App 252350) (Version: - WayForward)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dungeon Fighter Online (HKLM-x32\...\DFO) (Version: - )
Dungeons & Dragons Online (HKLM-x32\...\Dungeons & Dragons Online) (Version: - Turbine, Inc)
EverQuest II (HKLM-x32\...\Steam App 201230) (Version: - Sony Online Entertainment, LLC.)
f.lux (HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\Flux) (Version: - )
Façade (HKLM-x32\...\{24E34264-D483-477C-A9A0-4E53F69834CF}) (Version: 1.1.2 - Procedural Arts)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version: - Bethesda Game Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
GunZ 2: The Second Duel (HKLM-x32\...\Steam App 242720) (Version: - MAIET Entertainment)
Gyazo 2.0.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
Happy Cloud Client (HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\HappyCloud) (Version: 4.28 - Happy Cloud, Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hewlett-Packard ACLM.NET v1.2.2.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HexChat (x64) (HKLM\...\HexChat (x64)_is1) (Version: 2.9.6 - HexChat)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hitman: Blood Money (HKLM-x32\...\Steam App 6860) (Version: - IO Interactive)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version: - Dennaton Games)
Hotspot Shield 3.42 (HKLM-x32\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Officejet 4630 series Basic Device Software (HKLM\...\{29B1CB33-32C3-4762-85DA-8CEADDC36EA7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}) (Version: 7.2.23.56 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6482.0 - IDT)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.600 - Oracle)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version: - JC2-MP Team)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Marvel Heroes 2015 (HKLM-x32\...\Steam App 226320) (Version: - Gazillion Entertainment)
METAL GEAR RISING: REVENGEANCE (HKLM-x32\...\Steam App 235460) (Version: - PlatinumGames)
Metal Slug 3 (HKLM-x32\...\Steam App 250180) (Version: - DotEmu)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Moonbase Alpha (HKLM-x32\...\Steam App 39000) (Version: - Virtual Heroes)
Mount&Blade Warband (HKLM-x32\...\Mount&Blade Warband) (Version: - )
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0a1 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Neverwinter (HKLM-x32\...\Steam App 109600) (Version: - Cryptic Studios)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.47.3 - Black Tree Gaming)
Nightly 36.0a1 (x86 en-US) (HKLM-x32\...\Nightly 36.0a1 (x86 en-US)) (Version: 36.0a1 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
One Way Heroics (HKLM-x32\...\Steam App 266210) (Version: - Smoking WOLF)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Painkiller Hell & Damnation (HKLM-x32\...\Steam App 214870) (Version: - The Farm 51)
Painkiller Overdose (HKLM-x32\...\Steam App 3270) (Version: - Mindware Studios)
Painkiller: Black Edition (HKLM-x32\...\Steam App 39530) (Version: - People Can Fly)
Painkiller: Recurring Evil (HKLM-x32\...\Steam App 206760) (Version: - Med-Art)
Painkiller: Redemption (HKLM-x32\...\Steam App 65560) (Version: - Eggtooth Team)
Painkiller: Resurrection (HKLM-x32\...\Steam App 39560) (Version: - Homegrown Games)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PHANTASY STAR ONLINE 2 (HKLM-x32\...\http://pso2.jp/appid/release_is1) (Version: - SEGA)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Pinball FX2 (HKLM-x32\...\Steam App 226980) (Version: - Zen Studios)
Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) Hidden
PixelJunk Eden (HKLM-x32\...\Steam App 105800) (Version: - Q-Games, Ltd.)
PixelJunk™ Shooter (HKLM-x32\...\Steam App 255870) (Version: - )
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.30153 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Red Orchestra 2: Heroes of Stalingrad - Single Player (HKLM-x32\...\Steam App 236830) (Version: - )
RIFT (HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\RIFT) (Version: - Trion Worlds, Inc.)
RIFT™ (HKLM-x32\...\Steam App 39120) (Version: - Trion Worlds)
Rock of Ages (HKLM-x32\...\Steam App 22230) (Version: - ACE Team)
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version: - Coffee Stain Studios)
Sid Meier's Civilization IV: Beyond the Sword (HKLM-x32\...\Steam App 8800) (Version: - Firaxis Games)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Sid Meier's Railroads! (HKLM-x32\...\Steam App 7600) (Version: - Firaxis Games)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - Rebellion)
Sonic Adventure™ 2 (HKLM-x32\...\Steam App 213610) (Version: - SEGA)
Sonic CD (HKLM-x32\...\Steam App 200940) (Version: - Blit Software)
SpaceChem (HKLM-x32\...\Steam App 92800) (Version: - Zachtronics)
SpeedRunners (HKLM-x32\...\Steam App 207140) (Version: - DoubleDutch Games)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.45 - Bioware/EA)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Strife (HKLM-x32\...\Strife) (Version: - S2 Games)
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version: - Terry Cavanagh)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{9EBC5B93-2588-4F82-A9D0-152768020A7A}) (Version: 2.2.3.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TERA (HKLM-x32\...\{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}) (Version: 1.6 - En Masse Entertainment)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Elder Scrolls II: Daggerfall, DaggerfallSetup 2.9 (HKLM-x32\...\DaggerfallSetup_is1) (Version: - Bethesda Softworks)
The Lord of the Rings Online (HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\lotro_highres_en_full) (Version: - )
The Ship (HKLM-x32\...\Steam App 2400) (Version: - Outerlight Ltd.)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD Projekt RED)
Thief Gold (HKLM-x32\...\Steam App 211600) (Version: - Looking Glass Studios)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - Runic Games)
TrackMania Nations Forever (HKLM-x32\...\Steam App 11020) (Version: - Nadeo)
Tropico 3 - Steam Special Edition (HKLM-x32\...\Steam App 23490) (Version: - Haemimont Games)
Trove (HKLM-x32\...\Glyph Trove) (Version: - Trion Worlds, Inc.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
War Thunder Launcher 1.0.1.376 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Warcraft III: All Products (HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\Warcraft III) (Version: - )
Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XSplit Broadcaster (HKLM-x32\...\{6459F338-FE52-4034-BCA7-74772DA0F24D}) (Version: 1.3.1403.1202 - SplitMediaLabs)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

11-11-2014 11:48:08 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {230B269C-763C-4773-9317-F9960F0CC0B5} - System32\Tasks\HP AR Program Upload - a84c848a1659461f9446762520251da8aab7d8b40a1b4969a32f1266472c26fa => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2013-08-13] (TODO: <Company name>)
Task: {4EB56750-51FF-407C-9568-31D0DEB7D4DE} - System32\Tasks\HP AR Program Upload - 4907845bd19d41d2b207106fc40ee8ed2cfea7d136c2473eb966a0569956be2c => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2013-08-13] (TODO: <Company name>)
Task: {556AE6DC-1155-4471-882B-14BC7061CDD7} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {59465511-B042-4B7B-BACB-393EF1DBBB7B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-15] (Microsoft Corporation)
Task: {5A188ACC-E1A0-4E5F-AEE8-77AF69A86947} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN4282P401 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {5AACCD86-5731-4755-9846-DCF1D525DD11} - System32\Tasks\HPCeeScheduleForTomasz => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {66CECEDC-8CE3-4D5D-9C41-47C519CA526E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {6EE51F89-6D63-4A48-9463-453A0B1FE4BB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {78FB3F2C-60F2-4B98-A6D2-29ADF865AF31} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {7E74AC0C-D5C0-4585-9590-4913B819915C} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)
Task: {821590EB-7A6A-4025-8DA4-645CAEFAE964} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {85406C15-B6F3-46DF-A0B9-CB6C86DFA2B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21] (Google Inc.)
Task: {AA97B452-8890-4290-A2C3-E5B51B787541} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21] (Google Inc.)
Task: {B5FA7276-1E04-46C7-8257-0621B4199D51} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {E67BC01B-ECB0-461D-A72E-219F681565D0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForTomasz.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-08-11 08:15 - 2014-08-11 08:15 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2012-01-10 14:41 - 2014-02-21 16:22 - 00567880 _____ () C:\Program Files (x86)\puush\puush.exe
2014-03-03 13:51 - 2014-08-26 00:32 - 02640408 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2013-01-22 17:50 - 2013-01-22 17:50 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2014-03-11 22:23 - 2013-09-15 10:08 - 00764416 _____ () C:\Program Files\HexChat\hexchat.exe
2014-03-11 22:23 - 2013-07-25 11:54 - 01529856 _____ () C:\Program Files\HexChat\libxml2.dll
2014-03-11 22:23 - 2013-07-25 12:07 - 01605632 _____ () C:\Program Files\HexChat\cairo.dll
2014-03-11 22:23 - 2013-07-25 11:56 - 00225280 _____ () C:\Program Files\HexChat\libpng16.dll
2014-03-11 22:23 - 2013-07-25 11:49 - 00028160 _____ () C:\Program Files\HexChat\iconv.dll
2014-03-11 22:23 - 2013-07-25 11:55 - 00679936 _____ () C:\Program Files\HexChat\fontconfig.dll
2014-03-11 22:23 - 2013-07-25 11:57 - 00594944 _____ () C:\Program Files\HexChat\pixman-1.dll
2014-03-11 22:23 - 2013-07-25 11:54 - 00076288 _____ () C:\Program Files\HexChat\zlib1.dll
2014-03-11 22:23 - 2013-07-25 12:08 - 00757760 _____ () C:\Program Files\HexChat\harfbuzz.dll
2014-05-01 14:41 - 2013-07-25 12:11 - 00057344 _____ () C:\Program Files\HexChat\lib\gtk-2.0\i686-pc-vs10\engines\libwimp.dll
2014-05-01 14:41 - 2013-07-25 12:07 - 00287744 _____ () C:\Program Files\HexChat\lib\enchant\libenchant_myspell.dll
2014-05-01 14:41 - 2013-09-15 10:07 - 00011776 _____ () C:\Program Files\HexChat\plugins\hcupd.dll
2014-10-20 02:54 - 2014-10-20 02:54 - 05185024 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI.Xaml\873b701d9b42e91132f08a6f05c4361a\Windows.UI.Xaml.ni.dll
2014-10-19 00:28 - 2014-10-19 00:28 - 00151552 _____ () C:\Users\Tomasz\AppData\Local\Packages\ad2f1837.hpscanandcapture_v10z8vjag6ke6\AC\Microsoft\CLR_v4.0\NativeImages\HPLoggingLib\3de27730452db75009ce53dffd5d78df\HPLoggingLib.ni.dll
2014-10-20 02:54 - 2014-10-20 02:54 - 01782784 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\3f4dc590466037f015f65bc07d1ea923\Windows.ApplicationModel.ni.dll
2014-10-20 02:54 - 2014-10-20 02:54 - 01278464 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Storage\f9ac074d298db459c5eff6d3256861c8\Windows.Storage.ni.dll
2014-10-20 02:54 - 2014-10-20 02:54 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2014-10-20 02:54 - 2014-10-20 02:54 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\4bd80968bf666252841ca7792faaff11\Windows.UI.ni.dll
2014-10-19 00:28 - 2014-10-19 00:28 - 00069632 _____ () C:\Users\Tomasz\AppData\Local\Packages\ad2f1837.hpscanandcapture_v10z8vjag6ke6\AC\Microsoft\CLR_v4.0\NativeImages\APIHelper\5c9035189c49528f0874655fb2e62522\APIHelper.ni.dll
2014-10-19 00:28 - 2014-10-19 00:28 - 00031232 _____ () C:\Users\Tomasz\AppData\Local\Packages\ad2f1837.hpscanandcapture_v10z8vjag6ke6\AC\Microsoft\CLR_v4.0\NativeImages\APIHelperInterface\9dd5376ba3a272087b2076390c70d021\APIHelperInterface.ni.dll
2014-10-19 00:28 - 2014-10-19 00:28 - 04028416 _____ () C:\Users\Tomasz\AppData\Local\Packages\ad2f1837.hpscanandcapture_v10z8vjag6ke6\AC\Microsoft\CLR_v4.0\NativeImages\HPCaptureLib\a4c47a20d9520fd76bc1052a824c47c1\HPCaptureLib.ni.dll
2014-10-20 02:54 - 2014-10-20 02:54 - 01259520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Networking\8f0dd293f95c402613c49fb2fac85bdd\Windows.Networking.ni.dll
2014-10-20 02:54 - 2014-10-20 02:54 - 00521216 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\fae2b750f87849ca11806d20b2504bf2\Windows.Data.ni.dll
2014-06-03 05:21 - 2014-06-03 05:21 - 02019840 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Devices\0b4b3f23bdebd1d056b32b31e2f746bb\Windows.Devices.ni.dll
2014-06-03 05:21 - 2014-06-03 05:21 - 00467456 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Graphics\ea818a24554fc2db9a73de1e79afb286\Windows.Graphics.ni.dll
2014-10-20 02:55 - 2014-10-20 02:55 - 00207872 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.System\a4efa88b742703220e527956d8ab4e84\Windows.System.ni.dll
2014-08-11 08:15 - 2014-08-11 08:15 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2014-03-03 13:51 - 2014-03-21 02:18 - 01603608 _____ () C:\Program Files (x86)\AVG Secure Search\TBAPI.dll
2014-02-03 15:36 - 2014-09-21 14:48 - 06448080 _____ () C:\Program Files (x86)\Desura\bin\uicore.dll
2014-02-03 15:36 - 2014-09-21 14:48 - 01728976 _____ () C:\Program Files (x86)\Desura\bin\mcfcore.dll
2014-02-03 15:36 - 2014-09-21 14:48 - 06092240 _____ () C:\Program Files (x86)\Desura\bin\usercore.dll
2014-02-03 15:36 - 2014-09-21 14:48 - 01595344 _____ () C:\Program Files (x86)\Desura\bin\webcore.dll
2014-06-02 06:03 - 2014-09-21 14:48 - 00536064 _____ () C:\Program Files (x86)\Desura\bin\gmock.dll
2014-06-02 06:03 - 2014-09-21 14:48 - 02979840 _____ () C:\Program Files (x86)\Desura\bin\unittest.dll
2014-06-02 06:03 - 2014-09-21 14:48 - 01985488 _____ () C:\Program Files (x86)\Desura\bin\servicecore.dll
2014-02-03 15:36 - 2014-02-03 15:36 - 18300416 _____ () C:\Program Files (x86)\Desura\bin\cef_desura.dll
2014-02-03 15:36 - 2014-02-03 15:36 - 01577761 _____ () C:\Program Files (x86)\Desura\bin\avcodec-53.dll
2014-02-03 15:36 - 2014-02-03 15:36 - 00134035 _____ () C:\Program Files (x86)\Desura\bin\avutil-51.dll
2014-02-03 15:36 - 2014-02-03 15:36 - 00213022 _____ () C:\Program Files (x86)\Desura\bin\avformat-53.dll
2014-02-03 15:36 - 2014-09-21 14:48 - 00820176 _____ () C:\Program Files (x86)\Desura\bin\scriptcore.dll
2014-06-02 06:03 - 2014-09-21 14:48 - 03444224 _____ () C:\Program Files (x86)\Desura\bin\v8.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 13:17 - 2011-02-15 13:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 17:57 - 2010-11-22 17:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 17:57 - 2010-11-22 17:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-20 19:05 - 2013-11-20 19:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2014-08-19 20:34 - 2014-08-19 20:34 - 00031488 _____ () C:\Program Files (x86)\Raptr\ltc_host_ex.DLL
2010-11-22 17:57 - 2010-11-22 17:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-17 19:56 - 2014-06-17 19:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 13:17 - 2011-02-15 13:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 18:06 - 2010-11-22 18:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2014-01-03 06:03 - 2014-01-03 06:03 - 07816192 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
2014-01-03 06:03 - 2014-01-03 06:03 - 01425920 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
2014-01-03 06:03 - 2014-01-03 06:03 - 00188416 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-52.dll
2014-01-03 06:03 - 2014-01-03 06:03 - 00336896 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
2014-01-03 06:03 - 2014-01-03 06:03 - 00096256 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll
2014-10-28 13:30 - 2014-10-21 23:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 13:30 - 2014-10-21 23:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-08-29 19:43 - 2014-08-21 13:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 19:43 - 2014-08-21 13:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-29 19:43 - 2014-08-21 13:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-06-25 13:57 - 2014-10-01 18:16 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-06-25 13:57 - 2014-10-21 14:22 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 19:43 - 2014-08-21 13:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 19:43 - 2014-08-21 13:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-06-25 13:57 - 2014-10-21 14:22 - 00682176 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-06-25 13:57 - 2014-09-04 18:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-14 18:54 - 2014-09-04 18:29 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-10-28 13:30 - 2014-10-21 23:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-28 13:30 - 2014-10-21 23:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-28 13:30 - 2014-10-21 23:05 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Tomasz\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKCU\...\StartupApproved\Run: => "f.lux"

========================= Accounts: ==========================

Administrator (S-1-5-21-2883957329-2792123602-793195274-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2883957329-2792123602-793195274-1006 - Limited - Enabled)
Guest (S-1-5-21-2883957329-2792123602-793195274-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2883957329-2792123602-793195274-1005 - Limited - Enabled)
Tomasz (S-1-5-21-2883957329-2792123602-793195274-1001 - Administrator - Enabled) => C:\Users\Tomasz

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/14/2014 08:26:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 97a0

Start Time: 01d0000de0cb8c05

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: d4c5e177-6c01-11e4-be9d-9cb654b9e792

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (11/14/2014 07:57:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 902c

Start Time: 01d00009afe8f877

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: a3abd4c6-6bfd-11e4-be9d-9cb654b9e792

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (11/13/2014 04:52:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TurbineLauncher.exe, version: 1500.55.9599.4038, time stamp: 0x545c4d0a
Faulting module name: patchclient.DLL, version: 3.0.2.0, time stamp: 0x52f3d636
Exception code: 0xc0000005
Fault offset: 0x0002e779
Faulting process id: 0xa2b4
Faulting application start time: 0xTurbineLauncher.exe0
Faulting application path: TurbineLauncher.exe1
Faulting module path: TurbineLauncher.exe2
Report Id: TurbineLauncher.exe3
Faulting package full name: TurbineLauncher.exe4
Faulting package-relative application ID: TurbineLauncher.exe5

Error: (11/12/2014 03:55:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TurbineLauncher.exe, version: 1500.55.9599.4038, time stamp: 0x545c4d0a
Faulting module name: patchclient.DLL, version: 3.0.2.0, time stamp: 0x52f3d636
Exception code: 0xc0000005
Fault offset: 0x0002e779
Faulting process id: 0x93b8
Faulting application start time: 0xTurbineLauncher.exe0
Faulting application path: TurbineLauncher.exe1
Faulting module path: TurbineLauncher.exe2
Report Id: TurbineLauncher.exe3
Faulting package full name: TurbineLauncher.exe4
Faulting package-relative application ID: TurbineLauncher.exe5

Error: (11/12/2014 03:47:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TurbineLauncher.exe, version: 1500.55.9599.4038, time stamp: 0x545c4d0a
Faulting module name: patchclient.DLL, version: 3.0.2.0, time stamp: 0x52f3d636
Exception code: 0xc0000005
Fault offset: 0x00030e3f
Faulting process id: 0xa154
Faulting application start time: 0xTurbineLauncher.exe0
Faulting application path: TurbineLauncher.exe1
Faulting module path: TurbineLauncher.exe2
Report Id: TurbineLauncher.exe3
Faulting package full name: TurbineLauncher.exe4
Faulting package-relative application ID: TurbineLauncher.exe5

Error: (11/11/2014 09:21:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TurbineLauncher.exe, version: 1500.55.9599.4038, time stamp: 0x545c4d0a
Faulting module name: patchclient.DLL, version: 3.0.2.0, time stamp: 0x52f3d636
Exception code: 0xc0000005
Fault offset: 0x0002e779
Faulting process id: 0x6b24
Faulting application start time: 0xTurbineLauncher.exe0
Faulting application path: TurbineLauncher.exe1
Faulting module path: TurbineLauncher.exe2
Report Id: TurbineLauncher.exe3
Faulting package full name: TurbineLauncher.exe4
Faulting package-relative application ID: TurbineLauncher.exe5

Error: (11/11/2014 08:52:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TurbineLauncher.exe, version: 1500.55.9599.4038, time stamp: 0x545c4d0a
Faulting module name: patchclient.DLL, version: 3.0.2.0, time stamp: 0x52f3d636
Exception code: 0xc0000005
Fault offset: 0x0002e779
Faulting process id: 0x8e8c
Faulting application start time: 0xTurbineLauncher.exe0
Faulting application path: TurbineLauncher.exe1
Faulting module path: TurbineLauncher.exe2
Report Id: TurbineLauncher.exe3
Faulting package full name: TurbineLauncher.exe4
Faulting package-relative application ID: TurbineLauncher.exe5

Error: (11/10/2014 02:35:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TurbineLauncher.exe, version: 1500.55.9599.4038, time stamp: 0x545c4d0a
Faulting module name: patchclient.DLL, version: 3.0.2.0, time stamp: 0x52f3d636
Exception code: 0xc0000005
Fault offset: 0x0002e779
Faulting process id: 0x774c
Faulting application start time: 0xTurbineLauncher.exe0
Faulting application path: TurbineLauncher.exe1
Faulting module path: TurbineLauncher.exe2
Report Id: TurbineLauncher.exe3
Faulting package full name: TurbineLauncher.exe4
Faulting package-relative application ID: TurbineLauncher.exe5

Error: (11/10/2014 02:34:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TurbineLauncher.exe, version: 1500.55.9599.4038, time stamp: 0x545c4d0a
Faulting module name: patchclient.DLL, version: 3.0.2.0, time stamp: 0x52f3d636
Exception code: 0xc0000005
Fault offset: 0x0002e779
Faulting process id: 0x69d8
Faulting application start time: 0xTurbineLauncher.exe0
Faulting application path: TurbineLauncher.exe1
Faulting module path: TurbineLauncher.exe2
Report Id: TurbineLauncher.exe3
Faulting package full name: TurbineLauncher.exe4
Faulting package-relative application ID: TurbineLauncher.exe5

Error: (11/10/2014 02:34:04 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

System errors:
=============
Error: (11/14/2014 04:27:05 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: Windows Malicious Software Removal Tool for Windows 8, 8.1 and Windows Server 2012, 2012 R2 x64 Edition - November 2014 (KB890830).

Error: (11/03/2014 03:47:07 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on E: cannot be read.

Error: (11/03/2014 03:46:41 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

Error: (11/03/2014 03:46:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

Error: (11/02/2014 01:17:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (11/02/2014 01:17:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (10/29/2014 07:12:16 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (10/18/2014 03:35:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hotspot Shield Monitoring Service service failed to start due to the following error:
%%2

Error: (10/15/2014 09:18:30 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (10/15/2014 09:18:28 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Microsoft Office Sessions:
=========================
Error: (11/14/2014 08:26:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2060597a001d0000de0cb8c054294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exed4c5e177-6c01-11e4-be9d-9cb654b9e792microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (11/14/2014 07:57:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20605902c01d00009afe8f8774294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exea3abd4c6-6bfd-11e4-be9d-9cb654b9e792microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (11/13/2014 04:52:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TurbineLauncher.exe1500.55.9599.4038545c4d0apatchclient.DLL3.0.2.052f3d636c00000050002e779a2b401cfff8c18eff91fC:\Program Files (x86)\Turbine\The Lord of the Rings Online\TurbineLauncher.exeC:\Program Files (x86)\Turbine\The Lord of the Rings Online\patchclient.DLL6bbe2155-6b7f-11e4-be9d-9cb654b9e792

Error: (11/12/2014 03:55:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TurbineLauncher.exe1500.55.9599.4038545c4d0apatchclient.DLL3.0.2.052f3d636c00000050002e77993b801cffeb9ed5748edC:\Program Files (x86)\Turbine\The Lord of the Rings Online\TurbineLauncher.exeC:\Program Files (x86)\Turbine\The Lord of the Rings Online\patchclient.DLL4204340a-6aae-11e4-be9d-9cb654b9e792

Error: (11/12/2014 03:47:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TurbineLauncher.exe1500.55.9599.4038545c4d0apatchclient.DLL3.0.2.052f3d636c000000500030e3fa15401cffeb9d5d932dfC:\Program Files (x86)\Turbine\The Lord of the Rings Online\TurbineLauncher.exeC:\Program Files (x86)\Turbine\The Lord of the Rings Online\patchclient.DLL1dbb321e-6aad-11e4-be9d-9cb654b9e792

Error: (11/11/2014 09:21:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TurbineLauncher.exe1500.55.9599.4038545c4d0apatchclient.DLL3.0.2.052f3d636c00000050002e7796b2401cffdba8f90707bC:\Program Files (x86)\Turbine\The Lord of the Rings Online\TurbineLauncher.exeC:\Program Files (x86)\Turbine\The Lord of the Rings Online\patchclient.DLL02a8720d-69ae-11e4-be9d-9cb654b9e792

Error: (11/11/2014 08:52:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TurbineLauncher.exe1500.55.9599.4038545c4d0apatchclient.DLL3.0.2.052f3d636c00000050002e7798e8c01cffdb6875d06f3C:\Program Files (x86)\Turbine\The Lord of the Rings Online\TurbineLauncher.exeC:\Program Files (x86)\Turbine\The Lord of the Rings Online\patchclient.DLLf87bcf01-69a9-11e4-be9d-9cb654b9e792

Error: (11/10/2014 02:35:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TurbineLauncher.exe1500.55.9599.4038545c4d0apatchclient.DLL3.0.2.052f3d636c00000050002e779774c01cffd1d54322671C:\Program Files (x86)\Turbine\The Lord of the Rings Online\TurbineLauncher.exeC:\Program Files (x86)\Turbine\The Lord of the Rings Online\patchclient.DLLca529aeb-6910-11e4-be9d-9cb654b9e792

Error: (11/10/2014 02:34:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TurbineLauncher.exe1500.55.9599.4038545c4d0apatchclient.DLL3.0.2.052f3d636c00000050002e77969d801cffd1d45d6fb0eC:\Program Files (x86)\Turbine\The Lord of the Rings Online\TurbineLauncher.exeC:\Program Files (x86)\Turbine\The Lord of the Rings Online\patchclient.DLL8a926181-6910-11e4-be9d-9cb654b9e792

Error: (11/10/2014 02:34:04 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

==================== Memory info ===========================

Processor: AMD A8-6500 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 67%
Total physical RAM: 7365.14 MB
Available physical RAM: 2427.48 MB
Total Pagefile: 14741.95 MB
Available Pagefile: 7963.94 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1842.56 GB) (Free:1238.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:18.63 GB) (Free:2.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: FBD07F0E)

Partition: GPT Partition Type.

==================== End Of Log ============================

Juliet

2014-11-15, 14:15

Hi and welcome

Since this is a Windows 8.1 machine we may run into tools that wont run on this version...we'll give it a go.

Running from C:\Users\Tomasz\Downloads

We have to move FRST

Please go to your downloads folder and locate Farbar Recovery Scan Tool, right click on this and select CUT
Go to an open spot on your desktop, right click and select PASTE

The tool should now be located on your desktop and we can proceed.

We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done.
Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
If prompted with a legal dialog, accept the warning.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/teatimer/mode.png and then on "Advanced Mode"
http://billy-oneal.com/Canned%20Speeches/speechimages/teatimer/advanced%20mode.png
You may be presented with a warning dialog. If so, press http://billy-oneal.com/Canned%20Speeches/speechimages/teatimer/btnYes.png
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/teatimer/tools.png
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/teatimer/resident.png
Uncheck this checkbox:
http://billy-oneal.com/Canned%20Speeches/speechimages/teatimer/teatimercheck.png
Close/Exit Spybot Search and Destroy

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CloseProcesses:
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={487F7308-D65C-49CC-AF02-AEFACE533447}&mid=8c4cd3bc894447d2a1f54dff125d0e61-9d6ff237c15da783288781e1ddc56f3db02fe907&lang=&ds=&coid=&cmpid=&pr=&d=&v=18.0.0.248&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={487F7308-D65C-49CC-AF02-AEFACE533447}&mid=8c4cd3bc894447d2a1f54dff125d0e61-9d6ff237c15da783288781e1ddc56f3db02fe907&lang=&ds=&coid=&cmpid=&pr=&d=&v=18.0.0.248&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
S2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [X]
C:\ProgramData\hash.dat
C:\Users\Tomasz\jagex_cl_runescape_LIVE.dat
C:\Users\Tomasz\jagex_cl_runescape_LIVE1.dat
C:\Users\Tomasz\jagex_cl_runescape_LIVE_BETA.dat
C:\Users\Tomasz\random.dat
C:\Users\Tomasz\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Tomasz\AppData\Local\Temp\comver.dll
C:\Users\Tomasz\AppData\Local\Temp\ddxx_MesHoooooook.dll
C:\Users\Tomasz\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Tomasz\AppData\Local\Temp\Gw2.exe
C:\Users\Tomasz\AppData\Local\Temp\hcuninstaller_20140220_101735_79512.exe
C:\Users\Tomasz\AppData\Local\Temp\hcuninstaller_20140221_115845_29792.exe
C:\Users\Tomasz\AppData\Local\Temp\HssInstaller.exe
C:\Users\Tomasz\AppData\Local\Temp\hsspk.exe
C:\Users\Tomasz\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Tomasz\AppData\Local\Temp\NGMDll.dll
C:\Users\Tomasz\AppData\Local\Temp\NGMResource.dll
C:\Users\Tomasz\AppData\Local\Temp\oi_{0E265131-8FF4-4AE9-A952-7BDA4E96DEA1}.exe
C:\Users\Tomasz\AppData\Local\Temp\SIntf16.dll
C:\Users\Tomasz\AppData\Local\Temp\SIntf32.dll
C:\Users\Tomasz\AppData\Local\Temp\SIntfNT.dll
C:\Users\Tomasz\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Tomasz\AppData\Local\Temp\SRLDetectionLibrary4822007644872002210.dll
C:\Users\Tomasz\AppData\Local\Temp\unicows.dll
C:\Users\Tomasz\AppData\Local\Temp\war3_Install.exe
AlternateDataStreams: C:\Users\Tomasz\SkyDrive:ms-properties
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
Hosts:
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~
-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.

http://thespykiller.co.uk/files/adwcleaner_download.png

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why (http://www.im-infected.com/hijacker/isearch-avg-comsearch-hijacker.html) and Here (http://nojesusnopeas.blogspot.com/2012/08/sorry-but-avg-secure-search-is-malware.html). You can always Reinstall (http://www.avg.com/us-en/secure-search) it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt

Kingault

2014-11-15, 14:29

When I click on Resident, I get an error saying "Text exceeds memo capacity", and the Resident settings don't load.

Juliet

2014-11-15, 14:40

For right now, if this is the free version (TeaTimer), just uninstall. We can re download it later.

Kingault

2014-11-15, 15:21

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-11-2014 02
Ran by Tomasz at 2014-11-15 08:53:38 Run:1
Running from C:\Users\Tomasz\Desktop
Loaded Profile: Tomasz (Available profiles: Tomasz)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={487F7308-D65C-49CC-AF02-AEFACE533447}&mid=8c4cd3bc894447d2a1f54dff125d0e61-9d6ff237c15da783288781e1ddc56f3db02fe907&lang=&ds=&coid=&cmpid=&pr=&d=&v=18.0.0.248&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={487F7308-D65C-49CC-AF02-AEFACE533447}&mid=8c4cd3bc894447d2a1f54dff125d0e61-9d6ff237c15da783288781e1ddc56f3db02fe907&lang=&ds=&coid=&cmpid=&pr=&d=&v=18.0.0.248&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
S2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [X]
C:\ProgramData\hash.dat
C:\Users\Tomasz\jagex_cl_runescape_LIVE.dat
C:\Users\Tomasz\jagex_cl_runescape_LIVE1.dat
C:\Users\Tomasz\jagex_cl_runescape_LIVE_BETA.dat
C:\Users\Tomasz\random.dat
C:\Users\Tomasz\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Tomasz\AppData\Local\Temp\comver.dll
C:\Users\Tomasz\AppData\Local\Temp\ddxx_MesHoooooook.dll
C:\Users\Tomasz\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Tomasz\AppData\Local\Temp\Gw2.exe
C:\Users\Tomasz\AppData\Local\Temp\hcuninstaller_20140220_101735_79512.exe
C:\Users\Tomasz\AppData\Local\Temp\hcuninstaller_20140221_115845_29792.exe
C:\Users\Tomasz\AppData\Local\Temp\HssInstaller.exe
C:\Users\Tomasz\AppData\Local\Temp\hsspk.exe
C:\Users\Tomasz\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Tomasz\AppData\Local\Temp\NGMDll.dll
C:\Users\Tomasz\AppData\Local\Temp\NGMResource.dll
C:\Users\Tomasz\AppData\Local\Temp\oi_{0E265131-8FF4-4AE9-A952-7BDA4E96DEA1}.exe
C:\Users\Tomasz\AppData\Local\Temp\SIntf16.dll
C:\Users\Tomasz\AppData\Local\Temp\SIntf32.dll
C:\Users\Tomasz\AppData\Local\Temp\SIntfNT.dll
C:\Users\Tomasz\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Tomasz\AppData\Local\Temp\SRLDetectionLibrary4822007644872002210.dll
C:\Users\Tomasz\AppData\Local\Temp\unicows.dll
C:\Users\Tomasz\AppData\Local\Temp\war3_Install.exe
AlternateDataStreams: C:\Users\Tomasz\SkyDrive:ms-properties
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
"HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
"HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
"HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
HssWd => Service deleted successfully.
C:\ProgramData\hash.dat => Moved successfully.
C:\Users\Tomasz\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Tomasz\jagex_cl_runescape_LIVE1.dat => Moved successfully.
C:\Users\Tomasz\jagex_cl_runescape_LIVE_BETA.dat => Moved successfully.
C:\Users\Tomasz\random.dat => Moved successfully.
C:\Users\Tomasz\AppData\Local\Temp\CmdLineExt02.dll => Moved successfully.
C:\Users\Tomasz\AppData\Local\Temp\comver.dll => Moved successfully.
C:\Users\Tomasz\AppData\Local\Temp\ddxx_MesHoooooook.dll => Moved successfully.
C:\Users\Tomasz\AppData\Local\Temp\drm_dyndata_7400009.dll => Moved successfully.
C:\Users\Tomasz\AppData\Local\Temp\Gw2.exe => Moved successfully.
C:\Users\Tomasz\AppData\Local\Temp\hcuninstaller_20140220_101735_79512.exe => Moved successfully.
C:\Users\Tomasz\AppData\Local\Temp\hcuninstaller_20140221_115845_29792.exe => Moved successfully.
C:\Users\Tomasz\AppData\Local\Temp\HssInstaller.exe => Moved successfully.
C:\Users\Tomasz\AppData\Local\Temp\hsspk.exe => Moved successfully.
C:\Users\Tomasz\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe => Moved successfully.
C:\Users\Tomasz\AppData\Local\Temp\NGMDll.dll => Moved successfully.
C:\Users\Tomasz\AppData\Local\Temp\NGMResource.dll => Moved successfully.
C:\Users\Tomasz\AppData\Local\Temp\oi_{0E265131-8FF4-4AE9-A952-7BDA4E96DEA1}.exe => Moved successfully.
C:\Users\Tomasz\AppData\Local\Temp\SIntf16.dll => Moved successfully.
C:\Users\Tomasz\AppData\Local\Temp\SIntf32.dll => Moved successfully.
C:\Users\Tomasz\AppData\Local\Temp\SIntfNT.dll => Moved successfully.
C:\Users\Tomasz\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Tomasz\AppData\Local\Temp\SRLDetectionLibrary4822007644872002210.dll => Moved successfully.
C:\Users\Tomasz\AppData\Local\Temp\unicows.dll => Moved successfully.
C:\Users\Tomasz\AppData\Local\Temp\war3_Install.exe => Moved successfully.
"C:\Users\Tomasz\SkyDrive" => ":ms-properties" ADS not found.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh winsock reset all =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ipv4 reset =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 5.9 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====
# AdwCleaner v4.101 - Report created 15/11/2014 at 09:09:10
# Updated 09/11/2014 by Xplode
# Database : 2014-11-13.1 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : Tomasz - LIQUIDPC
# Running from : C:\Users\Tomasz\Desktop\AdwCleaner (1).exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater18.1.9

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\hotspot shield
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Users\Tomasz\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Tomasz\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Tomasz\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Tomasz\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Tomasz\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Tomasz\AppData\Roaming\hotspot shield
Folder Deleted : C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
Key Deleted : [x64] HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\isearch.avg.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v

-\\ Google Chrome v38.0.2125.111

[C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Chromium v

[C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [7319 octets] - [15/11/2014 09:05:53]
AdwCleaner[S0].txt - [7605 octets] - [15/11/2014 09:09:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7665 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.8 (11.15.2014:1)
OS: Windows 8.1 x64
Ran by Tomasz on Sat 11/15/2014 at 9:18:07.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] "C:\WINDOWS\wininit.ini"

~~~ Folders

Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/15/2014 at 9:20:35.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Juliet

2014-11-15, 17:46

Tell me how the computer is performing now.

Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMDashboard_zpsddef9b5f.gif.html)

On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Dections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes

***************************************

If you already have MBAM on your computer, click on the Update button and allow any updates to be installed.
Then follow the directions and have it scan your system.

~~~~~~~~~~~~~~~~

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.

Go here (http://www.eset.com/us/online-scanner/) to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note:
For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html).
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan.

Please post both these logs.

Kingault

2014-11-16, 02:13

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/15/2014
Scan Time: 3:45:55 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.15.07
Rootkit Database: v2014.11.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Tomasz

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 329094
Time Elapsed: 15 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

ESET:
C:\Users\Tomasz\Downloads\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

Juliet

2014-11-16, 04:33

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CloseProcesses:
C:\Users\Tomasz\Downloads\ccsetup410.exe
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Tell me how the computer is performing now.

Kingault

2014-11-16, 04:50

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-11-2014 02
Ran by Tomasz at 2014-11-15 22:40:57 Run:2
Running from C:\Users\Tomasz\Desktop
Loaded Profile: Tomasz (Available profiles: Tomasz)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\Users\Tomasz\Downloads\ccsetup410.exe
End
*****************

Processes closed successfully.
C:\Users\Tomasz\Downloads\ccsetup410.exe => Moved successfully.

The system needed a reboot.

==== End of Fixlog ====

It's working fine.

Juliet

2014-11-16, 04:54

Download Delfix from here (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)
Ensure Remove disinfection tools is ticked
Also tick:
Create registry backup
Click Run
Purge system restore
http://www.hdrcgb.org.uk/g2g/delfix.jpg

Any other tools and files found can simply be deleted or uninstall via Add/Remove Programs in the Control Panel etc.

Your good to go.

***

Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP

The following programmes come highly recommended in the security community.

http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

Kingault

2014-11-16, 05:36

Done. Thank you.

Juliet

2014-11-16, 13:30

Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.