-
Hello again
JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Piotrek on 09/08/2014 at 10:54:35.72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Piotrek\appdata\locallow\boost_interprocess"
~~~ FireFox
Successfully deleted the following from C:\Users\Piotrek\AppData\Roaming\mozilla\firefox\profiles\dygn9tla.default\prefs.js
user_pref("extensions.kAM0rmpK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>
Emptied folder: C:\Users\Piotrek\AppData\Roaming\mozilla\firefox\profiles\dygn9tla.default\minidumps [3 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/08/2014 at 10:59:54.55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Adwcleaner logs:
# AdwCleaner v3.303 - Report created 07/08/2014 at 01:21:32
# Updated 06/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Piotrek - PIOTREK-PC
# Running from : C:\Users\Piotrek\Downloads\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
Service Found : Websteroids
***** [ Files / Folders ] *****
File Found : C:\END
File Found : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\searchplugins\WSE Rocket.xml
File Found : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\user.js
Folder Found : C:\Program Files (x86)\PC Cleaner
Folder Found : C:\ProgramData\374311380
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\Websteroids
Folder Found : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\Extensions\staged\{ecaa9181-d92a-47b9-8e14-bef9680f204b}
Folder Found : C:\Users\Piotrek\AppData\Local\Rocket
Folder Found : C:\Users\Piotrek\AppData\Local\Websteroids
Folder Found : C:\Users\Piotrek\AppData\Roaming\RocketUpdater
***** [ Scheduled Tasks ] *****
Task Found : Rocket Updater
***** [ Shortcuts ] *****
Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle\SoftwareWatcher bundle.lnk ( "C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe" "/appName=SoftwareWatcher bundle" "/linkurl=hxxp://lp.sweetim.com/SweetPacksBundleUninstaller/" "/searchProviderApp=SoftwareWatcher" "/searchProvider=a different" )
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\Software\DynConIE
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Rocket Browser
Key Found : HKCU\Software\RocketUpdater
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKCU\Software\Rocket Browser
Key Found : [x64] HKCU\Software\RocketUpdater
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17207
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
-\\ Mozilla Firefox v31.0 (x86 en-US)
[ File : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\prefs.js ]
Line Found : user_pref("browser.startup.homepage", "hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1[...]
[ File : C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\dygn9tla.default\prefs.js ]
Line Found : user_pref("extensions.kAM0rmpK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]
-\\ Google Chrome v
[ File : C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
Found [Homepage] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb
*************************
AdwCleaner[R0].txt - [7260 octets] - [07/08/2014 01:21:32]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7320 octets] ##########
# AdwCleaner v3.303 - Report created 07/08/2014 at 10:48:57
# Updated 06/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Piotrek - PIOTREK-PC
# Running from : C:\Users\Piotrek\Downloads\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
Service Found : Websteroids
***** [ Files / Folders ] *****
File Found : C:\END
File Found : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\searchplugins\WSE Rocket.xml
File Found : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\user.js
Folder Found : C:\Program Files (x86)\PC Cleaner
Folder Found : C:\ProgramData\374311380
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\Websteroids
Folder Found : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\Extensions\staged\{ecaa9181-d92a-47b9-8e14-bef9680f204b}
Folder Found : C:\Users\Piotrek\AppData\Local\Rocket
Folder Found : C:\Users\Piotrek\AppData\Local\Websteroids
Folder Found : C:\Users\Piotrek\AppData\Roaming\RocketUpdater
***** [ Scheduled Tasks ] *****
Task Found : Rocket Updater
***** [ Shortcuts ] *****
Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle\SoftwareWatcher bundle.lnk ( "C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe" "/appName=SoftwareWatcher bundle" "/linkurl=hxxp://lp.sweetim.com/SweetPacksBundleUninstaller/" "/searchProviderApp=SoftwareWatcher" "/searchProvider=a different" )
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\Software\DynConIE
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Rocket Browser
Key Found : HKCU\Software\RocketUpdater
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKCU\Software\Rocket Browser
Key Found : [x64] HKCU\Software\RocketUpdater
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17207
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
-\\ Mozilla Firefox v31.0 (x86 en-US)
[ File : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\prefs.js ]
Line Found : user_pref("browser.startup.homepage", "hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1[...]
[ File : C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\dygn9tla.default\prefs.js ]
Line Found : user_pref("extensions.kAM0rmpK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]
-\\ Google Chrome v
[ File : C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
Found [Homepage] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb
*************************
AdwCleaner[R0].txt - [7444 octets] - [07/08/2014 01:21:32]
AdwCleaner[R1].txt - [7320 octets] - [07/08/2014 10:48:57]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [7380 octets] ##########
# AdwCleaner v3.303 - Report created 07/08/2014 at 10:51:41
# Updated 06/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Piotrek - PIOTREK-PC
# Running from : C:\Users\Piotrek\Downloads\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17207
-\\ Mozilla Firefox v31.0 (x86 en-US)
[ File : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\prefs.js ]
[ File : C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\dygn9tla.default\prefs.js ]
-\\ Google Chrome v
[ File : C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
Found [Homepage] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb
*************************
AdwCleaner[R0].txt - [7444 octets] - [07/08/2014 01:21:32]
AdwCleaner[R1].txt - [7504 octets] - [07/08/2014 10:48:57]
AdwCleaner[R2].txt - [1447 octets] - [07/08/2014 10:51:41]
AdwCleaner[S0].txt - [5609 octets] - [07/08/2014 10:49:30]
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1567 octets] ##########
# AdwCleaner v3.303 - Report created 07/08/2014 at 11:02:32
# Updated 06/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Piotrek - PIOTREK-PC
# Running from : C:\Users\Piotrek\Downloads\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17207
-\\ Mozilla Firefox v31.0 (x86 en-US)
[ File : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\prefs.js ]
[ File : C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\dygn9tla.default\prefs.js ]
Line Found : user_pref("extensions.kAM0rmpK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]
-\\ Google Chrome v
[ File : C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
Found [Homepage] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb
*************************
AdwCleaner[R0].txt - [7444 octets] - [07/08/2014 01:21:32]
AdwCleaner[R1].txt - [7504 octets] - [07/08/2014 10:48:57]
AdwCleaner[R2].txt - [1647 octets] - [07/08/2014 10:51:41]
AdwCleaner[R3].txt - [1727 octets] - [07/08/2014 11:02:32]
AdwCleaner[S0].txt - [5609 octets] - [07/08/2014 10:49:30]
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1847 octets] ##########
# AdwCleaner v3.303 - Report created 07/08/2014 at 10:49:30
# Updated 06/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Piotrek - PIOTREK-PC
# Running from : C:\Users\Piotrek\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : Websteroids
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\374311380
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Websteroids
Folder Deleted : C:\Program Files (x86)\PC Cleaner
Folder Deleted : C:\Users\Piotrek\AppData\Local\Rocket
Folder Deleted : C:\Users\Piotrek\AppData\Local\Websteroids
Folder Deleted : C:\Users\Piotrek\AppData\Roaming\RocketUpdater
Folder Deleted : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\Extensions\staged\{ecaa9181-d92a-47b9-8e14-bef9680f204b}
File Deleted : C:\END
File Deleted : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\searchplugins\WSE Rocket.xml
File Deleted : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\user.js
***** [ Scheduled Tasks ] *****
Task Deleted : Rocket Updater
***** [ Shortcuts ] *****
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle\SoftwareWatcher bundle.lnk
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASMANCS
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKLM64\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM64\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM64\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Rocket Browser
Key Deleted : HKCU\Software\RocketUpdater
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17207
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v31.0 (x86 en-US)
[ File : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\prefs.js ]
Line Deleted : user_pref("browser.startup.homepage", "http://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1[...]
[ File : C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\dygn9tla.default\prefs.js ]
Line Deleted : user_pref("extensions.kAM0rmpK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]
-\\ Google Chrome v
[ File : C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Startup_urls] : http://search.conduit.com/?ctid=CT33...96B89915&SSPV=
Deleted [Homepage] : http://search.conduit.com/?ctid=CT33...96B89915&SSPV=
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014
Ran by Piotrek (administrator) on PIOTREK-PC on 09-08-2014 11:12:22
Running from C:\Users\Piotrek\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Roccat GmbH) C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Valve Corporation) G:\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11774568 2011-01-13] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [RoccatKova+] => C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.EXE [539688 2011-03-17] (Roccat GmbH)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3482807897-1788646732-514403234-1001\...\Run: [Reminder] => C:\Program Files (x86)\TTG\Reminder\Reminder.exe [1638496 2010-11-25] (DSG Retail Ltd)
HKU\S-1-5-21-3482807897-1788646732-514403234-1001\...\Run: [DockBar] => C:\Applications\Tools\DockBar\DockBar.exe [2964480 2010-11-25] (DSG Retail Ltd)
HKU\S-1-5-21-3482807897-1788646732-514403234-1001\...\Run: [Recovery Backup Wizard] => C:\Program Files (x86)\TTG\Reminder\Reminder.exe [1638496 2010-11-25] (DSG Retail Ltd)
HKU\S-1-5-21-3482807897-1788646732-514403234-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-3482807897-1788646732-514403234-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: deaill4me -> {5A55077E-9A8F-F6FB-67AD-19115988838A} -> C:\ProgramData\deaill4me\V4w.x64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\dygn9tla.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
Chrome:
=======
CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV="
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultNewTabURL:
CHR Extension: (Scroll Bar 1 Blue) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\affmlfjaccgajlhglnhfhfaiohelbmec [2014-08-05]
CHR Extension: (Google Wallet) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-18]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 KovaPlusFltr; C:\Windows\System32\drivers\KovaPlusFltr.sys [15104 2010-01-25] (ROCCAT Development, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 cpuz134; \??\C:\Users\Piotrek\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S0 nvpciflt; system32\DRIVERS\nvpciflt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-09 10:59 - 2014-08-09 10:59 - 00001153 _____ () C:\Users\Piotrek\Desktop\JRT.txt
2014-08-09 10:54 - 2014-08-09 10:54 - 00000000 ____D () C:\Windows\ERUNT
2014-08-09 10:53 - 2014-08-09 10:53 - 01016261 _____ (Thisisu) C:\Users\Piotrek\Downloads\JRT.exe
2014-08-09 10:51 - 2014-08-09 10:51 - 00001166 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-09 10:51 - 2014-08-09 10:51 - 00001154 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-09 10:51 - 2014-08-09 10:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-09 10:51 - 2014-08-09 10:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-09 10:49 - 2014-08-09 10:50 - 00244320 _____ () C:\Users\Piotrek\Downloads\Firefox Setup Stub 31.0.exe
2014-08-08 12:55 - 2014-08-08 12:55 - 00001084 _____ () C:\Users\Piotrek\Desktop\Kaspersky Security Scan.lnk
2014-08-08 12:55 - 2014-08-08 12:55 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-08-08 12:55 - 2014-08-08 12:55 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-08 12:55 - 2014-08-08 12:55 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-08-08 12:53 - 2014-08-08 12:53 - 00189320 _____ (Kaspersky Lab) C:\Users\Piotrek\Downloads\kss12.0.1.881de_en_es_fr_it_ja_ko_pl_pt_ru_zh_6220.exe
2014-08-07 15:18 - 2014-08-07 15:18 - 00000000 ____D () C:\Users\Piotrek\Documents\ProcAlyzer Dumps
2014-08-07 15:02 - 2014-08-08 10:41 - 00000112 _____ () C:\Windows\setupact.log
2014-08-07 15:02 - 2014-08-07 15:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-07 15:01 - 2014-08-08 10:41 - 00002566 _____ () C:\Windows\PFRO.log
2014-08-07 14:52 - 2014-08-09 09:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-07 14:52 - 2014-08-08 11:45 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-07 14:52 - 2014-08-07 14:52 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-07 14:52 - 2014-08-07 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-07 14:52 - 2014-08-07 14:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-07 14:52 - 2014-08-07 14:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-07 14:52 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-07 14:52 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-07 14:50 - 2014-08-07 14:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Piotrek\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-07 12:21 - 2014-08-07 12:21 - 04813544 _____ (Piriform Ltd) C:\Users\Piotrek\Downloads\ccsetup416.exe
2014-08-07 01:20 - 2014-08-07 11:02 - 00000000 ____D () C:\AdwCleaner
2014-08-07 01:02 - 2014-08-07 01:02 - 01475072 _____ () C:\Users\Piotrek\Downloads\AdwCleaner.exe
2014-08-07 00:48 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-07 00:48 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-06 14:51 - 2014-08-06 14:51 - 00002554 _____ () C:\Users\Piotrek\Downloads\aswMBR.txt
2014-08-06 14:51 - 2014-08-06 14:51 - 00000512 _____ () C:\Users\Piotrek\Downloads\MBR.dat
2014-08-06 14:24 - 2014-08-06 14:24 - 05185536 _____ (AVAST Software) C:\Users\Piotrek\Downloads\aswMBR.exe
2014-08-06 13:39 - 2014-08-09 11:12 - 00012386 _____ () C:\Users\Piotrek\Downloads\FRST.txt
2014-08-06 13:39 - 2014-08-06 13:39 - 00025337 _____ () C:\Users\Piotrek\Downloads\Addition.txt
2014-08-06 13:38 - 2014-08-09 11:12 - 00000000 ____D () C:\FRST
2014-08-06 13:37 - 2014-08-06 13:37 - 02094080 _____ (Farbar) C:\Users\Piotrek\Downloads\FRST64.exe
2014-08-06 13:28 - 2014-08-06 13:28 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PIOTREK-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-08-06 13:28 - 2014-08-06 13:28 - 00000000 ____D () C:\RegBackup
2014-08-06 13:22 - 2014-08-06 13:22 - 00002242 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-08-06 13:22 - 2014-08-06 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-08-06 13:22 - 2014-08-06 13:22 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-08-06 13:21 - 2014-08-06 13:22 - 04057608 _____ () C:\Users\Piotrek\Downloads\tweaking.com_registry_backup_setup.exe
2014-08-06 11:47 - 2014-08-06 11:47 - 00001271 _____ () C:\Users\Piotrek\Desktop\Revo Uninstaller.lnk
2014-08-06 11:47 - 2014-08-06 11:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-06 11:45 - 2014-08-06 11:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Piotrek\Downloads\revosetup.exe
2014-08-05 22:30 - 2014-08-07 10:54 - 00000000 ____D () C:\ProgramData\bd1c007db4678b70
2014-08-05 22:29 - 2014-08-05 22:29 - 00000000 ____D () C:\Users\Piotrek\AppData\Local\Packages
2014-08-05 22:26 - 2014-08-05 22:26 - 00000045 _____ () C:\Users\Piotrek\AppData\Roaming\WB.CFG
2014-08-05 22:22 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-08-05 22:22 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-05 22:22 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-05 22:22 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-08-05 22:22 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-08-05 22:22 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-08-05 22:22 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-08-05 22:22 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-08-05 22:22 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-08-05 22:22 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-08-05 22:22 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-08-05 22:22 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-08-05 22:22 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-08-05 22:22 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-08-05 22:22 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-08-05 22:22 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-08-05 22:20 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-08-05 22:20 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-08-05 22:20 - 2012-05-04 12:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-08-05 22:20 - 2012-05-04 10:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-07-18 21:15 - 2014-07-18 21:15 - 04812672 _____ (Piriform Ltd) C:\Users\Piotrek\Downloads\ccsetup415.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-09 11:12 - 2014-08-06 13:39 - 00012386 _____ () C:\Users\Piotrek\Downloads\FRST.txt
2014-08-09 11:12 - 2014-08-06 13:38 - 00000000 ____D () C:\FRST
2014-08-09 10:59 - 2014-08-09 10:59 - 00001153 _____ () C:\Users\Piotrek\Desktop\JRT.txt
2014-08-09 10:55 - 2014-03-18 18:54 - 01102355 _____ () C:\Windows\WindowsUpdate.log
2014-08-09 10:54 - 2014-08-09 10:54 - 00000000 ____D () C:\Windows\ERUNT
2014-08-09 10:53 - 2014-08-09 10:53 - 01016261 _____ (Thisisu) C:\Users\Piotrek\Downloads\JRT.exe
2014-08-09 10:51 - 2014-08-09 10:51 - 00001166 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-09 10:51 - 2014-08-09 10:51 - 00001154 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-09 10:51 - 2014-08-09 10:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-09 10:51 - 2014-08-09 10:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-09 10:50 - 2014-08-09 10:49 - 00244320 _____ () C:\Users\Piotrek\Downloads\Firefox Setup Stub 31.0.exe
2014-08-09 10:20 - 2011-05-25 11:51 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-09 10:13 - 2014-03-25 00:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-09 09:22 - 2014-08-07 14:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-09 03:17 - 2014-03-20 14:09 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-08-08 15:20 - 2011-05-25 11:51 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-08 12:55 - 2014-08-08 12:55 - 00001084 _____ () C:\Users\Piotrek\Desktop\Kaspersky Security Scan.lnk
2014-08-08 12:55 - 2014-08-08 12:55 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-08-08 12:55 - 2014-08-08 12:55 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-08 12:55 - 2014-08-08 12:55 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-08-08 12:53 - 2014-08-08 12:53 - 00189320 _____ (Kaspersky Lab) C:\Users\Piotrek\Downloads\kss12.0.1.881de_en_es_fr_it_ja_ko_pl_pt_ru_zh_6220.exe
2014-08-08 11:45 - 2014-08-07 14:52 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-08 10:49 - 2009-07-14 05:45 - 00027744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-08 10:49 - 2009-07-14 05:45 - 00027744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-08 10:47 - 2009-07-14 06:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-08 10:42 - 2014-03-18 18:57 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar
2014-08-08 10:41 - 2014-08-07 15:02 - 00000112 _____ () C:\Windows\setupact.log
2014-08-08 10:41 - 2014-08-07 15:01 - 00002566 _____ () C:\Windows\PFRO.log
2014-08-08 10:41 - 2011-05-25 16:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-08 10:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-07 16:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-08-07 15:18 - 2014-08-07 15:18 - 00000000 ____D () C:\Users\Piotrek\Documents\ProcAlyzer Dumps
2014-08-07 15:18 - 2014-03-21 22:42 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-07 15:02 - 2014-08-07 15:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-07 15:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Speech
2014-08-07 14:52 - 2014-08-07 14:52 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-07 14:52 - 2014-08-07 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-07 14:52 - 2014-08-07 14:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-07 14:52 - 2014-08-07 14:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-07 14:51 - 2014-08-07 14:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Piotrek\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-07 12:22 - 2014-03-21 20:24 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-07 12:22 - 2014-03-21 20:24 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-07 12:21 - 2014-08-07 12:21 - 04813544 _____ (Piriform Ltd) C:\Users\Piotrek\Downloads\ccsetup416.exe
2014-08-07 11:02 - 2014-08-07 01:20 - 00000000 ____D () C:\AdwCleaner
2014-08-07 10:54 - 2014-08-05 22:30 - 00000000 ____D () C:\ProgramData\bd1c007db4678b70
2014-08-07 10:49 - 2014-03-18 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle
2014-08-07 01:02 - 2014-08-07 01:02 - 01475072 _____ () C:\Users\Piotrek\Downloads\AdwCleaner.exe
2014-08-06 14:51 - 2014-08-06 14:51 - 00002554 _____ () C:\Users\Piotrek\Downloads\aswMBR.txt
2014-08-06 14:51 - 2014-08-06 14:51 - 00000512 _____ () C:\Users\Piotrek\Downloads\MBR.dat
2014-08-06 14:24 - 2014-08-06 14:24 - 05185536 _____ (AVAST Software) C:\Users\Piotrek\Downloads\aswMBR.exe
2014-08-06 13:39 - 2014-08-06 13:39 - 00025337 _____ () C:\Users\Piotrek\Downloads\Addition.txt
2014-08-06 13:37 - 2014-08-06 13:37 - 02094080 _____ (Farbar) C:\Users\Piotrek\Downloads\FRST64.exe
2014-08-06 13:28 - 2014-08-06 13:28 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PIOTREK-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-08-06 13:28 - 2014-08-06 13:28 - 00000000 ____D () C:\RegBackup
2014-08-06 13:22 - 2014-08-06 13:22 - 00002242 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-08-06 13:22 - 2014-08-06 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-08-06 13:22 - 2014-08-06 13:22 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-08-06 13:22 - 2014-08-06 13:21 - 04057608 _____ () C:\Users\Piotrek\Downloads\tweaking.com_registry_backup_setup.exe
2014-08-06 11:47 - 2014-08-06 11:47 - 00001271 _____ () C:\Users\Piotrek\Desktop\Revo Uninstaller.lnk
2014-08-06 11:47 - 2014-08-06 11:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-06 11:45 - 2014-08-06 11:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Piotrek\Downloads\revosetup.exe
2014-08-06 11:06 - 2014-04-11 20:07 - 00000000 ___RD () C:\Users\Piotrek\Desktop\piatek
2014-08-06 09:21 - 2014-03-21 22:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-05 22:29 - 2014-08-05 22:29 - 00000000 ____D () C:\Users\Piotrek\AppData\Local\Packages
2014-08-05 22:26 - 2014-08-05 22:26 - 00000045 _____ () C:\Users\Piotrek\AppData\Roaming\WB.CFG
2014-08-05 22:24 - 2014-03-21 00:42 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-05 22:24 - 2014-03-21 00:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-05 22:24 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-05 22:22 - 2014-03-21 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-18 21:16 - 2014-03-21 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-18 21:15 - 2014-07-18 21:15 - 04812672 _____ (Piriform Ltd) C:\Users\Piotrek\Downloads\ccsetup415.exe
2014-07-11 11:02 - 2014-05-04 13:18 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\TS3Client
2014-07-10 09:58 - 2009-07-14 05:45 - 00276200 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 09:56 - 2014-04-30 02:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 09:56 - 2010-11-21 08:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 09:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 09:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 02:23 - 2014-03-24 22:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 02:22 - 2014-03-24 22:21 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-07 16:49
==================== End Of Log ============================
Anything more?
this ads deal4me I can't remove , and still opening some sexchat window or something like that :scratch:
when try to replay to this post again -> click to replay but opened 2 new windows - clickcompare.... and second window, live chat with naked girll:rockon::red:
no more websteroids ads, before this websteroids i saw as running process on windows task menager . Now nothing like that.
Thanks for help btw :)
-
do this;
Click on start and in the search field type in notepad. Copy paste whats below in the code box and save it to your desktop as fixlist.txt
Code:
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: deaill4me -> {5A55077E-9A8F-F6FB-67AD-19115988838A} -> C:\ProgramData\deaill4me\V4w.x64.dll No File
CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV="
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultNewTabURL:
CHR Extension: (Scroll Bar 1 Blue) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\affmlfjaccgajlhglnhfhfaiohelbmec [2014-08-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Launch the FRST icon and press the Fix button just once and wait, the program will automatically launch and run fixlist.txt script.
The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
-
Hi ,
FRST results:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-08-2014 01
Ran by Piotrek at 2014-08-10 10:46:08 Run:1
Running from C:\Users\Piotrek\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: deaill4me -> {5A55077E-9A8F-F6FB-67AD-19115988838A} -> C:\ProgramData\deaill4me\V4w.x64.dll No File
CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV="
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultNewTabURL:
CHR Extension: (Scroll Bar 1 Blue) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\affmlfjaccgajlhglnhfhfaiohelbmec [2014-08-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
*****************
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A55077E-9A8F-F6FB-67AD-19115988838A}" => Key deleted successfully.
"HKCR\CLSID\{5A55077E-9A8F-F6FB-67AD-19115988838A}" => Key deleted successfully.
CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=" ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchKeyword: conduit.search ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: Conduit Search ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultNewTabURL: => Error: No automatic fix found for this entry.
C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\affmlfjaccgajlhglnhfhfaiohelbmec => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
==== End of Fixlog ====
thx again
-
ok. Next:
Reset Chrome settings:
Click the Chrome menu Chrome menu on the browser toolbar.
Select Settings.
Click Show advanced settings and find the "Reset browser settings” section.
Click Reset browser settings.
In the dialog that appears, click Reset. Note: When the "Help make Google Chrome better by reporting the current settings" checkbox is selected you are anonymously sending Google your Chrome settings. Reporting these settings allows us to analyze trends and work to prevent future unwanted settings changes.
Source
-
I dont have chrome istalled, when installing firefox i dont whant to have chrome.
-
-
done!!!:bigthumb:
I have been opened some websites and dont see anymore this ads.
Working fine . Thank You again ang hope last time.
Please , can you tell me wich antiviruses is good enoughe :
1Spybot AV
2 kaspersky
3 norton
4 mcafee ?
As far as i know , i need to buy some antivirus but not sure wich one.
any suggestion ?
-
Ok, good. I think we are done. You can uninstall adwcleaner by starting it and clicking the uninstall button. The JRT icon just delete as well as the JRT folder @ C:/
Malwarebytes you can keep and use. Remember the free version must be updated manually and a scan started manually.
Yes you do need antivirus but the adware you had most likely was installed when you installed some other software. Pay attention to where you download software. There are many download portals that will bundle all kinds of "offers." Check my link below.
As far as AV goes: You only need one on your computer. Free versions are just as good as the paid versions. Try one out for a few days, if you like it-keep it. If not uninstall it and try another one. Free AV in no special order:
Avast
Avria
Comodo
AVG
Bitdefender
If all is good- then happy safe surfing out there.