Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: Barowwsoe2Save

  1. #11
    Junior Member
    Join Date
    Aug 2014
    Posts
    9

    Default

    Hello again
    JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Piotrek on 09/08/2014 at 10:54:35.72
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\Piotrek\appdata\locallow\boost_interprocess"



    ~~~ FireFox

    Successfully deleted the following from C:\Users\Piotrek\AppData\Roaming\mozilla\firefox\profiles\dygn9tla.default\prefs.js

    user_pref("extensions.kAM0rmpK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>
    Emptied folder: C:\Users\Piotrek\AppData\Roaming\mozilla\firefox\profiles\dygn9tla.default\minidumps [3 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 09/08/2014 at 10:59:54.55
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Adwcleaner logs:
    # AdwCleaner v3.303 - Report created 07/08/2014 at 01:21:32
    # Updated 06/08/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Piotrek - PIOTREK-PC
    # Running from : C:\Users\Piotrek\Downloads\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****

    Service Found : Websteroids

    ***** [ Files / Folders ] *****

    File Found : C:\END
    File Found : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\searchplugins\WSE Rocket.xml
    File Found : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\user.js
    Folder Found : C:\Program Files (x86)\PC Cleaner
    Folder Found : C:\ProgramData\374311380
    Folder Found : C:\ProgramData\Partner
    Folder Found : C:\ProgramData\Websteroids
    Folder Found : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\Extensions\staged\{ecaa9181-d92a-47b9-8e14-bef9680f204b}
    Folder Found : C:\Users\Piotrek\AppData\Local\Rocket
    Folder Found : C:\Users\Piotrek\AppData\Local\Websteroids
    Folder Found : C:\Users\Piotrek\AppData\Roaming\RocketUpdater

    ***** [ Scheduled Tasks ] *****

    Task Found : Rocket Updater

    ***** [ Shortcuts ] *****

    Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle\SoftwareWatcher bundle.lnk ( "C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe" "/appName=SoftwareWatcher bundle" "/linkurl=hxxp://lp.sweetim.com/SweetPacksBundleUninstaller/" "/searchProviderApp=SoftwareWatcher" "/searchProvider=a different" )

    ***** [ Registry ] *****

    Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Found : HKCU\Software\AppDataLow\Software\DynConIE
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\IM
    Key Found : HKCU\Software\InstallCore
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
    Key Found : HKCU\Software\Rocket Browser
    Key Found : HKCU\Software\RocketUpdater
    Key Found : [x64] HKCU\Software\Conduit
    Key Found : [x64] HKCU\Software\IM
    Key Found : [x64] HKCU\Software\InstallCore
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Found : [x64] HKCU\Software\Rocket Browser
    Key Found : [x64] HKCU\Software\RocketUpdater
    Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Found : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Found : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids
    Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
    Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17207

    Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
    Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
    Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=

    -\\ Mozilla Firefox v31.0 (x86 en-US)

    [ File : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\prefs.js ]

    Line Found : user_pref("browser.startup.homepage", "hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1[...]

    [ File : C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\dygn9tla.default\prefs.js ]

    Line Found : user_pref("extensions.kAM0rmpK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]

    -\\ Google Chrome v

    [ File : C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Found [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
    Found [Homepage] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
    Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
    Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

    *************************

    AdwCleaner[R0].txt - [7260 octets] - [07/08/2014 01:21:32]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7320 octets] ##########



    # AdwCleaner v3.303 - Report created 07/08/2014 at 10:48:57
    # Updated 06/08/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Piotrek - PIOTREK-PC
    # Running from : C:\Users\Piotrek\Downloads\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****

    Service Found : Websteroids

    ***** [ Files / Folders ] *****

    File Found : C:\END
    File Found : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\searchplugins\WSE Rocket.xml
    File Found : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\user.js
    Folder Found : C:\Program Files (x86)\PC Cleaner
    Folder Found : C:\ProgramData\374311380
    Folder Found : C:\ProgramData\Partner
    Folder Found : C:\ProgramData\Websteroids
    Folder Found : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\Extensions\staged\{ecaa9181-d92a-47b9-8e14-bef9680f204b}
    Folder Found : C:\Users\Piotrek\AppData\Local\Rocket
    Folder Found : C:\Users\Piotrek\AppData\Local\Websteroids
    Folder Found : C:\Users\Piotrek\AppData\Roaming\RocketUpdater

    ***** [ Scheduled Tasks ] *****

    Task Found : Rocket Updater

    ***** [ Shortcuts ] *****

    Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle\SoftwareWatcher bundle.lnk ( "C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe" "/appName=SoftwareWatcher bundle" "/linkurl=hxxp://lp.sweetim.com/SweetPacksBundleUninstaller/" "/searchProviderApp=SoftwareWatcher" "/searchProvider=a different" )

    ***** [ Registry ] *****

    Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Found : HKCU\Software\AppDataLow\Software\DynConIE
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\IM
    Key Found : HKCU\Software\InstallCore
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
    Key Found : HKCU\Software\Rocket Browser
    Key Found : HKCU\Software\RocketUpdater
    Key Found : [x64] HKCU\Software\Conduit
    Key Found : [x64] HKCU\Software\IM
    Key Found : [x64] HKCU\Software\InstallCore
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Found : [x64] HKCU\Software\Rocket Browser
    Key Found : [x64] HKCU\Software\RocketUpdater
    Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Found : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Found : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids
    Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
    Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17207

    Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
    Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
    Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=

    -\\ Mozilla Firefox v31.0 (x86 en-US)

    [ File : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\prefs.js ]

    Line Found : user_pref("browser.startup.homepage", "hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1[...]

    [ File : C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\dygn9tla.default\prefs.js ]

    Line Found : user_pref("extensions.kAM0rmpK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]

    -\\ Google Chrome v

    [ File : C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Found [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
    Found [Homepage] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
    Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
    Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

    *************************

    AdwCleaner[R0].txt - [7444 octets] - [07/08/2014 01:21:32]
    AdwCleaner[R1].txt - [7320 octets] - [07/08/2014 10:48:57]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [7380 octets] ##########


    # AdwCleaner v3.303 - Report created 07/08/2014 at 10:51:41
    # Updated 06/08/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Piotrek - PIOTREK-PC
    # Running from : C:\Users\Piotrek\Downloads\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17207


    -\\ Mozilla Firefox v31.0 (x86 en-US)

    [ File : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\prefs.js ]


    [ File : C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\dygn9tla.default\prefs.js ]


    -\\ Google Chrome v

    [ File : C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Found [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
    Found [Homepage] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
    Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
    Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

    *************************

    AdwCleaner[R0].txt - [7444 octets] - [07/08/2014 01:21:32]
    AdwCleaner[R1].txt - [7504 octets] - [07/08/2014 10:48:57]
    AdwCleaner[R2].txt - [1447 octets] - [07/08/2014 10:51:41]
    AdwCleaner[S0].txt - [5609 octets] - [07/08/2014 10:49:30]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1567 octets] ##########


    # AdwCleaner v3.303 - Report created 07/08/2014 at 11:02:32
    # Updated 06/08/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Piotrek - PIOTREK-PC
    # Running from : C:\Users\Piotrek\Downloads\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17207


    -\\ Mozilla Firefox v31.0 (x86 en-US)

    [ File : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\prefs.js ]


    [ File : C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\dygn9tla.default\prefs.js ]

    Line Found : user_pref("extensions.kAM0rmpK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]

    -\\ Google Chrome v

    [ File : C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Found [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
    Found [Homepage] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
    Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
    Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

    *************************

    AdwCleaner[R0].txt - [7444 octets] - [07/08/2014 01:21:32]
    AdwCleaner[R1].txt - [7504 octets] - [07/08/2014 10:48:57]
    AdwCleaner[R2].txt - [1647 octets] - [07/08/2014 10:51:41]
    AdwCleaner[R3].txt - [1727 octets] - [07/08/2014 11:02:32]
    AdwCleaner[S0].txt - [5609 octets] - [07/08/2014 10:49:30]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1847 octets] ##########



    # AdwCleaner v3.303 - Report created 07/08/2014 at 10:49:30
    # Updated 06/08/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Piotrek - PIOTREK-PC
    # Running from : C:\Users\Piotrek\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    [#] Service Deleted : Websteroids

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\374311380
    Folder Deleted : C:\ProgramData\Partner
    Folder Deleted : C:\ProgramData\Websteroids
    Folder Deleted : C:\Program Files (x86)\PC Cleaner
    Folder Deleted : C:\Users\Piotrek\AppData\Local\Rocket
    Folder Deleted : C:\Users\Piotrek\AppData\Local\Websteroids
    Folder Deleted : C:\Users\Piotrek\AppData\Roaming\RocketUpdater
    Folder Deleted : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\Extensions\staged\{ecaa9181-d92a-47b9-8e14-bef9680f204b}
    File Deleted : C:\END
    File Deleted : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\searchplugins\WSE Rocket.xml
    File Deleted : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\user.js

    ***** [ Scheduled Tasks ] *****

    Task Deleted : Rocket Updater

    ***** [ Shortcuts ] *****

    Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle\SoftwareWatcher bundle.lnk

    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASMANCS
    Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Deleted : HKLM64\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
    Key Deleted : HKLM64\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
    Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Deleted : HKLM64\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\Rocket Browser
    Key Deleted : HKCU\Software\RocketUpdater
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
    Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17207

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
    Setting Restored : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

    -\\ Mozilla Firefox v31.0 (x86 en-US)

    [ File : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\prefs.js ]

    Line Deleted : user_pref("browser.startup.homepage", "http://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1[...]

    [ File : C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\dygn9tla.default\prefs.js ]

    Line Deleted : user_pref("extensions.kAM0rmpK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]

    -\\ Google Chrome v

    [ File : C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted [Startup_urls] : http://search.conduit.com/?ctid=CT33...96B89915&SSPV=
    Deleted [Homepage] : http://search.conduit.com/?ctid=CT33...96B89915&SSPV=
    Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
    Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014
    Ran by Piotrek (administrator) on PIOTREK-PC on 09-08-2014 11:12:22
    Running from C:\Users\Piotrek\Downloads
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Roccat GmbH) C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
    (Valve Corporation) G:\Steam\Steam.exe
    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11774568 2011-01-13] (Realtek Semiconductor)
    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [RoccatKova+] => C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.EXE [539688 2011-03-17] (Roccat GmbH)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-3482807897-1788646732-514403234-1001\...\Run: [Reminder] => C:\Program Files (x86)\TTG\Reminder\Reminder.exe [1638496 2010-11-25] (DSG Retail Ltd)
    HKU\S-1-5-21-3482807897-1788646732-514403234-1001\...\Run: [DockBar] => C:\Applications\Tools\DockBar\DockBar.exe [2964480 2010-11-25] (DSG Retail Ltd)
    HKU\S-1-5-21-3482807897-1788646732-514403234-1001\...\Run: [Recovery Backup Wizard] => C:\Program Files (x86)\TTG\Reminder\Reminder.exe [1638496 2010-11-25] (DSG Retail Ltd)
    HKU\S-1-5-21-3482807897-1788646732-514403234-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
    HKU\S-1-5-21-3482807897-1788646732-514403234-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&q={searchTerms}&SSPV=
    SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: deaill4me -> {5A55077E-9A8F-F6FB-67AD-19115988838A} -> C:\ProgramData\deaill4me\V4w.x64.dll No File
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\dygn9tla.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

    Chrome:
    =======
    CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV="
    CHR DefaultSearchKeyword: conduit.search
    CHR DefaultSearchProvider: Conduit Search
    CHR DefaultNewTabURL:
    CHR Extension: (Scroll Bar 1 Blue) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\affmlfjaccgajlhglnhfhfaiohelbmec [2014-08-05]
    CHR Extension: (Google Wallet) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-18]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
    R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 KovaPlusFltr; C:\Windows\System32\drivers\KovaPlusFltr.sys [15104 2010-01-25] (ROCCAT Development, Inc.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-09] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
    S3 cpuz134; \??\C:\Users\Piotrek\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
    S0 nvpciflt; system32\DRIVERS\nvpciflt.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-09 10:59 - 2014-08-09 10:59 - 00001153 _____ () C:\Users\Piotrek\Desktop\JRT.txt
    2014-08-09 10:54 - 2014-08-09 10:54 - 00000000 ____D () C:\Windows\ERUNT
    2014-08-09 10:53 - 2014-08-09 10:53 - 01016261 _____ (Thisisu) C:\Users\Piotrek\Downloads\JRT.exe
    2014-08-09 10:51 - 2014-08-09 10:51 - 00001166 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2014-08-09 10:51 - 2014-08-09 10:51 - 00001154 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2014-08-09 10:51 - 2014-08-09 10:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-08-09 10:51 - 2014-08-09 10:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-08-09 10:49 - 2014-08-09 10:50 - 00244320 _____ () C:\Users\Piotrek\Downloads\Firefox Setup Stub 31.0.exe
    2014-08-08 12:55 - 2014-08-08 12:55 - 00001084 _____ () C:\Users\Piotrek\Desktop\Kaspersky Security Scan.lnk
    2014-08-08 12:55 - 2014-08-08 12:55 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
    2014-08-08 12:55 - 2014-08-08 12:55 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
    2014-08-08 12:55 - 2014-08-08 12:55 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
    2014-08-08 12:53 - 2014-08-08 12:53 - 00189320 _____ (Kaspersky Lab) C:\Users\Piotrek\Downloads\kss12.0.1.881de_en_es_fr_it_ja_ko_pl_pt_ru_zh_6220.exe
    2014-08-07 15:18 - 2014-08-07 15:18 - 00000000 ____D () C:\Users\Piotrek\Documents\ProcAlyzer Dumps
    2014-08-07 15:02 - 2014-08-08 10:41 - 00000112 _____ () C:\Windows\setupact.log
    2014-08-07 15:02 - 2014-08-07 15:02 - 00000000 _____ () C:\Windows\setuperr.log
    2014-08-07 15:01 - 2014-08-08 10:41 - 00002566 _____ () C:\Windows\PFRO.log
    2014-08-07 14:52 - 2014-08-09 09:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-08-07 14:52 - 2014-08-08 11:45 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-08-07 14:52 - 2014-08-07 14:52 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-08-07 14:52 - 2014-08-07 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-08-07 14:52 - 2014-08-07 14:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-08-07 14:52 - 2014-08-07 14:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-08-07 14:52 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-08-07 14:52 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-08-07 14:50 - 2014-08-07 14:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Piotrek\Downloads\mbam-setup-2.0.2.1012.exe
    2014-08-07 12:21 - 2014-08-07 12:21 - 04813544 _____ (Piriform Ltd) C:\Users\Piotrek\Downloads\ccsetup416.exe
    2014-08-07 01:20 - 2014-08-07 11:02 - 00000000 ____D () C:\AdwCleaner
    2014-08-07 01:02 - 2014-08-07 01:02 - 01475072 _____ () C:\Users\Piotrek\Downloads\AdwCleaner.exe
    2014-08-07 00:48 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2014-08-07 00:48 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2014-08-06 14:51 - 2014-08-06 14:51 - 00002554 _____ () C:\Users\Piotrek\Downloads\aswMBR.txt
    2014-08-06 14:51 - 2014-08-06 14:51 - 00000512 _____ () C:\Users\Piotrek\Downloads\MBR.dat
    2014-08-06 14:24 - 2014-08-06 14:24 - 05185536 _____ (AVAST Software) C:\Users\Piotrek\Downloads\aswMBR.exe
    2014-08-06 13:39 - 2014-08-09 11:12 - 00012386 _____ () C:\Users\Piotrek\Downloads\FRST.txt
    2014-08-06 13:39 - 2014-08-06 13:39 - 00025337 _____ () C:\Users\Piotrek\Downloads\Addition.txt
    2014-08-06 13:38 - 2014-08-09 11:12 - 00000000 ____D () C:\FRST
    2014-08-06 13:37 - 2014-08-06 13:37 - 02094080 _____ (Farbar) C:\Users\Piotrek\Downloads\FRST64.exe
    2014-08-06 13:28 - 2014-08-06 13:28 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PIOTREK-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
    2014-08-06 13:28 - 2014-08-06 13:28 - 00000000 ____D () C:\RegBackup
    2014-08-06 13:22 - 2014-08-06 13:22 - 00002242 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2014-08-06 13:22 - 2014-08-06 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-08-06 13:22 - 2014-08-06 13:22 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2014-08-06 13:21 - 2014-08-06 13:22 - 04057608 _____ () C:\Users\Piotrek\Downloads\tweaking.com_registry_backup_setup.exe
    2014-08-06 11:47 - 2014-08-06 11:47 - 00001271 _____ () C:\Users\Piotrek\Desktop\Revo Uninstaller.lnk
    2014-08-06 11:47 - 2014-08-06 11:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
    2014-08-06 11:45 - 2014-08-06 11:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Piotrek\Downloads\revosetup.exe
    2014-08-05 22:30 - 2014-08-07 10:54 - 00000000 ____D () C:\ProgramData\bd1c007db4678b70
    2014-08-05 22:29 - 2014-08-05 22:29 - 00000000 ____D () C:\Users\Piotrek\AppData\Local\Packages
    2014-08-05 22:26 - 2014-08-05 22:26 - 00000045 _____ () C:\Users\Piotrek\AppData\Roaming\WB.CFG
    2014-08-05 22:22 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
    2014-08-05 22:22 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2014-08-05 22:22 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2014-08-05 22:22 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
    2014-08-05 22:22 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
    2014-08-05 22:22 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2014-08-05 22:22 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
    2014-08-05 22:22 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
    2014-08-05 22:22 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
    2014-08-05 22:22 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
    2014-08-05 22:22 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2014-08-05 22:22 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
    2014-08-05 22:22 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2014-08-05 22:22 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2014-08-05 22:22 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
    2014-08-05 22:22 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2014-08-05 22:20 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
    2014-08-05 22:20 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
    2014-08-05 22:20 - 2012-05-04 12:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2014-08-05 22:20 - 2012-05-04 10:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2014-07-18 21:15 - 2014-07-18 21:15 - 04812672 _____ (Piriform Ltd) C:\Users\Piotrek\Downloads\ccsetup415.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-09 11:12 - 2014-08-06 13:39 - 00012386 _____ () C:\Users\Piotrek\Downloads\FRST.txt
    2014-08-09 11:12 - 2014-08-06 13:38 - 00000000 ____D () C:\FRST
    2014-08-09 10:59 - 2014-08-09 10:59 - 00001153 _____ () C:\Users\Piotrek\Desktop\JRT.txt
    2014-08-09 10:55 - 2014-03-18 18:54 - 01102355 _____ () C:\Windows\WindowsUpdate.log
    2014-08-09 10:54 - 2014-08-09 10:54 - 00000000 ____D () C:\Windows\ERUNT
    2014-08-09 10:53 - 2014-08-09 10:53 - 01016261 _____ (Thisisu) C:\Users\Piotrek\Downloads\JRT.exe
    2014-08-09 10:51 - 2014-08-09 10:51 - 00001166 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2014-08-09 10:51 - 2014-08-09 10:51 - 00001154 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2014-08-09 10:51 - 2014-08-09 10:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-08-09 10:51 - 2014-08-09 10:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-08-09 10:50 - 2014-08-09 10:49 - 00244320 _____ () C:\Users\Piotrek\Downloads\Firefox Setup Stub 31.0.exe
    2014-08-09 10:20 - 2011-05-25 11:51 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-08-09 10:13 - 2014-03-25 00:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-08-09 09:22 - 2014-08-07 14:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-08-09 03:17 - 2014-03-20 14:09 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2014-08-08 15:20 - 2011-05-25 11:51 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-08-08 12:55 - 2014-08-08 12:55 - 00001084 _____ () C:\Users\Piotrek\Desktop\Kaspersky Security Scan.lnk
    2014-08-08 12:55 - 2014-08-08 12:55 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
    2014-08-08 12:55 - 2014-08-08 12:55 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
    2014-08-08 12:55 - 2014-08-08 12:55 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
    2014-08-08 12:53 - 2014-08-08 12:53 - 00189320 _____ (Kaspersky Lab) C:\Users\Piotrek\Downloads\kss12.0.1.881de_en_es_fr_it_ja_ko_pl_pt_ru_zh_6220.exe
    2014-08-08 11:45 - 2014-08-07 14:52 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-08-08 10:49 - 2009-07-14 05:45 - 00027744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-08-08 10:49 - 2009-07-14 05:45 - 00027744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-08-08 10:47 - 2009-07-14 06:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-08-08 10:42 - 2014-03-18 18:57 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar
    2014-08-08 10:41 - 2014-08-07 15:02 - 00000112 _____ () C:\Windows\setupact.log
    2014-08-08 10:41 - 2014-08-07 15:01 - 00002566 _____ () C:\Windows\PFRO.log
    2014-08-08 10:41 - 2011-05-25 16:38 - 00000000 ____D () C:\ProgramData\NVIDIA
    2014-08-08 10:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-08-07 16:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
    2014-08-07 15:18 - 2014-08-07 15:18 - 00000000 ____D () C:\Users\Piotrek\Documents\ProcAlyzer Dumps
    2014-08-07 15:18 - 2014-03-21 22:42 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-08-07 15:02 - 2014-08-07 15:02 - 00000000 _____ () C:\Windows\setuperr.log
    2014-08-07 15:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Speech
    2014-08-07 14:52 - 2014-08-07 14:52 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-08-07 14:52 - 2014-08-07 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-08-07 14:52 - 2014-08-07 14:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-08-07 14:52 - 2014-08-07 14:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-08-07 14:51 - 2014-08-07 14:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Piotrek\Downloads\mbam-setup-2.0.2.1012.exe
    2014-08-07 12:22 - 2014-03-21 20:24 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-08-07 12:22 - 2014-03-21 20:24 - 00000000 ____D () C:\Program Files\CCleaner
    2014-08-07 12:21 - 2014-08-07 12:21 - 04813544 _____ (Piriform Ltd) C:\Users\Piotrek\Downloads\ccsetup416.exe
    2014-08-07 11:02 - 2014-08-07 01:20 - 00000000 ____D () C:\AdwCleaner
    2014-08-07 10:54 - 2014-08-05 22:30 - 00000000 ____D () C:\ProgramData\bd1c007db4678b70
    2014-08-07 10:49 - 2014-03-18 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle
    2014-08-07 01:02 - 2014-08-07 01:02 - 01475072 _____ () C:\Users\Piotrek\Downloads\AdwCleaner.exe
    2014-08-06 14:51 - 2014-08-06 14:51 - 00002554 _____ () C:\Users\Piotrek\Downloads\aswMBR.txt
    2014-08-06 14:51 - 2014-08-06 14:51 - 00000512 _____ () C:\Users\Piotrek\Downloads\MBR.dat
    2014-08-06 14:24 - 2014-08-06 14:24 - 05185536 _____ (AVAST Software) C:\Users\Piotrek\Downloads\aswMBR.exe
    2014-08-06 13:39 - 2014-08-06 13:39 - 00025337 _____ () C:\Users\Piotrek\Downloads\Addition.txt
    2014-08-06 13:37 - 2014-08-06 13:37 - 02094080 _____ (Farbar) C:\Users\Piotrek\Downloads\FRST64.exe
    2014-08-06 13:28 - 2014-08-06 13:28 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PIOTREK-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
    2014-08-06 13:28 - 2014-08-06 13:28 - 00000000 ____D () C:\RegBackup
    2014-08-06 13:22 - 2014-08-06 13:22 - 00002242 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2014-08-06 13:22 - 2014-08-06 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-08-06 13:22 - 2014-08-06 13:22 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2014-08-06 13:22 - 2014-08-06 13:21 - 04057608 _____ () C:\Users\Piotrek\Downloads\tweaking.com_registry_backup_setup.exe
    2014-08-06 11:47 - 2014-08-06 11:47 - 00001271 _____ () C:\Users\Piotrek\Desktop\Revo Uninstaller.lnk
    2014-08-06 11:47 - 2014-08-06 11:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
    2014-08-06 11:45 - 2014-08-06 11:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Piotrek\Downloads\revosetup.exe
    2014-08-06 11:06 - 2014-04-11 20:07 - 00000000 ___RD () C:\Users\Piotrek\Desktop\piatek
    2014-08-06 09:21 - 2014-03-21 22:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-08-05 22:29 - 2014-08-05 22:29 - 00000000 ____D () C:\Users\Piotrek\AppData\Local\Packages
    2014-08-05 22:26 - 2014-08-05 22:26 - 00000045 _____ () C:\Users\Piotrek\AppData\Roaming\WB.CFG
    2014-08-05 22:24 - 2014-03-21 00:42 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-08-05 22:24 - 2014-03-21 00:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-08-05 22:24 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-08-05 22:22 - 2014-03-21 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-07-18 21:16 - 2014-03-21 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2014-07-18 21:15 - 2014-07-18 21:15 - 04812672 _____ (Piriform Ltd) C:\Users\Piotrek\Downloads\ccsetup415.exe
    2014-07-11 11:02 - 2014-05-04 13:18 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\TS3Client
    2014-07-10 09:58 - 2009-07-14 05:45 - 00276200 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-07-10 09:56 - 2014-04-30 02:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-07-10 09:56 - 2010-11-21 08:17 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-07-10 09:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2014-07-10 09:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
    2014-07-10 02:23 - 2014-03-24 22:21 - 00000000 ____D () C:\Windows\system32\MRT
    2014-07-10 02:22 - 2014-03-24 22:21 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-08-07 16:49

    ==================== End Of Log ============================


    Anything more?
    this ads deal4me I can't remove , and still opening some sexchat window or something like that
    when try to replay to this post again -> click to replay but opened 2 new windows - clickcompare.... and second window, live chat with naked girll
    no more websteroids ads, before this websteroids i saw as running process on windows task menager . Now nothing like that.
    Thanks for help btw

  2. #12
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    do this;

    Click on start and in the search field type in notepad. Copy paste whats below in the code box and save it to your desktop as fixlist.txt

    Code:
    SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&q={searchTerms}&SSPV=
    SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: deaill4me -> {5A55077E-9A8F-F6FB-67AD-19115988838A} -> C:\ProgramData\deaill4me\V4w.x64.dll No File
    CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV="
    CHR DefaultSearchKeyword: conduit.search
    CHR DefaultSearchProvider: Conduit Search
    CHR DefaultNewTabURL:
    CHR Extension: (Scroll Bar 1 Blue) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\affmlfjaccgajlhglnhfhfaiohelbmec [2014-08-05]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    Launch the FRST icon and press the Fix button just once and wait, the program will automatically launch and run fixlist.txt script.
    The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
    How Can I Reduce My Risk?

  3. #13
    Junior Member
    Join Date
    Aug 2014
    Posts
    9

    Default

    Hi ,
    FRST results:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-08-2014 01
    Ran by Piotrek at 2014-08-10 10:46:08 Run:1
    Running from C:\Users\Piotrek\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&q={searchTerms}&SSPV=
    SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: deaill4me -> {5A55077E-9A8F-F6FB-67AD-19115988838A} -> C:\ProgramData\deaill4me\V4w.x64.dll No File
    CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV="
    CHR DefaultSearchKeyword: conduit.search
    CHR DefaultSearchProvider: Conduit Search
    CHR DefaultNewTabURL:
    CHR Extension: (Scroll Bar 1 Blue) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\affmlfjaccgajlhglnhfhfaiohelbmec [2014-08-05]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    *****************

    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully.
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    "HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A55077E-9A8F-F6FB-67AD-19115988838A}" => Key deleted successfully.
    "HKCR\CLSID\{5A55077E-9A8F-F6FB-67AD-19115988838A}" => Key deleted successfully.
    CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=" ==> The Chrome "Settings" can be used to fix the entry.
    CHR DefaultSearchKeyword: conduit.search ==> The Chrome "Settings" can be used to fix the entry.
    CHR DefaultSearchProvider: Conduit Search ==> The Chrome "Settings" can be used to fix the entry.
    CHR DefaultNewTabURL: => Error: No automatic fix found for this entry.
    C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\affmlfjaccgajlhglnhfhfaiohelbmec => Moved successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

    ==== End of Fixlog ====

    thx again

  4. #14
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    ok. Next:

    Reset Chrome settings:

    Click the Chrome menu Chrome menu on the browser toolbar.
    Select Settings.
    Click Show advanced settings and find the "Reset browser settings” section.
    Click Reset browser settings.
    In the dialog that appears, click Reset. Note: When the "Help make Google Chrome better by reporting the current settings" checkbox is selected you are anonymously sending Google your Chrome settings. Reporting these settings allows us to analyze trends and work to prevent future unwanted settings changes.

    Source
    How Can I Reduce My Risk?

  5. #15
    Junior Member
    Join Date
    Aug 2014
    Posts
    9

    Default

    I dont have chrome istalled, when installing firefox i dont whant to have chrome.

  6. #16
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066
    How Can I Reduce My Risk?

  7. #17
    Junior Member
    Join Date
    Aug 2014
    Posts
    9

    Default

    done!!!
    I have been opened some websites and dont see anymore this ads.
    Working fine . Thank You again ang hope last time.
    Please , can you tell me wich antiviruses is good enoughe :
    1Spybot AV
    2 kaspersky
    3 norton
    4 mcafee ?
    As far as i know , i need to buy some antivirus but not sure wich one.
    any suggestion ?

  8. #18
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Ok, good. I think we are done. You can uninstall adwcleaner by starting it and clicking the uninstall button. The JRT icon just delete as well as the JRT folder @ C:/

    Malwarebytes you can keep and use. Remember the free version must be updated manually and a scan started manually.

    Yes you do need antivirus but the adware you had most likely was installed when you installed some other software. Pay attention to where you download software. There are many download portals that will bundle all kinds of "offers." Check my link below.

    As far as AV goes: You only need one on your computer. Free versions are just as good as the paid versions. Try one out for a few days, if you like it-keep it. If not uninstall it and try another one. Free AV in no special order:

    Avast
    Avria
    Comodo
    AVG
    Bitdefender

    If all is good- then happy safe surfing out there.
    How Can I Reduce My Risk?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •