Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Barowwsoe2Save

  1. #1
    Junior Member
    Join Date
    Aug 2014
    Posts
    9

    Question Barowwsoe2Save

    Hello there
    I have been run Spybot - Search & Destroy 2.2 and results is malware Barowwsoe2Save.
    Follow by links i hope i good understand and start this topic. ( run spybot many times and still get this malware)

    FRST notepad:
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014
    Ran by Piotrek (administrator) on PIOTREK-PC on 06-08-2014 13:39:15
    Running from C:\Users\Piotrek\Downloads
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Roccat GmbH) C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11774568 2011-01-13] (Realtek Semiconductor)
    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [RoccatKova+] => C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.EXE [539688 2011-03-17] (Roccat GmbH)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-3482807897-1788646732-514403234-1001\...\Run: [Reminder] => C:\Program Files (x86)\TTG\Reminder\Reminder.exe [1638496 2010-11-25] (DSG Retail Ltd)
    HKU\S-1-5-21-3482807897-1788646732-514403234-1001\...\Run: [DockBar] => C:\Applications\Tools\DockBar\DockBar.exe [2964480 2010-11-25] (DSG Retail Ltd)
    HKU\S-1-5-21-3482807897-1788646732-514403234-1001\...\Run: [Recovery Backup Wizard] => C:\Program Files (x86)\TTG\Reminder\Reminder.exe [1638496 2010-11-25] (DSG Retail Ltd)
    HKU\S-1-5-21-3482807897-1788646732-514403234-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
    AppInit_DLLs: C:\PROGRA~3\BROWSE~1\BROWSE~2.DLL => C:\ProgramData\Browser System Enahncer\BrowserSystemEnahncer_x64.dll [4302848 2014-08-05] ()
    AppInit_DLLs-x32: c:\progra~3\browse~1\browse~1.dll => c:\ProgramData\Browser System Enahncer\BrowserSystemEnahncer.dll [4124160 2014-08-05] ()
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rocket-find.com/?f=1&a=rckt_i...2090515887&ir=
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rocket-find.com/?f=1&a=rckt_i...2090515887&ir=
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://rocket-find.com/?f=1&a=rckt_i...2090515887&ir=
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
    SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
    SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&q={searchTerms}&SSPV=
    SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
    SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
    BHO: deaill4me -> {5A55077E-9A8F-F6FB-67AD-19115988838A} -> C:\ProgramData\deaill4me\V4w.x64.dll ()
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: deaill4me -> {5A55077E-9A8F-F6FB-67AD-19115988838A} -> C:\ProgramData\deaill4me\V4w.dll ()
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\dygn9tla.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Extension: deaal4mE - C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\dygn9tla.default\Extensions\ymvjkw@dbbgvospr.com [2014-08-06]

    Chrome:
    =======
    CHR HomePage: hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
    CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV="
    CHR DefaultSearchKeyword: conduit.search
    CHR DefaultSearchProvider: Conduit Search
    CHR DefaultSearchURL: http://search.conduit.com/Results.aspx?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&q={searchTerms}&SSPV=
    CHR DefaultNewTabURL:
    CHR Extension: (Scroll Bar 1 Blue) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\affmlfjaccgajlhglnhfhfaiohelbmec [2014-08-05]
    CHR Extension: (Google Wallet) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-18]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 671c50b0; c:\ProgramData\Browser System Enahncer\BrowserSystemEnahncerSvc.dll [186192 2014-08-05] () [File not signed]
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
    R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
    S2 Websteroids; "C:\ProgramData\Websteroids\up\2.6.80\WebsteroidsService.exe" "C:\ProgramData\Websteroids\up\2.6.80\Websteroids.exe"

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 KovaPlusFltr; C:\Windows\System32\drivers\KovaPlusFltr.sys [15104 2010-01-25] (ROCCAT Development, Inc.)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
    S3 cpuz134; \??\C:\Users\Piotrek\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
    S0 nvpciflt; system32\DRIVERS\nvpciflt.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-06 13:39 - 2014-08-06 13:39 - 00014623 _____ () C:\Users\Piotrek\Downloads\FRST.txt
    2014-08-06 13:38 - 2014-08-06 13:39 - 00000000 ____D () C:\FRST
    2014-08-06 13:37 - 2014-08-06 13:37 - 02094080 _____ (Farbar) C:\Users\Piotrek\Downloads\FRST64.exe
    2014-08-06 13:28 - 2014-08-06 13:28 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PIOTREK-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
    2014-08-06 13:28 - 2014-08-06 13:28 - 00000000 ____D () C:\RegBackup
    2014-08-06 13:22 - 2014-08-06 13:22 - 00002242 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2014-08-06 13:22 - 2014-08-06 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-08-06 13:22 - 2014-08-06 13:22 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2014-08-06 13:21 - 2014-08-06 13:22 - 04057608 _____ () C:\Users\Piotrek\Downloads\tweaking.com_registry_backup_setup.exe
    2014-08-06 11:47 - 2014-08-06 11:47 - 00001271 _____ () C:\Users\Piotrek\Desktop\Revo Uninstaller.lnk
    2014-08-06 11:47 - 2014-08-06 11:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
    2014-08-06 11:45 - 2014-08-06 11:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Piotrek\Downloads\revosetup.exe
    2014-08-06 11:45 - 2014-08-06 11:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-08-05 22:30 - 2014-08-05 22:30 - 00000000 ____D () C:\ProgramData\bd1c007db4678b70
    2014-08-05 22:29 - 2014-08-05 22:30 - 00000000 ____D () C:\ProgramData\deaill4me
    2014-08-05 22:29 - 2014-08-05 22:29 - 00000000 ____D () C:\Users\Piotrek\AppData\Local\Packages
    2014-08-05 22:26 - 2014-08-05 22:26 - 00000045 _____ () C:\Users\Piotrek\AppData\Roaming\WB.CFG
    2014-08-05 22:22 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
    2014-08-05 22:22 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2014-08-05 22:22 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2014-08-05 22:22 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
    2014-08-05 22:22 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
    2014-08-05 22:22 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2014-08-05 22:22 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
    2014-08-05 22:22 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
    2014-08-05 22:22 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
    2014-08-05 22:22 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
    2014-08-05 22:22 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2014-08-05 22:22 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
    2014-08-05 22:22 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2014-08-05 22:22 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2014-08-05 22:22 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
    2014-08-05 22:22 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2014-08-05 22:22 - 2013-10-01 21:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2014-08-05 22:22 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2014-08-05 22:20 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
    2014-08-05 22:20 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
    2014-08-05 22:20 - 2012-05-04 12:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2014-08-05 22:20 - 2012-05-04 10:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2014-08-05 22:07 - 2014-08-05 22:07 - 00000000 ____D () C:\ProgramData\Browser System Enahncer
    2014-07-19 15:35 - 2014-08-06 09:09 - 00000504 _____ () C:\Windows\setupact.log
    2014-07-19 15:35 - 2014-07-19 15:35 - 00000000 _____ () C:\Windows\setuperr.log
    2014-07-18 21:15 - 2014-07-18 21:15 - 04812672 _____ (Piriform Ltd) C:\Users\Piotrek\Downloads\ccsetup415.exe
    2014-07-09 18:30 - 2014-06-30 03:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-07-09 18:30 - 2014-06-30 03:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-07-09 18:30 - 2014-06-20 21:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-07-09 18:30 - 2014-06-20 20:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-07-09 18:30 - 2014-06-19 02:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-07-09 18:30 - 2014-06-19 02:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-07-09 18:30 - 2014-06-19 02:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-07-09 18:30 - 2014-06-19 01:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-07-09 18:30 - 2014-06-19 01:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-07-09 18:30 - 2014-06-19 01:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-07-09 18:30 - 2014-06-19 01:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-07-09 18:30 - 2014-06-19 01:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-07-09 18:30 - 2014-06-19 01:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-07-09 18:30 - 2014-06-19 01:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-07-09 18:30 - 2014-06-19 01:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-07-09 18:30 - 2014-06-19 01:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-07-09 18:30 - 2014-06-19 01:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-07-09 18:30 - 2014-06-19 01:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-07-09 18:30 - 2014-06-19 01:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-07-09 18:30 - 2014-06-19 01:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-07-09 18:30 - 2014-06-19 01:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-07-09 18:30 - 2014-06-19 00:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-07-09 18:30 - 2014-06-19 00:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-07-09 18:30 - 2014-06-19 00:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-07-09 18:30 - 2014-06-19 00:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-07-09 18:30 - 2014-06-19 00:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-07-09 18:30 - 2014-06-19 00:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-07-09 18:30 - 2014-06-19 00:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-07-09 18:30 - 2014-06-19 00:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-07-09 18:30 - 2014-06-19 00:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-07-09 18:30 - 2014-06-19 00:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-07-09 18:30 - 2014-06-19 00:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-07-09 18:30 - 2014-06-19 00:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-07-09 18:30 - 2014-06-19 00:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-07-09 18:30 - 2014-06-19 00:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-07-09 18:30 - 2014-06-19 00:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-07-09 18:30 - 2014-06-19 00:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-07-09 18:30 - 2014-06-19 00:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-07-09 18:30 - 2014-06-19 00:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-07-09 18:30 - 2014-06-19 00:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-07-09 18:30 - 2014-06-19 00:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-07-09 18:30 - 2014-06-19 00:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-07-09 18:30 - 2014-06-19 00:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-07-09 18:30 - 2014-06-19 00:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-07-09 18:30 - 2014-06-18 23:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-07-09 18:30 - 2014-06-18 23:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-07-09 18:30 - 2014-06-18 23:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-07-09 18:30 - 2014-06-18 23:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-07-09 18:30 - 2014-06-18 23:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-07-09 18:30 - 2014-06-18 23:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-07-09 18:30 - 2014-06-18 23:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-07-09 18:30 - 2014-06-18 23:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-07-09 18:30 - 2014-06-18 23:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-07-09 18:30 - 2014-06-18 23:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-07-09 18:30 - 2014-06-18 23:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-07-09 18:30 - 2014-06-18 23:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-07-09 18:30 - 2014-06-18 23:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-07-09 18:30 - 2014-06-18 23:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-07-09 18:30 - 2014-06-18 03:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
    2014-07-09 18:30 - 2014-06-18 02:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
    2014-07-09 18:30 - 2014-06-18 02:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-07-09 18:30 - 2014-06-06 11:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2014-07-09 18:30 - 2014-06-06 10:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2014-07-09 18:30 - 2014-05-30 09:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-07-09 18:30 - 2014-05-30 09:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-07-09 18:30 - 2014-05-30 09:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-07-09 18:30 - 2014-05-30 09:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-07-09 18:30 - 2014-05-30 09:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-07-09 18:30 - 2014-05-30 09:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-07-09 18:30 - 2014-05-30 09:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-07-09 18:30 - 2014-05-30 08:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-07-09 18:30 - 2014-05-30 08:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-07-09 18:30 - 2014-05-30 08:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-07-09 18:30 - 2014-05-30 08:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2014-07-09 18:30 - 2014-05-30 08:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-07-09 18:30 - 2014-05-30 08:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-07-09 18:30 - 2014-05-30 08:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-07-09 18:30 - 2014-05-30 07:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2014-07-09 18:29 - 2014-06-05 15:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-07-09 18:29 - 2014-06-05 15:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-07-09 18:29 - 2014-06-05 15:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-06 13:39 - 2014-08-06 13:39 - 00014623 _____ () C:\Users\Piotrek\Downloads\FRST.txt
    2014-08-06 13:39 - 2014-08-06 13:38 - 00000000 ____D () C:\FRST
    2014-08-06 13:37 - 2014-08-06 13:37 - 02094080 _____ (Farbar) C:\Users\Piotrek\Downloads\FRST64.exe
    2014-08-06 13:28 - 2014-08-06 13:28 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PIOTREK-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
    2014-08-06 13:28 - 2014-08-06 13:28 - 00000000 ____D () C:\RegBackup
    2014-08-06 13:26 - 2014-07-02 19:26 - 00000300 _____ () C:\Windows\Tasks\Rocket Updater.job
    2014-08-06 13:22 - 2014-08-06 13:22 - 00002242 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2014-08-06 13:22 - 2014-08-06 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-08-06 13:22 - 2014-08-06 13:22 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2014-08-06 13:22 - 2014-08-06 13:21 - 04057608 _____ () C:\Users\Piotrek\Downloads\tweaking.com_registry_backup_setup.exe
    2014-08-06 13:20 - 2011-05-25 11:51 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-08-06 13:13 - 2014-03-25 00:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-08-06 13:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
    2014-08-06 11:47 - 2014-08-06 11:47 - 00001271 _____ () C:\Users\Piotrek\Desktop\Revo Uninstaller.lnk
    2014-08-06 11:47 - 2014-08-06 11:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
    2014-08-06 11:47 - 2014-07-06 14:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-08-06 11:45 - 2014-08-06 11:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Piotrek\Downloads\revosetup.exe
    2014-08-06 11:45 - 2014-08-06 11:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-08-06 11:06 - 2014-04-11 20:07 - 00000000 ___RD () C:\Users\Piotrek\Desktop\piatek
    2014-08-06 09:21 - 2014-03-21 22:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-08-06 09:16 - 2009-07-14 05:45 - 00027744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-08-06 09:16 - 2009-07-14 05:45 - 00027744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-08-06 09:15 - 2009-07-14 06:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-08-06 09:13 - 2014-03-18 18:54 - 02001155 _____ () C:\Windows\WindowsUpdate.log
    2014-08-06 09:10 - 2014-03-18 18:57 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar
    2014-08-06 09:09 - 2014-07-19 15:35 - 00000504 _____ () C:\Windows\setupact.log
    2014-08-06 09:09 - 2011-05-25 16:38 - 00000000 ____D () C:\ProgramData\NVIDIA
    2014-08-06 09:09 - 2011-05-25 11:51 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-08-06 09:09 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-08-05 22:30 - 2014-08-05 22:30 - 00000000 ____D () C:\ProgramData\bd1c007db4678b70
    2014-08-05 22:30 - 2014-08-05 22:29 - 00000000 ____D () C:\ProgramData\deaill4me
    2014-08-05 22:29 - 2014-08-05 22:29 - 00000000 ____D () C:\Users\Piotrek\AppData\Local\Packages
    2014-08-05 22:26 - 2014-08-05 22:26 - 00000045 _____ () C:\Users\Piotrek\AppData\Roaming\WB.CFG
    2014-08-05 22:24 - 2014-03-21 00:42 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-08-05 22:24 - 2014-03-21 00:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-08-05 22:24 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-08-05 22:22 - 2014-03-21 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-08-05 22:07 - 2014-08-05 22:07 - 00000000 ____D () C:\ProgramData\Browser System Enahncer
    2014-08-05 22:07 - 2014-07-02 19:35 - 00000000 ____D () C:\ProgramData\374311380
    2014-07-19 15:35 - 2014-07-19 15:35 - 00000000 _____ () C:\Windows\setuperr.log
    2014-07-18 21:16 - 2014-03-21 20:24 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-07-18 21:16 - 2014-03-21 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2014-07-18 21:16 - 2014-03-21 20:24 - 00000000 ____D () C:\Program Files\CCleaner
    2014-07-18 21:15 - 2014-07-18 21:15 - 04812672 _____ (Piriform Ltd) C:\Users\Piotrek\Downloads\ccsetup415.exe
    2014-07-11 11:02 - 2014-05-04 13:18 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\TS3Client
    2014-07-10 09:58 - 2009-07-14 05:45 - 00276200 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-07-10 09:56 - 2014-04-30 02:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-07-10 09:56 - 2010-11-21 08:17 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-07-10 09:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2014-07-10 09:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
    2014-07-10 02:23 - 2014-03-24 22:21 - 00000000 ____D () C:\Windows\system32\MRT
    2014-07-10 02:22 - 2014-03-24 22:21 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-07-09 14:13 - 2014-03-25 00:32 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-07-09 14:13 - 2014-03-25 00:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-07-09 14:13 - 2014-03-25 00:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-08-06 12:36

    ==================== End Of Log ============================



    second results from notepad:
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2014
    Ran by Piotrek at 2014-08-06 13:39:37
    Running from C:\Users\Piotrek\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
    Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
    Adobe Reader X (10.0.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
    Arma: Cold War Assault (HKLM-x32\...\Steam App 65790) (Version: - Bohemia Interactive)
    Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
    Browser System Enahncer (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{671c50b0}) (Version: - WorldLoad) <==== ATTENTION
    Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version: - )
    CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
    Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
    Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version: - Valve)
    Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    deaill4me (HKLM-x32\...\{09854D8E-46B5-057B-5B6E-BFD2A04AD5AB}) (Version: - deaal4me) <==== ATTENTION
    Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
    Dziobas Rar Player 0.009.52 (HKLM-x32\...\Dziobas Rar Player_is1) (Version: - Kamil Dzióbek)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    Half-Life (HKLM-x32\...\Steam App 70) (Version: - Valve)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    March of War (HKLM-x32\...\Steam App 234310) (Version: - ISOTX)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
    Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    NVIDIA 3D Vision Controller Driver (x32 Version: 270.61 - NVIDIA Corporation) Hidden
    NVIDIA 3D Vision Controller Driver 270.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 270.61 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
    NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
    NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
    NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
    NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
    NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
    NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
    NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
    NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.)
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6285 - Realtek Semiconductor Corp.)
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    ROCCAT Kova[+] Mouse Driver (HKLM-x32\...\{A86DDFE3-F661-461C-9BF2-876AC2CA57DE}) (Version: 1.10 - Roccat GmbH)
    SoftwareWatcher bundle (HKLM-x32\...\SoftwareWatcher bundle) (Version: 2.0.0.3 - SoftwareWatcher)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
    Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
    TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)
    Websteroids (x32 Version: 2.6.63 - Creative Island Media, LLC) Hidden <==== ATTENTION
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    WinRAR 5.01 (32-bit) (x32 Version: 5.01.0 - win.rar GmbH) Hidden
    World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    05-07-2014 21:25:03 Windows Update
    09-07-2014 09:36:41 Windows Update
    10-07-2014 01:21:35 Windows Update
    13-07-2014 20:55:12 Windows Update
    17-07-2014 17:42:57 Windows Update
    22-07-2014 10:33:12 Windows Update
    05-08-2014 21:09:12 Windows Update
    05-08-2014 21:20:59 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 03:34 - 2014-07-15 21:43 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {04689C78-D5E3-4CC0-B0D7-669961099C15} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
    Task: {2612853A-CB1B-4345-8CAF-DFC637A193CD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
    Task: {4D210953-C671-4674-A07B-B3E4E583E6A4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
    Task: {4DA40ADD-FAA4-4F85-A811-1C54EC3814F9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
    Task: {56AC4133-B1F0-4A55-899D-01B60BA4EA89} - System32\Tasks\Rocket Updater => C:\Users\Piotrek\AppData\Roaming\RocketUpdater\UpdateProc\UpdateTask.exe [2013-04-12] ()
    Task: {66306778-DA2F-4D0E-9A16-31BEF5155C33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-25] (Google Inc.)
    Task: {6C91A5A7-1EDB-4F94-B874-9A1985AC1664} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-25] (Google Inc.)
    Task: {789D9A1F-7D4D-4C6E-974A-93DBD5621D58} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
    Task: {9BC37C6F-560C-40F9-AD8F-3579349FF1F5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\Rocket Updater.job => C:\Users\Piotrek\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

    ==================== Loaded Modules (whitelisted) =============

    2011-04-08 00:19 - 2013-10-23 09:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2014-08-05 22:07 - 2014-08-05 22:07 - 04302848 _____ () C:\ProgramData\Browser System Enahncer\BrowserSystemEnahncer_x64.dll
    2014-08-05 22:07 - 2014-08-05 22:07 - 04124160 _____ () c:\ProgramData\Browser System Enahncer\BrowserSystemEnahncer.dll
    2014-08-05 22:07 - 2014-08-05 22:07 - 00186192 _____ () c:\ProgramData\Browser System Enahncer\BrowserSystemEnahncerSvc.dll
    2014-03-21 22:42 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2014-03-21 22:42 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2014-03-21 22:42 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2014-03-21 22:42 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2014-03-21 22:42 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2014-06-28 16:22 - 2010-05-29 14:57 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\hiddriver.dll
    2014-08-06 11:45 - 2014-08-06 11:45 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/06/2014 09:09:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/05/2014 10:39:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/05/2014 10:24:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/05/2014 10:16:30 PM) (Source: Windows Backup) (EventID: 4103) (User: )
    Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

    Error: (08/05/2014 10:06:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (07/22/2014 10:38:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (07/21/2014 09:09:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (07/21/2014 00:00:00 AM) (Source: Windows Backup) (EventID: 4103) (User: )
    Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

    Error: (07/20/2014 11:38:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (07/19/2014 03:36:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (08/06/2014 09:09:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Websteroids service failed to start due to the following error:
    %%2

    Error: (08/05/2014 10:39:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Websteroids service failed to start due to the following error:
    %%2

    Error: (08/05/2014 10:24:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Websteroids service failed to start due to the following error:
    %%2

    Error: (08/05/2014 10:06:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Websteroids service failed to start due to the following error:
    %%2

    Error: (08/05/2014 10:06:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
    %%1053

    Error: (08/05/2014 10:06:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

    Error: (07/22/2014 10:38:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Websteroids service failed to start due to the following error:
    %%2

    Error: (07/21/2014 09:08:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Websteroids service failed to start due to the following error:
    %%2

    Error: (07/20/2014 11:38:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Websteroids service failed to start due to the following error:
    %%2

    Error: (07/19/2014 03:35:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Websteroids service failed to start due to the following error:
    %%2


    Microsoft Office Sessions:
    =========================
    Error: (08/06/2014 09:09:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/05/2014 10:39:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/05/2014 10:24:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/05/2014 10:16:30 PM) (Source: Windows Backup) (EventID: 4103) (User: )
    Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

    Error: (08/05/2014 10:06:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (07/22/2014 10:38:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (07/21/2014 09:09:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (07/21/2014 00:00:00 AM) (Source: Windows Backup) (EventID: 4103) (User: )
    Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

    Error: (07/20/2014 11:38:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (07/19/2014 03:36:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    ==================== Memory info ===========================

    Percentage of memory in use: 33%
    Total physical RAM: 8173.64 MB
    Available physical RAM: 5411.98 MB
    Total Pagefile: 16345.46 MB
    Available Pagefile: 13494.76 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:119.72 GB) (Free:74.37 GB) NTFS
    Drive g: (New Volume) (Fixed) (Total:644.53 GB) (Free:584.14 GB) NTFS
    Drive h: (New Volume) (Fixed) (Total:625 GB) (Free:601.53 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 12374DF0)
    Partition 1: (Active) - (Size=8 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=120 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=645 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=625 GB) - (Type=OF Extended)

    ==================== End Of Log ============================



    and results aswMBR


    aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
    Run date: 2014-08-06 14:33:21
    -----------------------------
    14:33:21.514 OS Version: Windows x64 6.1.7601 Service Pack 1
    14:33:21.514 Number of processors: 4 586 0x2A07
    14:33:21.514 ComputerName: PIOTREK-PC UserName: Piotrek
    14:33:22.138 Initialize success
    14:33:22.185 VM: initialized successfully
    14:33:22.200 VM: Intel CPU supported
    14:33:26.622 VM: supported disk I/O ataport.SYS
    14:38:18.042 AVAST engine defs: 14080500
    14:40:25.323 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
    14:40:25.323 Disk 0 Vendor: ST1500DL003-9VT16L CC4A Size: 1430799MB BusType: 11
    14:40:25.448 VM: Disk 0 MBR read successfully
    14:40:25.463 Disk 0 MBR scan
    14:40:25.494 Disk 0 Windows 7 default MBR code
    14:40:25.510 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 8201 MB offset 2048
    14:40:25.526 Disk 0 default boot code
    14:40:25.541 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122595 MB offset 16797696
    14:40:25.572 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 660000 MB offset 267872256
    14:40:25.588 Disk 0 Partition - 00 0F Extended LBA 640001 MB offset 1619552256
    14:40:26.118 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 640000 MB offset 1619554304
    14:40:26.212 Disk 0 scanning C:\Windows\system32\drivers
    14:40:38.879 Service scanning
    14:41:02.825 Modules scanning
    14:41:02.825 Disk 0 trace - called modules:
    14:41:02.841 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    14:41:02.841 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e04060]
    14:41:02.856 3 CLASSPNP.SYS[fffff88001bc943f] -> nt!IofCallDriver -> [0xfffffa80077563f0]
    14:41:02.856 5 ACPI.sys[fffff88000f4b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007b45060]
    14:41:05.056 AVAST engine scan C:\Windows
    14:41:09.065 AVAST engine scan C:\Windows\system32
    14:44:35.610 AVAST engine scan C:\Windows\system32\drivers
    14:44:51.054 AVAST engine scan C:\Users\Piotrek
    14:46:20.645 AVAST engine scan C:\ProgramData
    14:46:22.095 File: C:\ProgramData\Browser System Enahncer\BrowserSystemEnahncer.dll **INFECTED** Win32:Malware-gen
    14:46:56.681 Scan finished successfully
    14:51:49.056 Disk 0 MBR has been saved successfully to "C:\Users\Piotrek\Downloads\MBR.dat"
    14:51:49.088 The log file has been saved successfully to "C:\Users\Piotrek\Downloads\aswMBR.txt"

    from now i dont know what to do now ?

    Thanks for your patience (I poorly understand English)

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    hi duczos1,

    We will do two things:

    1)Look in your add/remove programs panel and uninstall:
    Browser System Enahncer

    2) Please download Adwcleaner.exe to your desktop.
    Double click on AdwCleaner.exe, select OK, then Run
    Click on the Scan button
    Once the scan is done click on the Report button
    Copy and paste the contents of the log file in your reply
    You can also find the logfile at C:\AdwCleaner[R1].txt as well
    Exit AdwCleaner with the X (close) button. click ok at the final prompt.
    How Can I Reduce My Risk?

  3. #3
    Junior Member
    Join Date
    Aug 2014
    Posts
    9

    Default


    so quick reapley to my post , again thanks a lot.
    Report from AdwCleaner :
    # AdwCleaner v3.303 - Report created 07/08/2014 at 01:21:32
    # Updated 06/08/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Piotrek - PIOTREK-PC
    # Running from : C:\Users\Piotrek\Downloads\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****

    Service Found : Websteroids

    ***** [ Files / Folders ] *****

    File Found : C:\END
    File Found : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\searchplugins\WSE Rocket.xml
    File Found : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\user.js
    Folder Found : C:\Program Files (x86)\PC Cleaner
    Folder Found : C:\ProgramData\374311380
    Folder Found : C:\ProgramData\Partner
    Folder Found : C:\ProgramData\Websteroids
    Folder Found : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\Extensions\staged\{ecaa9181-d92a-47b9-8e14-bef9680f204b}
    Folder Found : C:\Users\Piotrek\AppData\Local\Rocket
    Folder Found : C:\Users\Piotrek\AppData\Local\Websteroids
    Folder Found : C:\Users\Piotrek\AppData\Roaming\RocketUpdater

    ***** [ Scheduled Tasks ] *****

    Task Found : Rocket Updater

    ***** [ Shortcuts ] *****

    Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle\SoftwareWatcher bundle.lnk ( "C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe" "/appName=SoftwareWatcher bundle" "/linkurl=hxxp://lp.sweetim.com/SweetPacksBundleUninstaller/" "/searchProviderApp=SoftwareWatcher" "/searchProvider=a different" )

    ***** [ Registry ] *****

    Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Found : HKCU\Software\AppDataLow\Software\DynConIE
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\IM
    Key Found : HKCU\Software\InstallCore
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
    Key Found : HKCU\Software\Rocket Browser
    Key Found : HKCU\Software\RocketUpdater
    Key Found : [x64] HKCU\Software\Conduit
    Key Found : [x64] HKCU\Software\IM
    Key Found : [x64] HKCU\Software\InstallCore
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Found : [x64] HKCU\Software\Rocket Browser
    Key Found : [x64] HKCU\Software\RocketUpdater
    Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Found : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Found : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids
    Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
    Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17207

    Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
    Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
    Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=

    -\\ Mozilla Firefox v31.0 (x86 en-US)

    [ File : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\prefs.js ]

    Line Found : user_pref("browser.startup.homepage", "hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1[...]

    [ File : C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\dygn9tla.default\prefs.js ]

    Line Found : user_pref("extensions.kAM0rmpK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]

    -\\ Google Chrome v

    [ File : C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Found [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
    Found [Homepage] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
    Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
    Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

    *************************

    AdwCleaner[R0].txt - [7260 octets] - [07/08/2014 01:21:32]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7320 octets] ##########

  4. #4
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    Ok Your welcome. Go back to the add/remove programs panel and uninstall these two:

    deaill4me
    Websteroids
    After you uninstall them both restart your machine.

    Start Adwcleaner again, click on the scan button. When the scan is done, click the clean button. Machine will restart to finish the process. At restart it will display another log that you can copy/paste in your reply.
    How Can I Reduce My Risk?

  5. #5
    Junior Member
    Join Date
    Aug 2014
    Posts
    9

    Default

    unfortunately deaill4me can't uninstall, and dont know why ?? looks like cursor start "thinking" after click uninstall and nothing happens.
    second Websteroids is not exist on program list to uninstall.

  6. #6
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    Ok forget the uninstalls and use adwcleaner, Scan then clean. Post the log in your reply. After you finish with adwcleaner you can get another download:

    Please download Junkware Removal Tool to your desktop.
    Right click and select "run as admin"
    The tool will scan and may take some time to finish
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your reply.
    How Can I Reduce My Risk?

  7. #7
    Junior Member
    Join Date
    Aug 2014
    Posts
    9

    Default

    Quote Originally Posted by shelf life View Post
    Ok forget the uninstalls and use adwcleaner, Scan then clean. Post the log in your reply. After you finish with adwcleaner you can get another download:

    Please download Junkware Removal Tool to your desktop.
    Right click and select "run as admin"
    The tool will scan and may take some time to finish
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your reply.
    Too late.
    Websteroids clean by AdwCleaner
    deal4me uninstall by Revo uninstaller.
    Looks like all done correctly and spybot can not find any disconcerting programs ,viruses or malware.


    now ,when i click for example on tab "reply with quote" firefox is opening window with this replay and new window with some advertise from deal4mE. Its means i still have this worm?
    and one question more: if I buy antivirus from Spybot S&D , this program will stop all adv. ?
    for example :when the cursor invades example: [URL = "http://thisisudax.org/downloads/JRT.exe"] Junkware [/ URL], small window pops up with the rapid buying advertising,
    before i have no this pops up

    However i would like to Thank You for You help.

    P.S
    I think was 2 way when i get this malware , or both together
    1 I started to play the World of Tanks with not enough good antivirus or
    2 I buy new mouse Roccat Kova+ , and as soon i download drivers, the problems start appear to my PC.

  8. #8
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    Ok your welcome but not done yet. Can you post the log that was made after you used adwcleaner the last time, (Clean). So you did not use JRT.exe?

    We will get another download to use. Its called Malwarebytes. You can keep it and use as another anti-malware tool. The directions below are slighlty old as the Malwarebytes GUI has changed.

    Please download the free version of Malwarebytes to your desktop.

    Double-click mbam-setup.exe and follow the prompts to install the program.

    Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

    If an update is found, it will download and install the latest version.

    Once the program has loaded, select Perform FULL SCAN, then click Scan.
    When the scan is complete, click OK, then Show Results to view the results.

    Be sure that everything is checked, and click *Remove Selected.*

    *A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

    When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
    Post the log in your reply.
    How Can I Reduce My Risk?

  9. #9
    Junior Member
    Join Date
    Aug 2014
    Posts
    9

    Default

    Quote Originally Posted by shelf life View Post
    Ok your welcome but not done yet. Can you post the log that was made after you used adwcleaner the last time, (Clean). So you did not use JRT.exe?

    We will get another download to use. Its called Malwarebytes. You can keep it and use as another anti-malware tool. The directions below are slighlty old as the Malwarebytes GUI has changed.

    Please download the free version of Malwarebytes to your desktop.

    Double-click mbam-setup.exe and follow the prompts to install the program.

    Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

    If an update is found, it will download and install the latest version.

    Once the program has loaded, select Perform FULL SCAN, then click Scan.
    When the scan is complete, click OK, then Show Results to view the results.

    Be sure that everything is checked, and click *Remove Selected.*

    *A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

    When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
    Post the log in your reply.
    Quote Originally Posted by shelf life View Post
    Ok your welcome but not done yet. Can you post the log that was made after you used adwcleaner the last time, (Clean). So you did not use JRT.exe?
    Hi
    I dont know where to finde now this log from adwcleaner and NO i not use JRT.exe
    meantime i have use Ccleaner and maybe this program remove some logs.
    Till now i use spybot 3-4 times and no malware , few times scan use malwarebytes chameleon and looks ok , but each time when i open new window or click some link , is opening extra more windows with some unwanted websites.
    logs from malwarebytes ? can't find it
    history reports is clean as well .

  10. #10
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    Ok thanks for the information.

    1) Open up firefox and at the top go to Tools> addons> Extensions. Disable all the extensions.

    2) If you have JRT.exe downloaded, go ahead and run it:

    Right click and select "run as admin"
    The tool will scan and may take some time to finish
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your reply.

    3) Using Wndows explorer. Right click on Start>Open Windows Explorer. Then look in C:/ Adwcleaner. Its a folder with the logs labeled as Adwcleaner [R0],[R1] etc.

    4) Last: after the above please re-run FRST again like you did in your first post.

    -----------------------------------------------------------------------------------
    So if possible run and post JRT log,
    Last Adwcleaner log if possible
    and new FRST log
    How Can I Reduce My Risk?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •