Barowwsoe2Save

**duczos1** · 2014-08-09, 12:55

Hello again
JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Piotrek on 09/08/2014 at 10:54:35.72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Piotrek\appdata\locallow\boost_interprocess"

~~~ FireFox

Successfully deleted the following from C:\Users\Piotrek\AppData\Roaming\mozilla\firefox\profiles\dygn9tla.default\prefs.js

user_pref("extensions.kAM0rmpK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>
Emptied folder: C:\Users\Piotrek\AppData\Roaming\mozilla\firefox\profiles\dygn9tla.default\minidumps [3 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/08/2014 at 10:59:54.55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Adwcleaner logs:
# AdwCleaner v3.303 - Report created 07/08/2014 at 01:21:32
# Updated 06/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Piotrek - PIOTREK-PC
# Running from : C:\Users\Piotrek\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : Websteroids

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\searchplugins\WSE Rocket.xml
File Found : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\user.js
Folder Found : C:\Program Files (x86)\PC Cleaner
Folder Found : C:\ProgramData\374311380
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\Websteroids
Folder Found : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\Extensions\staged\{ecaa9181-d92a-47b9-8e14-bef9680f204b}
Folder Found : C:\Users\Piotrek\AppData\Local\Rocket
Folder Found : C:\Users\Piotrek\AppData\Local\Websteroids
Folder Found : C:\Users\Piotrek\AppData\Roaming\RocketUpdater

***** [ Scheduled Tasks ] *****

Task Found : Rocket Updater

***** [ Shortcuts ] *****

Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle\SoftwareWatcher bundle.lnk ( "C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe" "/appName=SoftwareWatcher bundle" "/linkurl=hxxp://lp.sweetim.com/SweetPacksBundleUninstaller/" "/searchProviderApp=SoftwareWatcher" "/searchProvider=a different" )

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\Software\DynConIE
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Rocket Browser
Key Found : HKCU\Software\RocketUpdater
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKCU\Software\Rocket Browser
Key Found : [x64] HKCU\Software\RocketUpdater
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\prefs.js ]

Line Found : user_pref("browser.startup.homepage", "hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1[...]

[ File : C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\dygn9tla.default\prefs.js ]

Line Found : user_pref("extensions.kAM0rmpK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]

-\\ Google Chrome v

[ File : C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
Found [Homepage] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [7260 octets] - [07/08/2014 01:21:32]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7320 octets] ##########

# AdwCleaner v3.303 - Report created 07/08/2014 at 10:48:57
# Updated 06/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Piotrek - PIOTREK-PC
# Running from : C:\Users\Piotrek\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : Websteroids

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\searchplugins\WSE Rocket.xml
File Found : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\user.js
Folder Found : C:\Program Files (x86)\PC Cleaner
Folder Found : C:\ProgramData\374311380
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\Websteroids
Folder Found : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\Extensions\staged\{ecaa9181-d92a-47b9-8e14-bef9680f204b}
Folder Found : C:\Users\Piotrek\AppData\Local\Rocket
Folder Found : C:\Users\Piotrek\AppData\Local\Websteroids
Folder Found : C:\Users\Piotrek\AppData\Roaming\RocketUpdater

***** [ Scheduled Tasks ] *****

Task Found : Rocket Updater

***** [ Shortcuts ] *****

Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle\SoftwareWatcher bundle.lnk ( "C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe" "/appName=SoftwareWatcher bundle" "/linkurl=hxxp://lp.sweetim.com/SweetPacksBundleUninstaller/" "/searchProviderApp=SoftwareWatcher" "/searchProvider=a different" )

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\Software\DynConIE
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Rocket Browser
Key Found : HKCU\Software\RocketUpdater
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKCU\Software\Rocket Browser
Key Found : [x64] HKCU\Software\RocketUpdater
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDtBtBzyyEtC0CtGyDyD0E0FtGyBtByDzytGtD0DzytAtGyDtB0C0FyEtDyDtBtAtA0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyEtDtCyCtB0AtGyEtBtDyEtGzytAtDtBtGtCyCyDtBtGtB0EzytCyDtBtCtD0DyByDyD2Q&cr=2090515887&ir=

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\prefs.js ]

Line Found : user_pref("browser.startup.homepage", "hxxp://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1[...]

[ File : C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\dygn9tla.default\prefs.js ]

Line Found : user_pref("extensions.kAM0rmpK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]

-\\ Google Chrome v

[ File : C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
Found [Homepage] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [7444 octets] - [07/08/2014 01:21:32]
AdwCleaner[R1].txt - [7320 octets] - [07/08/2014 10:48:57]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [7380 octets] ##########

# AdwCleaner v3.303 - Report created 07/08/2014 at 10:51:41
# Updated 06/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Piotrek - PIOTREK-PC
# Running from : C:\Users\Piotrek\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\prefs.js ]

[ File : C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\dygn9tla.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
Found [Homepage] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [7444 octets] - [07/08/2014 01:21:32]
AdwCleaner[R1].txt - [7504 octets] - [07/08/2014 10:48:57]
AdwCleaner[R2].txt - [1447 octets] - [07/08/2014 10:51:41]
AdwCleaner[S0].txt - [5609 octets] - [07/08/2014 10:49:30]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1567 octets] ##########

# AdwCleaner v3.303 - Report created 07/08/2014 at 11:02:32
# Updated 06/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Piotrek - PIOTREK-PC
# Running from : C:\Users\Piotrek\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\prefs.js ]

[ File : C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\dygn9tla.default\prefs.js ]

Line Found : user_pref("extensions.kAM0rmpK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]

-\\ Google Chrome v

[ File : C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
Found [Homepage] : hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV=
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [7444 octets] - [07/08/2014 01:21:32]
AdwCleaner[R1].txt - [7504 octets] - [07/08/2014 10:48:57]
AdwCleaner[R2].txt - [1647 octets] - [07/08/2014 10:51:41]
AdwCleaner[R3].txt - [1727 octets] - [07/08/2014 11:02:32]
AdwCleaner[S0].txt - [5609 octets] - [07/08/2014 10:49:30]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1847 octets] ##########

# AdwCleaner v3.303 - Report created 07/08/2014 at 10:49:30
# Updated 06/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Piotrek - PIOTREK-PC
# Running from : C:\Users\Piotrek\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Websteroids

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\374311380
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Websteroids
Folder Deleted : C:\Program Files (x86)\PC Cleaner
Folder Deleted : C:\Users\Piotrek\AppData\Local\Rocket
Folder Deleted : C:\Users\Piotrek\AppData\Local\Websteroids
Folder Deleted : C:\Users\Piotrek\AppData\Roaming\RocketUpdater
Folder Deleted : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\Extensions\staged\{ecaa9181-d92a-47b9-8e14-bef9680f204b}
File Deleted : C:\END
File Deleted : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\searchplugins\WSE Rocket.xml
File Deleted : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : Rocket Updater

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle\SoftwareWatcher bundle.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASMANCS
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKLM64\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM64\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM64\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Rocket Browser
Key Deleted : HKCU\Software\RocketUpdater
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\duczos\AppData\Roaming\Mozilla\Firefox\Profiles\m38rx9u8.default\prefs.js ]

Line Deleted : user_pref("browser.startup.homepage", "http://rocket-find.com/?f=1&a=rckt_ir_14_27_ff&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtAyEtDtAzytAtByB0ByBtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1[...]

[ File : C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\dygn9tla.default\prefs.js ]

Line Deleted : user_pref("extensions.kAM0rmpK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]

-\\ Google Chrome v

[ File : C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Startup_urls] : http://search.conduit.com/?ctid=CT33...96B89915&SSPV=
Deleted [Homepage] : http://search.conduit.com/?ctid=CT33...96B89915&SSPV=
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014
Ran by Piotrek (administrator) on PIOTREK-PC on 09-08-2014 11:12:22
Running from C:\Users\Piotrek\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Roccat GmbH) C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Valve Corporation) G:\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11774568 2011-01-13] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [RoccatKova+] => C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.EXE [539688 2011-03-17] (Roccat GmbH)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3482807897-1788646732-514403234-1001\...\Run: [Reminder] => C:\Program Files (x86)\TTG\Reminder\Reminder.exe [1638496 2010-11-25] (DSG Retail Ltd)
HKU\S-1-5-21-3482807897-1788646732-514403234-1001\...\Run: [DockBar] => C:\Applications\Tools\DockBar\DockBar.exe [2964480 2010-11-25] (DSG Retail Ltd)
HKU\S-1-5-21-3482807897-1788646732-514403234-1001\...\Run: [Recovery Backup Wizard] => C:\Program Files (x86)\TTG\Reminder\Reminder.exe [1638496 2010-11-25] (DSG Retail Ltd)
HKU\S-1-5-21-3482807897-1788646732-514403234-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-3482807897-1788646732-514403234-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: deaill4me -> {5A55077E-9A8F-F6FB-67AD-19115988838A} -> C:\ProgramData\deaill4me\V4w.x64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\dygn9tla.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3325805&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP2B1F578C-DDCC-45FD-9C6E-7F7E96B89915&SSPV="
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultNewTabURL:
CHR Extension: (Scroll Bar 1 Blue) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\affmlfjaccgajlhglnhfhfaiohelbmec [2014-08-05]
CHR Extension: (Google Wallet) - C:\Users\Piotrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-18]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 KovaPlusFltr; C:\Windows\System32\drivers\KovaPlusFltr.sys [15104 2010-01-25] (ROCCAT Development, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 cpuz134; \??\C:\Users\Piotrek\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S0 nvpciflt; system32\DRIVERS\nvpciflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-09 10:59 - 2014-08-09 10:59 - 00001153 _____ () C:\Users\Piotrek\Desktop\JRT.txt
2014-08-09 10:54 - 2014-08-09 10:54 - 00000000 ____D () C:\Windows\ERUNT
2014-08-09 10:53 - 2014-08-09 10:53 - 01016261 _____ (Thisisu) C:\Users\Piotrek\Downloads\JRT.exe
2014-08-09 10:51 - 2014-08-09 10:51 - 00001166 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-09 10:51 - 2014-08-09 10:51 - 00001154 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-09 10:51 - 2014-08-09 10:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-09 10:51 - 2014-08-09 10:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-09 10:49 - 2014-08-09 10:50 - 00244320 _____ () C:\Users\Piotrek\Downloads\Firefox Setup Stub 31.0.exe
2014-08-08 12:55 - 2014-08-08 12:55 - 00001084 _____ () C:\Users\Piotrek\Desktop\Kaspersky Security Scan.lnk
2014-08-08 12:55 - 2014-08-08 12:55 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-08-08 12:55 - 2014-08-08 12:55 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-08 12:55 - 2014-08-08 12:55 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-08-08 12:53 - 2014-08-08 12:53 - 00189320 _____ (Kaspersky Lab) C:\Users\Piotrek\Downloads\kss12.0.1.881de_en_es_fr_it_ja_ko_pl_pt_ru_zh_6220.exe
2014-08-07 15:18 - 2014-08-07 15:18 - 00000000 ____D () C:\Users\Piotrek\Documents\ProcAlyzer Dumps
2014-08-07 15:02 - 2014-08-08 10:41 - 00000112 _____ () C:\Windows\setupact.log
2014-08-07 15:02 - 2014-08-07 15:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-07 15:01 - 2014-08-08 10:41 - 00002566 _____ () C:\Windows\PFRO.log
2014-08-07 14:52 - 2014-08-09 09:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-07 14:52 - 2014-08-08 11:45 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-07 14:52 - 2014-08-07 14:52 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-07 14:52 - 2014-08-07 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-07 14:52 - 2014-08-07 14:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-07 14:52 - 2014-08-07 14:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-07 14:52 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-07 14:52 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-07 14:50 - 2014-08-07 14:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Piotrek\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-07 12:21 - 2014-08-07 12:21 - 04813544 _____ (Piriform Ltd) C:\Users\Piotrek\Downloads\ccsetup416.exe
2014-08-07 01:20 - 2014-08-07 11:02 - 00000000 ____D () C:\AdwCleaner
2014-08-07 01:02 - 2014-08-07 01:02 - 01475072 _____ () C:\Users\Piotrek\Downloads\AdwCleaner.exe
2014-08-07 00:48 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-07 00:48 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-06 14:51 - 2014-08-06 14:51 - 00002554 _____ () C:\Users\Piotrek\Downloads\aswMBR.txt
2014-08-06 14:51 - 2014-08-06 14:51 - 00000512 _____ () C:\Users\Piotrek\Downloads\MBR.dat
2014-08-06 14:24 - 2014-08-06 14:24 - 05185536 _____ (AVAST Software) C:\Users\Piotrek\Downloads\aswMBR.exe
2014-08-06 13:39 - 2014-08-09 11:12 - 00012386 _____ () C:\Users\Piotrek\Downloads\FRST.txt
2014-08-06 13:39 - 2014-08-06 13:39 - 00025337 _____ () C:\Users\Piotrek\Downloads\Addition.txt
2014-08-06 13:38 - 2014-08-09 11:12 - 00000000 ____D () C:\FRST
2014-08-06 13:37 - 2014-08-06 13:37 - 02094080 _____ (Farbar) C:\Users\Piotrek\Downloads\FRST64.exe
2014-08-06 13:28 - 2014-08-06 13:28 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PIOTREK-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-08-06 13:28 - 2014-08-06 13:28 - 00000000 ____D () C:\RegBackup
2014-08-06 13:22 - 2014-08-06 13:22 - 00002242 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-08-06 13:22 - 2014-08-06 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-08-06 13:22 - 2014-08-06 13:22 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-08-06 13:21 - 2014-08-06 13:22 - 04057608 _____ () C:\Users\Piotrek\Downloads\tweaking.com_registry_backup_setup.exe
2014-08-06 11:47 - 2014-08-06 11:47 - 00001271 _____ () C:\Users\Piotrek\Desktop\Revo Uninstaller.lnk
2014-08-06 11:47 - 2014-08-06 11:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-06 11:45 - 2014-08-06 11:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Piotrek\Downloads\revosetup.exe
2014-08-05 22:30 - 2014-08-07 10:54 - 00000000 ____D () C:\ProgramData\bd1c007db4678b70
2014-08-05 22:29 - 2014-08-05 22:29 - 00000000 ____D () C:\Users\Piotrek\AppData\Local\Packages
2014-08-05 22:26 - 2014-08-05 22:26 - 00000045 _____ () C:\Users\Piotrek\AppData\Roaming\WB.CFG
2014-08-05 22:22 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-08-05 22:22 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-05 22:22 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-05 22:22 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-08-05 22:22 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-08-05 22:22 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-08-05 22:22 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-08-05 22:22 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-08-05 22:22 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-08-05 22:22 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-08-05 22:22 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-08-05 22:22 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-08-05 22:22 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-08-05 22:22 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-08-05 22:22 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-08-05 22:22 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-08-05 22:20 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-08-05 22:20 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-08-05 22:20 - 2012-05-04 12:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-08-05 22:20 - 2012-05-04 10:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-07-18 21:15 - 2014-07-18 21:15 - 04812672 _____ (Piriform Ltd) C:\Users\Piotrek\Downloads\ccsetup415.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-09 11:12 - 2014-08-06 13:39 - 00012386 _____ () C:\Users\Piotrek\Downloads\FRST.txt
2014-08-09 11:12 - 2014-08-06 13:38 - 00000000 ____D () C:\FRST
2014-08-09 10:59 - 2014-08-09 10:59 - 00001153 _____ () C:\Users\Piotrek\Desktop\JRT.txt
2014-08-09 10:55 - 2014-03-18 18:54 - 01102355 _____ () C:\Windows\WindowsUpdate.log
2014-08-09 10:54 - 2014-08-09 10:54 - 00000000 ____D () C:\Windows\ERUNT
2014-08-09 10:53 - 2014-08-09 10:53 - 01016261 _____ (Thisisu) C:\Users\Piotrek\Downloads\JRT.exe
2014-08-09 10:51 - 2014-08-09 10:51 - 00001166 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-09 10:51 - 2014-08-09 10:51 - 00001154 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-09 10:51 - 2014-08-09 10:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-09 10:51 - 2014-08-09 10:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-09 10:50 - 2014-08-09 10:49 - 00244320 _____ () C:\Users\Piotrek\Downloads\Firefox Setup Stub 31.0.exe
2014-08-09 10:20 - 2011-05-25 11:51 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-09 10:13 - 2014-03-25 00:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-09 09:22 - 2014-08-07 14:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-09 03:17 - 2014-03-20 14:09 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-08-08 15:20 - 2011-05-25 11:51 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-08 12:55 - 2014-08-08 12:55 - 00001084 _____ () C:\Users\Piotrek\Desktop\Kaspersky Security Scan.lnk
2014-08-08 12:55 - 2014-08-08 12:55 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-08-08 12:55 - 2014-08-08 12:55 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-08 12:55 - 2014-08-08 12:55 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-08-08 12:53 - 2014-08-08 12:53 - 00189320 _____ (Kaspersky Lab) C:\Users\Piotrek\Downloads\kss12.0.1.881de_en_es_fr_it_ja_ko_pl_pt_ru_zh_6220.exe
2014-08-08 11:45 - 2014-08-07 14:52 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-08 10:49 - 2009-07-14 05:45 - 00027744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-08 10:49 - 2009-07-14 05:45 - 00027744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-08 10:47 - 2009-07-14 06:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-08 10:42 - 2014-03-18 18:57 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar
2014-08-08 10:41 - 2014-08-07 15:02 - 00000112 _____ () C:\Windows\setupact.log
2014-08-08 10:41 - 2014-08-07 15:01 - 00002566 _____ () C:\Windows\PFRO.log
2014-08-08 10:41 - 2011-05-25 16:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-08 10:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-07 16:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-08-07 15:18 - 2014-08-07 15:18 - 00000000 ____D () C:\Users\Piotrek\Documents\ProcAlyzer Dumps
2014-08-07 15:18 - 2014-03-21 22:42 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-07 15:02 - 2014-08-07 15:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-07 15:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Speech
2014-08-07 14:52 - 2014-08-07 14:52 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-07 14:52 - 2014-08-07 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-07 14:52 - 2014-08-07 14:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-07 14:52 - 2014-08-07 14:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-07 14:51 - 2014-08-07 14:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Piotrek\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-07 12:22 - 2014-03-21 20:24 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-07 12:22 - 2014-03-21 20:24 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-07 12:21 - 2014-08-07 12:21 - 04813544 _____ (Piriform Ltd) C:\Users\Piotrek\Downloads\ccsetup416.exe
2014-08-07 11:02 - 2014-08-07 01:20 - 00000000 ____D () C:\AdwCleaner
2014-08-07 10:54 - 2014-08-05 22:30 - 00000000 ____D () C:\ProgramData\bd1c007db4678b70
2014-08-07 10:49 - 2014-03-18 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle
2014-08-07 01:02 - 2014-08-07 01:02 - 01475072 _____ () C:\Users\Piotrek\Downloads\AdwCleaner.exe
2014-08-06 14:51 - 2014-08-06 14:51 - 00002554 _____ () C:\Users\Piotrek\Downloads\aswMBR.txt
2014-08-06 14:51 - 2014-08-06 14:51 - 00000512 _____ () C:\Users\Piotrek\Downloads\MBR.dat
2014-08-06 14:24 - 2014-08-06 14:24 - 05185536 _____ (AVAST Software) C:\Users\Piotrek\Downloads\aswMBR.exe
2014-08-06 13:39 - 2014-08-06 13:39 - 00025337 _____ () C:\Users\Piotrek\Downloads\Addition.txt
2014-08-06 13:37 - 2014-08-06 13:37 - 02094080 _____ (Farbar) C:\Users\Piotrek\Downloads\FRST64.exe
2014-08-06 13:28 - 2014-08-06 13:28 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PIOTREK-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-08-06 13:28 - 2014-08-06 13:28 - 00000000 ____D () C:\RegBackup
2014-08-06 13:22 - 2014-08-06 13:22 - 00002242 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-08-06 13:22 - 2014-08-06 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-08-06 13:22 - 2014-08-06 13:22 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-08-06 13:22 - 2014-08-06 13:21 - 04057608 _____ () C:\Users\Piotrek\Downloads\tweaking.com_registry_backup_setup.exe
2014-08-06 11:47 - 2014-08-06 11:47 - 00001271 _____ () C:\Users\Piotrek\Desktop\Revo Uninstaller.lnk
2014-08-06 11:47 - 2014-08-06 11:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-06 11:45 - 2014-08-06 11:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Piotrek\Downloads\revosetup.exe
2014-08-06 11:06 - 2014-04-11 20:07 - 00000000 ___RD () C:\Users\Piotrek\Desktop\piatek
2014-08-06 09:21 - 2014-03-21 22:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-05 22:29 - 2014-08-05 22:29 - 00000000 ____D () C:\Users\Piotrek\AppData\Local\Packages
2014-08-05 22:26 - 2014-08-05 22:26 - 00000045 _____ () C:\Users\Piotrek\AppData\Roaming\WB.CFG
2014-08-05 22:24 - 2014-03-21 00:42 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-05 22:24 - 2014-03-21 00:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-05 22:24 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-05 22:22 - 2014-03-21 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-18 21:16 - 2014-03-21 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-18 21:15 - 2014-07-18 21:15 - 04812672 _____ (Piriform Ltd) C:\Users\Piotrek\Downloads\ccsetup415.exe
2014-07-11 11:02 - 2014-05-04 13:18 - 00000000 ____D () C:\Users\Piotrek\AppData\Roaming\TS3Client
2014-07-10 09:58 - 2009-07-14 05:45 - 00276200 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 09:56 - 2014-04-30 02:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 09:56 - 2010-11-21 08:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 09:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 09:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 02:23 - 2014-03-24 22:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 02:22 - 2014-03-24 22:21 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-07 16:49

==================== End Of Log ============================

Anything more?
this ads deal4me I can't remove , and still opening some sexchat window or something like that

when try to replay to this post again -> click to replay but opened 2 new windows - clickcompare.... and second window, live chat with naked girll

no more websteroids ads, before this websteroids i saw as running process on windows task menager . Now nothing like that.
Thanks for help btw

Thread: Barowwsoe2Save

Thread Tools

Display

Threaded View

Posting Permissions