Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Worried about possible malware

  1. #1
    Junior Member
    Join Date
    Mar 2012
    Posts
    18

    Default Worried about possible malware

    Recently, a friend sent me a link on steam that turned out to be some sort of malware thing that sent the same message to all of my steam friends. I changed my password and did some scans with Malwarebytes and Spybot and found nothing, but I decided to do the scans with the programs mentioned in the "BEFORE You POST" topic. If someone could go over the logs and see if there's anything, I would be grateful.

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2014-11-14 15:50:44
    -----------------------------
    15:50:44.785 OS Version: Windows x64 6.2.9200
    15:50:44.785 Number of processors: 4 586 0x1301
    15:50:44.786 ComputerName: LIQUIDPC UserName: Tomasz
    15:50:47.883 Initialize success
    15:50:47.884 VM: initialized successfully
    15:50:47.886 VM: Amd CPU supported
    15:50:56.117 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000027
    15:50:56.121 Disk 0 Vendor: ST2000DM001-1CH164 HP34 Size: 1907729MB BusType: 11
    15:50:56.368 Disk 0 MBR read successfully
    15:50:56.374 Disk 0 MBR scan
    15:50:56.380 Disk 0 unknown MBR code
    15:50:56.385 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
    15:50:56.451 Disk 0 scanning C:\WINDOWS\system32\drivers
    15:51:07.202 Service scanning
    15:51:28.978 Modules scanning
    15:51:28.992 Disk 0 trace - called modules:
    15:51:29.246 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll storahci.sys
    15:51:29.254 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00016f615e0]
    15:51:29.266 3 CLASSPNP.SYS[fffff800edb9527b] -> nt!IofCallDriver -> \Device\00000027[0xffffe00016da0720]
    15:51:29.275 Disk 0 statistics 110265/0/0 @ 5.23 MB/s
    15:51:29.284 Scan finished successfully
    15:54:21.821 Disk 0 MBR has been saved successfully to "C:\Users\Tomasz\Downloads\MBR.dat"
    15:54:21.826 The log file has been saved successfully to "C:\Users\Tomasz\Downloads\aswMBR.txt"

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2014 02
    Ran by Tomasz (administrator) on LIQUIDPC on 14-11-2014 15:48:04
    Running from C:\Users\Tomasz\Downloads
    Loaded Profile: Tomasz (Available profiles: Tomasz)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
    (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    (Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
    () C:\Program Files (x86)\puush\puush.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
    () C:\Program Files (x86)\AVG Secure Search\vprot.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Desura Net Pty Ltd) C:\Program Files (x86)\Desura\desura.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Desura Net Pty Ltd) C:\Program Files (x86)\Common Files\Desura\desura_service.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
    (Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    () C:\Program Files\HexChat\hexchat.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    (HP) C:\Program Files\WindowsApps\AD2F1837.HPScanandCapture_40.0.245.0_x64__v10z8vjag6ke6\HPScanandCapture.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Akamai Technologies, Inc.) C:\Users\Tomasz\AppData\Local\Akamai\netsession_win.exe
    (Akamai Technologies, Inc.) C:\Users\Tomasz\AppData\Local\Akamai\netsession_win.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
    HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-04] (IDT, Inc.)
    HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-22] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-08-26] ()
    HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
    HKLM\...\RunOnce: [NCPluginUpdater] => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
    HKLM-x32\...\RunOnce: [SpybotDeletingA3024] => command.com /c del "C:\end"
    HKLM-x32\...\RunOnce: [SpybotDeletingC9745] => cmd.exe /c del "C:\end"
    HKLM-x32\...\RunOnce: [SpybotDeletingA5820] => command.com /c del "C:\end"
    HKLM-x32\...\RunOnce: [SpybotDeletingC8107] => cmd.exe /c del "C:\end"
    HKLM-x32\...\RunOnce: [SpybotDeletingA8549] => command.com /c del "C:\end"
    HKLM-x32\...\RunOnce: [SpybotDeletingC1066] => cmd.exe /c del "C:\end"
    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-10-01] (Malwarebytes Corporation)
    HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
    HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\Run: [Desura] => C:\Program Files (x86)\Desura\desura.exe [2668496 2014-09-21] (Desura Net Pty Ltd)
    HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [2990304 2013-10-30] (Nota Inc.)
    HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-08-19] (Raptr, Inc)
    HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-02-21] ()
    HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
    HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\Run: [f.lux] => C:\Users\Tomasz\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
    HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Tomasz\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
    HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\RunOnce: [SpybotDeletingB6980] => command.com /c del "C:\end"
    HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\RunOnce: [SpybotDeletingD4495] => cmd.exe /c del "C:\end"
    HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\RunOnce: [SpybotDeletingB8798] => command.com /c del "C:\end"
    HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\RunOnce: [SpybotDeletingD6185] => cmd.exe /c del "C:\end"
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
    SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
    SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
    SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={487F7308-D65C-49CC-AF02-AEFACE533447}&mid=8c4cd3bc894447d2a1f54dff125d0e61-9d6ff237c15da783288781e1ddc56f3db02fe907&lang=&ds=&coid=&cmpid=&pr=&d=&v=18.0.0.248&pid=avg&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
    SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={487F7308-D65C-49CC-AF02-AEFACE533447}&mid=8c4cd3bc894447d2a1f54dff125d0e61-9d6ff237c15da783288781e1ddc56f3db02fe907&lang=&ds=&coid=&cmpid=&pr=&d=&v=18.0.0.248&pid=avg&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
    BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
    BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
    Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
    Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
    Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
    Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

    FireFox:
    ========
    FF ProfilePath: C:\Users\Tomasz\AppData\Roaming\Mozilla\Firefox\Profiles\zoce48cl.default
    FF Homepage: about:home
    FF Keyword.URL:
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
    FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin HKU\S-1-5-21-2883957329-2792123602-793195274-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tomasz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-2883957329-2792123602-793195274-1001: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
    FF Extension: HTTPS-Everywhere - C:\Users\Tomasz\AppData\Roaming\Mozilla\Firefox\Profiles\zoce48cl.default\Extensions\https-everywhere@eff.org [2014-08-22]
    FF Extension: Ghostery - C:\Users\Tomasz\AppData\Roaming\Mozilla\Firefox\Profiles\zoce48cl.default\Extensions\firefox@ghostery.com.xpi [2014-02-28]
    FF Extension: BetterTTV - C:\Users\Tomasz\AppData\Roaming\Mozilla\Firefox\Profiles\zoce48cl.default\Extensions\jid0-OeCFXKAPh2tC0bN3Li9ajRAZx6c@jetpack.xpi [2014-02-23]
    FF Extension: YouTube High Definition - C:\Users\Tomasz\AppData\Roaming\Mozilla\Firefox\Profiles\zoce48cl.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-07-10]
    FF Extension: Adblock Plus - C:\Users\Tomasz\AppData\Roaming\Mozilla\Firefox\Profiles\zoce48cl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-03]
    FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.91
    FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Nightly\firefox.exe

    Chrome:
    =======
    CHR StartupUrls: Default -> "https://www.google.com/"
    CHR Profile: C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-01]
    CHR Extension: (Google Drive) - C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-01]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
    CHR Extension: (YouTube) - C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-01]
    CHR Extension: (Google Search) - C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-01]
    CHR Extension: (AdBlock) - C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-17]
    CHR Extension: (Center'd - Center the new YT) - C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkgjcknlnbcciacdklmnafmfcfjnpcja [2014-10-25]
    CHR Extension: (AVG Security Toolbar) - C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-03-07]
    CHR Extension: (Google Wallet) - C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01]
    CHR Extension: (Gmail) - C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-01]
    CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-27]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
    S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-06-29] (BitRaider, LLC)
    R2 CLHNServiceForPowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-06-09] (CyberLink Corp.)
    R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-09] (CyberLink)
    R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-09] (CyberLink)
    R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-08-22] (Hi-Rez Studios) [File not signed]
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-06-07] (Hewlett-Packard Company) [File not signed]
    R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
    S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
    S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
    S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [5267776 2014-01-22] (INCA Internet Co., Ltd.)
    R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
    R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-04] (IDT, Inc.) [File not signed]
    S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
    R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
    S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-02-16] (Microsoft Corporation)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
    S2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
    R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
    R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [270104 2014-06-30] (AVG Technologies CZ, s.r.o.)
    U0 aywipp; C:\Windows\System32\drivers\yafdb.sys [79064 2014-11-01] (Malwarebytes Corporation)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink)
    S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
    S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
    R2 ntk_PowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [84168 2013-03-12] (Cyberlink Corp.)
    U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [29696 2014-07-07] ()
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
    S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
    S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
    S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
    S3 X6va021; \??\C:\WINDOWS\SysWOW64\Drivers\X6va021 [X]
    U3 aswMBR; \??\C:\Users\Tomasz\AppData\Local\Temp\aswMBR.sys [X]
    U3 aswVmm; \??\C:\Users\Tomasz\AppData\Local\Temp\aswVmm.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-14 15:48 - 2014-11-14 15:49 - 00025804 _____ () C:\Users\Tomasz\Downloads\FRST.txt
    2014-11-14 15:47 - 2014-11-14 15:48 - 00000000 ____D () C:\FRST
    2014-11-14 15:46 - 2014-11-14 15:46 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-LIQUIDPC-Microsoft-Windows-8.1-(64-bit).dat
    2014-11-14 15:44 - 2014-11-14 15:44 - 00002258 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2014-11-14 15:44 - 2014-11-14 15:44 - 00000000 ____D () C:\RegBackup
    2014-11-14 15:44 - 2014-11-14 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-11-14 15:44 - 2014-11-14 15:44 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2014-11-14 15:43 - 2014-11-14 15:43 - 04215584 _____ () C:\Users\Tomasz\Downloads\tweaking.com_registry_backup_setup.exe
    2014-11-14 15:41 - 2014-11-14 15:42 - 02116608 _____ (Farbar) C:\Users\Tomasz\Downloads\FRST64.exe
    2014-11-14 15:41 - 2014-11-14 15:41 - 05198336 _____ (AVAST Software) C:\Users\Tomasz\Downloads\aswMBR.exe
    2014-11-13 00:08 - 2014-11-13 00:08 - 00020404 _____ () C:\Users\Tomasz\Documents\US Gov 111314.odt
    2014-11-11 23:00 - 2014-11-11 23:00 - 00013166 _____ () C:\Users\Tomasz\Documents\AP Bio Lab report 111114.odt
    2014-11-11 19:17 - 2014-10-23 00:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
    2014-11-11 19:17 - 2014-10-23 00:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
    2014-11-11 10:05 - 2014-11-11 10:05 - 00059666 _____ () C:\Users\Tomasz\Downloads\a0a08da100c48fc0de52f440c0bc601b.torrent
    2014-11-11 09:43 - 2014-11-11 09:43 - 00651264 _____ () C:\Users\Tomasz\Downloads\Detection.msi
    2014-11-11 09:43 - 2014-11-11 09:43 - 00651264 _____ () C:\Users\Tomasz\Downloads\Detection (1).msi
    2014-11-10 20:05 - 2014-11-10 20:05 - 00000218 _____ () C:\Users\Tomasz\AppData\Local\recently-used.xbel
    2014-11-10 19:53 - 2014-11-10 19:57 - 697014865 _____ () C:\Users\Tomasz\Downloads\Game Center CX - 178 - Mega Man X (Part 1) 60fps [SAGCCX].mp4
    2014-11-10 19:53 - 2014-11-10 19:53 - 00013705 _____ () C:\Users\Tomasz\Downloads\Game Center CX - 178 - Mega Man X (Part 1) 60fps [SAGCCX].mp4.torrent
    2014-11-10 02:24 - 2014-11-10 02:24 - 00025036 _____ () C:\Users\Tomasz\Documents\HW 11914.odt
    2014-11-08 06:52 - 2014-11-08 06:52 - 15886792 _____ () C:\Users\Tomasz\Downloads\OSP18(Final)_HorribleTrans.zip
    2014-11-07 21:17 - 2014-11-07 21:17 - 00490135 _____ () C:\Users\Tomasz\Downloads\38493.zip
    2014-11-07 21:17 - 2014-11-07 21:17 - 00092003 _____ () C:\Users\Tomasz\Downloads\34083.zip
    2014-11-07 21:12 - 2014-11-07 21:12 - 01251372 _____ () C:\Users\Tomasz\Downloads\Skins.rar
    2014-11-07 21:12 - 2014-11-07 21:12 - 01251372 _____ () C:\Users\Tomasz\Downloads\Skins (1).rar
    2014-11-07 21:08 - 2014-11-07 21:26 - 00000000 ____D () C:\Users\Tomasz\Documents\Skin Installer Ultimate
    2014-11-07 21:06 - 2014-11-07 21:07 - 07916654 _____ () C:\Users\Tomasz\Downloads\SIU 4.34-Lite.zip
    2014-11-07 00:45 - 2014-11-07 00:45 - 00020552 _____ () C:\Users\Tomasz\Documents\US Gov 11614.odt
    2014-11-04 01:16 - 2014-11-04 01:16 - 00013258 _____ () C:\Users\Tomasz\Documents\HW 11314.odt
    2014-11-03 23:19 - 2014-11-03 23:20 - 00000000 ____D () C:\Program Files (x86)\QuickTime
    2014-11-03 23:19 - 2014-11-03 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    2014-11-03 23:19 - 2014-11-03 23:19 - 00000000 ____D () C:\ProgramData\Apple Computer
    2014-11-03 23:18 - 2014-11-03 23:18 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2014-11-03 23:18 - 2014-11-03 23:18 - 00000000 ____D () C:\Users\Tomasz\AppData\Local\Apple
    2014-11-03 23:18 - 2014-11-03 23:18 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
    2014-11-03 23:17 - 2014-11-03 23:18 - 39401336 _____ (Apple Inc.) C:\Users\Tomasz\Downloads\QuickTimeInstaller.exe
    2014-11-02 17:46 - 2014-11-02 17:48 - 00000000 ____D () C:\Users\Tomasz\Documents\Strife
    2014-11-02 17:40 - 2014-11-02 17:40 - 00001962 _____ () C:\Users\Tomasz\Desktop\Strife.lnk
    2014-11-02 17:40 - 2014-11-02 17:40 - 00000000 ____D () C:\Users\Tomasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strife
    2014-11-02 17:40 - 2014-11-02 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strife
    2014-11-02 17:34 - 2014-11-02 17:34 - 00000000 ____D () C:\Users\Tomasz\AppData\Roaming\Awesomium
    2014-11-02 17:33 - 2014-11-02 17:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
    2014-11-02 17:33 - 2014-11-02 17:33 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
    2014-11-02 17:33 - 2014-11-02 17:33 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
    2014-11-02 17:27 - 2014-11-02 17:48 - 00000000 ____D () C:\Program Files (x86)\Strife
    2014-11-02 17:26 - 2014-11-02 17:27 - 46860733 _____ (Hi-Rez Studios) C:\Users\Tomasz\Downloads\InstallHiRezGamesEnglish.exe
    2014-11-02 13:14 - 2014-11-02 13:27 - 00000000 ____D () C:\Users\Tomasz\AppData\Roaming\deluge
    2014-11-02 13:14 - 2014-11-02 13:26 - 1673055576 _____ () C:\Users\Tomasz\Downloads\StrifeWindows-0.4.5.1.exe
    2014-11-02 13:13 - 2014-11-02 13:13 - 00127996 _____ () C:\Users\Tomasz\Downloads\StrifeWindows-0.4.5.1.torrent
    2014-11-01 23:49 - 2014-11-01 23:49 - 00000000 ____D () C:\Users\Tomasz\AppData\Local\Freelancer
    2014-11-01 23:43 - 2014-11-01 23:44 - 95042659 _____ () C:\Users\Tomasz\Downloads\discovery_4.87.0.exe
    2014-11-01 23:37 - 2014-11-01 23:37 - 01187586 _____ () C:\Users\Tomasz\Downloads\FLMM1.5beta1Installer.exe
    2014-11-01 21:15 - 2014-11-01 21:15 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\yafdb.sys
    2014-11-01 18:59 - 2014-11-01 19:01 - 111970304 _____ (SQUARE ENIX CO., LTD.) C:\Users\Tomasz\Downloads\ffxivsetup.exe
    2014-10-30 23:30 - 2014-10-30 23:32 - 00023139 _____ () C:\Users\Tomasz\Documents\Theology Research Paper 103014.odt
    2014-10-30 17:33 - 2014-11-09 09:36 - 00000000 ____D () C:\Program Files (x86)\Nightly
    2014-10-29 22:14 - 2014-10-29 22:14 - 00021535 _____ () C:\Users\Tomasz\Documents\US Gov 102914.odt
    2014-10-28 21:56 - 2014-10-28 21:56 - 00016767 _____ () C:\Users\Tomasz\Documents\English 102814.odt
    2014-10-24 14:34 - 2014-10-24 14:34 - 02038576 _____ () C:\Users\Tomasz\Downloads\Earthbound.zip
    2014-10-24 00:36 - 2014-10-24 00:36 - 01174016 _____ () C:\Users\Tomasz\Downloads\enzymes (1).ppt
    2014-10-21 22:58 - 2014-10-21 22:58 - 00016026 _____ () C:\Users\Tomasz\Documents\English 102114.odt
    2014-10-20 23:37 - 2014-10-20 23:37 - 00045492 _____ () C:\Users\Tomasz\Documents\HW 102014.odt
    2014-10-20 20:43 - 2014-10-20 20:46 - 12739584 _____ () C:\Users\Tomasz\Downloads\Biochemistry_presentation (1).ppt
    2014-10-20 20:43 - 2014-10-20 20:43 - 01174016 _____ () C:\Users\Tomasz\Downloads\enzymes.ppt
    2014-10-18 15:39 - 2014-10-22 18:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2014-10-18 15:39 - 2014-10-18 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2014-10-18 15:36 - 2014-09-29 17:45 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2014-10-18 15:36 - 2014-09-29 17:45 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2014-10-17 22:09 - 2014-10-17 22:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine
    2014-10-17 22:07 - 2014-10-17 22:08 - 130258496 _____ () C:\Users\Tomasz\Downloads\ddolive.exe
    2014-10-17 20:32 - 1997-08-26 11:06 - 00315904 _____ (InstallShield Software Corporation) C:\WINDOWS\IsUninst.exe
    2014-10-17 05:30 - 2014-10-17 05:30 - 00003552 _____ () C:\WINDOWS\System32\Tasks\HP AR Program Upload - a84c848a1659461f9446762520251da8aab7d8b40a1b4969a32f1266472c26fa
    2014-10-17 00:02 - 2014-10-17 05:30 - 00023538 _____ () C:\Users\Tomasz\Documents\Theo 101614.odt
    2014-10-15 23:03 - 2014-10-15 23:03 - 00020457 _____ () C:\Users\Tomasz\Documents\AP Bio 101514.odt
    2014-10-15 22:48 - 2014-10-15 22:49 - 12739584 _____ () C:\Users\Tomasz\Downloads\Biochemistry_presentation.ppt
    2014-10-15 09:33 - 2014-08-15 23:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2014-10-15 09:33 - 2014-08-15 23:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
    2014-10-15 09:33 - 2014-08-15 23:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2014-10-15 09:33 - 2014-08-15 22:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2014-10-15 09:33 - 2014-08-15 22:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2014-10-15 09:33 - 2014-08-15 22:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
    2014-10-15 09:33 - 2014-08-15 22:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2014-10-15 09:33 - 2014-08-15 22:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
    2014-10-15 09:33 - 2014-08-15 22:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2014-10-15 09:33 - 2014-08-15 20:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2014-10-15 09:33 - 2014-08-15 20:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
    2014-10-15 09:33 - 2014-08-15 19:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
    2014-10-15 09:33 - 2014-08-15 19:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
    2014-10-15 09:33 - 2014-08-15 19:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
    2014-10-15 09:33 - 2014-08-15 19:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2014-10-15 09:33 - 2014-08-15 19:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
    2014-10-15 09:33 - 2014-08-15 19:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
    2014-10-15 09:33 - 2014-08-15 19:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
    2014-10-15 09:33 - 2014-08-15 19:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
    2014-10-15 09:33 - 2014-08-15 19:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-10-15 09:33 - 2014-08-15 19:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
    2014-10-15 09:33 - 2014-08-15 19:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
    2014-10-15 09:33 - 2014-08-15 19:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
    2014-10-15 09:33 - 2014-08-15 19:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-10-15 09:33 - 2014-08-15 19:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
    2014-10-15 09:33 - 2014-08-15 19:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
    2014-10-15 09:33 - 2014-08-15 19:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
    2014-10-15 09:33 - 2014-08-15 19:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2014-10-15 09:33 - 2014-08-15 19:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
    2014-10-15 09:33 - 2014-08-15 19:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
    2014-10-15 09:33 - 2014-08-15 19:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
    2014-10-15 09:33 - 2014-08-15 19:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
    2014-10-15 09:33 - 2014-08-15 19:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2014-10-15 09:33 - 2014-08-15 19:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
    2014-10-15 09:33 - 2014-07-31 18:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml
    2014-10-15 09:32 - 2014-09-27 17:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2014-10-15 09:31 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-10-15 09:31 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2014-10-15 09:31 - 2014-09-13 01:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2014-10-15 09:31 - 2014-09-13 00:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2014-10-15 09:31 - 2014-09-07 22:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2014-10-15 09:31 - 2014-09-07 20:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2014-10-15 09:31 - 2014-09-07 20:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2014-10-15 09:31 - 2014-09-07 19:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
    2014-10-15 09:31 - 2014-09-07 19:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
    2014-10-15 09:31 - 2014-09-07 19:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2014-10-15 09:31 - 2014-09-07 19:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
    2014-10-15 09:31 - 2014-09-07 19:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
    2014-10-15 09:31 - 2014-09-07 19:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
    2014-10-15 09:31 - 2014-09-07 19:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2014-10-15 09:31 - 2014-09-07 18:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
    2014-10-15 09:31 - 2014-09-07 18:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
    2014-10-15 09:31 - 2014-09-07 18:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2014-10-15 09:31 - 2014-09-07 18:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
    2014-10-15 09:31 - 2014-09-03 19:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
    2014-10-15 09:31 - 2014-09-03 18:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
    2014-10-15 09:31 - 2014-09-03 18:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
    2014-10-15 09:31 - 2014-08-28 20:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
    2014-10-15 09:31 - 2014-08-28 18:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2014-10-15 09:31 - 2014-08-28 18:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2014-10-15 09:30 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2014-10-15 09:30 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2014-10-15 09:30 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2014-10-15 09:30 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2014-10-15 09:30 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2014-10-15 09:30 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2014-10-15 09:30 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2014-10-15 09:30 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2014-10-15 09:30 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
    2014-10-15 09:30 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2014-10-15 09:30 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2014-10-15 09:30 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2014-10-15 09:30 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2014-10-15 09:30 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2014-10-15 09:30 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
    2014-10-15 09:30 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2014-10-15 09:30 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2014-10-15 09:30 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2014-10-15 09:30 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2014-10-15 09:30 - 2014-09-18 19:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2014-10-15 09:30 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2014-10-15 09:30 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2014-10-15 09:30 - 2014-09-18 19:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2014-10-15 09:30 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2014-10-15 09:30 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2014-10-15 09:30 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2014-10-15 09:30 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2014-10-15 09:30 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2014-10-15 09:30 - 2014-09-03 19:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
    2014-10-15 09:30 - 2014-09-03 19:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-14 15:39 - 2014-02-03 15:17 - 00000000 ____D () C:\Users\Tomasz\AppData\Roaming\ClassicShell
    2014-11-14 15:35 - 2014-02-21 18:04 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-11-14 15:23 - 2014-04-07 19:09 - 00000000 ____D () C:\Users\Tomasz\AppData\Roaming\Skype
    2014-11-14 15:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2014-11-14 12:51 - 2014-02-02 13:56 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F8041DA0-2BE8-494B-8E09-951293D6D6B2}
    2014-11-14 09:52 - 2014-02-03 15:23 - 00000000 ____D () C:\ProgramData\MFAData
    2014-11-14 07:15 - 2014-07-07 15:31 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-11-14 07:09 - 2014-02-04 21:11 - 00000024 _____ () C:\Users\Tomasz\random.dat
    2014-11-14 07:03 - 2014-02-03 15:34 - 00000000 ____D () C:\Program Files (x86)\Steam
    2014-11-14 06:57 - 2014-02-04 21:11 - 00000045 _____ () C:\Users\Tomasz\jagex_cl_runescape_LIVE.dat
    2014-11-14 06:50 - 2014-02-16 14:03 - 02092289 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-11-14 06:44 - 2014-02-02 14:04 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2883957329-2792123602-793195274-1001
    2014-11-14 04:28 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2014-11-13 21:36 - 2014-09-20 19:03 - 00000024 _____ () C:\Users\Tomasz\jagexappletviewer.preferences
    2014-11-13 19:35 - 2014-02-21 18:04 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-13 19:30 - 2014-02-21 18:04 - 00003896 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-11-13 19:30 - 2014-02-21 18:04 - 00003660 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-11-13 18:52 - 2014-06-21 20:18 - 00000000 ____D () C:\Users\Tomasz\AppData\Local\Akamai
    2014-11-13 16:53 - 2014-02-08 16:24 - 00000000 ____D () C:\Users\Tomasz\AppData\Local\CrashDumps
    2014-11-13 16:52 - 2014-02-19 18:31 - 00000000 ____D () C:\ProgramData\HappyCloud
    2014-11-12 05:01 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2014-11-11 15:43 - 2014-02-03 15:14 - 00354304 ___SH () C:\Users\Tomasz\Desktop\Thumbs.db
    2014-11-11 11:03 - 2014-08-14 08:50 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
    2014-11-11 09:44 - 2014-02-08 23:43 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
    2014-11-10 23:38 - 2014-06-02 16:38 - 00003170 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForTomasz
    2014-11-10 23:38 - 2014-06-02 16:38 - 00000354 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForTomasz.job
    2014-11-10 18:04 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
    2014-11-10 17:32 - 2014-02-03 20:07 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
    2014-11-10 17:31 - 2014-02-03 20:07 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2014-11-09 09:30 - 2014-07-18 15:19 - 00000000 ____D () C:\Program Files (x86)\WarThunder
    2014-11-09 09:30 - 2014-02-21 21:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
    2014-11-09 09:30 - 2014-02-03 22:12 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
    2014-11-06 17:51 - 2014-03-11 22:23 - 00000000 ____D () C:\Users\Tomasz\AppData\Roaming\HexChat
    2014-11-05 23:50 - 2014-02-21 15:30 - 00000000 ____D () C:\Users\Tomasz\AppData\Local\Turbine
    2014-11-04 15:30 - 2014-07-31 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2014-11-03 15:47 - 2013-11-14 02:28 - 00969092 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-11-03 15:44 - 2013-08-22 09:46 - 00299538 _____ () C:\WINDOWS\setupact.log
    2014-11-02 17:38 - 2013-10-17 14:01 - 00234284 _____ () C:\WINDOWS\DirectX.log
    2014-11-02 17:33 - 2013-10-17 13:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2014-11-02 00:21 - 2014-02-03 20:23 - 00000000 ____D () C:\Users\Tomasz\Documents\My Games
    2014-11-01 21:15 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\L2Schemas
    2014-11-01 20:48 - 2014-07-07 15:31 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-11-01 20:48 - 2014-07-07 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-11-01 20:48 - 2014-07-07 15:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-10-30 18:08 - 2014-04-21 10:26 - 00000000 ____D () C:\Users\Tomasz\Documents\Scanned
    2014-10-27 11:38 - 2014-02-03 15:41 - 00000000 ____D () C:\Users\Tomasz\AppData\Roaming\Raptr
    2014-10-24 16:25 - 2014-02-03 19:15 - 00000000 ____D () C:\Users\Tomasz\Documents\ZNES
    2014-10-22 18:22 - 2014-04-07 19:08 - 00000000 ____D () C:\ProgramData\Skype
    2014-10-19 04:16 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
    2014-10-18 23:13 - 2014-07-07 15:10 - 00000147 _____ () C:\WINDOWS\wininit.ini
    2014-10-18 22:14 - 2014-02-03 19:12 - 00000000 ____D () C:\Users\Tomasz\AppData\Local\Adobe
    2014-10-18 22:00 - 2014-02-03 13:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-10-18 15:39 - 2014-04-07 19:08 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk
    2014-10-18 15:39 - 2014-02-16 14:08 - 00000000 ___DO () C:\Users\Tomasz\SkyDrive
    2014-10-18 15:38 - 2014-02-03 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desura
    2014-10-18 15:35 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-10-18 15:35 - 2013-08-22 09:44 - 00383496 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2014-10-18 15:34 - 2013-11-14 02:20 - 00202256 _____ () C:\WINDOWS\PFRO.log
    2014-10-18 15:32 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
    2014-10-18 15:30 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
    2014-10-18 15:30 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
    2014-10-18 15:30 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
    2014-10-18 15:30 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager
    2014-10-18 15:30 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera
    2014-10-18 15:29 - 2013-11-14 02:17 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-10-18 15:29 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
    2014-10-18 15:29 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2014-10-18 15:29 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2014-10-18 15:29 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
    2014-10-18 15:29 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod
    2014-10-18 15:29 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\setup
    2014-10-18 15:29 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
    2014-10-17 22:09 - 2014-06-21 15:47 - 00000000 ____D () C:\Program Files (x86)\Turbine
    2014-10-15 19:30 - 2014-09-29 22:49 - 00031667 _____ () C:\Users\Tomasz\Documents\92914 HW.odt
    2014-10-15 19:30 - 2014-09-23 00:22 - 00023029 _____ () C:\Users\Tomasz\Documents\AP Bio Lab Report 92214.odt
    2014-10-15 15:05 - 2014-02-03 20:54 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-10-15 15:00 - 2014-02-03 20:54 - 103265616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

    Files to move or delete:
    ====================
    C:\ProgramData\hash.dat
    C:\Users\Tomasz\jagex_cl_runescape_LIVE.dat
    C:\Users\Tomasz\jagex_cl_runescape_LIVE1.dat
    C:\Users\Tomasz\jagex_cl_runescape_LIVE_BETA.dat
    C:\Users\Tomasz\random.dat


    Some content of TEMP:
    ====================
    C:\Users\Tomasz\AppData\Local\Temp\CmdLineExt02.dll
    C:\Users\Tomasz\AppData\Local\Temp\comver.dll
    C:\Users\Tomasz\AppData\Local\Temp\ddxx_MesHoooooook.dll
    C:\Users\Tomasz\AppData\Local\Temp\drm_dyndata_7400009.dll
    C:\Users\Tomasz\AppData\Local\Temp\Gw2.exe
    C:\Users\Tomasz\AppData\Local\Temp\hcuninstaller_20140220_101735_79512.exe
    C:\Users\Tomasz\AppData\Local\Temp\hcuninstaller_20140221_115845_29792.exe
    C:\Users\Tomasz\AppData\Local\Temp\HssInstaller.exe
    C:\Users\Tomasz\AppData\Local\Temp\hsspk.exe
    C:\Users\Tomasz\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
    C:\Users\Tomasz\AppData\Local\Temp\NGMDll.dll
    C:\Users\Tomasz\AppData\Local\Temp\NGMResource.dll
    C:\Users\Tomasz\AppData\Local\Temp\oi_{0E265131-8FF4-4AE9-A952-7BDA4E96DEA1}.exe
    C:\Users\Tomasz\AppData\Local\Temp\SIntf16.dll
    C:\Users\Tomasz\AppData\Local\Temp\SIntf32.dll
    C:\Users\Tomasz\AppData\Local\Temp\SIntfNT.dll
    C:\Users\Tomasz\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Tomasz\AppData\Local\Temp\SRLDetectionLibrary4822007644872002210.dll
    C:\Users\Tomasz\AppData\Local\Temp\unicows.dll
    C:\Users\Tomasz\AppData\Local\Temp\war3_Install.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-11-14 04:27

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-11-2014 02
    Ran by Tomasz at 2014-11-14 15:49:25
    Running from C:\Users\Tomasz\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
    Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
    Akamai NetSession Interface (HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
    Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{0DEB2EEB-BE9A-44B1-9D90-183250B61785}) (Version: 20.13.3317.03143 - Alcor Micro Corp.)
    Alcor Micro USB Card Reader Driver (x32 Version: 20.13.3317.03143 - Alcor Micro Corp.) Hidden
    AMD Catalyst Install Manager (HKLM\...\{40959651-122E-1A16-9011-40629C01703F}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
    APB Reloaded (HKLM-x32\...\Steam App 113400) (Version: - Reloaded Productions)
    Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Archeage Beta (HKLM-x32\...\Glyph Archeage Beta) (Version: - Trion Worlds, Inc.)
    Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
    Audiosurf (HKLM-x32\...\Steam App 12900) (Version: - Dylan Fitterer)
    AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
    AVG 2014 (Version: 14.0.4189 - AVG Technologies) Hidden
    AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
    AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 17.3.1.91 - AVG Technologies)
    AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Beat Hazard (HKLM-x32\...\Steam App 49600) (Version: - Cold Beam Games)
    BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Caveman2Cosmos (HKLM-x32\...\Caveman2Cosmos) (Version: - )
    CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
    Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6522 - CyberLink Corp.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.3003 - CyberLink Corp.)
    Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4016 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.2921 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3007 - CyberLink Corp.)
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1.3007 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version: - FromSoftware)
    Defense Grid: The Awakening (HKLM-x32\...\Steam App 18500) (Version: - Hidden Path Entertainment)
    Deluge 1.3.6 (HKLM-x32\...\Deluge) (Version: - )
    Desura (HKLM-x32\...\Desura) (Version: 100.57 - Desura)
    Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version: - Eidos Montreal)
    Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
    Double Dragon Neon (HKLM-x32\...\Steam App 252350) (Version: - WayForward)
    Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
    Dungeon Fighter Online (HKLM-x32\...\DFO) (Version: - )
    Dungeons & Dragons Online (HKLM-x32\...\Dungeons & Dragons Online) (Version: - Turbine, Inc)
    EverQuest II (HKLM-x32\...\Steam App 201230) (Version: - Sony Online Entertainment, LLC.)
    f.lux (HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\Flux) (Version: - )
    Façade (HKLM-x32\...\{24E34264-D483-477C-A9A0-4E53F69834CF}) (Version: 1.1.2 - Procedural Arts)
    Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version: - Bethesda Game Studios)
    Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
    FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games)
    GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
    Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
    Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
    GunZ 2: The Second Duel (HKLM-x32\...\Steam App 242720) (Version: - MAIET Entertainment)
    Gyazo 2.0.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
    Happy Cloud Client (HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\HappyCloud) (Version: 4.28 - Happy Cloud, Inc.)
    Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
    Hewlett-Packard ACLM.NET v1.2.2.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HexChat (x64) (HKLM\...\HexChat (x64)_is1) (Version: 2.9.6 - HexChat)
    Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
    Hitman: Blood Money (HKLM-x32\...\Steam App 6860) (Version: - IO Interactive)
    Hotline Miami (HKLM-x32\...\Steam App 219150) (Version: - Dennaton Games)
    Hotspot Shield 3.42 (HKLM-x32\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.)
    HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
    HP Officejet 4630 series Basic Device Software (HKLM\...\{29B1CB33-32C3-4762-85DA-8CEADDC36EA7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}) (Version: 7.2.23.56 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6482.0 - IDT)
    IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
    Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
    Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.600 - Oracle)
    Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche)
    Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version: - JC2-MP Team)
    League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
    League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
    Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
    Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios)
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Marvel Heroes 2015 (HKLM-x32\...\Steam App 226320) (Version: - Gazillion Entertainment)
    METAL GEAR RISING: REVENGEANCE (HKLM-x32\...\Steam App 235460) (Version: - PlatinumGames)
    Metal Slug 3 (HKLM-x32\...\Steam App 250180) (Version: - DotEmu)
    Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
    Moonbase Alpha (HKLM-x32\...\Steam App 39000) (Version: - Virtual Heroes)
    Mount&Blade Warband (HKLM-x32\...\Mount&Blade Warband) (Version: - )
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0a1 - Mozilla)
    MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
    Neverwinter (HKLM-x32\...\Steam App 109600) (Version: - Cryptic Studios)
    Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )
    Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.47.3 - Black Tree Gaming)
    Nightly 36.0a1 (x86 en-US) (HKLM-x32\...\Nightly 36.0a1 (x86 en-US)) (Version: 36.0a1 - Mozilla)
    NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
    One Way Heroics (HKLM-x32\...\Steam App 266210) (Version: - Smoking WOLF)
    Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
    Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
    Painkiller Hell & Damnation (HKLM-x32\...\Steam App 214870) (Version: - The Farm 51)
    Painkiller Overdose (HKLM-x32\...\Steam App 3270) (Version: - Mindware Studios)
    Painkiller: Black Edition (HKLM-x32\...\Steam App 39530) (Version: - People Can Fly)
    Painkiller: Recurring Evil (HKLM-x32\...\Steam App 206760) (Version: - Med-Art)
    Painkiller: Redemption (HKLM-x32\...\Steam App 65560) (Version: - Eggtooth Team)
    Painkiller: Resurrection (HKLM-x32\...\Steam App 39560) (Version: - Homegrown Games)
    Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
    PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
    PHANTASY STAR ONLINE 2 (HKLM-x32\...\http://pso2.jp/appid/release_is1) (Version: - SEGA)
    Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Pinball FX2 (HKLM-x32\...\Steam App 226980) (Version: - Zen Studios)
    Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
    Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) Hidden
    PixelJunk Eden (HKLM-x32\...\Steam App 105800) (Version: - Q-Games, Ltd.)
    PixelJunk™ Shooter (HKLM-x32\...\Steam App 255870) (Version: - )
    Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
    puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
    Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
    QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
    Raptr (HKLM-x32\...\Raptr) (Version: - )
    Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.30153 - Realtek Semiconductor Corp.)
    Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
    Red Orchestra 2: Heroes of Stalingrad - Single Player (HKLM-x32\...\Steam App 236830) (Version: - )
    RIFT (HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\RIFT) (Version: - Trion Worlds, Inc.)
    RIFT™ (HKLM-x32\...\Steam App 39120) (Version: - Trion Worlds)
    Rock of Ages (HKLM-x32\...\Steam App 22230) (Version: - ACE Team)
    RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
    Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version: - Coffee Stain Studios)
    Sid Meier's Civilization IV: Beyond the Sword (HKLM-x32\...\Steam App 8800) (Version: - Firaxis Games)
    Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
    Sid Meier's Railroads! (HKLM-x32\...\Steam App 7600) (Version: - Firaxis Games)
    Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
    Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - Rebellion)
    Sonic Adventure™ 2 (HKLM-x32\...\Steam App 213610) (Version: - SEGA)
    Sonic CD (HKLM-x32\...\Steam App 200940) (Version: - Blit Software)
    SpaceChem (HKLM-x32\...\Steam App 92800) (Version: - Zachtronics)
    SpeedRunners (HKLM-x32\...\Steam App 207140) (Version: - DoubleDutch Games)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
    Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.45 - Bioware/EA)
    Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
    Strife (HKLM-x32\...\Strife) (Version: - S2 Games)
    Super Hexagon (HKLM-x32\...\Steam App 221640) (Version: - Terry Cavanagh)
    System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
    System Requirements Lab Detection (HKLM-x32\...\{9EBC5B93-2588-4F82-A9D0-152768020A7A}) (Version: 2.2.3.0 - Husdawg, LLC)
    Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
    TERA (HKLM-x32\...\{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}) (Version: 1.6 - En Masse Entertainment)
    Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
    The Elder Scrolls II: Daggerfall, DaggerfallSetup 2.9 (HKLM-x32\...\DaggerfallSetup_is1) (Version: - Bethesda Softworks)
    The Lord of the Rings Online (HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\lotro_highres_en_full) (Version: - )
    The Ship (HKLM-x32\...\Steam App 2400) (Version: - Outerlight Ltd.)
    The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
    The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD Projekt RED)
    Thief Gold (HKLM-x32\...\Steam App 211600) (Version: - Looking Glass Studios)
    Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - Runic Games)
    TrackMania Nations Forever (HKLM-x32\...\Steam App 11020) (Version: - Nadeo)
    Tropico 3 - Steam Special Edition (HKLM-x32\...\Steam App 23490) (Version: - Haemimont Games)
    Trove (HKLM-x32\...\Glyph Trove) (Version: - Trion Worlds, Inc.)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
    Unity Web Player (HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
    War Thunder Launcher 1.0.1.376 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
    Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
    Warcraft III: All Products (HKU\S-1-5-21-2883957329-2792123602-793195274-1001\...\Warcraft III) (Version: - )
    Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
    XSplit Broadcaster (HKLM-x32\...\{6459F338-FE52-4034-BCA7-74772DA0F24D}) (Version: 1.3.1403.1202 - SplitMediaLabs)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    11-11-2014 11:48:08 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {230B269C-763C-4773-9317-F9960F0CC0B5} - System32\Tasks\HP AR Program Upload - a84c848a1659461f9446762520251da8aab7d8b40a1b4969a32f1266472c26fa => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2013-08-13] (TODO: <Company name>)
    Task: {4EB56750-51FF-407C-9568-31D0DEB7D4DE} - System32\Tasks\HP AR Program Upload - 4907845bd19d41d2b207106fc40ee8ed2cfea7d136c2473eb966a0569956be2c => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2013-08-13] (TODO: <Company name>)
    Task: {556AE6DC-1155-4471-882B-14BC7061CDD7} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
    Task: {59465511-B042-4B7B-BACB-393EF1DBBB7B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-15] (Microsoft Corporation)
    Task: {5A188ACC-E1A0-4E5F-AEE8-77AF69A86947} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN4282P401 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
    Task: {5AACCD86-5731-4755-9846-DCF1D525DD11} - System32\Tasks\HPCeeScheduleForTomasz => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
    Task: {66CECEDC-8CE3-4D5D-9C41-47C519CA526E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
    Task: {6EE51F89-6D63-4A48-9463-453A0B1FE4BB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
    Task: {78FB3F2C-60F2-4B98-A6D2-29ADF865AF31} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
    Task: {7E74AC0C-D5C0-4585-9590-4913B819915C} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)
    Task: {821590EB-7A6A-4025-8DA4-645CAEFAE964} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
    Task: {85406C15-B6F3-46DF-A0B9-CB6C86DFA2B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21] (Google Inc.)
    Task: {AA97B452-8890-4290-A2C3-E5B51B787541} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21] (Google Inc.)
    Task: {B5FA7276-1E04-46C7-8257-0621B4199D51} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {E67BC01B-ECB0-461D-A72E-219F681565D0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForTomasz.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-08-11 08:15 - 2014-08-11 08:15 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
    2012-01-10 14:41 - 2014-02-21 16:22 - 00567880 _____ () C:\Program Files (x86)\puush\puush.exe
    2014-03-03 13:51 - 2014-08-26 00:32 - 02640408 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
    2013-01-22 17:50 - 2013-01-22 17:50 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
    2014-03-11 22:23 - 2013-09-15 10:08 - 00764416 _____ () C:\Program Files\HexChat\hexchat.exe
    2014-03-11 22:23 - 2013-07-25 11:54 - 01529856 _____ () C:\Program Files\HexChat\libxml2.dll
    2014-03-11 22:23 - 2013-07-25 12:07 - 01605632 _____ () C:\Program Files\HexChat\cairo.dll
    2014-03-11 22:23 - 2013-07-25 11:56 - 00225280 _____ () C:\Program Files\HexChat\libpng16.dll
    2014-03-11 22:23 - 2013-07-25 11:49 - 00028160 _____ () C:\Program Files\HexChat\iconv.dll
    2014-03-11 22:23 - 2013-07-25 11:55 - 00679936 _____ () C:\Program Files\HexChat\fontconfig.dll
    2014-03-11 22:23 - 2013-07-25 11:57 - 00594944 _____ () C:\Program Files\HexChat\pixman-1.dll
    2014-03-11 22:23 - 2013-07-25 11:54 - 00076288 _____ () C:\Program Files\HexChat\zlib1.dll
    2014-03-11 22:23 - 2013-07-25 12:08 - 00757760 _____ () C:\Program Files\HexChat\harfbuzz.dll
    2014-05-01 14:41 - 2013-07-25 12:11 - 00057344 _____ () C:\Program Files\HexChat\lib\gtk-2.0\i686-pc-vs10\engines\libwimp.dll
    2014-05-01 14:41 - 2013-07-25 12:07 - 00287744 _____ () C:\Program Files\HexChat\lib\enchant\libenchant_myspell.dll
    2014-05-01 14:41 - 2013-09-15 10:07 - 00011776 _____ () C:\Program Files\HexChat\plugins\hcupd.dll
    2014-10-20 02:54 - 2014-10-20 02:54 - 05185024 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI.Xaml\873b701d9b42e91132f08a6f05c4361a\Windows.UI.Xaml.ni.dll
    2014-10-19 00:28 - 2014-10-19 00:28 - 00151552 _____ () C:\Users\Tomasz\AppData\Local\Packages\ad2f1837.hpscanandcapture_v10z8vjag6ke6\AC\Microsoft\CLR_v4.0\NativeImages\HPLoggingLib\3de27730452db75009ce53dffd5d78df\HPLoggingLib.ni.dll
    2014-10-20 02:54 - 2014-10-20 02:54 - 01782784 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\3f4dc590466037f015f65bc07d1ea923\Windows.ApplicationModel.ni.dll
    2014-10-20 02:54 - 2014-10-20 02:54 - 01278464 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Storage\f9ac074d298db459c5eff6d3256861c8\Windows.Storage.ni.dll
    2014-10-20 02:54 - 2014-10-20 02:54 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
    2014-10-20 02:54 - 2014-10-20 02:54 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\4bd80968bf666252841ca7792faaff11\Windows.UI.ni.dll
    2014-10-19 00:28 - 2014-10-19 00:28 - 00069632 _____ () C:\Users\Tomasz\AppData\Local\Packages\ad2f1837.hpscanandcapture_v10z8vjag6ke6\AC\Microsoft\CLR_v4.0\NativeImages\APIHelper\5c9035189c49528f0874655fb2e62522\APIHelper.ni.dll
    2014-10-19 00:28 - 2014-10-19 00:28 - 00031232 _____ () C:\Users\Tomasz\AppData\Local\Packages\ad2f1837.hpscanandcapture_v10z8vjag6ke6\AC\Microsoft\CLR_v4.0\NativeImages\APIHelperInterface\9dd5376ba3a272087b2076390c70d021\APIHelperInterface.ni.dll
    2014-10-19 00:28 - 2014-10-19 00:28 - 04028416 _____ () C:\Users\Tomasz\AppData\Local\Packages\ad2f1837.hpscanandcapture_v10z8vjag6ke6\AC\Microsoft\CLR_v4.0\NativeImages\HPCaptureLib\a4c47a20d9520fd76bc1052a824c47c1\HPCaptureLib.ni.dll
    2014-10-20 02:54 - 2014-10-20 02:54 - 01259520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Networking\8f0dd293f95c402613c49fb2fac85bdd\Windows.Networking.ni.dll
    2014-10-20 02:54 - 2014-10-20 02:54 - 00521216 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\fae2b750f87849ca11806d20b2504bf2\Windows.Data.ni.dll
    2014-06-03 05:21 - 2014-06-03 05:21 - 02019840 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Devices\0b4b3f23bdebd1d056b32b31e2f746bb\Windows.Devices.ni.dll
    2014-06-03 05:21 - 2014-06-03 05:21 - 00467456 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Graphics\ea818a24554fc2db9a73de1e79afb286\Windows.Graphics.ni.dll
    2014-10-20 02:55 - 2014-10-20 02:55 - 00207872 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.System\a4efa88b742703220e527956d8ab4e84\Windows.System.ni.dll
    2014-08-11 08:15 - 2014-08-11 08:15 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
    2014-03-03 13:51 - 2014-03-21 02:18 - 01603608 _____ () C:\Program Files (x86)\AVG Secure Search\TBAPI.dll
    2014-02-03 15:36 - 2014-09-21 14:48 - 06448080 _____ () C:\Program Files (x86)\Desura\bin\uicore.dll
    2014-02-03 15:36 - 2014-09-21 14:48 - 01728976 _____ () C:\Program Files (x86)\Desura\bin\mcfcore.dll
    2014-02-03 15:36 - 2014-09-21 14:48 - 06092240 _____ () C:\Program Files (x86)\Desura\bin\usercore.dll
    2014-02-03 15:36 - 2014-09-21 14:48 - 01595344 _____ () C:\Program Files (x86)\Desura\bin\webcore.dll
    2014-06-02 06:03 - 2014-09-21 14:48 - 00536064 _____ () C:\Program Files (x86)\Desura\bin\gmock.dll
    2014-06-02 06:03 - 2014-09-21 14:48 - 02979840 _____ () C:\Program Files (x86)\Desura\bin\unittest.dll
    2014-06-02 06:03 - 2014-09-21 14:48 - 01985488 _____ () C:\Program Files (x86)\Desura\bin\servicecore.dll
    2014-02-03 15:36 - 2014-02-03 15:36 - 18300416 _____ () C:\Program Files (x86)\Desura\bin\cef_desura.dll
    2014-02-03 15:36 - 2014-02-03 15:36 - 01577761 _____ () C:\Program Files (x86)\Desura\bin\avcodec-53.dll
    2014-02-03 15:36 - 2014-02-03 15:36 - 00134035 _____ () C:\Program Files (x86)\Desura\bin\avutil-51.dll
    2014-02-03 15:36 - 2014-02-03 15:36 - 00213022 _____ () C:\Program Files (x86)\Desura\bin\avformat-53.dll
    2014-02-03 15:36 - 2014-09-21 14:48 - 00820176 _____ () C:\Program Files (x86)\Desura\bin\scriptcore.dll
    2014-06-02 06:03 - 2014-09-21 14:48 - 03444224 _____ () C:\Program Files (x86)\Desura\bin\v8.dll
    2010-11-22 17:56 - 2010-11-22 17:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
    2010-11-22 17:56 - 2010-11-22 17:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
    2010-11-22 17:56 - 2010-11-22 17:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
    2014-05-13 18:26 - 2014-05-13 18:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
    2014-05-13 18:26 - 2014-05-13 18:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
    2014-05-13 18:26 - 2014-05-13 18:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
    2014-05-13 18:26 - 2014-05-13 18:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
    2010-11-22 17:57 - 2010-11-22 17:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
    2010-11-22 17:56 - 2010-11-22 17:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
    2010-11-22 17:56 - 2010-11-22 17:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
    2010-11-22 17:56 - 2010-11-22 17:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
    2010-11-22 17:57 - 2010-11-22 17:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
    2010-11-22 17:57 - 2010-11-22 17:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
    2010-11-22 17:56 - 2010-11-22 17:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
    2011-02-15 13:17 - 2011-02-15 13:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
    2010-11-22 17:57 - 2010-11-22 17:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
    2014-05-13 18:26 - 2014-05-13 18:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
    2010-11-22 17:56 - 2010-11-22 17:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
    2010-11-22 17:56 - 2010-11-22 17:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
    2010-11-22 17:56 - 2010-11-22 17:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
    2010-11-22 17:57 - 2010-11-22 17:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
    2010-11-22 17:56 - 2010-11-22 17:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
    2010-11-22 17:57 - 2010-11-22 17:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
    2010-11-22 17:56 - 2010-11-22 17:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
    2013-11-20 19:05 - 2013-11-20 19:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
    2014-08-19 20:34 - 2014-08-19 20:34 - 00031488 _____ () C:\Program Files (x86)\Raptr\ltc_host_ex.DLL
    2010-11-22 17:57 - 2010-11-22 17:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
    2014-06-17 19:56 - 2014-06-17 19:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
    2011-02-15 13:17 - 2011-02-15 13:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
    2010-11-22 18:06 - 2010-11-22 18:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
    2013-05-09 18:52 - 2013-05-09 18:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
    2013-05-09 18:52 - 2013-05-09 18:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
    2013-05-09 18:52 - 2013-05-09 18:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
    2013-05-03 13:57 - 2013-05-03 13:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
    2013-05-03 13:56 - 2013-05-03 13:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
    2013-05-03 13:56 - 2013-05-03 13:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
    2013-05-03 13:57 - 2013-05-03 13:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
    2013-05-03 13:56 - 2013-05-03 13:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
    2013-05-03 13:57 - 2013-05-03 13:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
    2013-05-03 13:57 - 2013-05-03 13:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
    2013-05-03 13:57 - 2013-05-03 13:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
    2013-05-03 13:57 - 2013-05-03 13:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
    2014-01-03 06:03 - 2014-01-03 06:03 - 07816192 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
    2014-01-03 06:03 - 2014-01-03 06:03 - 01425920 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
    2014-01-03 06:03 - 2014-01-03 06:03 - 00188416 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-52.dll
    2014-01-03 06:03 - 2014-01-03 06:03 - 00336896 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
    2014-01-03 06:03 - 2014-01-03 06:03 - 00096256 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll
    2014-10-28 13:30 - 2014-10-21 23:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
    2014-10-28 13:30 - 2014-10-21 23:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
    2014-08-29 19:43 - 2014-08-21 13:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
    2014-08-29 19:43 - 2014-08-21 13:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
    2014-08-29 19:43 - 2014-08-21 13:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
    2014-06-25 13:57 - 2014-10-01 18:16 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
    2014-06-25 13:57 - 2014-10-21 14:22 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll
    2014-08-29 19:43 - 2014-08-21 13:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
    2014-08-29 19:43 - 2014-08-21 13:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
    2014-06-25 13:57 - 2014-10-21 14:22 - 00682176 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2014-06-25 13:57 - 2014-09-04 18:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
    2014-08-14 18:54 - 2014-09-04 18:29 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
    2014-10-28 13:30 - 2014-10-21 23:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
    2014-10-28 13:30 - 2014-10-21 23:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
    2014-10-28 13:30 - 2014-10-21 23:05 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Tomasz\SkyDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    HKCU\...\StartupApproved\Run: => "f.lux"

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-2883957329-2792123602-793195274-500 - Administrator - Disabled)
    ASPNET (S-1-5-21-2883957329-2792123602-793195274-1006 - Limited - Enabled)
    Guest (S-1-5-21-2883957329-2792123602-793195274-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2883957329-2792123602-793195274-1005 - Limited - Enabled)
    Tomasz (S-1-5-21-2883957329-2792123602-793195274-1001 - Administrator - Enabled) => C:\Users\Tomasz

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/14/2014 08:26:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 97a0

    Start Time: 01d0000de0cb8c05

    Termination Time: 4294967295

    Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

    Report Id: d4c5e177-6c01-11e4-be9d-9cb654b9e792

    Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

    Error: (11/14/2014 07:57:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 902c

    Start Time: 01d00009afe8f877

    Termination Time: 4294967295

    Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

    Report Id: a3abd4c6-6bfd-11e4-be9d-9cb654b9e792

    Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

    Error: (11/13/2014 04:52:55 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: TurbineLauncher.exe, version: 1500.55.9599.4038, time stamp: 0x545c4d0a
    Faulting module name: patchclient.DLL, version: 3.0.2.0, time stamp: 0x52f3d636
    Exception code: 0xc0000005
    Fault offset: 0x0002e779
    Faulting process id: 0xa2b4
    Faulting application start time: 0xTurbineLauncher.exe0
    Faulting application path: TurbineLauncher.exe1
    Faulting module path: TurbineLauncher.exe2
    Report Id: TurbineLauncher.exe3
    Faulting package full name: TurbineLauncher.exe4
    Faulting package-relative application ID: TurbineLauncher.exe5

    Error: (11/12/2014 03:55:40 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: TurbineLauncher.exe, version: 1500.55.9599.4038, time stamp: 0x545c4d0a
    Faulting module name: patchclient.DLL, version: 3.0.2.0, time stamp: 0x52f3d636
    Exception code: 0xc0000005
    Fault offset: 0x0002e779
    Faulting process id: 0x93b8
    Faulting application start time: 0xTurbineLauncher.exe0
    Faulting application path: TurbineLauncher.exe1
    Faulting module path: TurbineLauncher.exe2
    Report Id: TurbineLauncher.exe3
    Faulting package full name: TurbineLauncher.exe4
    Faulting package-relative application ID: TurbineLauncher.exe5

    Error: (11/12/2014 03:47:29 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: TurbineLauncher.exe, version: 1500.55.9599.4038, time stamp: 0x545c4d0a
    Faulting module name: patchclient.DLL, version: 3.0.2.0, time stamp: 0x52f3d636
    Exception code: 0xc0000005
    Fault offset: 0x00030e3f
    Faulting process id: 0xa154
    Faulting application start time: 0xTurbineLauncher.exe0
    Faulting application path: TurbineLauncher.exe1
    Faulting module path: TurbineLauncher.exe2
    Report Id: TurbineLauncher.exe3
    Faulting package full name: TurbineLauncher.exe4
    Faulting package-relative application ID: TurbineLauncher.exe5

    Error: (11/11/2014 09:21:22 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: TurbineLauncher.exe, version: 1500.55.9599.4038, time stamp: 0x545c4d0a
    Faulting module name: patchclient.DLL, version: 3.0.2.0, time stamp: 0x52f3d636
    Exception code: 0xc0000005
    Fault offset: 0x0002e779
    Faulting process id: 0x6b24
    Faulting application start time: 0xTurbineLauncher.exe0
    Faulting application path: TurbineLauncher.exe1
    Faulting module path: TurbineLauncher.exe2
    Report Id: TurbineLauncher.exe3
    Faulting package full name: TurbineLauncher.exe4
    Faulting package-relative application ID: TurbineLauncher.exe5

    Error: (11/11/2014 08:52:27 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: TurbineLauncher.exe, version: 1500.55.9599.4038, time stamp: 0x545c4d0a
    Faulting module name: patchclient.DLL, version: 3.0.2.0, time stamp: 0x52f3d636
    Exception code: 0xc0000005
    Fault offset: 0x0002e779
    Faulting process id: 0x8e8c
    Faulting application start time: 0xTurbineLauncher.exe0
    Faulting application path: TurbineLauncher.exe1
    Faulting module path: TurbineLauncher.exe2
    Report Id: TurbineLauncher.exe3
    Faulting package full name: TurbineLauncher.exe4
    Faulting package-relative application ID: TurbineLauncher.exe5

    Error: (11/10/2014 02:35:57 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: TurbineLauncher.exe, version: 1500.55.9599.4038, time stamp: 0x545c4d0a
    Faulting module name: patchclient.DLL, version: 3.0.2.0, time stamp: 0x52f3d636
    Exception code: 0xc0000005
    Fault offset: 0x0002e779
    Faulting process id: 0x774c
    Faulting application start time: 0xTurbineLauncher.exe0
    Faulting application path: TurbineLauncher.exe1
    Faulting module path: TurbineLauncher.exe2
    Report Id: TurbineLauncher.exe3
    Faulting package full name: TurbineLauncher.exe4
    Faulting package-relative application ID: TurbineLauncher.exe5

    Error: (11/10/2014 02:34:10 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: TurbineLauncher.exe, version: 1500.55.9599.4038, time stamp: 0x545c4d0a
    Faulting module name: patchclient.DLL, version: 3.0.2.0, time stamp: 0x52f3d636
    Exception code: 0xc0000005
    Fault offset: 0x0002e779
    Faulting process id: 0x69d8
    Faulting application start time: 0xTurbineLauncher.exe0
    Faulting application path: TurbineLauncher.exe1
    Faulting module path: TurbineLauncher.exe2
    Report Id: TurbineLauncher.exe3
    Faulting package full name: TurbineLauncher.exe4
    Faulting package-relative application ID: TurbineLauncher.exe5

    Error: (11/10/2014 02:34:04 PM) (Source: Perflib) (EventID: 1023) (User: )
    Description: rdyboost4


    System errors:
    =============
    Error: (11/14/2014 04:27:05 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80246013: Windows Malicious Software Removal Tool for Windows 8, 8.1 and Windows Server 2012, 2012 R2 x64 Edition - November 2014 (KB890830).

    Error: (11/03/2014 03:47:07 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
    Description: Encrypted volume check: Volume information on E: cannot be read.

    Error: (11/03/2014 03:46:41 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

    Error: (11/03/2014 03:46:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

    Error: (11/02/2014 01:17:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Steam Client Service service failed to start due to the following error:
    %%1053

    Error: (11/02/2014 01:17:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

    Error: (10/29/2014 07:12:16 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

    Error: (10/18/2014 03:35:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Hotspot Shield Monitoring Service service failed to start due to the following error:
    %%2

    Error: (10/15/2014 09:18:30 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

    Error: (10/15/2014 09:18:28 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.


    Microsoft Office Sessions:
    =========================
    Error: (11/14/2014 08:26:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: LiveComm.exe17.5.9600.2060597a001d0000de0cb8c054294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exed4c5e177-6c01-11e4-be9d-9cb654b9e792microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

    Error: (11/14/2014 07:57:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: LiveComm.exe17.5.9600.20605902c01d00009afe8f8774294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exea3abd4c6-6bfd-11e4-be9d-9cb654b9e792microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

    Error: (11/13/2014 04:52:55 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: TurbineLauncher.exe1500.55.9599.4038545c4d0apatchclient.DLL3.0.2.052f3d636c00000050002e779a2b401cfff8c18eff91fC:\Program Files (x86)\Turbine\The Lord of the Rings Online\TurbineLauncher.exeC:\Program Files (x86)\Turbine\The Lord of the Rings Online\patchclient.DLL6bbe2155-6b7f-11e4-be9d-9cb654b9e792

    Error: (11/12/2014 03:55:40 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: TurbineLauncher.exe1500.55.9599.4038545c4d0apatchclient.DLL3.0.2.052f3d636c00000050002e77993b801cffeb9ed5748edC:\Program Files (x86)\Turbine\The Lord of the Rings Online\TurbineLauncher.exeC:\Program Files (x86)\Turbine\The Lord of the Rings Online\patchclient.DLL4204340a-6aae-11e4-be9d-9cb654b9e792

    Error: (11/12/2014 03:47:29 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: TurbineLauncher.exe1500.55.9599.4038545c4d0apatchclient.DLL3.0.2.052f3d636c000000500030e3fa15401cffeb9d5d932dfC:\Program Files (x86)\Turbine\The Lord of the Rings Online\TurbineLauncher.exeC:\Program Files (x86)\Turbine\The Lord of the Rings Online\patchclient.DLL1dbb321e-6aad-11e4-be9d-9cb654b9e792

    Error: (11/11/2014 09:21:22 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: TurbineLauncher.exe1500.55.9599.4038545c4d0apatchclient.DLL3.0.2.052f3d636c00000050002e7796b2401cffdba8f90707bC:\Program Files (x86)\Turbine\The Lord of the Rings Online\TurbineLauncher.exeC:\Program Files (x86)\Turbine\The Lord of the Rings Online\patchclient.DLL02a8720d-69ae-11e4-be9d-9cb654b9e792

    Error: (11/11/2014 08:52:27 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: TurbineLauncher.exe1500.55.9599.4038545c4d0apatchclient.DLL3.0.2.052f3d636c00000050002e7798e8c01cffdb6875d06f3C:\Program Files (x86)\Turbine\The Lord of the Rings Online\TurbineLauncher.exeC:\Program Files (x86)\Turbine\The Lord of the Rings Online\patchclient.DLLf87bcf01-69a9-11e4-be9d-9cb654b9e792

    Error: (11/10/2014 02:35:57 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: TurbineLauncher.exe1500.55.9599.4038545c4d0apatchclient.DLL3.0.2.052f3d636c00000050002e779774c01cffd1d54322671C:\Program Files (x86)\Turbine\The Lord of the Rings Online\TurbineLauncher.exeC:\Program Files (x86)\Turbine\The Lord of the Rings Online\patchclient.DLLca529aeb-6910-11e4-be9d-9cb654b9e792

    Error: (11/10/2014 02:34:10 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: TurbineLauncher.exe1500.55.9599.4038545c4d0apatchclient.DLL3.0.2.052f3d636c00000050002e77969d801cffd1d45d6fb0eC:\Program Files (x86)\Turbine\The Lord of the Rings Online\TurbineLauncher.exeC:\Program Files (x86)\Turbine\The Lord of the Rings Online\patchclient.DLL8a926181-6910-11e4-be9d-9cb654b9e792

    Error: (11/10/2014 02:34:04 PM) (Source: Perflib) (EventID: 1023) (User: )
    Description: rdyboost4


    ==================== Memory info ===========================

    Processor: AMD A8-6500 APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 67%
    Total physical RAM: 7365.14 MB
    Available physical RAM: 2427.48 MB
    Total Pagefile: 14741.95 MB
    Available Pagefile: 7963.94 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.79 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:1842.56 GB) (Free:1238.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (Recovery Image) (Fixed) (Total:18.63 GB) (Free:2.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 1863 GB) (Disk ID: FBD07F0E)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,985

    Default

    Hi and welcome

    Since this is a Windows 8.1 machine we may run into tools that wont run on this version...we'll give it a go.

    Running from C:\Users\Tomasz\Downloads

    We have to move FRST

    Please go to your downloads folder and locate Farbar Recovery Scan Tool, right click on this and select CUT
    Go to an open spot on your desktop, right click and select PASTE

    The tool should now be located on your desktop and we can proceed.


    We need to disable Spybot S&D's "TeaTimer"
    TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

    In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done.
    1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
    2. If prompted with a legal dialog, accept the warning.
    3. Click and then on "Advanced Mode"
    4. You may be presented with a warning dialog. If so, press
    5. Click on
    6. Click on
    7. Uncheck this checkbox:
    8. Close/Exit Spybot Search and Destroy






    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

    start
    CloseProcesses:
    SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
    SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
    SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={487F7308-D65C-49CC-AF02-AEFACE533447}&mid=8c4cd3bc894447d2a1f54dff125d0e61-9d6ff237c15da783288781e1ddc56f3db02fe907&lang=&ds=&coid=&cmpid=&pr=&d=&v=18.0.0.248&pid=avg&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
    SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={487F7308-D65C-49CC-AF02-AEFACE533447}&mid=8c4cd3bc894447d2a1f54dff125d0e61-9d6ff237c15da783288781e1ddc56f3db02fe907&lang=&ds=&coid=&cmpid=&pr=&d=&v=18.0.0.248&pid=avg&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    S2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [X]
    C:\ProgramData\hash.dat
    C:\Users\Tomasz\jagex_cl_runescape_LIVE.dat
    C:\Users\Tomasz\jagex_cl_runescape_LIVE1.dat
    C:\Users\Tomasz\jagex_cl_runescape_LIVE_BETA.dat
    C:\Users\Tomasz\random.dat
    C:\Users\Tomasz\AppData\Local\Temp\CmdLineExt02.dll
    C:\Users\Tomasz\AppData\Local\Temp\comver.dll
    C:\Users\Tomasz\AppData\Local\Temp\ddxx_MesHoooooook.dll
    C:\Users\Tomasz\AppData\Local\Temp\drm_dyndata_7400009.dll
    C:\Users\Tomasz\AppData\Local\Temp\Gw2.exe
    C:\Users\Tomasz\AppData\Local\Temp\hcuninstaller_20140220_101735_79512.exe
    C:\Users\Tomasz\AppData\Local\Temp\hcuninstaller_20140221_115845_29792.exe
    C:\Users\Tomasz\AppData\Local\Temp\HssInstaller.exe
    C:\Users\Tomasz\AppData\Local\Temp\hsspk.exe
    C:\Users\Tomasz\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
    C:\Users\Tomasz\AppData\Local\Temp\NGMDll.dll
    C:\Users\Tomasz\AppData\Local\Temp\NGMResource.dll
    C:\Users\Tomasz\AppData\Local\Temp\oi_{0E265131-8FF4-4AE9-A952-7BDA4E96DEA1}.exe
    C:\Users\Tomasz\AppData\Local\Temp\SIntf16.dll
    C:\Users\Tomasz\AppData\Local\Temp\SIntf32.dll
    C:\Users\Tomasz\AppData\Local\Temp\SIntfNT.dll
    C:\Users\Tomasz\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Tomasz\AppData\Local\Temp\SRLDetectionLibrary4822007644872002210.dll
    C:\Users\Tomasz\AppData\Local\Temp\unicows.dll
    C:\Users\Tomasz\AppData\Local\Temp\war3_Install.exe
    AlternateDataStreams: C:\Users\Tomasz\SkyDrive:ms-properties
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    EmptyTemp:
    Hosts:
    End
    Open FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    ~~~~~~~~~~~
    -AdwCleaner-by Xplode

    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

    Do not click on any links in the top Advertisment.



    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • After the scan is complete click on "Clean"
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    • NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    please post
    Fixlog.txt
    C:\AdwCleaner.txt
    JRT.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Mar 2012
    Posts
    18

    Default

    When I click on Resident, I get an error saying "Text exceeds memo capacity", and the Resident settings don't load.

  4. #4
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,985

    Default

    For right now, if this is the free version (TeaTimer), just uninstall. We can re download it later.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Junior Member
    Join Date
    Mar 2012
    Posts
    18

    Default

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-11-2014 02
    Ran by Tomasz at 2014-11-15 08:53:38 Run:1
    Running from C:\Users\Tomasz\Desktop
    Loaded Profile: Tomasz (Available profiles: Tomasz)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    start
    CloseProcesses:
    SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
    SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
    SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={487F7308-D65C-49CC-AF02-AEFACE533447}&mid=8c4cd3bc894447d2a1f54dff125d0e61-9d6ff237c15da783288781e1ddc56f3db02fe907&lang=&ds=&coid=&cmpid=&pr=&d=&v=18.0.0.248&pid=avg&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
    SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={487F7308-D65C-49CC-AF02-AEFACE533447}&mid=8c4cd3bc894447d2a1f54dff125d0e61-9d6ff237c15da783288781e1ddc56f3db02fe907&lang=&ds=&coid=&cmpid=&pr=&d=&v=18.0.0.248&pid=avg&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    S2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [X]
    C:\ProgramData\hash.dat
    C:\Users\Tomasz\jagex_cl_runescape_LIVE.dat
    C:\Users\Tomasz\jagex_cl_runescape_LIVE1.dat
    C:\Users\Tomasz\jagex_cl_runescape_LIVE_BETA.dat
    C:\Users\Tomasz\random.dat
    C:\Users\Tomasz\AppData\Local\Temp\CmdLineExt02.dll
    C:\Users\Tomasz\AppData\Local\Temp\comver.dll
    C:\Users\Tomasz\AppData\Local\Temp\ddxx_MesHoooooook.dll
    C:\Users\Tomasz\AppData\Local\Temp\drm_dyndata_7400009.dll
    C:\Users\Tomasz\AppData\Local\Temp\Gw2.exe
    C:\Users\Tomasz\AppData\Local\Temp\hcuninstaller_20140220_101735_79512.exe
    C:\Users\Tomasz\AppData\Local\Temp\hcuninstaller_20140221_115845_29792.exe
    C:\Users\Tomasz\AppData\Local\Temp\HssInstaller.exe
    C:\Users\Tomasz\AppData\Local\Temp\hsspk.exe
    C:\Users\Tomasz\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
    C:\Users\Tomasz\AppData\Local\Temp\NGMDll.dll
    C:\Users\Tomasz\AppData\Local\Temp\NGMResource.dll
    C:\Users\Tomasz\AppData\Local\Temp\oi_{0E265131-8FF4-4AE9-A952-7BDA4E96DEA1}.exe
    C:\Users\Tomasz\AppData\Local\Temp\SIntf16.dll
    C:\Users\Tomasz\AppData\Local\Temp\SIntf32.dll
    C:\Users\Tomasz\AppData\Local\Temp\SIntfNT.dll
    C:\Users\Tomasz\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Tomasz\AppData\Local\Temp\SRLDetectionLibrary4822007644872002210.dll
    C:\Users\Tomasz\AppData\Local\Temp\unicows.dll
    C:\Users\Tomasz\AppData\Local\Temp\war3_Install.exe
    AlternateDataStreams: C:\Users\Tomasz\SkyDrive:ms-properties
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    EmptyTemp:
    Hosts:
    End
    *****************

    Processes closed successfully.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
    "HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    "HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    "HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
    "HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
    "HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
    HssWd => Service deleted successfully.
    C:\ProgramData\hash.dat => Moved successfully.
    C:\Users\Tomasz\jagex_cl_runescape_LIVE.dat => Moved successfully.
    C:\Users\Tomasz\jagex_cl_runescape_LIVE1.dat => Moved successfully.
    C:\Users\Tomasz\jagex_cl_runescape_LIVE_BETA.dat => Moved successfully.
    C:\Users\Tomasz\random.dat => Moved successfully.
    C:\Users\Tomasz\AppData\Local\Temp\CmdLineExt02.dll => Moved successfully.
    C:\Users\Tomasz\AppData\Local\Temp\comver.dll => Moved successfully.
    C:\Users\Tomasz\AppData\Local\Temp\ddxx_MesHoooooook.dll => Moved successfully.
    C:\Users\Tomasz\AppData\Local\Temp\drm_dyndata_7400009.dll => Moved successfully.
    C:\Users\Tomasz\AppData\Local\Temp\Gw2.exe => Moved successfully.
    C:\Users\Tomasz\AppData\Local\Temp\hcuninstaller_20140220_101735_79512.exe => Moved successfully.
    C:\Users\Tomasz\AppData\Local\Temp\hcuninstaller_20140221_115845_29792.exe => Moved successfully.
    C:\Users\Tomasz\AppData\Local\Temp\HssInstaller.exe => Moved successfully.
    C:\Users\Tomasz\AppData\Local\Temp\hsspk.exe => Moved successfully.
    C:\Users\Tomasz\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe => Moved successfully.
    C:\Users\Tomasz\AppData\Local\Temp\NGMDll.dll => Moved successfully.
    C:\Users\Tomasz\AppData\Local\Temp\NGMResource.dll => Moved successfully.
    C:\Users\Tomasz\AppData\Local\Temp\oi_{0E265131-8FF4-4AE9-A952-7BDA4E96DEA1}.exe => Moved successfully.
    C:\Users\Tomasz\AppData\Local\Temp\SIntf16.dll => Moved successfully.
    C:\Users\Tomasz\AppData\Local\Temp\SIntf32.dll => Moved successfully.
    C:\Users\Tomasz\AppData\Local\Temp\SIntfNT.dll => Moved successfully.
    C:\Users\Tomasz\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
    C:\Users\Tomasz\AppData\Local\Temp\SRLDetectionLibrary4822007644872002210.dll => Moved successfully.
    C:\Users\Tomasz\AppData\Local\Temp\unicows.dll => Moved successfully.
    C:\Users\Tomasz\AppData\Local\Temp\war3_Install.exe => Moved successfully.
    "C:\Users\Tomasz\SkyDrive" => ":ms-properties" ADS not found.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    ========= netsh winsock reset all =========


    Sucessfully reset the Winsock Catalog.
    You must restart the computer in order to complete the reset.


    ========= End of CMD: =========


    ========= netsh int ipv4 reset =========

    Resetting Global, OK!
    Resetting Interface, OK!
    Resetting Neighbor, OK!
    Resetting Path, OK!
    Resetting , failed.
    Access is denied.

    Resetting , OK!
    Restart the computer to complete this action.


    ========= End of CMD: =========


    ========= netsh int ipv6 reset =========

    Resetting Interface, OK!
    Resetting Neighbor, OK!
    Resetting Path, OK!
    Resetting , failed.
    Access is denied.

    Resetting , OK!
    Restart the computer to complete this action.


    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 5.9 GB temporary data.


    The system needed a reboot.

    ==== End of Fixlog ====
    # AdwCleaner v4.101 - Report created 15/11/2014 at 09:09:10
    # Updated 09/11/2014 by Xplode
    # Database : 2014-11-13.1 [Live]
    # Operating System : Windows 8.1 (64 bits)
    # Username : Tomasz - LIQUIDPC
    # Running from : C:\Users\Tomasz\Desktop\AdwCleaner (1).exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : vToolbarUpdater18.1.9

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\ProgramData\AVG Security Toolbar
    Folder Deleted : C:\ProgramData\hotspot shield
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
    Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
    Folder Deleted : C:\Program Files (x86)\AVG Secure Search
    Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Deleted : C:\Program Files\AVG Secure Search
    Folder Deleted : C:\Users\Tomasz\AppData\Local\AVG SafeGuard toolbar
    Folder Deleted : C:\Users\Tomasz\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Tomasz\AppData\Local\CrashRpt
    Folder Deleted : C:\Users\Tomasz\AppData\LocalLow\AVG SafeGuard toolbar
    Folder Deleted : C:\Users\Tomasz\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\Tomasz\AppData\Roaming\hotspot shield
    Folder Deleted : C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    File Deleted : C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
    Key Deleted : HKLM\SOFTWARE\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
    Key Deleted : [x64] HKLM\SOFTWARE\AVG Secure Search
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\isearch.avg.com

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17416


    -\\ Mozilla Firefox v


    -\\ Google Chrome v38.0.2125.111

    [C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    -\\ Chromium v

    [C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Tomasz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [7319 octets] - [15/11/2014 09:05:53]
    AdwCleaner[S0].txt - [7605 octets] - [15/11/2014 09:09:10]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7665 octets] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.3.8 (11.15.2014:1)
    OS: Windows 8.1 x64
    Ran by Tomasz on Sat 11/15/2014 at 9:18:07.53
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] "C:\WINDOWS\wininit.ini"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 11/15/2014 at 9:20:35.85
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  6. #6
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,985

    Default

    Tell me how the computer is performing now.


    Download Malwarebytes' Anti-Malware to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"







    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Dections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished and the log pops up...select Copy to Clipboard
    • Please paste the log back into this thread for review
    • Exit Malwarebytes


    ***************************************

    If you already have MBAM on your computer, click on the Update button and allow any updates to be installed.
    Then follow the directions and have it scan your system.

    ~~~~~~~~~~~~~~~~

    What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
    Most reliable and thorough.
    The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
    This scanner can take quite a bit of time to run, depending of course how full your computer is.


    Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
    • Note:
      For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
    • Click the blue Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
    • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
    • Click on Advanced Settings
    • Make sure that the option Remove found threats is unticked.
    • Ensure these options are ticked
      • Scan archives
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

    • Click Start
    • Wait for the scan to finish
    • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
    • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
    • Close the ESET online scan.



    Please post both these logs.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #7
    Junior Member
    Join Date
    Mar 2012
    Posts
    18

    Default

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 11/15/2014
    Scan Time: 3:45:55 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.11.15.07
    Rootkit Database: v2014.11.12.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Tomasz

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 329094
    Time Elapsed: 15 min, 20 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    ESET:
    C:\Users\Tomasz\Downloads\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

  8. #8
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,985

    Default

    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

    start
    CloseProcesses:
    C:\Users\Tomasz\Downloads\ccsetup410.exe
    End
    Open FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.





    Tell me how the computer is performing now.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #9
    Junior Member
    Join Date
    Mar 2012
    Posts
    18

    Default

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-11-2014 02
    Ran by Tomasz at 2014-11-15 22:40:57 Run:2
    Running from C:\Users\Tomasz\Desktop
    Loaded Profile: Tomasz (Available profiles: Tomasz)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    start
    CloseProcesses:
    C:\Users\Tomasz\Downloads\ccsetup410.exe
    End
    *****************

    Processes closed successfully.
    C:\Users\Tomasz\Downloads\ccsetup410.exe => Moved successfully.


    The system needed a reboot.

    ==== End of Fixlog ====



    It's working fine.

  10. #10
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,985

    Default

    • Download Delfix from here
    • Ensure Remove disinfection tools is ticked
      Also tick:
    • Create registry backup
    • Click Run
    • Purge system restore



    Any other tools and files found can simply be deleted or uninstall via Add/Remove Programs in the Control Panel etc.



    Your good to go.

    ***


    The following programmes come highly recommended in the security community.
    • AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
    • CryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
    • Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
    • Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
    • NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
    • Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
    • Secuina PSI will scan your computer for vulnerable softwarethat is outdated, and automatically find the latest update for you.
    • SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
    • Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •