Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ooov.net Website opening on startup?!


  • This topic is locked This topic is locked
8 replies to this topic

#1 Rogue_

Rogue_

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 27 December 2014 - 07:30 PM

There have been many problems with this on these forums, is someone willing to help me out?
 
FRST Logs:
 
FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2014
Ran by DA LUXAS (administrator) on DALUXAS-PC on 27-12-2014 19:05:30
Running from C:\Users\DA LUXAS\Downloads
Loaded Profile: DA LUXAS (Available profiles: DA LUXAS & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Erik Olofsson) C:\Program Files (x86)\Input Remapper\InputRemapper.x64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Erik Olofsson) C:\Program Files (x86)\Input Remapper\InputRemapper.x64.exe
() C:\Windows\System32\AppleOSSMgr.exe
(Apple Inc.) C:\Windows\System32\AppleTimeSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Logiciels & Services Duhem, Paris (France)) C:\Program Files (x86)\LS_Duhem\lsdiorw\lsdiorw.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Hide My IP) C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe
(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Akamai Technologies, Inc.) C:\Users\DA LUXAS\AppData\Local\Akamai\netsession_win.exe
(Dekisoft) C:\Program Files (x86)\Monitor Off Utility\monoff.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIGBA.EXE
(Google Inc.) C:\Users\DA LUXAS\AppData\Local\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\DA LUXAS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Echobit LLC) C:\Program Files\Echobit\Evolve\EvolveClient.exe
(Akamai Technologies, Inc.) C:\Users\DA LUXAS\AppData\Local\Akamai\netsession_win.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Google Inc.) C:\Users\DA LUXAS\AppData\Local\Google\Chrome\Application\chrome.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Curse, Inc) C:\Users\DA LUXAS\AppData\Roaming\Curse Client\Bin\Curse.exe
(Free KLP) C:\Program Files (x86)\Free Keylogger Pro\Free KLP.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Google Inc.) C:\Users\DA LUXAS\AppData\Local\Google\Chrome\Application\chrome.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Erik Olofsson) C:\Program Files (x86)\Input Remapper\InputRemapper.x64.exe
(Google Inc.) C:\Users\DA LUXAS\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\DA LUXAS\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\DA LUXAS\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\DA LUXAS\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\DA LUXAS\AppData\Local\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Echobit LLC) C:\Program Files\Echobit\Evolve\EvoSvc.exe
(Echobit, LLC) C:\Program Files\Echobit\Evolve\Drivers\EvolveTracker_64.exe
(Echobit, LLC) C:\Program Files\Echobit\Evolve\EvolveUI.exe
(Echobit, LLC) C:\Program Files\Echobit\Evolve\EvolveUI.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [741760 2011-06-29] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [4031152 2013-11-26] (Stardock Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-04-15] (Power Software Ltd)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Free KLP.exe] => C:\Program Files (x86)\Free Keylogger Pro\Free KLP.exe [114688 2013-03-08] (Free KLP)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [InputRemapperTray] => C:\Program Files (x86)\Input Remapper\InputRemapper.exe [158896 2007-07-29] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
HKLM Group Policy restriction on software: C:\Program Files\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Lavasoft\Ad-Aware Antivirus <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\VMware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-2815950661-3273811623-3712547826-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2815950661-3273811623-3712547826-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2815950661-3273811623-3712547826-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2815950661-3273811623-3712547826-1000\...\Run: [Akamai NetSession Interface] => C:\Users\DA LUXAS\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2815950661-3273811623-3712547826-1000\...\Run: [Dekisoft Monitor Off Utility] => C:\Program Files (x86)\Monitor Off Utility\monoff.exe [303104 2011-03-20] (Dekisoft)
HKU\S-1-5-21-2815950661-3273811623-3712547826-1000\...\Run: [WorkForce 630(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2815950661-3273811623-3712547826-1000\...\Run: [Google Update] => C:\Users\DA LUXAS\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-22] (Google Inc.)
HKU\S-1-5-21-2815950661-3273811623-3712547826-1000\...\Run: [GoogleChromeAutoLaunch_FAC6299DDBDF6B1D95D58F00ACD883E5] => C:\Users\DA LUXAS\AppData\Local\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-21-2815950661-3273811623-3712547826-1000\...\Run: [Spotify Web Helper] => C:\Users\DA LUXAS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-13] (Spotify Ltd)
HKU\S-1-5-21-2815950661-3273811623-3712547826-1000\...\Run: [CMD] => cmd.exe /c start http://ooov.net && exit <===== ATTENTION
HKU\S-1-5-21-2815950661-3273811623-3712547826-1000\...\Run: [EvolveClient] => C:\Program Files\Echobit\Evolve\EvolveClient.exe [3333024 2014-12-06] (Echobit LLC)
HKU\S-1-5-21-2815950661-3273811623-3712547826-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2815950661-3273811623-3712547826-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2815950661-3273811623-3712547826-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-2815950661-3273811623-3712547826-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-2815950661-3273811623-3712547826-1000\...\MountPoints2: F - F:\autorun.exe
HKU\S-1-5-21-2815950661-3273811623-3712547826-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-2815950661-3273811623-3712547826-1000\...\MountPoints2: I - I:\BattleLosAngeles_Setup.exe
HKU\S-1-5-21-2815950661-3273811623-3712547826-1000\...\MountPoints2: J - J:\Autorun.exe
HKU\S-1-5-21-2815950661-3273811623-3712547826-1000\...\MountPoints2: K - K:\autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\DA LUXAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> C:\Users\DA LUXAS\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\DA LUXAS\AppData\Local\MEGAsync\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\DA LUXAS\AppData\Local\MEGAsync\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\DA LUXAS\AppData\Local\MEGAsync\ShellExtX64.dll ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\DA LUXAS\AppData\Local\MEGAsync\ShellExtX32.dll ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\DA LUXAS\AppData\Local\MEGAsync\ShellExtX32.dll ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\DA LUXAS\AppData\Local\MEGAsync\ShellExtX32.dll ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2815950661-3273811623-3712547826-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2815950661-3273811623-3712547826-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-2815950661-3273811623-3712547826-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317740&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP35B5E01B-B1E7-4567-845E-1F72C7C99ED9&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2815950661-3273811623-3712547826-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317740&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP35B5E01B-B1E7-4567-845E-1F72C7C99ED9&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2815950661-3273811623-3712547826-1000 -> {C9926452-3C15-4E7C-A784-94A5803EB6AB} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\.DEFAULT -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-2815950661-3273811623-3712547826-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-2815950661-3273811623-3712547826-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\HMIPCore.dll [339320] (Hide My IP)
Winsock: Catalog9 02 C:\Windows\SysWOW64\HMIPCore.dll [339320] (Hide My IP)
Winsock: Catalog9 03 C:\Windows\SysWOW64\HMIPCore.dll [339320] (Hide My IP)
Winsock: Catalog9 04 C:\Windows\SysWOW64\HMIPCore.dll [339320] (Hide My IP)
Winsock: Catalog9 16 C:\Windows\SysWOW64\HMIPCore.dll [339320] (Hide My IP)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\DA LUXAS\AppData\Roaming\Mozilla\Firefox\Profiles\91v09woc.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2815950661-3273811623-3712547826-1000: @tools.google.com/Google Update;version=3 -> C:\Users\DA LUXAS\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2815950661-3273811623-3712547826-1000: @tools.google.com/Google Update;version=9 -> C:\Users\DA LUXAS\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2815950661-3273811623-3712547826-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\DA LUXAS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2815950661-3273811623-3712547826-1000: facebook.com/fbDesktopPlugin -> C:\Users\DA LUXAS\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin HKU\S-1-5-21-2815950661-3273811623-3712547826-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-2815950661-3273811623-3712547826-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\DA LUXAS\AppData\Roaming\Mozilla\Firefox\Profiles\91v09woc.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Users\DA LUXAS\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\DA LUXAS\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\DA LUXAS\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\DA LUXAS\AppData\Roaming\Mozilla\Firefox\Profiles\91v09woc.default\searchplugins\trovi-search.xml
FF Extension: GFACE Experience Plugin - C:\Users\DA LUXAS\AppData\Roaming\Mozilla\Firefox\Profiles\91v09woc.default\Extensions\cryenginebrowserplugin@crytek.com [2013-11-10]
FF Extension: iCloud Bookmarks - C:\Users\DA LUXAS\AppData\Roaming\Mozilla\Firefox\Profiles\91v09woc.default\Extensions\firefoxdav@icloud.com [2013-12-23]
FF Extension: Browusue2suave - C:\Users\DA LUXAS\AppData\Roaming\Mozilla\Firefox\Profiles\91v09woc.default\Extensions\uuouo5-p@h-ejruca.co.uk [2013-04-13]
FF Extension: We-Care App - C:\Users\DA LUXAS\AppData\Roaming\Mozilla\Firefox\Profiles\91v09woc.default\Extensions\wecarereminder@bryan [2013-12-02]
FF Extension: YouTube to MP3 Button - C:\Users\DA LUXAS\AppData\Roaming\Mozilla\Firefox\Profiles\91v09woc.default\Extensions\flvto@hotger.com.xpi [2013-04-11]
FF Extension: SkipScreen - C:\Users\DA LUXAS\AppData\Roaming\Mozilla\Firefox\Profiles\91v09woc.default\Extensions\SkipScreen@SkipScreen.xpi [2013-08-17]
FF Extension: Adblock Plus - C:\Users\DA LUXAS\AppData\Roaming\Mozilla\Firefox\Profiles\91v09woc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-23]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-05-18]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/", [ "hxxp://search.conduit.com/?ctid=CT3184310&SearchSource=48"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Crash Bandicoot Online HD) - C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aamlbcjbejchalkkingolaibfgkkiinp [2014-03-21]
CHR Extension: (TooManyTabs for Chrome) - C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2014-03-21]
CHR Extension: (Google Docs) - C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-02]
CHR Extension: (Google Drive) - C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-03]
CHR Extension: (Desmos Graphing Calculator) - C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko [2014-03-21]
CHR Extension: (YouTube) - C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-02]
CHR Extension: (Adblock Plus) - C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-21]
CHR Extension: (Mac OS X Simple Theme) - C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cihohekcekjgjdkeljpkbaaecgfoimbj [2014-03-21]
CHR Extension: (Google Search) - C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-02]
CHR Extension: (Search by Image (by Google)) - C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2014-03-21]
CHR Extension: (Tampermonkey) - C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-10-22]
CHR Extension: (Polycraft) - C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopfmbpfhhfnklgmjpoehcjaajhpbhbl [2014-03-21]
CHR Extension: (TechSmith Snagit) - C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcnghgbgmemnlbckdipnmelbanpgneik [2014-03-21]
CHR Extension: (Causality Games) - C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl [2014-03-21]
CHR Extension: (Highgrounds) - C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fignghnefmnkmiliggjbjhfdkibcoikf [2014-03-21]
CHR Extension: (Classic Games) - C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbofnbeakdognkanffmpldbjgkblljkh [2014-03-21]
CHR Extension: (A Journey through Middle-earth) - C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjgkjeheegjnnmheaflhdocglkiegoni [2014-03-21]
CHR Extension: (Kindle Cloud Reader) - C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-09-18]
CHR Extension: (Counter Strike) - C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilcogonmhbkicdbmkopaihjfkdpbmclk [2014-03-21]
CHR Extension: (Google Maps) - C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-03-21]
CHR Extension: (AdFly bypasser) - C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdlpmihmlgmnnkhfokaolfcfdjpneafh [2014-03-21]
CHR Extension: (Google Wallet) - C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-02]
CHR Extension: (Gmail) - C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-02]
CHR Extension: (Pirate Bay Advanced Search) - C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnekogifdcgojikooacheaepjgehccp [2014-11-27]
CHR Extension: (Canvas Rider) - C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2014-03-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [224640 2011-06-29] ()
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-06-12] (Perfect World Entertainment Inc)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-13] () [File not signed]
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-12-22] (BitRaider, LLC)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-12-22] (BitRaider, LLC)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-02-18] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-02-18] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [766736 2014-02-18] (BlueStack Systems, Inc.)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1580448 2014-12-06] (Echobit LLC)
S3 GalaxyService; C:\Program Files (x86)\GalaxyClient\GalaxyService.exe [2191648 2014-09-18] (GOG.com)
R3 HideMyIpSRV; C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe [3337216 2012-01-19] (Hide My IP) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
R2 Lsdiorw; C:\Program Files (x86)\LS_Duhem\lsdiorw\lsdiorw.exe [53760 2013-06-18] (Logiciels & Services Duhem, Paris (France)) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3191392 2014-05-15] (INCA Internet Co., Ltd.)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-10-21] (The OpenVPN Project)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-26] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-07-24] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
S4 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4249088 2014-03-06] (A-Volute) [File not signed]
S4 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-02-21] (Razer, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 InputRemapper; "C:/Program Files (x86)/Input Remapper/InputRemapper.x64.exe" -Service InputRemapper [X]
R3 WinHttpAutoProxySvc; winhttp.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 applewtp; C:\Windows\System32\DRIVERS\applewtp.sys [53760 2011-04-15] (Apple Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2014-05-31] ()
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2014-12-24] (BitRaider)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122128 2014-02-18] (BlueStack Systems)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-12-06] (Echobit, LLC)
R2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2014-07-15] (Highresolution Enterprises [www.highrez.co.uk])
R3 InputRemapperFilter; C:\Windows\System32\Drivers\InputRemapperFilter.x64.sys [22704 2007-07-29] (Erik Olofsson)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-05-31] ()
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-02-21] (Razer, Inc.)
R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74432 2014-02-21] (Razer, Inc.)
R3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [40696 2014-03-06] (Windows ® Win 7 DDK provider)
S3 SliceDisk5; C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [31824 2011-02-26] (Atola) [File not signed]
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] () [File not signed]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 vmusbmouse; C:\Windows\System32\DRIVERS\vmusbmouse.sys [15512 2012-10-31] (VMware, Inc.)
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-27 19:06 - 2014-12-27 19:06 - 01295360 _____ () C:\Users\DA LUXAS\Downloads\zoek.exe
2014-12-27 19:06 - 2014-12-27 19:06 - 00000000 ____D () C:\zoek_backup
2014-12-27 19:05 - 2014-12-27 19:07 - 00036209 _____ () C:\Users\DA LUXAS\Downloads\FRST.txt
2014-12-27 19:05 - 2014-12-27 19:05 - 00000000 ____D () C:\FRST
2014-12-27 19:04 - 2014-12-27 19:05 - 02122752 _____ (Farbar) C:\Users\DA LUXAS\Downloads\FRST64.exe
2014-12-26 23:08 - 2014-08-22 08:59 - 46280284 _____ () C:\Users\DA LUXAS\Desktop\FC4_Uplay_OST_TRACK.wav
2014-12-26 23:06 - 2014-12-26 23:08 - 44428043 _____ () C:\Users\DA LUXAS\Downloads\FC4OriginalScore.zip
2014-12-26 17:31 - 2014-12-26 17:31 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-26 17:27 - 2014-12-27 18:56 - 00003244 _____ () C:\Windows\System32\Tasks\IORRT
2014-12-26 05:22 - 2014-12-26 05:23 - 00000000 ____D () C:\ResEdit
2014-12-26 05:22 - 2014-12-26 05:22 - 00712177 _____ () C:\Users\DA LUXAS\Downloads\ResEdit-x64.zip
2014-12-26 01:19 - 2014-12-26 01:19 - 00000622 _____ () C:\Users\DA LUXAS\Downloads\TakeOwnership.zip
2014-12-25 17:41 - 2014-12-25 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2014-12-25 17:31 - 2014-12-25 17:37 - 29720272 _____ () C:\Users\DA LUXAS\Downloads\SWTOR_setup (1).exe
2014-12-24 17:33 - 2014-12-24 17:33 - 00000000 ____D () C:\Users\DA LUXAS\Documents\Bluetooth Exchange Folder
2014-12-24 17:33 - 2014-12-24 17:33 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Local\Broadcom
2014-12-24 17:29 - 2014-12-24 17:30 - 00000000 ____D () C:\Users\DA LUXAS\Desktop\Phantasmagoria 2
2014-12-24 17:26 - 2009-08-28 19:15 - 00132648 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys
2014-12-24 17:26 - 2009-08-28 19:15 - 00098344 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys
2014-12-24 17:26 - 2009-08-28 19:15 - 00021160 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys
2014-12-24 17:26 - 2009-04-07 15:33 - 00035104 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys
2014-12-24 17:25 - 2014-12-24 17:25 - 00000000 ____D () C:\Program Files\WIDCOMM
2014-12-24 17:22 - 2014-12-24 17:22 - 00000000 ____D () C:\Users\DA LUXAS\Downloads\My Headset
2014-12-24 17:18 - 2014-12-24 17:19 - 60718877 _____ () C:\Users\DA LUXAS\Downloads\Bluetooth_Broadcom_6.2.1.500_W7x86W7x64_A.zip
2014-12-24 00:23 - 2014-12-24 00:23 - 04171576 _____ (Broadcom Corporation.) C:\Users\DA LUXAS\Downloads\SetupBtwDownloadSE.exe
2014-12-24 00:17 - 2014-12-24 00:17 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Local\SWTOR
2014-12-22 18:20 - 2014-12-22 18:20 - 00001105 _____ () C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
2014-12-22 18:15 - 2014-12-22 18:16 - 00008732 _____ () C:\Users\DA LUXAS\Documents\Uninstall STAR WARS The Old Republic.log
2014-12-22 18:12 - 2014-12-25 17:43 - 00000000 _____ () C:\end
2014-12-22 04:04 - 2014-12-22 17:45 - 00000000 ____D () C:\ProgramData\BitRaider
2014-12-22 04:04 - 2014-12-22 04:04 - 00000000 ____D () C:\Users\Public\Documents\BitRaider
2014-12-22 04:03 - 2014-12-22 04:03 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Local\SWTORPerf
2014-12-22 03:52 - 2014-12-22 03:52 - 29720272 _____ () C:\Users\DA LUXAS\Downloads\SWTOR_setup.exe
2014-12-21 18:47 - 2014-12-21 18:47 - 00000000 ____D () C:\Users\DA LUXAS\Desktop\Phantasmagoria
2014-12-21 14:30 - 2014-12-21 14:30 - 34188927 _____ () C:\Users\DA LUXAS\Downloads\evolve-game-3DPrint-Goliath.zip
2014-12-21 14:29 - 2014-12-21 14:29 - 28284217 _____ () C:\Users\DA LUXAS\Downloads\evolve-game-3DPrint-Kraken.zip
2014-12-20 19:23 - 2014-12-20 19:23 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-12-20 17:30 - 2014-12-20 17:30 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2014-12-20 17:29 - 2014-12-20 17:29 - 01078591 _____ () C:\Users\DA LUXAS\Downloads\Unlocker1.9.2 (1).exe
2014-12-20 17:23 - 2014-12-20 17:23 - 00001971 _____ () C:\Users\Public\Desktop\TimeShift.lnk
2014-12-20 17:16 - 2014-12-20 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra Entertainment
2014-12-20 17:13 - 2014-12-20 22:05 - 00000000 ____D () C:\Program Files (x86)\TimeShift
2014-12-20 17:11 - 2014-12-20 17:11 - 00002070 _____ () C:\Users\DA LUXAS\Desktop\Ubi Soft Product Registration.lnk
2014-12-20 17:11 - 2014-12-20 17:11 - 00002070 _____ () C:\Users\Administrator\Desktop\Ubi Soft Product Registration.lnk
2014-12-20 17:10 - 2014-12-20 17:10 - 00001108 _____ () C:\Users\Public\Desktop\Will Rock.lnk
2014-12-20 17:04 - 2014-12-20 17:06 - 00000000 ____D () C:\Program Files (x86)\Will Rock
2014-12-20 16:19 - 2014-12-20 16:19 - 00009721 _____ () C:\Users\DA LUXAS\Downloads\410.php
2014-12-19 20:19 - 2014-12-19 21:55 - 421234143 _____ () C:\Users\DA LUXAS\Downloads\Macbeth Project FINAL CUT.mov
2014-12-19 20:19 - 2014-12-19 21:14 - 1468062695 _____ () C:\Users\DA LUXAS\Downloads\Macbeth Project.mov
2014-12-19 16:21 - 2014-12-19 16:21 - 00003246 _____ () C:\Windows\System32\Tasks\{BDEA9D8A-8336-4F48-9599-8A04BBC600AB}
2014-12-19 16:19 - 2014-12-19 16:19 - 00001911 _____ () C:\Users\Public\Desktop\Star Trek Bridge Commander.lnk
2014-12-19 16:19 - 2014-12-19 16:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Trek Bridge Commander
2014-12-19 16:15 - 2014-12-19 16:23 - 00000000 ____D () C:\Program Files (x86)\Bridge Commander
2014-12-19 16:08 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2014-12-19 15:42 - 2014-12-19 16:19 - 00000876 _____ () C:\Windows\STBC.ini
2014-12-19 07:42 - 2014-12-19 08:15 - 467696224 _____ () C:\Users\DA LUXAS\Downloads\Star_Trek_Bridge_Commander.rar
2014-12-19 07:40 - 2014-12-19 07:40 - 00013581 _____ () C:\Users\DA LUXAS\Downloads\Star.Trek.Bridge.Commander - SKIDROW.torrent
2014-12-19 03:18 - 2014-12-19 03:18 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Local\Midway
2014-12-19 03:01 - 2014-12-20 16:32 - 00000000 ____D () C:\Program Files (x86)\R.G. Games
2014-12-18 20:54 - 2014-12-18 21:12 - 00000000 ____D () C:\Program Files (x86)\RAR Password Unlocker
2014-12-18 20:54 - 2014-12-18 20:54 - 00001135 _____ () C:\Users\Public\Desktop\RAR Password Unlocker.lnk
2014-12-18 20:54 - 2014-12-18 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Unlocker
2014-12-18 20:53 - 2014-12-18 20:53 - 03220905 _____ () C:\Users\DA LUXAS\Downloads\RAR Password Unlocker.rar
2014-12-18 20:47 - 2014-12-18 20:47 - 01474658 _____ () C:\Users\DA LUXAS\Downloads\PASSWARE Chaos Emerald.zip
2014-12-18 20:45 - 2014-12-18 20:45 - 00090279 _____ () C:\Users\DA LUXAS\Downloads\WinRAR Remover - WinRar Password Remover.zip
2014-12-18 19:48 - 2014-12-18 19:48 - 00014457 _____ () C:\Users\DA LUXAS\Downloads\Stranglehold - RELOADED.torrent
2014-12-18 18:30 - 2014-12-20 20:41 - 00000000 ____D () C:\Program Files (x86)\Metal Gear Solid V Ground Zeroes
2014-12-18 18:30 - 2014-12-18 21:33 - 00000226 _____ () C:\Program Files (x86)\update-GroundZeroes.bat
2014-12-18 18:30 - 2014-12-18 18:30 - 00002131 _____ () C:\Users\DA LUXAS\Desktop\Play Metal Gear Solid V Ground Zeroes.lnk
2014-12-18 15:55 - 2014-12-18 15:59 - 53761466 _____ () C:\Users\DA LUXAS\Downloads\MGS-V_Ground_Zeroes.exe
2014-12-18 15:26 - 2014-12-18 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-18 15:26 - 2014-12-18 15:26 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-18 14:41 - 2014-12-18 14:41 - 00015492 _____ () C:\Users\DA LUXAS\Downloads\Metal Gear Solid V Ground Zeroes PC game ^^nosTEAM^^.torrent
2014-12-18 14:40 - 2014-05-18 14:37 - 02359350 _____ () C:\Users\DA LUXAS\Downloads\nosTEAM.bmp
2014-12-17 22:51 - 2014-12-17 22:51 - 13901090 _____ () C:\Users\DA LUXAS\Downloads\Die Hard  Alternate Ending (Parody).mp4
2014-12-17 22:41 - 2014-12-17 22:42 - 00000000 ____D () C:\Users\DA LUXAS\Desktop\Zelda Fan Art
2014-12-17 07:45 - 2014-12-17 07:45 - 00314744 _____ (Swift Installer ) C:\Users\DA LUXAS\Downloads\fl_setup.exe
2014-12-17 07:41 - 2014-12-17 07:41 - 00001977 _____ () C:\Users\DA LUXAS\Desktop\Play FINAL FANTASY XIII.lnk
2014-12-17 07:41 - 2014-10-11 12:30 - 00000226 _____ () C:\Program Files (x86)\update-Fantasy13.bat
2014-12-17 07:38 - 2014-12-17 07:57 - 57999832 _____ () C:\Users\DA LUXAS\Downloads\Django_Zorro_1_cbr_none_Digital_Son_of_Ultron_Empire.rar
2014-12-17 07:32 - 2014-12-17 07:36 - 00000000 ____D () C:\Users\DA LUXAS\Desktop\Comics
2014-12-17 07:22 - 2014-12-19 00:47 - 00000000 ____D () C:\Program Files (x86)\FINAL FANTASY XIII
2014-12-16 07:19 - 2014-12-16 07:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-12-16 07:17 - 2014-12-16 07:17 - 00001751 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-12-16 07:17 - 2014-12-16 07:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-16 07:16 - 2014-12-16 07:17 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-16 07:16 - 2014-12-16 07:17 - 00000000 ____D () C:\Program Files\iTunes
2014-12-16 07:16 - 2014-12-16 07:17 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-12-16 07:16 - 2014-12-16 07:16 - 00000000 ____D () C:\Program Files\iPod
2014-12-16 04:07 - 2014-12-16 04:07 - 25520194 _____ () C:\Users\DA LUXAS\Downloads\com.blizzard.wtcg.hearthstone.apk
2014-12-16 00:52 - 2014-12-16 00:53 - 00000000 ____D () C:\Users\DA LUXAS\Desktop\GTA V Wallpapers
2014-12-15 21:12 - 2014-12-15 21:13 - 45855964 _____ () C:\Users\DA LUXAS\Downloads\com.ea.game.dungeonkeeper_row-1.4.78-APK4Fun.com.apk
2014-12-14 06:36 - 2014-12-16 03:32 - 00000114 _____ () C:\Users\DA LUXAS\Desktop\porn.txt
2014-12-14 05:51 - 2014-12-14 05:51 - 28108325 _____ () C:\Users\DA LUXAS\Downloads\Call of Duty- Advanced Warfare Reveal Trailer Music (Jack Trammell - Compelled).mp4
2014-12-10 01:56 - 2014-12-10 01:56 - 00429647 _____ ( ) C:\Users\DA LUXAS\Downloads\Dream Script 2001 Final.exe
2014-12-09 18:46 - 2014-12-09 18:48 - 286079600 _____ (AMD Inc.) C:\Users\DA LUXAS\Downloads\amd-catalyst-14.11.2beta-64bit-win8.1-win7-nov19.exe
2014-12-09 04:49 - 2014-12-09 04:49 - 00002094 _____ () C:\Users\Public\Desktop\MorphVOX Junior.lnk
2014-12-09 04:49 - 2014-12-09 04:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
2014-12-09 04:49 - 2014-12-09 04:49 - 00000000 ____D () C:\Program Files (x86)\Screaming Bee
2014-12-09 04:48 - 2014-12-09 04:48 - 02970992 _____ () C:\Users\DA LUXAS\Downloads\MorphVOXJunior_Install-1.exe
2014-12-08 16:42 - 2014-12-08 16:42 - 00000148 _____ () C:\Users\DA LUXAS\Desktop\RDJ best line.txt
2014-12-08 02:00 - 2014-12-14 19:11 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Roaming\OBS
2014-12-08 02:00 - 2014-12-08 02:00 - 07518634 _____ () C:\Users\DA LUXAS\Downloads\OBS_0_638b_Installer.exe
2014-12-08 02:00 - 2014-12-08 02:00 - 00000907 _____ () C:\Users\DA LUXAS\Desktop\Open Broadcaster Software.lnk
2014-12-08 02:00 - 2014-12-08 02:00 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-12-08 02:00 - 2014-12-08 02:00 - 00000000 ____D () C:\Program Files\OBS
2014-12-08 02:00 - 2014-12-08 02:00 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-12-07 00:50 - 2014-12-18 00:51 - 00003834 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1417931448
2014-12-07 00:50 - 2014-12-18 00:51 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-12-07 00:50 - 2014-12-07 00:50 - 00001107 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-12-07 00:50 - 2014-12-07 00:50 - 00001107 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-12-07 00:50 - 2014-12-07 00:50 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Roaming\Opera Software
2014-12-07 00:50 - 2014-12-07 00:50 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Local\Opera Software
2014-12-07 00:48 - 2014-12-07 00:49 - 00683472 _____ (Opera Software) C:\Users\DA LUXAS\Downloads\Opera_NI_stable.exe
2014-12-06 11:58 - 2014-12-06 12:00 - 00000000 ____D () C:\Users\DA LUXAS\Downloads\Minecraft Mods
2014-12-06 11:55 - 2014-12-06 11:55 - 03107895 _____ () C:\Users\DA LUXAS\Downloads\forge-1.7.10-10.13.2.1240-installer-win.exe
2014-12-06 04:48 - 2014-12-06 04:48 - 00001991 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve.lnk
2014-12-06 04:48 - 2014-12-06 04:48 - 00001979 _____ () C:\Users\Public\Desktop\Evolve.lnk
2014-12-06 04:48 - 2014-12-06 04:47 - 00021656 _____ (Echobit, LLC) C:\Windows\system32\Drivers\evolve.sys
2014-12-06 04:47 - 2014-12-06 04:47 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Local\Echobit
2014-12-06 04:47 - 2014-12-06 04:47 - 00000000 ____D () C:\ProgramData\Echobit
2014-12-06 04:47 - 2014-12-06 04:47 - 00000000 ____D () C:\Program Files\Echobit
2014-12-06 04:46 - 2014-12-06 04:46 - 03258328 _____ (Echobit LLC) C:\Users\DA LUXAS\Downloads\EvolveSetup.exe
2014-12-06 04:21 - 2014-12-06 04:21 - 06083565 _____ () C:\Users\DA LUXAS\AppData\Local\package.nw.new
2014-12-06 01:29 - 2014-12-06 01:29 - 00000108 _____ () C:\Users\DA LUXAS\Desktop\this time in FC4.txt
2014-12-04 21:22 - 2014-12-04 21:22 - 00000017 _____ () C:\Users\DA LUXAS\Desktop\Mr C's favorite pie.txt
2014-12-04 20:52 - 2014-12-04 22:59 - 09433559 _____ () C:\Users\DA LUXAS\Desktop\crown bow.psd
2014-12-04 20:48 - 2014-12-04 20:48 - 00045644 _____ () C:\Users\DA LUXAS\Desktop\corwn.jpeg
2014-12-03 19:12 - 2014-12-03 19:13 - 40294504 _____ () C:\Users\DA LUXAS\Downloads\Jungle - Busy Earnin'.mp4
2014-12-02 02:09 - 2014-12-08 00:16 - 00000000 ____D () C:\Users\DA LUXAS\Desktop\damn it
2014-11-30 18:23 - 2014-11-30 18:23 - 00000091 _____ () C:\Users\DA LUXAS\Desktop\real couple.url
2014-11-30 17:01 - 2014-12-04 00:13 - 00000000 ____D () C:\Users\DA LUXAS\Desktop\The Search For JonTron
2014-11-30 16:48 - 2014-11-30 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-30 16:48 - 2014-11-30 16:48 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-11-30 16:44 - 2014-11-30 16:45 - 42096984 _____ (Apple Inc.) C:\Users\DA LUXAS\Downloads\QuickTimeInstaller.exe
2014-11-29 20:00 - 2014-11-29 20:00 - 00000328 _____ () C:\Users\DA LUXAS\Desktop\cornell notes answer.txt
2014-11-29 17:20 - 2014-11-30 03:35 - 00090794 _____ () C:\Users\DA LUXAS\Desktop\star wars 7 new title.aep
2014-11-29 16:27 - 2014-11-29 16:28 - 00149384 _____ () C:\Users\DA LUXAS\Downloads\boba-fonts_star-jedi.zip
2014-11-29 16:24 - 2014-11-29 16:24 - 00058074 _____ () C:\Users\DA LUXAS\Downloads\pixel-sagas_rebellion.zip
2014-11-29 16:18 - 2014-11-29 16:21 - 13835148 _____ () C:\Users\DA LUXAS\Downloads\Star Wars- Episode VII - The Force Awakens Official Teaser Trailer #1 (2015) - J.J. Abrams Movie HD.mp4
2014-11-27 18:01 - 2014-11-27 18:01 - 00037730 _____ () C:\Users\DA LUXAS\Downloads\teenage-mutant-ninja-turtles-english-yify-30947.zip
2014-11-27 14:53 - 2014-11-27 14:53 - 00002058 _____ () C:\Users\DA LUXAS\Desktop\Play Tales from the Borderlands.lnk
2014-11-27 14:53 - 2014-11-26 11:03 - 00000226 _____ () C:\Program Files (x86)\update-TalesBorderlands.bat
2014-11-27 14:52 - 2014-11-27 14:54 - 00000000 ____D () C:\Program Files (x86)\Tales from the Borderlands
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-27 19:05 - 2013-10-02 14:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-27 19:03 - 2014-02-11 15:14 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Roaming\Raptr
2014-12-27 19:00 - 2014-10-29 19:51 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Roaming\Curse Client
2014-12-27 19:00 - 2014-08-21 05:59 - 00000822 _____ () C:\Windows\Tasks\Security Center Update - 406953465.job
2014-12-27 19:00 - 2014-08-20 16:54 - 00000824 _____ () C:\Windows\Tasks\Security Center Update - 2947426451.job
2014-12-27 18:58 - 2014-01-20 17:40 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Local\LogMeIn Hamachi
2014-12-27 18:56 - 2014-11-13 07:21 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfff3c5076430f.job
2014-12-27 18:56 - 2014-01-26 12:34 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-27 18:55 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-27 18:55 - 2009-07-13 23:51 - 00066646 _____ () C:\Windows\setupact.log
2014-12-27 07:02 - 2014-01-12 10:14 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Roaming\Spotify
2014-12-27 07:02 - 2013-10-01 18:46 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Roaming\uTorrent
2014-12-27 06:33 - 2014-11-13 17:28 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2815950661-3273811623-3712547826-1000UA1cfff9117b027f5.job
2014-12-27 06:26 - 2014-11-13 07:21 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfff3c5231dc4c.job
2014-12-27 06:26 - 2014-06-22 17:09 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2815950661-3273811623-3712547826-1000UA.job
2014-12-27 06:19 - 2014-01-26 12:34 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-27 05:52 - 2013-10-02 18:03 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-27 04:20 - 2013-11-17 19:10 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2815950661-3273811623-3712547826-1000UA.job
2014-12-27 02:00 - 2013-10-02 16:25 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Local\Adobe
2014-12-27 00:03 - 2013-10-01 23:54 - 01534189 _____ () C:\Windows\WindowsUpdate.log
2014-12-26 23:33 - 2014-01-11 01:09 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-12-26 23:33 - 2014-01-11 01:09 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-12-26 23:33 - 2014-01-11 01:09 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-12-26 23:33 - 2014-01-11 01:09 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-12-26 23:32 - 2013-10-01 19:03 - 00555100 _____ () C:\Windows\DirectX.log
2014-12-26 19:00 - 2014-05-21 16:18 - 00000000 ____D () C:\Program Files (x86)\Rayman Legends
2014-12-26 18:52 - 2013-10-09 16:51 - 00000000 ____D () C:\ProgramData\Origin
2014-12-26 18:51 - 2013-10-09 16:51 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-26 17:37 - 2013-10-10 22:42 - 00021248 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-a289-439d-8115-601632D005A0
2014-12-26 17:37 - 2013-10-10 22:42 - 00021248 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-a289-439d-8115-601632D005A0
2014-12-26 17:33 - 2014-11-13 17:28 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2815950661-3273811623-3712547826-1000Core1cfff911670ec49.job
2014-12-26 17:26 - 2010-11-20 22:47 - 00236398 _____ () C:\Windows\PFRO.log
2014-12-26 17:24 - 2014-06-22 17:09 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2815950661-3273811623-3712547826-1000Core.job
2014-12-26 17:24 - 2013-11-17 19:10 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2815950661-3273811623-3712547826-1000Core.job
2014-12-26 17:22 - 2014-07-19 01:15 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Roaming\Lavasoft
2014-12-26 03:09 - 2014-01-23 16:29 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Local\Battle.net
2014-12-25 19:14 - 2014-10-18 19:27 - 00000000 ____D () C:\Users\DA LUXAS\Desktop\for teh lulz
2014-12-25 17:43 - 2013-01-22 16:44 - 00014066 _____ () C:\Users\DA LUXAS\Documents\Install STAR WARS The Old Republic.log
2014-12-25 03:59 - 2014-11-01 16:54 - 00000000 ____D () C:\Program Files (x86)\Sonic and All Stars Racing Transformed
2014-12-25 01:48 - 2014-02-16 11:33 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Roaming\vlc
2014-12-24 17:26 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-24 17:24 - 2013-10-02 01:24 - 00135562 _____ () C:\Windows\DPINST.LOG
2014-12-24 17:24 - 2013-10-02 01:24 - 00000000 ____D () C:\Program Files\DIFX
2014-12-24 17:08 - 2014-04-06 16:14 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Local\CrashDumps
2014-12-24 00:08 - 2014-01-12 10:15 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Local\Spotify
2014-12-22 20:27 - 2013-11-27 20:30 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Roaming\Skype
2014-12-22 18:03 - 2014-10-05 15:44 - 00000000 ____D () C:\Program Files (x86)\Sherlock Holmes Crimes Punishments
2014-12-22 18:03 - 2014-09-29 14:22 - 00001256 _____ () C:\Users\DA LUXAS\Desktop\visit www.nosteam.ro.lnk
2014-12-22 16:56 - 2013-11-10 21:50 - 00000000 ____D () C:\Fraps
2014-12-22 04:00 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-20 17:13 - 2013-10-02 01:25 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-20 17:05 - 2014-01-30 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft
2014-12-20 01:29 - 2014-01-23 15:45 - 00000132 _____ () C:\Users\DA LUXAS\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-12-19 23:48 - 2014-11-03 23:10 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Roaming\.minecraft
2014-12-18 19:49 - 2014-09-19 05:29 - 00000000 ____D () C:\Program Files\PeerBlock
2014-12-18 19:42 - 2014-10-18 17:03 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-18 19:42 - 2013-11-27 20:30 - 00000000 ____D () C:\ProgramData\Skype
2014-12-18 19:33 - 2014-01-23 16:29 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-18 19:16 - 2013-10-02 14:48 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Local\SKIDROW
2014-12-18 15:30 - 2013-12-04 01:18 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Roaming\Apple Computer
2014-12-18 15:26 - 2014-01-20 17:38 - 00000894 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-12-18 00:06 - 2014-11-23 19:19 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Local\Vulcan
2014-12-17 19:56 - 2014-11-23 19:19 - 00000000 ____D () C:\Program Files (x86)\Playfire
2014-12-16 07:16 - 2014-09-30 14:19 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-12-16 07:16 - 2013-12-09 16:01 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-16 03:44 - 2014-06-24 16:15 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-12-14 17:14 - 2014-03-06 06:37 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Local\PAYDAY 2
2014-12-13 16:42 - 2013-11-17 21:59 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Roaming\.technic
2014-12-12 16:11 - 2013-10-02 14:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-12 16:11 - 2013-10-02 14:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-12 16:11 - 2013-10-02 14:08 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-12 03:56 - 2014-04-19 14:04 - 00000000 ____D () C:\Program Files (x86)\Fez
2014-12-12 03:56 - 2013-12-29 02:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-12-12 03:52 - 2014-06-01 19:03 - 00000000 ____D () C:\Program Files (x86)\How to Survive
2014-12-10 15:38 - 2013-11-10 19:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 01:52 - 2014-02-20 17:05 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-12-10 01:05 - 2014-11-26 10:05 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-09 19:07 - 2013-10-09 17:37 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-09 19:03 - 2013-11-29 01:24 - 00000000 ____D () C:\AMD
2014-12-09 16:28 - 2014-02-11 15:13 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-12-09 04:51 - 2014-01-31 02:46 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Roaming\Screaming Bee
2014-12-06 05:32 - 2014-11-03 23:27 - 00000000 ____D () C:\Users\DA LUXAS\Desktop\Minecraft Server
2014-12-06 05:30 - 2014-01-19 03:05 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Roaming\Notepad++
2014-12-06 04:21 - 2014-11-18 23:16 - 00000000 ____D () C:\Users\DA LUXAS\AppData\Local\Popcorn-Time
2014-11-30 14:45 - 2009-07-14 00:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-30 02:49 - 2009-07-13 23:45 - 04996312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-29 20:00 - 2013-10-01 18:32 - 00082656 _____ () C:\Users\DA LUXAS\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-29 15:06 - 2014-03-21 23:41 - 00001843 _____ () C:\Users\Public\Desktop\PCSX2.lnk
2014-11-27 15:12 - 2013-04-09 17:53 - 00000000 ____D () C:\Users\DA LUXAS\Documents\Telltale Games
2014-11-27 12:02 - 2014-11-20 19:31 - 00000000 ____D () C:\Program Files (x86)\Escape Dead Island
 
Some content of TEMP:
====================
C:\Users\DA LUXAS\AppData\Local\Temp\GalaxyUpdater.exe
C:\Users\DA LUXAS\AppData\Local\Temp\npp.6.6.8.Installer.exe
C:\Users\DA LUXAS\AppData\Local\Temp\npp.6.6.9.Installer.exe
C:\Users\DA LUXAS\AppData\Local\Temp\ochelper.exe
C:\Users\DA LUXAS\AppData\Local\Temp\revs.exe
C:\Users\DA LUXAS\AppData\Local\Temp\sfamcc00001.dll
C:\Users\DA LUXAS\AppData\Local\Temp\sfextra.dll
C:\Users\DA LUXAS\AppData\Local\Temp\SkypeSetup.exe
C:\Users\DA LUXAS\AppData\Local\Temp\SRLDetectionLibrary6643207088482733319.dll
C:\Users\DA LUXAS\AppData\Local\Temp\ubertmp.exe
C:\Users\DA LUXAS\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\DA LUXAS\AppData\Local\Temp\xmlUpdater.exe
C:\Users\DA LUXAS\AppData\Local\Temp\_is1D63.exe
C:\Users\DA LUXAS\AppData\Local\Temp\_is7CFE.exe
C:\Users\DA LUXAS\AppData\Local\Temp\_is8E7B.exe
C:\Users\DA LUXAS\AppData\Local\Temp\_is9619.exe
C:\Users\DA LUXAS\AppData\Local\Temp\_isCCB4.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-25 03:45
 
==================== End Of Log ============================

Edited by Queen-Evie, 27 December 2014 - 07:40 PM.
moved from Windows 7 to the appropriate forum. FRST logs are allowed only in Malware Removal Logs. Also removed spoiler.


BC AdBot (Login to Remove)

 


m

#2 Rogue_

Rogue_
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 27 December 2014 - 07:38 PM

I can't seem to post the addition.txt though...

 

Mod Edit:  If more info is desired, someone in this forum will request it :) - Hamluis.


Edited by hamluis, 27 December 2014 - 07:41 PM.


#3 Rogue_

Rogue_
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 27 December 2014 - 11:42 PM

alright, thanks, I'm just going off a post i saw before posting this one



#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:05 PM

Posted 29 December 2014 - 01:53 PM

Hi,

If you still need help, we will use FRST, then get another download to use.

 

FRST:

1)  Open notepad. Please copy/paste the contents of the code box below into the open notepad and save it to where you have FRST.exe located (C:\Users\DA LUXAS\Downloads) as fixlist.txt

HKLM Group Policy restriction on software: C:\Program Files\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Lavasoft\Ad-Aware Antivirus <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\VMware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKU\S-1-5-21-2815950661-3273811623-3712547826-1000\...\Run: [CMD] => cmd.exe /c start http://ooov.net && exit <===== ATTENTION

 Run FRST.exe like before except this time press the Fix button once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool  complete its run
     When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
 

 

2) Please download adwcleaner and save to your desktop.

 

    Right-click on adwcleaner.exe and select Run as Administrator to launch the application.

    Now click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.

    Allow the system to reboot. You will then be presented with the report at restart. Copy & Paste this report on your next reply.

 

    http://www.bleepingcomputer.com/download/adwcleaner/

 

    Note: The log can also be located in your root drive, C:>AdwCleaner >AdwCleaner[S0].txt


How Can I Reduce My Risk to Malware?


#5 Rogue_

Rogue_
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 29 December 2014 - 09:57 PM

Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014

Ran by DA LUXAS at 2014-12-29 21:42:03 Run:1
Running from C:\Users\DA LUXAS\Downloads
Loaded Profile: DA LUXAS (Available profiles: DA LUXAS & Administrator)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Lavasoft\Ad-Aware Antivirus <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\VMware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKU\S-1-5-21-2815950661-3273811623-3712547826-1000\...\Run: [CMD] => cmd.exe /c start http://ooov.net && exit <===== ATTENTION
*****************
 
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKU\S-1-5-21-2815950661-3273811623-3712547826-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.
 
==== End of Fixlog 21:42:03 ====

 

AdwCleaner[S0].txt:

 
# AdwCleaner v4.106 - Report created 29/12/2014 at 21:47:02
# Updated 21/12/2014 by Xplode
# Database : 2014-12-28.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : DA LUXAS - DALUXAS-PC
# Running from : C:\Users\DA LUXAS\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\safesoft
Folder Deleted : C:\Program Files (x86)\eSupport.com
Folder Deleted : C:\Program Files (x86)\PassShow
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\DA LUXAS\AppData\Local\Babylon
Folder Deleted : C:\Users\DA LUXAS\AppData\Local\eSupport.com
Folder Deleted : C:\Users\DA LUXAS\AppData\Local\CrashRpt
Folder Deleted : C:\Users\DA LUXAS\AppData\Roaming\Babylon
Folder Deleted : C:\Users\DA LUXAS\Documents\Optimizer Pro
Folder Deleted : C:\Users\DA LUXAS\AppData\Roaming\Mozilla\Firefox\Profiles\91v09woc.default\Extensions\wecarereminder@bryan
Folder Deleted : C:\Users\DA LUXAS\AppData\Roaming\Mozilla\Firefox\Profiles\91v09woc.default\Extensions\uuouo5-p@h-ejruca.co.uk
Folder Deleted : C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm
File Deleted : C:\END
File Deleted : C:\Users\DA LUXAS\AppData\Roaming\Mozilla\Firefox\Profiles\91v09woc.default\bprotector_extensions.sqlite
File Deleted : C:\Users\DA LUXAS\AppData\Roaming\Mozilla\Firefox\Profiles\91v09woc.default\bprotector_prefs.js
File Deleted : C:\Users\DA LUXAS\AppData\Roaming\Mozilla\Firefox\Profiles\91v09woc.default\invalidprefs.js
File Deleted : C:\Users\DA LUXAS\AppData\Roaming\Mozilla\Firefox\Profiles\91v09woc.default\searchplugins\trovi-search.xml
File Deleted : C:\Users\DA LUXAS\AppData\Roaming\Mozilla\Firefox\Profiles\91v09woc.default\user.js
File Deleted : C:\Users\DA LUXAS\AppData\Roaming\Mozilla\Firefox\Profiles\frzpvtx1.default\user.js
File Deleted : C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
File Deleted : C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Deleted : C:\Users\DA LUXAS\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\DA LUXAS\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\DA LUXAS\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Users\DA LUXAS\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\SearchProtectINT
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKCU\Software\USyndication
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sonic and All Stars Racing Transformed © SEGA_is1
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7601.17514
 
 
-\\ Mozilla Firefox v32.0.3 (x86 en-US)
 
[91v09woc.default\prefs.js] - Line Deleted : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(getaudiofiledocumentdir)/.*hxxp://.*depositfiles.com/(([a-z]{2})/files/auth-).*hxxp://(www.)*digg.com/(.{5}.{6})$hxxp:[...]
[frzpvtx1.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.yahoo.com?type=293224&fr=spigot-yhp-ff");
 
-\\ Google Chrome v
 
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.newscientist.com/search?query={searchTerms}&doSearch=true
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=legend+of+kora+tv+show&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317740&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP35B5E01B-B1E7-4567-845E-1F72C7C99ED9&q={searchTerms}&SSPV=
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317740&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP35B5E01B-B1E7-4567-845E-1F72C7C99ED9&q={searchTerms}&SSPV=
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.newscientist.com/search?query={searchTerms}&doSearch=true
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321486&octid=EB_ORIGINAL_CTID&ISID=M492E4977-7719-44F9-86B0-2E8F3BA5BDA8&SearchSource=58&CUI=&UM=5&UP=SPBBEBB932-D752-4C57-A150-B436216D2F57&q={searchTerms}&SSPV=
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321486&octid=EB_ORIGINAL_CTID&ISID=M492E4977-7719-44F9-86B0-2E8F3BA5BDA8&SearchSource=58&CUI=&UM=5&UP=SPBBEBB932-D752-4C57-A150-B436216D2F57&q={searchTerms}&SSPV=
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
 
-\\ Chromium v
 
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.newscientist.com/search?query={searchTerms}&doSearch=true
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=legend+of+kora+tv+show&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317740&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP35B5E01B-B1E7-4567-845E-1F72C7C99ED9&q={searchTerms}&SSPV=
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317740&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP35B5E01B-B1E7-4567-845E-1F72C7C99ED9&q={searchTerms}&SSPV=
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.newscientist.com/search?query={searchTerms}&doSearch=true
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321486&octid=EB_ORIGINAL_CTID&ISID=M492E4977-7719-44F9-86B0-2E8F3BA5BDA8&SearchSource=58&CUI=&UM=5&UP=SPBBEBB932-D752-4C57-A150-B436216D2F57&q={searchTerms}&SSPV=
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321486&octid=EB_ORIGINAL_CTID&ISID=M492E4977-7719-44F9-86B0-2E8F3BA5BDA8&SearchSource=58&CUI=&UM=5&UP=SPBBEBB932-D752-4C57-A150-B436216D2F57&q={searchTerms}&SSPV=
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
 
-\\ Opera v26.0.1656.60
 
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.newscientist.com/search?query={searchTerms}&doSearch=true
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=legend+of+kora+tv+show&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317740&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP35B5E01B-B1E7-4567-845E-1F72C7C99ED9&q={searchTerms}&SSPV=
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317740&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP35B5E01B-B1E7-4567-845E-1F72C7C99ED9&q={searchTerms}&SSPV=
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.newscientist.com/search?query={searchTerms}&doSearch=true
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321486&octid=EB_ORIGINAL_CTID&ISID=M492E4977-7719-44F9-86B0-2E8F3BA5BDA8&SearchSource=58&CUI=&UM=5&UP=SPBBEBB932-D752-4C57-A150-B436216D2F57&q={searchTerms}&SSPV=
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321486&octid=EB_ORIGINAL_CTID&ISID=M492E4977-7719-44F9-86B0-2E8F3BA5BDA8&SearchSource=58&CUI=&UM=5&UP=SPBBEBB932-D752-4C57-A150-B436216D2F57&q={searchTerms}&SSPV=
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
[C:\Users\DA LUXAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\DA LUXAS\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : aaipilfmheplbcghignccoiiebekkdhe
[C:\Users\DA LUXAS\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : elchiiiejkobdbblfejjkbphbddgmljf
[C:\Users\DA LUXAS\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ffhfoagmjcnkolneahbpagjcjjaeofbg
[C:\Users\DA LUXAS\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : hjghiofiijcepdnocbgefbdlbckjfheg
[C:\Users\DA LUXAS\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : iklgpchfbohgmghgfagediakopecfmbm
[C:\Users\DA LUXAS\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : kfgaibfbmkjgmimhbbaikfnpkkjkpoan
[C:\Users\DA LUXAS\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : lmnbobhffedhdhfpcjkjphcfpeeiocdn
[C:\Users\DA LUXAS\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : kjpifmjicccpbkfjdkehimhgklfkbanh
[C:\Users\DA LUXAS\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : hoidflomjnnnbiemmkjdjkkialmhbago
[C:\Users\DA LUXAS\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ekpibplnnkfdcafdpoekhoffegcajene
[C:\Users\DA LUXAS\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ipljmghelflfikejmgkmlmpjmehfjodc
[C:\Users\DA LUXAS\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ejddjnilmdncjilbfjgameihlklfpohp
[C:\Users\DA LUXAS\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : eagomcfjiefffhpaejnlpjccikpipdoe
 
*************************
 
AdwCleaner[R0].txt - [15546 octets] - [29/12/2014 21:43:48]
AdwCleaner[S0].txt - [20351 octets] - [29/12/2014 21:47:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20412 octets] ##########
 
 
Thanks by the way :D

Edited by Rogue_, 29 December 2014 - 09:57 PM.


#6 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:05 PM

Posted 30 December 2014 - 01:33 PM

Do you have Antivirus installed on the machine? couldnt tell from the FRST log.

Since you had a load of adware type stuff on there you can get one more download. Its similiar to Adwcleaner and might dig up somemore:

 

Please download Junkware Removal Tool to your desktop.

 

     http://thisisudax.org/downloads/JRT.exe

 

    Double click the icon or Right click for Vista/W7,8 and select Run as administrator

    The tool will open and start scanning.

    Please be patient as this can take a while to complete.

    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

    Post the contents of JRT.txt into your next message

 

 

You can also download and keep as a antimaleware app the free version of Malwarebytes:

 

Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.
 
http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.3.1025.exe
 
 
    Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
    At the end, be sure a checkmark is placed next to the following:
        Launch Malwarebytes Anti-Malware
        A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    Click Finish.
    On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
    Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
    A Threat Scan will begin.
    With some infections, you may see this message box.
        'Could not load DDA driver'
    Click 'Yes' to this message, to allow the driver to load after a restart.
    Allow the computer to restart. Continue with the rest of these instructions.
    When the scan is complete, click Apply Actions.
    Wait for the prompt to restart the computer to appear, then click on Yes.
    After the restart once you are back at your desktop, open MBAM once more.
    Click on the History tab > Application Logs.
    Double click on the scan log which shows the Date and time of the scan just performed.
    Click 'Copy to Clipboard'
    Paste the contents of the clipboard into your reply.


How Can I Reduce My Risk to Malware?


#7 Rogue_

Rogue_
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 31 December 2014 - 02:57 AM

Actually, just running the adwcleaner fixed everything



#8 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:05 PM

Posted 31 December 2014 - 09:46 AM

Ok you can remove Adwcleaner by starting it and clicking on the Uninstall button.

 

    Next please download Delfix.exe and save it to your desktop. It will remove the tools and there associated folders/files.

 

    https://toolslib.net/downloads/viewdownload/2-delfix/

 

    Right click and select "run as admin" check: "Remove disinfection tools" and click on the Run button.

    The tool will delete itself once it finishes. You can delete the log it generates

 

Malwarebytes is a excellent antimalware app which you could keep and use on your machine. Its free to use.

 

If all is good then:

Happy safe surfing out there.

   


How Can I Reduce My Risk to Malware?


#9 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:05 PM

Posted 01 January 2015 - 07:13 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users