Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"FlashPlayerPlugin" infection with numerous pop-ups. Internet unusable.


  • This topic is locked This topic is locked
36 replies to this topic

#1 donjuggalo

donjuggalo

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 03 February 2015 - 10:26 PM

Hello and thank you for your help. We have a nasty infection that produces a process entitled, "FlashPlayerPlugin_16_0_0_257.exe" that just reappears every time I try to kill it. Numerous pop-ups clutter my screen as soon as I start trying to use the internet, which makes the internet unusable. Within one minute my screen has pop-ups on it that I cannot even close. I am using a different computer to send this to you, as I am obviously afraid to try and use the infected computer for anything, let alone to put any personal information on it. Anyway - here is the log you asked for:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2015
Ran by Don Juggalo (administrator) on DONJUGGALO-PC on 03-02-2015 20:18:51
Running from C:\Users\TEMP\Desktop
Loaded Profiles: Don Juggalo (Available profiles: Don Juggalo)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(CartCrunch Israel Ltd.) C:\ProgramData\PicColor Utility\ColorMedia.exe
() C:\ProgramData\PicColor Utility\PicColor.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2165876073-2920801462-2768486518-1001\...\RunOnce: [adawarebp] => reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f
HKU\S-1-5-21-2165876073-2920801462-2768486518-1001\...\RunOnce: [adawarebp_XP] => reg.exe delete "HKCU\Software\adawarebp" /f
HKU\S-1-5-21-2165876073-2920801462-2768486518-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe -update plugin
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-01-18] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchfix.info/?pid=724&r=2015/01/12&hid=1872534200735908117&lg=EN&cc=US
HKU\S-1-5-21-2165876073-2920801462-2768486518-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchfix.info/?pid=724&r=2015/01/12&hid=1872534200735908117&lg=EN&cc=US
SearchScopes: HKLM -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2015/01/12&hid=1872534200735908117&lg=EN&cc=US
SearchScopes: HKU\S-1-5-21-2165876073-2920801462-2768486518-1001 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2015/01/12&hid=1872534200735908117&lg=EN&cc=US
SearchScopes: HKU\S-1-5-21-2165876073-2920801462-2768486518-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-08-08&gen=cnet&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2165876073-2920801462-2768486518-1001 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2015/01/12&hid=1872534200735908117&lg=EN&cc=US
BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
Winsock: Catalog9 01 C:\Windows\system32\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\Windows\system32\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 03 C:\Windows\system32\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 04 C:\Windows\system32\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 33 C:\Windows\system32\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
 
FireFox:
========
FF ProfilePath: C:\Users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\t9qse5h5.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searchfix.info/?pid=724&r=2015/01/12&hid=1872534200735908117&lg=EN&cc=US&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Homepage: www.google.com
FF Keyword.URL: hxxp://websearch.searchfix.info/?pid=724&r=2015/01/12&hid=1872534200735908117&lg=EN&cc=US&l=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files\Perfect World Entertainment\Arc\plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin: @tongbu.com/tongbu,version=0.1 -> C:\Program Files\Tongbu\Addin\npTongbuAddin.dll (同步网络平台)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-2165876073-2920801462-2768486518-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\TEMP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\t9qse5h5.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: Ad-Aware Security Toolbar - C:\Users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\t9qse5h5.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2014-08-08]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799 [2014-08-27]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-04]
CHR Extension: (Google Drive) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-11]
CHR Extension: (YouTube) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-04]
CHR Extension: (Google Search) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-04]
CHR Extension: (Google Wallet) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-04]
CHR Extension: (Gmail) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-04]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ArcService; C:\Program Files\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-12-17] (Perfect World Entertainment Inc)
S4 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
S4 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
S4 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
S4 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.)
S4 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.)
R2 ColorMedia; C:\ProgramData\PicColor Utility\ColorMedia.exe [1844232 2015-01-27] (CartCrunch Israel Ltd.) [File not signed]
S4 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation)
S4 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [655352 2014-06-03] ()
R2 PicColor Service; C:\ProgramData\PicColor Utility\PicColor.exe [615936 2015-01-27] () [File not signed]
S4 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S4 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-11] (AVG Technologies)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [113424 2014-05-21] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-09-05] (Disc Soft Ltd)
S3 ipMIDI; C:\Windows\System32\drivers\ipmidi.sys [19456 2013-01-31] (nerds.de)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [20040 2014-01-14] ()
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3566336 2011-10-17] ()
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [360376 2014-04-22] (BitDefender S.R.L.)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 mlkumidi; system32\DRIVERS\mlkumidi.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-03 20:18 - 2015-02-03 20:19 - 00013959 _____ () C:\Users\TEMP\Desktop\FRST.txt
2015-02-03 20:18 - 2015-02-03 20:18 - 00000000 ____D () C:\FRST
2015-02-03 20:18 - 2015-02-03 13:42 - 01122304 _____ (Farbar) C:\Users\TEMP\Desktop\FRST.exe
2015-01-29 17:28 - 2015-01-29 17:28 - 01080608 _____ (Unity Technologies ApS) C:\Users\TEMP\Downloads\UnityWebPlayer.exe
2015-01-29 17:15 - 2015-01-29 17:15 - 00012857 _____ () C:\Users\TEMP\Downloads\[kickass.so]lethal.league.zip.torrent
2015-01-29 17:15 - 2015-01-29 17:15 - 00012857 _____ () C:\Users\TEMP\Downloads\[kickass.so]lethal.league.zip (1).torrent
2015-01-27 16:52 - 2015-01-27 16:52 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\dlg
2015-01-27 16:43 - 2015-02-03 20:16 - 00005256 _____ () C:\Windows\system32\ColorMedia.ini
2015-01-27 16:43 - 2015-02-03 20:16 - 00002856 _____ () C:\Windows\system32\ColorMediaOff.ini
2015-01-27 16:43 - 2015-01-29 13:46 - 00000000 ____D () C:\ProgramData\PicColorData
2015-01-27 16:43 - 2015-01-27 17:31 - 00301168 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia.dll
2015-01-27 16:42 - 2015-01-27 16:43 - 00000000 ____D () C:\ProgramData\PicColor Utility
2015-01-27 16:42 - 2015-01-27 16:42 - 00000000 ____D () C:\ProgramData\b56cf4adaac246968dfa350519c41346
2015-01-27 16:40 - 2015-01-27 16:41 - 00616328 _____ () C:\Users\TEMP\Downloads\download-windows-movie-maker.exe
2015-01-25 12:16 - 2015-01-25 12:16 - 00528808 _____ () C:\Users\TEMP\Downloads\GarageBand.exe
2015-01-24 22:20 - 2015-01-24 22:20 - 01669280 _____ (nerds.de Daniel Schmitt) C:\Users\TEMP\Downloads\setupipmiditrial.exe
2015-01-24 14:55 - 2015-01-24 15:04 - 00001070 _____ () C:\Windows\mlkumidi.log
2015-01-24 14:55 - 2015-01-24 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicLab
2015-01-24 14:55 - 2015-01-24 15:04 - 00000000 ____D () C:\Program Files\MusicLab
2015-01-23 09:41 - 2015-01-23 09:41 - 00000000 ____D () C:\Windows\pss
2015-01-21 10:19 - 2015-01-21 10:19 - 00000000 ____H () C:\Users\TEMP\Documents\Default.rdp
2015-01-21 09:09 - 2015-01-21 09:09 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-21 09:09 - 2015-01-21 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XLink Kai
2015-01-21 09:09 - 2015-01-21 09:09 - 00000000 ____D () C:\Program Files\XLink Kai
2015-01-15 01:18 - 2015-01-27 11:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-14 13:25 - 2015-01-14 13:25 - 00030057 _____ () C:\Users\TEMP\Documents\CHORES LIST Cunningham Boys 2015.odt
2015-01-14 12:11 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 12:11 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:10 - 2014-12-18 20:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:10 - 2014-12-18 19:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:10 - 2014-12-11 11:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:10 - 2014-12-05 21:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-12 16:43 - 2015-01-12 16:43 - 00000000 ____D () C:\Program Files\uNisaliEss
2015-01-12 16:42 - 2015-01-12 16:42 - 00000000 ____D () C:\ProgramData\ipmicljnecfhmcfddjiagojkofecodmk
2015-01-12 16:38 - 2015-01-12 16:38 - 00000000 ____D () C:\Users\TEMP\AppData\Local\IsolatedStorage
2015-01-12 16:36 - 2015-01-12 16:36 - 00000000 ____D () C:\Program Files\youtubeadblocker
2015-01-12 16:30 - 2015-01-12 16:30 - 00000000 ____D () C:\ProgramData\gfhghdhmocglleggfbialakffjjecjjm
2015-01-12 16:30 - 2015-01-12 16:30 - 00000000 ____D () C:\ProgramData\6145289077393595048
2015-01-12 16:30 - 2015-01-12 16:30 - 00000000 ____D () C:\Program Files\unisaless
2015-01-12 16:30 - 2015-01-12 16:30 - 00000000 ____D () C:\Program Files\uniSalEs
2015-01-12 16:29 - 2015-01-12 16:29 - 01212416 _____ () C:\Users\TEMP\Downloads\Lethal League.zip.exe
2015-01-12 16:29 - 2015-01-12 16:29 - 00000000 ____D () C:\ProgramData\{61529726-44e7-f253-6152-2972644e5c99}
2015-01-06 00:36 - 2015-01-06 00:36 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Chris_Pietschmann_(http__
2015-01-06 00:34 - 2015-01-06 00:35 - 00000000 ____D () C:\Program Files\Virtual Router
2015-01-06 00:34 - 2015-01-06 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Router
2015-01-06 00:33 - 2015-01-06 00:33 - 01373696 _____ () C:\Users\TEMP\Downloads\VirtualRouterInstaller.msi
2015-01-05 23:36 - 2015-01-20 10:41 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\XLink Kai
2015-01-05 23:33 - 2015-01-05 23:34 - 04346087 _____ (Team XLink) C:\Users\TEMP\Downloads\XLinkKai-7.4.28-win32.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-03 20:19 - 2014-01-12 15:07 - 01834654 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 20:16 - 2014-07-11 10:55 - 00032466 _____ () C:\Windows\setupact.log
2015-02-03 20:16 - 2014-04-20 15:42 - 00000362 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
2015-02-03 20:16 - 2014-04-20 15:42 - 00000362 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job
2015-02-03 20:16 - 2014-01-12 13:55 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 20:16 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-31 23:48 - 2014-01-12 13:55 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-31 23:21 - 2014-01-12 12:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-31 22:57 - 2009-07-13 22:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 22:57 - 2009-07-13 22:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 22:48 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\tracing
2015-01-29 20:56 - 2014-01-12 12:07 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-29 17:28 - 2014-11-08 17:12 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Unity
2015-01-29 17:21 - 2014-04-05 21:05 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\BitComet
2015-01-29 01:19 - 2014-08-09 10:31 - 00002662 _____ () C:\Windows\PFRO.log
2015-01-29 01:15 - 2014-08-25 13:23 - 00000000 ____D () C:\Program Files\Steam
2015-01-27 17:22 - 2014-04-05 21:17 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\vlc
2015-01-27 17:06 - 2014-02-26 19:26 - 00000000 ____D () C:\Program Files\7-Zip
2015-01-27 17:06 - 2014-01-12 12:31 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-27 16:53 - 2014-06-10 16:16 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-01-27 16:40 - 2014-08-05 11:38 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Windows Live
2015-01-27 13:41 - 2014-04-16 10:11 - 00000000 ____D () C:\Users\TEMP\Desktop\MUSIC TAB SHEETS (Blank)
2015-01-24 22:29 - 2014-04-26 17:21 - 00000000 ____D () C:\Users\TEMP\Documents\Studio One
2015-01-23 13:53 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-23 09:27 - 2014-01-12 12:37 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-23 09:22 - 2014-08-08 15:22 - 00002318 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-01-20 15:29 - 2014-04-02 10:14 - 00000000 ____D () C:\Users\TEMP
2015-01-15 03:13 - 2014-04-16 10:07 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:02 - 2014-04-16 10:06 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 12:21 - 2014-01-12 12:55 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-14 12:21 - 2014-01-12 12:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-08 10:41 - 2014-03-31 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-08 10:41 - 2014-01-12 12:49 - 00000948 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
 
==================== Files in the root of some directories =======
 
2014-01-29 18:56 - 2014-06-02 08:30 - 0003744 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2014-08-24 19:08 - 2014-10-26 17:08 - 0003584 _____ () C:\Users\TEMP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-07 02:01 - 2014-08-07 02:01 - 0000000 _____ () C:\Users\TEMP\AppData\Local\{DDC0C5FB-6BBE-4974-8CB4-82C9F1A1AA10}
 
Some content of TEMP:
====================
C:\Users\Don Juggalo\AppData\Local\Temp\bitcomet_chrome.exe
C:\Users\Don Juggalo\AppData\Local\Temp\Checkupdate.exe
C:\Users\Don Juggalo\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Don Juggalo\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Don Juggalo\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Don Juggalo\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Don Juggalo\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Don Juggalo\AppData\Local\Temp\htmlayout.dll
C:\Users\Don Juggalo\AppData\Local\Temp\ICReinstall_BitlordSetup.exe
C:\Users\Don Juggalo\AppData\Local\Temp\SSStub_Somo_SpeedyPC.exe
C:\Users\Don Juggalo\AppData\Local\Temp\Tsu92B3A1EF.dll
C:\Users\TEMP\AppData\Local\Temp\072f3bc3-ed3a-4521-ba0d-65233792ec1e.exe
C:\Users\TEMP\AppData\Local\Temp\bitool.dll
C:\Users\TEMP\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\TEMP\AppData\Local\Temp\SpOrder.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-24 00:13
 
==================== End Of Log ============================
 
 
 
***Thank you in advance for your time and assistance! We are a family of limited means and cannot really afford to pay for someone to help us with this. The 'addition' file is also attached. 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-02-2015
Ran by Don Juggalo at 2015-02-03 20:20:48
Running from C:\Users\TEMP\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM\...\7-Zip 9.20) (Version:  - )
Ad-Aware Antivirus (HKLM\...\{CB799B5A-84B8-46A2-BEB5-4FD7D5230361}_AdAwareUpdater) (Version: 11.2.5952.0 - Lavasoft)
Ad-Aware Security Toolbar (HKLM\...\adawaretb) (Version: 3.9.0.26 - Lavasoft)
AdAwareInstaller (Version: 11.2.5952.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.2.5952.0 - Lavasoft) Hidden
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Astroburn Lite (HKLM\...\Astroburn Lite) (Version: 1.8.0.0182 - Disc Soft Ltd)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)
AVG 2014 (Version: 14.0.4257 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 18.1.9.799 - AVG Technologies)
BitComet 1.37 (HKLM\...\BitComet) (Version: 1.37 - CometNetwork)
BlueStacks Notification Center (HKLM\...\{0BED0B96-70B8-4893-884B-DC485DC8C1B7}) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)
Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version:  - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version:  - Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Coby Media Manager (HKLM\...\{D7F70937-6EC3-4129-8089-4974C5873C99}) (Version: 1.0.6316 - Coby)
COWON Media Center - jetAudio Plus VX (HKLM\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.0.0 - COWON)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.2.75.126 - Foxit Corporation)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Horizon v2.7.9.0 (HKLM\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.9.0 - Daring Development Inc.)
iFunbox (v2.7.2386.747), iFunbox DevTeam (HKLM\...\iFunbox_is1) (Version: v2.7.2386.747 - )
iOS Soft Dev Pack + jb iOS 7.1 5.00 (HKLM\...\iOS Soft Dev Pack + jb iOS 7.1 5.00) (Version: 5.00 - www.i-ekb.ru)
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 Update 40 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170400}) (Version: 1.7.0.400 - Oracle)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LADSPA_plugins-win-0.4.15 (HKLM\...\LADSPA_plugins-win_is1) (Version:  - Audacity Team)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
magicJack (HKU\S-1-5-21-2165876073-2920801462-2768486518-1001\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}) (Version: 1.20.146.0 - Microsoft)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MusicLab Garage Drummer (HKLM\...\{1864B4E9-1357-4A57-1357-C2B307597966}) (Version:  - MusicLab, Inc.)
OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PicColor Utility (HKLM\...\PicColor Utility) (Version: 1.0.0.2078 - )
PreSonus Studio One 2 (HKLM\...\PreSonus Studio One 2) (Version: 2.6.0.24200 - PreSonus Audio Electronics)
QuickTime (HKLM\...\{EB900AF8-CC61-4E15-871B-98D1EA3E8025}) (Version: 7.67.75.0 - Apple Inc.)
RAR File Open Knife - Free Opener (HKLM\...\RAR File Open Knife - Free Opener) (Version: 3.50 - Philipp Winterberg)
ReBirth ModPacker (HKLM\...\ReBirth ModPacker) (Version:  - )
ReBirth RB-338 2.0 (HKLM\...\ReBirth RB-338 2.0) (Version:  - )
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
Tongbu Assistant 2.1.9.2 (HKLM\...\Tongbu2) (Version: 2.1.9.2 - Xiamen Tongbu Network Ltd.)
uNisaliEss (HKLM\...\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}) (Version:  - ) <==== ATTENTION
Unity Web Player (HKU\S-1-5-21-2165876073-2920801462-2768486518-1001\...\UnityWebPlayer) (Version: 4.6.0f2 - Unity Technologies ApS)
Unturned (HKLM\...\Steam App 304930) (Version:  - Nelson Sexton)
USB Video Device (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 9.15 - Ecom)
Virtual Router v1.0 (HKLM\...\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}) (Version: 1.0 - Chris Pietschmann)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WinDirStat 1.1.2 (HKU\.DEFAULT\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XLink Kai (HKLM\...\{b27eb24b-e5e0-4ad7-a6ea-98de903c3ce1}) (Version: 7.4.28.0 - Team XLink)
XLink Kai (Version: 7.4.28.0 - Team XLink) Hidden
youtubeadblocker (HKLM\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version:  - ) <==== ATTENTION
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2165876073-2920801462-2768486518-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\TEMP\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2165876073-2920801462-2768486518-1001_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\TEMP\AppData\Local\Temp\9857375F\temp\Lethal League.zip.exe ()
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-05-29 21:22 - 2009-06-10 15:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {003C78CF-BBC6-4F21-BBB6-864DD6CB74FD} - System32\Tasks\{EE289926-30FD-4A44-B659-76ED71F720A5} => C:\Users\TEMP\AppData\Roaming\mjusbsp\magicJackLoader.exe [2012-02-01] (magicJack L.P.)
Task: {0A7A1515-CE03-405D-92B1-698864E8E99A} - System32\Tasks\{3E172400-8F78-4CC4-AF2C-AC8CE9E4E8BA} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {196C6899-F8A0-4FF8-85FB-847453CDE4E0} - System32\Tasks\{38B100C4-3C85-412A-B459-026E01E26A16} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {1FBBA5ED-5BAE-4C1B-8D01-50B7EDA4D10C} - System32\Tasks\{898751D1-180E-4F83-8CB5-BC0E3AD12845} => C:\Users\TEMP\AppData\Roaming\mjusbsp\magicJackLoader.exe [2012-02-01] (magicJack L.P.)
Task: {20318E3D-CAFE-4130-8BE8-3DAB357F7F69} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {2EC09464-A078-4537-93FD-DD3C3A46D9EA} - System32\Tasks\{191A063B-97BD-465D-BF66-55BDB4BD0432} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {2F69C62C-514A-4C65-A5C4-22161ED13D8D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-12] (Google Inc.)
Task: {3D57800C-CB96-4FB6-ADEA-24712D255728} - System32\Tasks\{8B8F6C8F-8E26-4C5B-BF18-45C9D9F56C35} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {4AFFEE3C-390B-4F54-A145-D757CABB888F} - System32\Tasks\{C4BFF075-AEFF-437A-95A5-2A1CB7D79DAE} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {4CB7F9C7-C37A-4369-BE59-22CAD83A9865} - System32\Tasks\{EBBAFFF3-E83E-4D81-B1DB-C068E3ADCA41} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {51A87160-DD6A-4BA6-9D0B-9FF151558EBE} - System32\Tasks\{22F408A2-9A05-4090-ADA4-2C810CB2EAC7} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {52A17513-BAA7-418F-8A24-3B62DC55E2EB} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe [2014-04-20] ()
Task: {559F076A-F5A5-442F-AD8B-37597517DAAB} - System32\Tasks\{9A5D86DB-3B60-4A5E-9B39-8EB951A16969} => Firefox.exe 
Task: {57DAEE24-B077-4F6C-A561-9F7B4845DC0D} - System32\Tasks\{20257BCF-A6FD-439A-B8CC-5F2362911810} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {5B4D802F-414E-4DC2-A08C-5FC64EAF14C4} - System32\Tasks\{A6E72052-2C99-4238-8789-72D48F157B62} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {5FEA59F5-E404-4139-8C19-8F4778D9F537} - System32\Tasks\{7DF64FC7-FA60-4274-8652-3AFB8F54FC24} => pcalua.exe -a I:\coby-mediamanager.exe -d I:\
Task: {6053C62F-5D6F-410A-94EE-16483FA8BB06} - System32\Tasks\{DBB85E19-6F1B-49EA-BD95-247B7ABA020C} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {6B9E1289-C93F-401A-A943-711A584A6913} - System32\Tasks\{7F31A75C-5DC8-448D-866F-8623953A94DF} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {74EEBA2F-16D5-41B0-8F1D-C5E232EB602B} - System32\Tasks\{9074627A-86BB-4D2A-AB90-819DDABD9C6C} => C:\Users\TEMP\Desktop\p0sixspwn-v1.0.7-win\p0sixspwn-v1.0.7.exe
Task: {7C4AB186-0620-47A8-AD43-F7ECB889FD0D} - System32\Tasks\{1F2EA81D-5D3B-462C-841C-904E15FBF997} => C:\Users\TEMP\AppData\Roaming\mjusbsp\magicJackLoader.exe [2012-02-01] (magicJack L.P.)
Task: {8E4F494C-2020-4083-BDDE-2C3995541620} - System32\Tasks\{9857DA48-2A17-43D4-B653-DADB3683ED44} => C:\Users\TEMP\AppData\Roaming\mjusbsp\magicJackLoader.exe [2012-02-01] (magicJack L.P.)
Task: {965FC9DB-0EB9-40D5-8DDC-B249136B124D} - System32\Tasks\{2D30AD81-077D-4630-BACB-9DDB97453B67} => C:\Users\TEMP\Desktop\p0sixspwn-v1.0.7-win\p0sixspwn-v1.0.7.exe
Task: {9B3AF2A0-7F97-4AB6-A357-9BB6745033CD} - System32\Tasks\{30963116-E6E5-4C30-BB30-C03FE2E0ED61} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {AC808921-4FAD-4A6F-ABA4-1D16DE73B87E} - System32\Tasks\{5F7AEEEE-B2D6-4A9E-946E-BB0DFC276AB6} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {B37CF424-BAC7-454A-8EA2-052663779D6F} - System32\Tasks\Digital Sites => C:\Users\DONJUG~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {BDB47287-CA44-4B94-815D-99D87D38D922} - System32\Tasks\{3D8C8678-4288-49E8-88D3-30CE5D3DB240} => pcalua.exe -a H:\GarageDrummerSetup.exe -d H:\
Task: {CA08A5FB-9402-47C9-A0E2-A373B7FC9494} - System32\Tasks\{0A781EF8-B60E-4E7E-9D57-9D683F23D0F5} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {D9B5F72C-C054-40C1-8857-7EDF89EB36EF} - System32\Tasks\{A6921E1B-1302-416B-9298-1D0F2CFC6AEE} => pcalua.exe -a G:\Setup.EXE -d G:\
Task: {DD6A3D44-F841-46B1-AA67-D92F6D2BF148} - System32\Tasks\{757E1C94-167C-4870-A9EF-73F6008616A4} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {E2AB7E0A-727F-4563-9A7F-3B7DD5637768} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-12] (Google Inc.)
Task: {F2C2B004-BEF9-4C76-A3C0-60D4ECDAE62B} - System32\Tasks\ALEKTNWT => C:\ProgramData\b56cf4adaac246968dfa350519c41346\b56cf4adaac246968dfa350519c41346.exe [2015-01-27] ()
Task: {F784E16B-2B1F-4C79-B5B1-21E0F93F9EDD} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe [2014-04-20] ()
Task: {FF145B71-F00C-4B2C-AA24-A97ECA662DD2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\DONJUG~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-27 16:42 - 2015-01-27 19:08 - 00615936 _____ () C:\ProgramData\PicColor Utility\PicColor.exe
2014-04-20 15:42 - 2014-04-20 15:42 - 02725912 _____ () C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: ArcService => 3
MSCONFIG\Services: AVGIDSAgent => 2
MSCONFIG\Services: avgwd => 2
MSCONFIG\Services: BITCOMET_HELPER_SERVICE => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LavasoftAdAwareService11 => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: vToolbarUpdater18.1.9 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk => C:\Windows\pss\Virtual Router Manager.lnk.CommonStartup
MSCONFIG\startupreg: Ad-Aware Browsing Protection => "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe"
MSCONFIG\startupreg: AVG_UI => "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: cdloader => "C:\Users\TEMP\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DriverMax => "C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe" -agent
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Search Protection => C:\ProgramData\Search Protection\SearchProtection.exe
MSCONFIG\startupreg: Sidebar => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
MSCONFIG\startupreg: snp2uvc => C:\Windows\vsnp2uvc.exe
MSCONFIG\startupreg: tsnp2uvc => C:\Program Files\Common Files\SNP2UVC\tsnp2uvc.exe
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2165876073-2920801462-2768486518-500 - Administrator - Enabled)
Don Juggalo (S-1-5-21-2165876073-2920801462-2768486518-1001 - Administrator - Enabled) => C:\Users\TEMP
Guest (S-1-5-21-2165876073-2920801462-2768486518-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2165876073-2920801462-2768486518-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/29/2015 05:16:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program BitComet.exe version 1.37.12.31 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 7d8
 
Start Time: 01d03c196e0d0562
 
Termination Time: 18
 
Application Path: C:\Program Files\BitComet\BitComet.exe
 
Report Id: e5e1418a-a80c-11e4-951a-001372c9aec5
 
Error: (01/29/2015 01:14:13 AM) (Source: MsiInstaller) (EventID: 11001) (User: DonJuggalo-PC)
Description: Product: Virtual Router v1.0 -- Error 1001. Error 1001. An exception occurred while uninstalling. This exception will be ignored and the uninstall will continue. However, the application might not be fully uninstalled after the uninstall is complete. --> The specified service does not exist as an installed service(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (01/29/2015 01:13:41 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2165876073-2920801462-2768486518-1001 ).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {8403a1d5-f56b-4812-a555-81a02f16c99b}
 
Error: (01/29/2015 00:01:01 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2165876073-2920801462-2768486518-1001 ).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {86ec8cd9-d215-41c9-bd60-b0e88d31421b}
 
Error: (01/28/2015 11:57:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/28/2015 11:57:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/27/2015 04:44:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"1".
Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/27/2015 04:44:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"1".
Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/27/2015 04:44:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"1".
Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/27/2015 04:44:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"1".
Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (02/03/2015 08:16:20 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (02/03/2015 08:16:20 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
 
Error: (01/31/2015 10:48:31 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (01/31/2015 10:48:31 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
 
Error: (01/30/2015 00:22:51 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (01/30/2015 00:22:51 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
 
Error: (01/29/2015 03:23:28 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (01/29/2015 01:46:10 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (01/29/2015 01:46:10 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
 
Error: (01/29/2015 01:19:52 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
 
Microsoft Office Sessions:
=========================
Error: (01/29/2015 05:16:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: BitComet.exe1.37.12.317d801d03c196e0d056218C:\Program Files\BitComet\BitComet.exee5e1418a-a80c-11e4-951a-001372c9aec5
 
Error: (01/29/2015 01:14:13 AM) (Source: MsiInstaller) (EventID: 11001) (User: DonJuggalo-PC)
Description: Product: Virtual Router v1.0 -- Error 1001. Error 1001. An exception occurred while uninstalling. This exception will be ignored and the uninstall will continue. However, the application might not be fully uninstalled after the uninstall is complete. --> The specified service does not exist as an installed service(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (01/29/2015 01:13:41 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2165876073-2920801462-2768486518-1001 )0x80070539, The security ID structure is invalid.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {8403a1d5-f56b-4812-a555-81a02f16c99b}
 
Error: (01/29/2015 00:01:01 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2165876073-2920801462-2768486518-1001 )0x80070539, The security ID structure is invalid.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {86ec8cd9-d215-41c9-bd60-b0e88d31421b}
 
Error: (01/28/2015 11:57:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\innovative solutions\drivermax\DPInst\ia64\dpinst.exe
 
Error: (01/28/2015 11:57:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\innovative solutions\drivermax\DPInst\amd64\dpinst.exe
 
Error: (01/27/2015 04:44:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"C:\Program Files\Itibiti Soft Phone\Itibiti.exe
 
Error: (01/27/2015 04:44:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"C:\Program Files\Itibiti Soft Phone\Itibiti.exe
 
Error: (01/27/2015 04:44:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"C:\Program Files\Itibiti Soft Phone\Itibiti.exe
 
Error: (01/27/2015 04:44:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"C:\Program Files\Itibiti Soft Phone\Itibiti.exe
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® D CPU 2.80GHz
Percentage of memory in use: 40%
Total physical RAM: 3070.15 MB
Available physical RAM: 1838.62 MB
Total Pagefile: 6138.59 MB
Available Pagefile: 4956.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1875.65 MB
 
==================== Drives ================================
 
Drive c: (System Volume) (Fixed) (Total:108.59 GB) (Free:2.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Media Volume) (Fixed) (Total:108.59 GB) (Free:0.99 GB) NTFS
Drive e: (Backup) (Fixed) (Total:37.03 GB) (Free:1.44 GB) NTFS
Drive f: (Backup) (Fixed) (Total:37.03 GB) (Free:1.36 GB) NTFS
Drive h: () (Removable) (Total:14.66 GB) (Free:14.65 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=108.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=37 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.3 GB) - (Type=DB)
 
========================================================
Disk: 1 (Size: 149 GB) (Disk ID: 323C75C1)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=108.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=37 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.3 GB) - (Type=DB)
 
========================================================
Disk: 2 (Size: 14.7 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

Attached Files


Edited by xXToffeeXx, 05 February 2015 - 11:13 AM.
Posted log for ease~


BC AdBot (Login to Remove)

 


#2 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:05:31 AM

Posted 04 February 2015 - 06:51 PM

Hello DonJuggalo-

 

My name is Johnny Computer and I will be helping you clean up your system. 

 

PLEASE NOTE:  Logs are often long, complicated, and time consuming to analyze

 

Please give me some time to look over your logs and I will be back with further instructions A.S.A.P.    :) 


avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#3 donjuggalo

donjuggalo
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 05 February 2015 - 03:58 PM

Okay - and thanks. 



#4 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:05:31 AM

Posted 06 February 2015 - 08:41 AM

Hi DonJuggalo-

 

Hello and    :welcome:   to BLEEPING COMPUTER

My name is Johnny Computer and I will be helping you with your malware related computer issues today    

Before we move on, please read the following points carefully.

§  First, I would like to inform you that most of us here at Bleeping Computer are volunteers. The logs you will be asked to submit can take time to analyze. Please try to match our commitment to you with your patience toward us. 

§  Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.

§  IMPORTANT-----> Post all logfiles as a reply rather than as an attachment. If you can not post all log files in one reply, feel free to use more posts.

§  Perform everything in the correct order. Sometimes one step requires the previous one.

§  If you have any problems while following my instructions, Stop and ask any questions you may have.

§  Please stay with me until I have notified you that your system is All Clean. Absence of symptoms does not necessarily mean your machine is clean. 

§  If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

 

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 

 -----------------------------------------------------------------------------------------------------

 

 

P2P/TORRENT WARNING

 

Going over your logs I noticed that you have Bit Comet installed.

 

§  Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

§  They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.

§  Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

§  The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

 

It is pretty much certain that if you continue to use P2P programs, you will get infected again.

I would recommend that you uninstall Bit Comet, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

 

 -----------------------------------------------------------------------------------------------------------------------

 

 

I NOTICED YOU HAVE MORE THEN ONE ANTI VIRUS PROGRAM INSTALLED:

 

Using more than one anti-virus program is not advisableWhy? The primary concern with doing so is due to Windows resource management and significant conflicts that can arise especially when they are running in real-time protection mode simultaneously. Even if one of them is disabled for use as a stand-alone on demand scannerit can affect the other and cause conflicts. Anti-virus software components insert themselves deep into the operating systems core where they install kernel mode drivers that load at boot-up regardless of whether real-time protection is enabled or not. Thus, using multiple anti-virus solutions can result in kernel mode conflicts causing system instability, catastrophic crashes, slow performance and waste vital system resources. When actively running in the background while connected to the Internet, each anti-virus may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior.

When scanning engines are initiated, each anti-virus may interpret the activity of the other as suspicious behavior and there is a greater chance of them alerting you to a "false positive". If one finds a virus or a suspicious file and then the other also finds the same, both programs will be competing over exclusive rights on dealing with that threat. Each anti-virus may attempt to remove the offending file and quarantine it at the same time resulting in a resource management issue as to which program gets permission to act first. If one anit-virus finds and quarantines the file before the other one does, then you may encounter the problem of both wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetitive cycle of endless alerts that continually warn you that a threat has been found after it has already been neutralized.

Anti-virus scanners use virus definitions to check for malware and these can include a fragment of the virus code which may be recognized by other anti-virus programs as the virus itself. Because of this, many anti-virus vendors encrypt their definitions so that they do not trigger a false alarm when scanned by other security programs. Other vendors do not encrypt their definitions and they can trigger false alarms when detected by the resident anti-virus. Further, dual installation is not always possible because most of the newer anti-virus programs will detect the presence of another and may insist that it be removed prior to installation. If the installation does complete with another anti-virus already installed, you may encounter issues like system freezing, unresponsiveness or similar symptoms as described above while trying to use it. In some cases, one of the anti-virus programs may even get disabled by the other.

To avoid these problems, use only one anti-virus solution.

 

Please uninstall the following programs:

 

:step1:   I would suggest removing Ad-Aware and keeping AVG.

 --------------------------------------------------------------------------------

 

:step2:  You have FRST running from a temp folder.  Any tools you are asked to download should never be run from a temp folder.  Please move the FRST executable from that temp folder to your desktop.  This is important for our fixes to work correctly.  If you are asked  to download more tools please place those tools on your desktop as well.  At the end of the fix most of the tools we use will be removed.

 

 -----------------------------------------------------------------------------------------------------------------------

 

  :step3:     We need to remove programs using "Programs and Features"


Click the "Start" orb on the taskbar, and then click the "Control Panel" button.

 

§  If you use Category mode, click on Uninstall a Program.

§  If you use Icons mode, click on Program and Features.

 

A list of programs installed will be "populated" (this may take a bit of time).

If they exist, uninstall the following by clicking on the below entries and selecting "Remove":

Bit Comet

Pic Color/Color Media

Tongbu Assistant

uNisaliEss

youtubeadblocker

 

Additional instructions can be found here if needed.

 

 --------------------------------------------------------------------------------------------------

 

 

  :step4:   Please download AdwCleaner by Xplode and save to your Desktop.

 

§  Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator

§  The tool will start to update the database, please wait a bit.

§  Click on I agree button.

§  Click on the Scan button.

§  AdwCleaner will begin...be patient as the scan may take some time to complete.

§  After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).

§  The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.

§  Copy and paste the contents of that logfile in your next reply.

§  A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 --------------------------------------------------------------------------------------------------------------------------

 

IN YOUR NEXT REPLY I NEED:

 

1.)  Please confirm you have removed Ad-Aware

2.) Please confirm that the FRST executable file has been moved to the desktop

3.) Let me know how the uninstallation of the programs went

4.) Your ADWCleaner log

 

Thanks  :)


avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#5 donjuggalo

donjuggalo
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 08 February 2015 - 11:57 AM

Thank you so much for your time and help. First of all I wanted you to know that I am very careful with BitComet and intend to keep using it. I don't download keygens, cracks, or other suspicious stuff, and I scan files that do seem iffy. Mostly I just use it for music, and I don't use it much really, but I promise not to use it at all until this problem is taken care of. My kids have downloaded iffy stuff before, but we've spoken about computer safety. This current issue came from a pop-up on a problem site. I'm sure you've seen the ads with the fake "x" on it and either a hidden or non-existent "x" to close the window. My son clicked on the wrong "x," and by then it was too late. I promise to continue to be cautious with it though, and again I will not use BitComet until we are done here. 

 

Secondly, I have a question about anti-spyware programs. I was under the impression that I needed something in addition to AVG. I thought AVG was for viruses, trojans, and worms, but that I needed an additional program for other types of spyware. So I'm wondering: 1) Do I need to install anything in addition to AVG to pick up what it does not, and if so, then 2) What do you recommend? Okay - now to answer your questions...

 

1) I have removed Ad-Aware from my computer. It was no problem. 

 

2) I have moved FRST to my desktop and put Adw-Cleaner there as well. I thought I already did that, but turns out the desktop I see is TEMP/desktop. I put the programs in C:Users/Don Juggalo.DonJuggalo-PC/Desktop. Is that okay? 

 

3) Tongbu and Ad-Aware were no problem to uninstall. When I try to uninstall Pic color/color media, it goes through the process and says it is done, but the program does NOT disappear, and it is still there after I retried and restarted my computer. When I tried to uninstall BOTH uNisaliess & youtube adblocker, I get the same message for both. It reads, "This will completely remove the browser add-on. In order for the uninstall to be completed your computer must restart. Please click "Yes" in order to complete the uninstall process and install an alternate browser extension which will save you money while you shop online. Click "No" to only uninstall and restart your computer. Click "Cancel" to abort the uninstall process." 

 

    No matter which option I choose (Yes or No), nothing happens, nothing uninstalls, nothing resets, and nothing disappears. I manually reset my computer after each try, yet the programs still remain. 

 

4) Here is the Adw-Cleaner log: 

 

# AdwCleaner v4.110 - Logfile created 08/02/2015 at 10:50:29
# Updated 05/02/2015 by Xplode
# Database : 2015-02-08.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : Don Juggalo - DONJUGGALO-PC
# Running from : C:\Users\Don Juggalo.DonJuggalo-PC\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : vToolbarUpdater18.1.9
Service Found : ColorMedia
Service Found : PicColor Service
 
***** [ Files / Folders ] *****
 
File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Found : C:\Users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\t9qse5h5.default\searchplugins\WebSearch.xml
File Found : C:\Windows\system32\roboot.exe
Folder Found : C:\Program Files\AVG SafeGuard toolbar
Folder Found : C:\Program Files\AVG Security Toolbar
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\openit
Folder Found : C:\Program Files\Toolbar Cleaner
Folder Found : C:\Program Files\uniSalEs
Folder Found : C:\Program Files\unisaless
Folder Found : C:\Program Files\uNisaliEss
Folder Found : C:\Program Files\youtubeadblocker
Folder Found : C:\ProgramData\6145289077393595048
Folder Found : C:\ProgramData\AVG SafeGuard toolbar
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\b56cf4adaac246968dfa350519c41346
Folder Found : C:\ProgramData\gfhghdhmocglleggfbialakffjjecjjm
Folder Found : C:\ProgramData\ipmicljnecfhmcfddjiagojkofecodmk
Folder Found : C:\ProgramData\PC Optimizer Pro
Folder Found : C:\ProgramData\PicColor Utility
Folder Found : C:\ProgramData\PicColorData
Folder Found : C:\ProgramData\Search Protection
Folder Found : C:\Users\TEMP\AppData\Local\AVG SafeGuard toolbar
Folder Found : C:\Users\TEMP\AppData\LocalLow\adawaretb
Folder Found : C:\Users\TEMP\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found : C:\Users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\t9qse5h5.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
Folder Found : C:\Users\TEMP\AppData\Roaming\SecureSearch
Folder Found : C:\Users\TEMP\AppData\Roaming\Solvusoft
Folder Found : C:\Users\TEMP\Desktop\hosts
 
***** [ Scheduled tasks ] *****
 
Task Found : Digital Sites
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKCU\Software\AppDataLow\Software\adawaretb
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\pc optimizer pro
Key Found : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKLM\SOFTWARE\adawaretb
Key Found : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\microsoft\shared tools\msconfig\startupreg\Search Protection
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PicColor Utility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\PicColor Utility
Key Found : HKLM\SOFTWARE\Toolbar Cleaner
Key Found : HKLM\SOFTWARE\YourFileDownloader
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://websearch.searchfix.info/?pid=724&r=2015/01/12&hid=1872534200735908117&lg=EN&cc=US
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://websearch.searchfix.info/?pid=724&r=2015/01/12&hid=1872534200735908117&lg=EN&cc=US
 
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
 
[t9qse5h5.default] - Line Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
[t9qse5h5.default] - Line Found : user_pref("browser.search.defaulturl", "hxxp://websearch.searchfix.info/?pid=724&r=2015/01/12&hid=1872534200735908117&lg=EN&cc=US&l=1&q=");
[t9qse5h5.default] - Line Found : user_pref("browser.search.order.1", "WebSearch");
[t9qse5h5.default] - Line Found : user_pref("browser.search.order.1,S", "WebSearch");
[t9qse5h5.default] - Line Found : user_pref("browser.search.selectedEngine", "WebSearch");
[t9qse5h5.default] - Line Found : user_pref("browser.search.selectedEngine,S", "WebSearch");
[t9qse5h5.default] - Line Found : user_pref("keyword.URL", "hxxp://websearch.searchfix.info/?pid=724&r=2015/01/12&hid=1872534200735908117&lg=EN&cc=US&l=1&q=");
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2015/01/12&hid=1872534200735908117&lg=EN&cc=US
[C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2015/01/12&hid=1872534200735908117&lg=EN&cc=US
[C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Homepage] : hxxp://websearch.searchfix.info/?pid=724&r=2015/01/12&hid=1872534200735908117&lg=EN&cc=US
[C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://websearch.searchfix.info/?pid=724&r=2015/01/12&hid=1872534200735908117&lg=EN&cc=US
[C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Homepage] : hxxp://websearch.searchfix.info/?pid=724&r=2015/01/12&hid=1872534200735908117&lg=EN&cc=US
[C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://websearch.searchfix.info/?pid=724&r=2015/01/12&hid=1872534200735908117&lg=EN&cc=US
*************************
 
AdwCleaner[R0].txt - [11246 bytes] - [08/02/2015 10:50:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11306 bytes] ##########


#6 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:05:31 AM

Posted 08 February 2015 - 02:22 PM

Hi DonJuggalo-

 

Do not worry about the programs that would not uninstall.  We will use a different approach to deal with those.  :)

 

 

I was under the impression that I needed something in addition to AVG

What do you recommend?

 

 

It used to be that way but now a days a lot of the AV products will include protection for spyware as well as viruses, etc. At the end of this post I will give you further recommendations on what to keep on your system in regards to AV/Spyware

------------------------------------------------------

 

I put the programs in C:Users/Don Juggalo.DonJuggalo-PC/Desktop. Is that okay? 

 

 

Please make sure that all tools we download including FRST are on the desktop not in a folder on the desktop. This is temporary and most of the tools we download will be removed at the end of the fix so they will not need to be there after the fix is complete.

---------------------------------------------------------------

 

   :step1:  Double click on AdwCleaner.exe to run the tool again. Vista/Windows 7/8 users right-click and select Run As Administrator

  • The tool will start to update the database, please wait a bit.

  • Click on the Scan button.

  • AdwCleaner will begin to scan your computer like it did before.

  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->

  • This time click on the Clean button.

  • Press OK when asked to close all programs and follow the onscreen prompts.

  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).

  • Copy and paste the contents of that logfile in your next reply.

  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

------------------------------------------------------------------------------------------

 

   :step2:  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.

  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

  • The tool will open start scanning your system.

  • Please be patient as this can take a while to complete depending on your system's specifications.

  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

  • Post the contents of JRT.txt into your next message.

-----------------------------------------------------------------------------------------

 

   :step3:  Please make sure the addition.txt option is checked, re run FRST, and post both the logs

---------------------------------------------------------------------------------------------------

 

IN YOUR NEXT REPLY I NEED:

 

  1. Your ADWCleaner log

  2. Your JRT Log

  3. Your 2 FRST logs

 

Thanks  :)


Edited by Johnny Computer, 08 February 2015 - 02:25 PM.

avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#7 donjuggalo

donjuggalo
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 09 February 2015 - 12:03 PM

I'm not sure I understand about where the actual Desktop is located. At first I just copied the program to the "desktop" I actually see on my computer screen, but that turned out to be the "TEMP/desktop" I guess. Next I looked in the C: drive and found the first folder I saw labeled "Desktop." It seems that this is not correct either. Could you please give me some idea of where I should be putting these programs, or where the proper Desktop is supposed to be located? Seems like there's more than one "desktop," and I'm not sure which one I need to find. I'm going out for about an hour or two, and will be running your next steps after I put everything where I should be putting it. Thank you. 



#8 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:05:31 AM

Posted 09 February 2015 - 04:00 PM

Hi DonJuggalo-

 

Could you please give me some idea of where I should be putting these programs,

 

 

Of course.  Always better to clarify an instruction if you are unsure before performing it.

 

Please navigate to the following location and place the tools in this folder.  This will also make them show up on your desktop.

 

C:\Users\DonJuggalo\Desktop

 

I will wait for your logs any other questions just ask.    :)

 --------------------------------------------------------------------------------------------------

 

 IN YOUR NEXT REPLY I NEED:

 

1.     Your ADWCleaner log

2.     Your JRT Log

3.     Your 2 FRST logs


Edited by Johnny Computer, 09 February 2015 - 04:02 PM.

avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#9 donjuggalo

donjuggalo
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 09 February 2015 - 09:57 PM

Okay, here we go:

 

1) # AdwCleaner v4.110 - Logfile created 09/02/2015 at 19:53:37

# Updated 05/02/2015 by Xplode
# Database : 2015-02-09.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : Don Juggalo - DONJUGGALO-PC
# Running from : C:\Users\Don Juggalo\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[#] Service Deleted : vToolbarUpdater18.1.9
Service Deleted : ColorMedia
Service Deleted : PicColor Service
Service Deleted : serverca
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\Search Protection
Folder Deleted : C:\ProgramData\PicColor Utility
Folder Deleted : C:\ProgramData\PicColorData
Folder Deleted : C:\ProgramData\6145289077393595048
Folder Deleted : C:\ProgramData\b56cf4adaac246968dfa350519c41346
Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files\AVG Security Toolbar
Folder Deleted : C:\Program Files\openit
Folder Deleted : C:\Program Files\Toolbar Cleaner
Folder Deleted : C:\Program Files\uniSalEs
Folder Deleted : C:\Program Files\unisaless
Folder Deleted : C:\Program Files\uNisaliEss
Folder Deleted : C:\Program Files\youtubeadblocker
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\TEMP\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\TEMP\AppData\Local\ConvertAd
Folder Deleted : C:\Users\TEMP\AppData\Local\wincheck
Folder Deleted : C:\Users\TEMP\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\TEMP\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\TEMP\AppData\Roaming\SecureSearch
Folder Deleted : C:\Users\TEMP\AppData\Roaming\Solvusoft
[!] Folder Deleted : C:\Users\TEMP\Desktop\hosts
Folder Deleted : C:\Users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\t9qse5h5.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
Folder Deleted : C:\ProgramData\gfhghdhmocglleggfbialakffjjecjjm
Folder Deleted : C:\ProgramData\ipmicljnecfhmcfddjiagojkofecodmk
File Deleted : C:\Windows\system32\roboot.exe
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\t9qse5h5.default\searchplugins\WebSearch.xml
 
***** [ Scheduled tasks ] *****
 
Task Deleted : Digital Sites
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\microsoft\shared tools\msconfig\startupreg\Search Protection
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WinCheck]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKCU\Software\AppDataLow\Software\adawaretb
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\adawaretb
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\InstallIQ
Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\PicColor Utility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ConvertAd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PicColor Utility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wincheck
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
 
[t9qse5h5.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[t9qse5h5.default\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.searchfix.info/?pid=724&r=2015/01/12&hid=1872534200735908117&lg=EN&cc=US&l=1&q=");
[t9qse5h5.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "WebSearch");
[t9qse5h5.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[t9qse5h5.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
[t9qse5h5.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[t9qse5h5.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://websearch.searchfix.info/?pid=724&r=2015/01/12&hid=1872534200735908117&lg=EN&cc=US&l=1&q=");
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2015/01/12&hid=1872534200735908117&lg=EN&cc=US
[C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2015/01/12&hid=1872534200735908117&lg=EN&cc=US
[C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://websearch.searchfix.info/?pid=724&r=2015/01/12&hid=1872534200735908117&lg=EN&cc=US
[C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://websearch.searchfix.info/?pid=724&r=2015/01/12&hid=1872534200735908117&lg=EN&cc=US
[C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://websearch.searchfix.info/?pid=724&r=2015/01/12&hid=1872534200735908117&lg=EN&cc=US
[C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://websearch.searchfix.info/?pid=724&r=2015/01/12&hid=1872534200735908117&lg=EN&cc=US
 
*************************
 
AdwCleaner[R0].txt - [11386 bytes] - [08/02/2015 10:50:29]
AdwCleaner[R1].txt - [11432 bytes] - [09/02/2015 19:43:32]
AdwCleaner[R2].txt - [11861 bytes] - [09/02/2015 19:50:24]
AdwCleaner[S0].txt - [11827 bytes] - [09/02/2015 19:53:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11887  bytes] ##########
 
 
 
2) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Ultimate x86
Ran by Don Juggalo on Mon 02/09/2015 at 20:03:20.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update rightsurf
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\prefetch\DRIVERMAX.EXE-072CAF25.pf
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\ad-aware browsing protection"
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\TEMP\AppData\Roaming\mozilla\firefox\profiles\t9qse5h5.default\extensions\staged
Emptied folder: C:\Users\TEMP\AppData\Roaming\mozilla\firefox\profiles\t9qse5h5.default\minidumps [172 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/09/2015 at 20:08:17.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
3) Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-02-2015
Ran by Don Juggalo (administrator) on DONJUGGALO-PC on 09-02-2015 20:36:22
Running from C:\Users\Don Juggalo\Desktop
Loaded Profiles: Don Juggalo (Available profiles: Don Juggalo)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Users\TEMP\AppData\Roaming\ASPackage\ASSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\RunOnce: [Update] => C:\Users\TEMP\AppData\Roaming\ASPackage\ASPackage.exe [268718 2015-02-09] ( ) <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-01-18] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
Winsock: Catalog9 01 C:\Windows\system32\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\Windows\system32\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 03 C:\Windows\system32\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 04 C:\Windows\system32\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 33 C:\Windows\system32\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
 
FireFox:
========
FF ProfilePath: C:\Users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\t9qse5h5.default
FF DefaultSearchEngine: Google
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files\Perfect World Entertainment\Arc\plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-2165876073-2920801462-2768486518-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\TEMP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-04]
CHR Extension: (Google Drive) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-11]
CHR Extension: (YouTube) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-04]
CHR Extension: (Google Search) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-04]
CHR Extension: (Google Wallet) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-04]
CHR Extension: (Gmail) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-04]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ArcService; C:\Program Files\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-12-17] (Perfect World Entertainment Inc)
S4 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
S4 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
S4 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
S4 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.)
S4 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.)
S4 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation)
S4 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [655352 2014-06-03] ()
R2 serveras; C:\Users\TEMP\AppData\Roaming\ASPackage\ASSrv.exe [97280 2015-02-09] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S4 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-11] (AVG Technologies)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [113424 2014-05-21] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-09-05] (Disc Soft Ltd)
S3 ipMIDI; C:\Windows\System32\drivers\ipmidi.sys [19456 2013-01-31] (nerds.de)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [20040 2014-01-14] ()
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3566336 2011-10-17] ()
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [360376 2014-04-22] (BitDefender S.R.L.)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 mlkumidi; system32\DRIVERS\mlkumidi.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-09 20:36 - 2015-02-09 20:37 - 00010326 _____ () C:\Users\Don Juggalo\Desktop\FRST.txt
2015-02-09 20:36 - 2015-02-09 20:36 - 00000000 ____D () C:\Users\Don Juggalo\Desktop\FRST-OlderVersion
2015-02-09 20:27 - 2015-02-09 20:27 - 00001105 _____ () C:\Users\TEMP\Desktop\Continue Live Installation.lnk
2015-02-09 20:08 - 2015-02-09 20:08 - 00001323 _____ () C:\Users\TEMP\Desktop\JRT.txt
2015-02-09 20:05 - 2015-02-09 20:05 - 00001430 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-09 19:44 - 2015-02-09 19:45 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\ASPackage
2015-02-09 19:44 - 2015-02-09 19:44 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
2015-02-09 19:41 - 2015-02-09 20:36 - 01124352 _____ (Farbar) C:\Users\Don Juggalo\Desktop\FRST.exe
2015-02-09 19:41 - 2015-02-09 19:38 - 01388274 _____ (Thisisu) C:\Users\Don Juggalo\Desktop\JRT.exe
2015-02-09 19:41 - 2015-02-07 13:46 - 02112512 _____ () C:\Users\Don Juggalo\Desktop\AdwCleaner.exe
2015-02-08 10:50 - 2015-02-09 19:59 - 00000000 ____D () C:\AdwCleaner
2015-02-08 10:49 - 2015-02-07 13:46 - 02112512 _____ () C:\Users\Don Juggalo.DonJuggalo-PC\Desktop\AdwCleaner.exe
2015-02-08 10:21 - 2015-02-05 11:11 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Don Juggalo.DonJuggalo-PC\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-08 10:21 - 2015-02-03 20:21 - 00033406 _____ () C:\Users\Don Juggalo.DonJuggalo-PC\Desktop\Addition.txt
2015-02-08 10:21 - 2015-02-03 20:21 - 00024551 _____ () C:\Users\Don Juggalo.DonJuggalo-PC\Desktop\FRST.txt
2015-02-08 10:05 - 2015-02-03 13:42 - 01122304 _____ (Farbar) C:\Users\Don Juggalo.DonJuggalo-PC\Desktop\FRST.exe
2015-02-03 20:20 - 2015-02-03 20:21 - 00033406 _____ () C:\Users\TEMP\Desktop\Addition.txt
2015-02-03 20:18 - 2015-02-09 20:36 - 00000000 ____D () C:\FRST
2015-02-03 20:18 - 2015-02-03 20:21 - 00024551 _____ () C:\Users\TEMP\Desktop\FRST.txt
2015-02-03 20:18 - 2015-02-03 13:42 - 01122304 _____ (Farbar) C:\Users\TEMP\Desktop\FRST.exe
2015-01-29 17:28 - 2015-01-29 17:28 - 01080608 _____ (Unity Technologies ApS) C:\Users\TEMP\Downloads\UnityWebPlayer.exe
2015-01-29 17:15 - 2015-01-29 17:15 - 00012857 _____ () C:\Users\TEMP\Downloads\[kickass.so]lethal.league.zip.torrent
2015-01-29 17:15 - 2015-01-29 17:15 - 00012857 _____ () C:\Users\TEMP\Downloads\[kickass.so]lethal.league.zip (1).torrent
2015-01-27 16:52 - 2015-01-27 16:52 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\dlg
2015-01-27 16:43 - 2015-02-09 19:35 - 00005256 _____ () C:\Windows\system32\ColorMedia.ini
2015-01-27 16:43 - 2015-02-09 19:35 - 00002856 _____ () C:\Windows\system32\ColorMediaOff.ini
2015-01-27 16:43 - 2015-01-27 17:31 - 00301168 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia.dll
2015-01-27 16:40 - 2015-01-27 16:41 - 00616328 _____ () C:\Users\TEMP\Downloads\download-windows-movie-maker.exe
2015-01-25 12:16 - 2015-01-25 12:16 - 00528808 _____ () C:\Users\TEMP\Downloads\GarageBand.exe
2015-01-24 22:20 - 2015-01-24 22:20 - 01669280 _____ (nerds.de Daniel Schmitt) C:\Users\TEMP\Downloads\setupipmiditrial.exe
2015-01-24 14:55 - 2015-01-24 15:04 - 00001070 _____ () C:\Windows\mlkumidi.log
2015-01-24 14:55 - 2015-01-24 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicLab
2015-01-24 14:55 - 2015-01-24 15:04 - 00000000 ____D () C:\Program Files\MusicLab
2015-01-23 09:41 - 2015-01-23 09:41 - 00000000 ____D () C:\Windows\pss
2015-01-21 10:19 - 2015-01-21 10:19 - 00000000 ____H () C:\Users\TEMP\Documents\Default.rdp
2015-01-21 09:09 - 2015-01-21 09:09 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-21 09:09 - 2015-01-21 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XLink Kai
2015-01-21 09:09 - 2015-01-21 09:09 - 00000000 ____D () C:\Program Files\XLink Kai
2015-01-15 01:18 - 2015-01-27 11:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-14 13:25 - 2015-01-14 13:25 - 00030057 _____ () C:\Users\TEMP\Documents\CHORES LIST Cunningham Boys 2015.odt
2015-01-14 12:11 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 12:11 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:10 - 2014-12-18 20:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:10 - 2014-12-18 19:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:10 - 2014-12-11 11:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:10 - 2014-12-05 21:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-12 16:38 - 2015-01-12 16:38 - 00000000 ____D () C:\Users\TEMP\AppData\Local\IsolatedStorage
2015-01-12 16:29 - 2015-01-12 16:29 - 01212416 _____ () C:\Users\TEMP\Downloads\Lethal League.zip.exe
2015-01-12 16:29 - 2015-01-12 16:29 - 00000000 ____D () C:\ProgramData\{61529726-44e7-f253-6152-2972644e5c99}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-09 20:21 - 2014-01-12 12:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-09 20:05 - 2014-04-04 14:24 - 00002218 _____ () C:\Users\TEMP\Desktop\Google Chrome.lnk
2015-02-09 20:05 - 2009-07-13 22:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-02-09 20:03 - 2009-07-13 22:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-09 20:03 - 2009-07-13 22:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-09 19:59 - 2014-01-12 15:07 - 01949488 _____ () C:\Windows\WindowsUpdate.log
2015-02-09 19:56 - 2014-07-11 10:55 - 00032746 _____ () C:\Windows\setupact.log
2015-02-09 19:56 - 2014-04-20 15:42 - 00000362 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
2015-02-09 19:56 - 2014-04-20 15:42 - 00000362 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job
2015-02-09 19:56 - 2014-01-12 13:55 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-09 19:56 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-09 19:48 - 2014-01-12 13:55 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-08 10:18 - 2014-08-09 10:31 - 00004146 _____ () C:\Windows\PFRO.log
2015-02-08 10:18 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\tracing
2015-02-03 20:21 - 2014-01-12 12:07 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-29 17:28 - 2014-11-08 17:12 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Unity
2015-01-29 17:21 - 2014-04-05 21:05 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\BitComet
2015-01-29 01:15 - 2014-08-25 13:23 - 00000000 ____D () C:\Program Files\Steam
2015-01-27 17:22 - 2014-04-05 21:17 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\vlc
2015-01-27 17:06 - 2014-02-26 19:26 - 00000000 ____D () C:\Program Files\7-Zip
2015-01-27 17:06 - 2014-01-12 12:31 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-27 16:53 - 2014-06-10 16:16 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-01-27 16:40 - 2014-08-05 11:38 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Windows Live
2015-01-27 13:41 - 2014-04-16 10:11 - 00000000 ____D () C:\Users\TEMP\Desktop\MUSIC TAB SHEETS (Blank)
2015-01-24 22:29 - 2014-04-26 17:21 - 00000000 ____D () C:\Users\TEMP\Documents\Studio One
2015-01-23 13:53 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-23 09:27 - 2014-01-12 12:37 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-23 09:22 - 2014-08-08 15:22 - 00002318 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-01-20 15:29 - 2014-04-02 10:14 - 00000000 ____D () C:\Users\TEMP
2015-01-20 10:41 - 2015-01-05 23:36 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\XLink Kai
2015-01-15 03:13 - 2014-04-16 10:07 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:02 - 2014-04-16 10:06 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 12:21 - 2014-01-12 12:55 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-14 12:21 - 2014-01-12 12:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2014-01-29 18:56 - 2014-06-02 08:30 - 0003744 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2014-08-24 19:08 - 2014-10-26 17:08 - 0003584 _____ () C:\Users\TEMP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-07 02:01 - 2014-08-07 02:01 - 0000000 _____ () C:\Users\TEMP\AppData\Local\{DDC0C5FB-6BBE-4974-8CB4-82C9F1A1AA10}
 
Files to move or delete:
====================
C:\Users\TEMP\AppData\Roaming\ASPackage\ASPackage.exe
 
 
Some content of TEMP:
====================
C:\Users\Don Juggalo\AppData\Local\Temp\bitcomet_chrome.exe
C:\Users\Don Juggalo\AppData\Local\Temp\Checkupdate.exe
C:\Users\Don Juggalo\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Don Juggalo\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Don Juggalo\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Don Juggalo\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Don Juggalo\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Don Juggalo\AppData\Local\Temp\htmlayout.dll
C:\Users\Don Juggalo\AppData\Local\Temp\ICReinstall_BitlordSetup.exe
C:\Users\Don Juggalo\AppData\Local\Temp\SSStub_Somo_SpeedyPC.exe
C:\Users\Don Juggalo\AppData\Local\Temp\Tsu92B3A1EF.dll
C:\Users\TEMP\AppData\Local\Temp\072f3bc3-ed3a-4521-ba0d-65233792ec1e.exe
C:\Users\TEMP\AppData\Local\Temp\bitool.dll
C:\Users\TEMP\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\TEMP\AppData\Local\Temp\Quarantine.exe
C:\Users\TEMP\AppData\Local\Temp\SpOrder.dll
C:\Users\TEMP\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-08 10:40
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-02-2015
Ran by Don Juggalo at 2015-02-09 20:38:28
Running from C:\Users\Don Juggalo\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM\...\7-Zip 9.20) (Version:  - )
Ad-Aware Antivirus (HKLM\...\{CB799B5A-84B8-46A2-BEB5-4FD7D5230361}_AdAwareUpdater) (Version: 11.2.5952.0 - Lavasoft)
AdAwareInstaller (Version: 11.2.5952.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.2.5952.0 - Lavasoft) Hidden
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
AnySend (HKLM\...\ASPackage) (Version: 1.0.0.0 - CMI Limited)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Astroburn Lite (HKLM\...\Astroburn Lite) (Version: 1.8.0.0182 - Disc Soft Ltd)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)
AVG 2014 (Version: 14.0.4257 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
BitComet 1.37 (HKLM\...\BitComet) (Version: 1.37 - CometNetwork)
BlueStacks Notification Center (HKLM\...\{0BED0B96-70B8-4893-884B-DC485DC8C1B7}) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)
Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version:  - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version:  - Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Coby Media Manager (HKLM\...\{D7F70937-6EC3-4129-8089-4974C5873C99}) (Version: 1.0.6316 - Coby)
COWON Media Center - jetAudio Plus VX (HKLM\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.0.0 - COWON)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.2.75.126 - Foxit Corporation)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Horizon v2.7.9.0 (HKLM\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.9.0 - Daring Development Inc.)
iFunbox (v2.7.2386.747), iFunbox DevTeam (HKLM\...\iFunbox_is1) (Version: v2.7.2386.747 - )
iOS Soft Dev Pack + jb iOS 7.1 5.00 (HKLM\...\iOS Soft Dev Pack + jb iOS 7.1 5.00) (Version: 5.00 - www.i-ekb.ru)
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 Update 40 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170400}) (Version: 1.7.0.400 - Oracle)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LADSPA_plugins-win-0.4.15 (HKLM\...\LADSPA_plugins-win_is1) (Version:  - Audacity Team)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
magicJack (HKU\S-1-5-21-2165876073-2920801462-2768486518-1001\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}) (Version: 1.20.146.0 - Microsoft)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MusicLab Garage Drummer (HKLM\...\{1864B4E9-1357-4A57-1357-C2B307597966}) (Version:  - MusicLab, Inc.)
OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PreSonus Studio One 2 (HKLM\...\PreSonus Studio One 2) (Version: 2.6.0.24200 - PreSonus Audio Electronics)
QuickTime (HKLM\...\{EB900AF8-CC61-4E15-871B-98D1EA3E8025}) (Version: 7.67.75.0 - Apple Inc.)
RAR File Open Knife - Free Opener (HKLM\...\RAR File Open Knife - Free Opener) (Version: 3.50 - Philipp Winterberg)
ReBirth ModPacker (HKLM\...\ReBirth ModPacker) (Version:  - )
ReBirth RB-338 2.0 (HKLM\...\ReBirth RB-338 2.0) (Version:  - )
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
Unity Web Player (HKU\S-1-5-21-2165876073-2920801462-2768486518-1001\...\UnityWebPlayer) (Version: 4.6.0f2 - Unity Technologies ApS)
Unturned (HKLM\...\Steam App 304930) (Version:  - Nelson Sexton)
USB Video Device (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 9.15 - Ecom)
Virtual Router v1.0 (HKLM\...\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}) (Version: 1.0 - Chris Pietschmann)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WinDirStat 1.1.2 (HKU\.DEFAULT\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XLink Kai (HKLM\...\{b27eb24b-e5e0-4ad7-a6ea-98de903c3ce1}) (Version: 7.4.28.0 - Team XLink)
XLink Kai (Version: 7.4.28.0 - Team XLink) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2165876073-2920801462-2768486518-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\TEMP\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2165876073-2920801462-2768486518-1001_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\TEMP\AppData\Local\Temp\9857375F\temp\Lethal League.zip.exe ()
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-05-29 21:22 - 2009-06-10 15:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {003C78CF-BBC6-4F21-BBB6-864DD6CB74FD} - System32\Tasks\{EE289926-30FD-4A44-B659-76ED71F720A5} => C:\Users\TEMP\AppData\Roaming\mjusbsp\magicJackLoader.exe [2012-02-01] (magicJack L.P.)
Task: {0A7A1515-CE03-405D-92B1-698864E8E99A} - System32\Tasks\{3E172400-8F78-4CC4-AF2C-AC8CE9E4E8BA} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {196C6899-F8A0-4FF8-85FB-847453CDE4E0} - System32\Tasks\{38B100C4-3C85-412A-B459-026E01E26A16} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {1FBBA5ED-5BAE-4C1B-8D01-50B7EDA4D10C} - System32\Tasks\{898751D1-180E-4F83-8CB5-BC0E3AD12845} => C:\Users\TEMP\AppData\Roaming\mjusbsp\magicJackLoader.exe [2012-02-01] (magicJack L.P.)
Task: {20318E3D-CAFE-4130-8BE8-3DAB357F7F69} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {2EC09464-A078-4537-93FD-DD3C3A46D9EA} - System32\Tasks\{191A063B-97BD-465D-BF66-55BDB4BD0432} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {2F69C62C-514A-4C65-A5C4-22161ED13D8D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-12] (Google Inc.)
Task: {3D57800C-CB96-4FB6-ADEA-24712D255728} - System32\Tasks\{8B8F6C8F-8E26-4C5B-BF18-45C9D9F56C35} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {4AFFEE3C-390B-4F54-A145-D757CABB888F} - System32\Tasks\{C4BFF075-AEFF-437A-95A5-2A1CB7D79DAE} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {4CB7F9C7-C37A-4369-BE59-22CAD83A9865} - System32\Tasks\{EBBAFFF3-E83E-4D81-B1DB-C068E3ADCA41} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {51A87160-DD6A-4BA6-9D0B-9FF151558EBE} - System32\Tasks\{22F408A2-9A05-4090-ADA4-2C810CB2EAC7} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {52A17513-BAA7-418F-8A24-3B62DC55E2EB} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: {559F076A-F5A5-442F-AD8B-37597517DAAB} - System32\Tasks\{9A5D86DB-3B60-4A5E-9B39-8EB951A16969} => Firefox.exe 
Task: {57DAEE24-B077-4F6C-A561-9F7B4845DC0D} - System32\Tasks\{20257BCF-A6FD-439A-B8CC-5F2362911810} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {5B4D802F-414E-4DC2-A08C-5FC64EAF14C4} - System32\Tasks\{A6E72052-2C99-4238-8789-72D48F157B62} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {5FEA59F5-E404-4139-8C19-8F4778D9F537} - System32\Tasks\{7DF64FC7-FA60-4274-8652-3AFB8F54FC24} => pcalua.exe -a I:\coby-mediamanager.exe -d I:\
Task: {6053C62F-5D6F-410A-94EE-16483FA8BB06} - System32\Tasks\{DBB85E19-6F1B-49EA-BD95-247B7ABA020C} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {6B9E1289-C93F-401A-A943-711A584A6913} - System32\Tasks\{7F31A75C-5DC8-448D-866F-8623953A94DF} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {74EEBA2F-16D5-41B0-8F1D-C5E232EB602B} - System32\Tasks\{9074627A-86BB-4D2A-AB90-819DDABD9C6C} => C:\Users\TEMP\Desktop\p0sixspwn-v1.0.7-win\p0sixspwn-v1.0.7.exe
Task: {7C4AB186-0620-47A8-AD43-F7ECB889FD0D} - System32\Tasks\{1F2EA81D-5D3B-462C-841C-904E15FBF997} => C:\Users\TEMP\AppData\Roaming\mjusbsp\magicJackLoader.exe [2012-02-01] (magicJack L.P.)
Task: {8E4F494C-2020-4083-BDDE-2C3995541620} - System32\Tasks\{9857DA48-2A17-43D4-B653-DADB3683ED44} => C:\Users\TEMP\AppData\Roaming\mjusbsp\magicJackLoader.exe [2012-02-01] (magicJack L.P.)
Task: {965FC9DB-0EB9-40D5-8DDC-B249136B124D} - System32\Tasks\{2D30AD81-077D-4630-BACB-9DDB97453B67} => C:\Users\TEMP\Desktop\p0sixspwn-v1.0.7-win\p0sixspwn-v1.0.7.exe
Task: {9B3AF2A0-7F97-4AB6-A357-9BB6745033CD} - System32\Tasks\{30963116-E6E5-4C30-BB30-C03FE2E0ED61} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {AC808921-4FAD-4A6F-ABA4-1D16DE73B87E} - System32\Tasks\{5F7AEEEE-B2D6-4A9E-946E-BB0DFC276AB6} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {BDB47287-CA44-4B94-815D-99D87D38D922} - System32\Tasks\{3D8C8678-4288-49E8-88D3-30CE5D3DB240} => pcalua.exe -a H:\GarageDrummerSetup.exe -d H:\
Task: {CA08A5FB-9402-47C9-A0E2-A373B7FC9494} - System32\Tasks\{0A781EF8-B60E-4E7E-9D57-9D683F23D0F5} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {D9B5F72C-C054-40C1-8857-7EDF89EB36EF} - System32\Tasks\{A6921E1B-1302-416B-9298-1D0F2CFC6AEE} => pcalua.exe -a G:\Setup.EXE -d G:\
Task: {DD6A3D44-F841-46B1-AA67-D92F6D2BF148} - System32\Tasks\{757E1C94-167C-4870-A9EF-73F6008616A4} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {E2AB7E0A-727F-4563-9A7F-3B7DD5637768} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-12] (Google Inc.)
Task: {F2C2B004-BEF9-4C76-A3C0-60D4ECDAE62B} - System32\Tasks\ALEKTNWT => C:\ProgramData\b56cf4adaac246968dfa350519c41346\b56cf4adaac246968dfa350519c41346.exe
Task: {F784E16B-2B1F-4C79-B5B1-21E0F93F9EDD} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: {FF145B71-F00C-4B2C-AA24-A97ECA662DD2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-09 19:45 - 2015-02-09 19:45 - 00097280 _____ () C:\Users\TEMP\AppData\Roaming\ASPackage\ASSrv.exe
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Registry Areas =====================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2165876073-2920801462-2768486518-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: ArcService => 3
MSCONFIG\Services: AVGIDSAgent => 2
MSCONFIG\Services: avgwd => 2
MSCONFIG\Services: BITCOMET_HELPER_SERVICE => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LavasoftAdAwareService11 => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: vToolbarUpdater18.1.9 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk => C:\Windows\pss\Virtual Router Manager.lnk.CommonStartup
MSCONFIG\startupreg: Ad-Aware Browsing Protection => "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe"
MSCONFIG\startupreg: AVG_UI => "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: cdloader => "C:\Users\TEMP\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DriverMax => "C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe" -agent
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
MSCONFIG\startupreg: snp2uvc => C:\Windows\vsnp2uvc.exe
MSCONFIG\startupreg: tsnp2uvc => C:\Program Files\Common Files\SNP2UVC\tsnp2uvc.exe
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2165876073-2920801462-2768486518-500 - Administrator - Enabled)
Don Juggalo (S-1-5-21-2165876073-2920801462-2768486518-1001 - Administrator - Enabled) => C:\Users\TEMP
Guest (S-1-5-21-2165876073-2920801462-2768486518-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2165876073-2920801462-2768486518-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® D CPU 2.80GHz
Percentage of memory in use: 30%
Total physical RAM: 3070.15 MB
Available physical RAM: 2129.44 MB
Total Pagefile: 6138.59 MB
Available Pagefile: 5129.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.81 MB
 
==================== Drives ================================
 
Drive c: (System Volume) (Fixed) (Total:108.59 GB) (Free:2.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Media Volume) (Fixed) (Total:108.59 GB) (Free:0.99 GB) NTFS
Drive e: (Backup) (Fixed) (Total:37.03 GB) (Free:1.44 GB) NTFS
Drive f: (Backup) (Fixed) (Total:37.03 GB) (Free:1.36 GB) NTFS
Drive h: () (Removable) (Total:14.66 GB) (Free:14.63 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=108.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=37 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.3 GB) - (Type=DB)
 
========================================================
Disk: 1 (Size: 149 GB) (Disk ID: 323C75C1)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=108.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=37 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.3 GB) - (Type=DB)
 
========================================================
Disk: 2 (Size: 14.7 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#10 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:05:31 AM

Posted 10 February 2015 - 02:29 AM

Hi Don Juggalo-

 

  :step1:   Please copy and paste the contents of the code box below into a notepad file and save it as Fixlist.txt  to the location where your FRST.exe file is located.

() C:\Users\TEMP\AppData\Roaming\ASPackage\ASSrv.exe
HKLM\...\RunOnce: [Update] => C:\Users\TEMP\AppData\Roaming\ASPackage\ASPackage.exe [268718 2015-02-09] ( ) <===== ATTENTION
R2 serveras; C:\Users\TEMP\AppData\Roaming\ASPackage\ASSrv.exe [97280 2015-02-09] () [File not signed]
2015-02-09 19:44 - 2015-02-09 19:45 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\ASPackage
2015-02-09 19:44 - 2015-02-09 19:44 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
2015-02-09 19:45 - 2015-02-09 19:45 - 00097280 _____ () C:\Users\TEMP\AppData\Roaming\ASPackage\ASSrv.exe
C:\Users\TEMP\AppData\Roaming\ASPackage\ASPackage.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

Winsock: Catalog9 01 C:\Windows\system32\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\Windows\system32\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 03 C:\Windows\system32\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 04 C:\Windows\system32\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 33 C:\Windows\system32\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
cmd: netsh winsock reset
2015-01-27 16:43 - 2015-02-09 19:35 - 00005256 _____ () C:\Windows\system32\ColorMedia.ini
2015-01-27 16:43 - 2015-02-09 19:35 - 00002856 _____ () C:\Windows\system32\ColorMediaOff.ini
2015-01-27 16:43 - 2015-01-27 17:31 - 00301168 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia.dll


S4 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [655352 2014-06-03] ()

S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [360376 2014-04-22] (BitDefender S.R.L.)

HKLM\...\Run: [] => [X]
FF Plugin: @microsoft.com/GENUINE -> disabled No File
S4 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 mlkumidi; system32\DRIVERS\mlkumidi.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

EmptyTemp:

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
Run FRST/FRST64 and press the Fix button just once and wait.
 
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
 
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

-----------------------------------------------------------------------------------------------------------------------------

 

  :step2:  Please make sure the additions.txt option is checked and re run FRST, just the scan not the fix, and post the 2 logs.

 

 ======================================================

 

IN YOUR NEXT REPLY I NEED:

 

1.) FRST Fixlist log

2.) The 2 FRST scan logs

 

 

Thanks  :)


avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#11 donjuggalo

donjuggalo
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 10 February 2015 - 01:08 PM

Okay, here you go:

 

1)

 

() C:\Users\TEMP\AppData\Roaming\ASPackage\ASSrv.exe
HKLM\...\RunOnce: [Update] => C:\Users\TEMP\AppData\Roaming\ASPackage\ASPackage.exe [268718 2015-02-09] ( ) <===== ATTENTION
R2 serveras; C:\Users\TEMP\AppData\Roaming\ASPackage\ASSrv.exe [97280 2015-02-09] () [File not signed]
2015-02-09 19:44 - 2015-02-09 19:45 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\ASPackage
2015-02-09 19:44 - 2015-02-09 19:44 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
2015-02-09 19:45 - 2015-02-09 19:45 - 00097280 _____ () C:\Users\TEMP\AppData\Roaming\ASPackage\ASSrv.exe
C:\Users\TEMP\AppData\Roaming\ASPackage\ASPackage.exe
 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
Winsock: Catalog9 01 C:\Windows\system32\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\Windows\system32\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 03 C:\Windows\system32\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 04 C:\Windows\system32\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 33 C:\Windows\system32\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
cmd: netsh winsock reset
2015-01-27 16:43 - 2015-02-09 19:35 - 00005256 _____ () C:\Windows\system32\ColorMedia.ini
2015-01-27 16:43 - 2015-02-09 19:35 - 00002856 _____ () C:\Windows\system32\ColorMediaOff.ini
2015-01-27 16:43 - 2015-01-27 17:31 - 00301168 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia.dll
 
 
S4 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [655352 2014-06-03] ()
 
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [360376 2014-04-22] (BitDefender S.R.L.)
 
HKLM\...\Run: [] => [X]
FF Plugin: @microsoft.com/GENUINE -> disabled No File
S4 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 mlkumidi; system32\DRIVERS\mlkumidi.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
EmptyTemp:
 
 
2)
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-02-2015
Ran by Don Juggalo (administrator) on DONJUGGALO-PC on 10-02-2015 12:01:50
Running from C:\Users\Don Juggalo\Desktop
Loaded Profiles: Don Juggalo (Available profiles: Don Juggalo)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-01-18] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
 
FireFox:
========
FF ProfilePath: C:\Users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\t9qse5h5.default
FF DefaultSearchEngine: Google
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files\Perfect World Entertainment\Arc\plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-2165876073-2920801462-2768486518-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\TEMP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-04]
CHR Extension: (Google Drive) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-11]
CHR Extension: (YouTube) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-04]
CHR Extension: (Google Search) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-04]
CHR Extension: (Google Wallet) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-04]
CHR Extension: (Gmail) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-04]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ArcService; C:\Program Files\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-12-17] (Perfect World Entertainment Inc)
S4 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
S4 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
S4 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
S4 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.)
S4 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.)
S4 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-11] (AVG Technologies)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [113424 2014-05-21] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-09-05] (Disc Soft Ltd)
S3 ipMIDI; C:\Windows\System32\drivers\ipmidi.sys [19456 2013-01-31] (nerds.de)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [20040 2014-01-14] ()
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3566336 2011-10-17] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-09 20:38 - 2015-02-09 20:38 - 00022643 _____ () C:\Users\Don Juggalo\Desktop\Addition.txt
2015-02-09 20:36 - 2015-02-10 12:02 - 00008857 _____ () C:\Users\Don Juggalo\Desktop\FRST.txt
2015-02-09 20:36 - 2015-02-09 20:36 - 00000000 ____D () C:\Users\Don Juggalo\Desktop\FRST-OlderVersion
2015-02-09 20:27 - 2015-02-09 20:27 - 00001105 _____ () C:\Users\TEMP\Desktop\Continue Live Installation.lnk
2015-02-09 20:08 - 2015-02-09 20:08 - 00001323 _____ () C:\Users\TEMP\Desktop\JRT.txt
2015-02-09 20:05 - 2015-02-09 20:05 - 00001430 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-09 19:41 - 2015-02-09 20:36 - 01124352 _____ (Farbar) C:\Users\Don Juggalo\Desktop\FRST.exe
2015-02-09 19:41 - 2015-02-09 19:38 - 01388274 _____ (Thisisu) C:\Users\Don Juggalo\Desktop\JRT.exe
2015-02-09 19:41 - 2015-02-07 13:46 - 02112512 _____ () C:\Users\Don Juggalo\Desktop\AdwCleaner.exe
2015-02-08 10:50 - 2015-02-09 19:59 - 00000000 ____D () C:\AdwCleaner
2015-02-08 10:49 - 2015-02-07 13:46 - 02112512 _____ () C:\Users\Don Juggalo.DonJuggalo-PC\Desktop\AdwCleaner.exe
2015-02-08 10:21 - 2015-02-05 11:11 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Don Juggalo.DonJuggalo-PC\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-08 10:21 - 2015-02-03 20:21 - 00033406 _____ () C:\Users\Don Juggalo.DonJuggalo-PC\Desktop\Addition.txt
2015-02-08 10:21 - 2015-02-03 20:21 - 00024551 _____ () C:\Users\Don Juggalo.DonJuggalo-PC\Desktop\FRST.txt
2015-02-08 10:05 - 2015-02-03 13:42 - 01122304 _____ (Farbar) C:\Users\Don Juggalo.DonJuggalo-PC\Desktop\FRST.exe
2015-02-03 20:20 - 2015-02-03 20:21 - 00033406 _____ () C:\Users\TEMP\Desktop\Addition.txt
2015-02-03 20:18 - 2015-02-10 12:01 - 00000000 ____D () C:\FRST
2015-02-03 20:18 - 2015-02-03 20:21 - 00024551 _____ () C:\Users\TEMP\Desktop\FRST.txt
2015-02-03 20:18 - 2015-02-03 13:42 - 01122304 _____ (Farbar) C:\Users\TEMP\Desktop\FRST.exe
2015-01-29 17:28 - 2015-01-29 17:28 - 01080608 _____ (Unity Technologies ApS) C:\Users\TEMP\Downloads\UnityWebPlayer.exe
2015-01-29 17:15 - 2015-01-29 17:15 - 00012857 _____ () C:\Users\TEMP\Downloads\[kickass.so]lethal.league.zip.torrent
2015-01-29 17:15 - 2015-01-29 17:15 - 00012857 _____ () C:\Users\TEMP\Downloads\[kickass.so]lethal.league.zip (1).torrent
2015-01-27 16:52 - 2015-01-27 16:52 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\dlg
2015-01-27 16:40 - 2015-01-27 16:41 - 00616328 _____ () C:\Users\TEMP\Downloads\download-windows-movie-maker.exe
2015-01-25 12:16 - 2015-01-25 12:16 - 00528808 _____ () C:\Users\TEMP\Downloads\GarageBand.exe
2015-01-24 22:20 - 2015-01-24 22:20 - 01669280 _____ (nerds.de Daniel Schmitt) C:\Users\TEMP\Downloads\setupipmiditrial.exe
2015-01-24 14:55 - 2015-01-24 15:04 - 00001070 _____ () C:\Windows\mlkumidi.log
2015-01-24 14:55 - 2015-01-24 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicLab
2015-01-24 14:55 - 2015-01-24 15:04 - 00000000 ____D () C:\Program Files\MusicLab
2015-01-23 09:41 - 2015-01-23 09:41 - 00000000 ____D () C:\Windows\pss
2015-01-21 10:19 - 2015-01-21 10:19 - 00000000 ____H () C:\Users\TEMP\Documents\Default.rdp
2015-01-21 09:09 - 2015-01-21 09:09 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-21 09:09 - 2015-01-21 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XLink Kai
2015-01-21 09:09 - 2015-01-21 09:09 - 00000000 ____D () C:\Program Files\XLink Kai
2015-01-15 01:18 - 2015-01-27 11:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-14 13:25 - 2015-01-14 13:25 - 00030057 _____ () C:\Users\TEMP\Documents\CHORES LIST Cunningham Boys 2015.odt
2015-01-14 12:11 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 12:11 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:10 - 2014-12-18 20:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:10 - 2014-12-18 19:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:10 - 2014-12-11 11:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:10 - 2014-12-05 21:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-12 16:38 - 2015-01-12 16:38 - 00000000 ____D () C:\Users\TEMP\AppData\Local\IsolatedStorage
2015-01-12 16:29 - 2015-01-12 16:29 - 01212416 _____ () C:\Users\TEMP\Downloads\Lethal League.zip.exe
2015-01-12 16:29 - 2015-01-12 16:29 - 00000000 ____D () C:\ProgramData\{61529726-44e7-f253-6152-2972644e5c99}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-10 12:01 - 2014-01-12 13:55 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-10 11:59 - 2009-07-13 22:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-10 11:59 - 2009-07-13 22:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-10 11:55 - 2014-01-12 15:07 - 01993384 _____ () C:\Windows\WindowsUpdate.log
2015-02-10 11:55 - 2014-01-12 13:55 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-10 11:53 - 2014-04-20 15:42 - 00000362 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
2015-02-10 11:53 - 2014-04-20 15:42 - 00000362 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job
2015-02-10 11:51 - 2014-08-09 10:31 - 00005596 _____ () C:\Windows\PFRO.log
2015-02-10 11:51 - 2014-07-11 10:55 - 00032858 _____ () C:\Windows\setupact.log
2015-02-10 11:51 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-09 20:21 - 2014-01-12 12:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-09 20:05 - 2014-04-04 14:24 - 00002218 _____ () C:\Users\TEMP\Desktop\Google Chrome.lnk
2015-02-09 20:05 - 2009-07-13 22:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-02-08 10:18 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\tracing
2015-02-03 20:21 - 2014-01-12 12:07 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-29 17:28 - 2014-11-08 17:12 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Unity
2015-01-29 17:21 - 2014-04-05 21:05 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\BitComet
2015-01-29 01:15 - 2014-08-25 13:23 - 00000000 ____D () C:\Program Files\Steam
2015-01-27 17:22 - 2014-04-05 21:17 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\vlc
2015-01-27 17:06 - 2014-02-26 19:26 - 00000000 ____D () C:\Program Files\7-Zip
2015-01-27 17:06 - 2014-01-12 12:31 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-27 16:53 - 2014-06-10 16:16 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-01-27 16:40 - 2014-08-05 11:38 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Windows Live
2015-01-27 13:41 - 2014-04-16 10:11 - 00000000 ____D () C:\Users\TEMP\Desktop\MUSIC TAB SHEETS (Blank)
2015-01-24 22:29 - 2014-04-26 17:21 - 00000000 ____D () C:\Users\TEMP\Documents\Studio One
2015-01-23 13:53 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-23 09:27 - 2014-01-12 12:37 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-23 09:22 - 2014-08-08 15:22 - 00002318 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-01-20 15:29 - 2014-04-02 10:14 - 00000000 ____D () C:\Users\TEMP
2015-01-20 10:41 - 2015-01-05 23:36 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\XLink Kai
2015-01-15 03:13 - 2014-04-16 10:07 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:02 - 2014-04-16 10:06 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 12:21 - 2014-01-12 12:55 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-14 12:21 - 2014-01-12 12:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2014-01-29 18:56 - 2014-06-02 08:30 - 0003744 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2014-08-24 19:08 - 2014-10-26 17:08 - 0003584 _____ () C:\Users\TEMP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-07 02:01 - 2014-08-07 02:01 - 0000000 _____ () C:\Users\TEMP\AppData\Local\{DDC0C5FB-6BBE-4974-8CB4-82C9F1A1AA10}
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-08 10:40
 
==================== End Of Log ============================
 
 
3)
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-02-2015
Ran by Don Juggalo at 2015-02-10 12:02:35
Running from C:\Users\Don Juggalo\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM\...\7-Zip 9.20) (Version:  - )
Ad-Aware Antivirus (HKLM\...\{CB799B5A-84B8-46A2-BEB5-4FD7D5230361}_AdAwareUpdater) (Version: 11.2.5952.0 - Lavasoft)
AdAwareInstaller (Version: 11.2.5952.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.2.5952.0 - Lavasoft) Hidden
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
AnySend (HKLM\...\ASPackage) (Version: 1.0.0.0 - CMI Limited)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Astroburn Lite (HKLM\...\Astroburn Lite) (Version: 1.8.0.0182 - Disc Soft Ltd)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)
AVG 2014 (Version: 14.0.4257 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
BitComet 1.37 (HKLM\...\BitComet) (Version: 1.37 - CometNetwork)
BlueStacks Notification Center (HKLM\...\{0BED0B96-70B8-4893-884B-DC485DC8C1B7}) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)
Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version:  - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version:  - Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Coby Media Manager (HKLM\...\{D7F70937-6EC3-4129-8089-4974C5873C99}) (Version: 1.0.6316 - Coby)
COWON Media Center - jetAudio Plus VX (HKLM\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.0.0 - COWON)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.2.75.126 - Foxit Corporation)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Horizon v2.7.9.0 (HKLM\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.9.0 - Daring Development Inc.)
iFunbox (v2.7.2386.747), iFunbox DevTeam (HKLM\...\iFunbox_is1) (Version: v2.7.2386.747 - )
iOS Soft Dev Pack + jb iOS 7.1 5.00 (HKLM\...\iOS Soft Dev Pack + jb iOS 7.1 5.00) (Version: 5.00 - www.i-ekb.ru)
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 Update 40 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170400}) (Version: 1.7.0.400 - Oracle)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LADSPA_plugins-win-0.4.15 (HKLM\...\LADSPA_plugins-win_is1) (Version:  - Audacity Team)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
magicJack (HKU\S-1-5-21-2165876073-2920801462-2768486518-1001\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}) (Version: 1.20.146.0 - Microsoft)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MusicLab Garage Drummer (HKLM\...\{1864B4E9-1357-4A57-1357-C2B307597966}) (Version:  - MusicLab, Inc.)
OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PreSonus Studio One 2 (HKLM\...\PreSonus Studio One 2) (Version: 2.6.0.24200 - PreSonus Audio Electronics)
QuickTime (HKLM\...\{EB900AF8-CC61-4E15-871B-98D1EA3E8025}) (Version: 7.67.75.0 - Apple Inc.)
RAR File Open Knife - Free Opener (HKLM\...\RAR File Open Knife - Free Opener) (Version: 3.50 - Philipp Winterberg)
ReBirth ModPacker (HKLM\...\ReBirth ModPacker) (Version:  - )
ReBirth RB-338 2.0 (HKLM\...\ReBirth RB-338 2.0) (Version:  - )
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
Unity Web Player (HKU\S-1-5-21-2165876073-2920801462-2768486518-1001\...\UnityWebPlayer) (Version: 4.6.0f2 - Unity Technologies ApS)
Unturned (HKLM\...\Steam App 304930) (Version:  - Nelson Sexton)
USB Video Device (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 9.15 - Ecom)
Virtual Router v1.0 (HKLM\...\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}) (Version: 1.0 - Chris Pietschmann)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WinDirStat 1.1.2 (HKU\.DEFAULT\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XLink Kai (HKLM\...\{b27eb24b-e5e0-4ad7-a6ea-98de903c3ce1}) (Version: 7.4.28.0 - Team XLink)
XLink Kai (Version: 7.4.28.0 - Team XLink) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2165876073-2920801462-2768486518-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\TEMP\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2165876073-2920801462-2768486518-1001_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\TEMP\AppData\Local\Temp\9857375F\temp\Lethal League.zip.exe No File
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-05-29 21:22 - 2009-06-10 15:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {003C78CF-BBC6-4F21-BBB6-864DD6CB74FD} - System32\Tasks\{EE289926-30FD-4A44-B659-76ED71F720A5} => C:\Users\TEMP\AppData\Roaming\mjusbsp\magicJackLoader.exe [2012-02-01] (magicJack L.P.)
Task: {0A7A1515-CE03-405D-92B1-698864E8E99A} - System32\Tasks\{3E172400-8F78-4CC4-AF2C-AC8CE9E4E8BA} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {196C6899-F8A0-4FF8-85FB-847453CDE4E0} - System32\Tasks\{38B100C4-3C85-412A-B459-026E01E26A16} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {1FBBA5ED-5BAE-4C1B-8D01-50B7EDA4D10C} - System32\Tasks\{898751D1-180E-4F83-8CB5-BC0E3AD12845} => C:\Users\TEMP\AppData\Roaming\mjusbsp\magicJackLoader.exe [2012-02-01] (magicJack L.P.)
Task: {20318E3D-CAFE-4130-8BE8-3DAB357F7F69} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {2EC09464-A078-4537-93FD-DD3C3A46D9EA} - System32\Tasks\{191A063B-97BD-465D-BF66-55BDB4BD0432} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {2F69C62C-514A-4C65-A5C4-22161ED13D8D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-12] (Google Inc.)
Task: {3D57800C-CB96-4FB6-ADEA-24712D255728} - System32\Tasks\{8B8F6C8F-8E26-4C5B-BF18-45C9D9F56C35} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {4AFFEE3C-390B-4F54-A145-D757CABB888F} - System32\Tasks\{C4BFF075-AEFF-437A-95A5-2A1CB7D79DAE} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {4CB7F9C7-C37A-4369-BE59-22CAD83A9865} - System32\Tasks\{EBBAFFF3-E83E-4D81-B1DB-C068E3ADCA41} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {51A87160-DD6A-4BA6-9D0B-9FF151558EBE} - System32\Tasks\{22F408A2-9A05-4090-ADA4-2C810CB2EAC7} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {52A17513-BAA7-418F-8A24-3B62DC55E2EB} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: {559F076A-F5A5-442F-AD8B-37597517DAAB} - System32\Tasks\{9A5D86DB-3B60-4A5E-9B39-8EB951A16969} => Firefox.exe 
Task: {57DAEE24-B077-4F6C-A561-9F7B4845DC0D} - System32\Tasks\{20257BCF-A6FD-439A-B8CC-5F2362911810} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {5B4D802F-414E-4DC2-A08C-5FC64EAF14C4} - System32\Tasks\{A6E72052-2C99-4238-8789-72D48F157B62} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {5FEA59F5-E404-4139-8C19-8F4778D9F537} - System32\Tasks\{7DF64FC7-FA60-4274-8652-3AFB8F54FC24} => pcalua.exe -a I:\coby-mediamanager.exe -d I:\
Task: {6053C62F-5D6F-410A-94EE-16483FA8BB06} - System32\Tasks\{DBB85E19-6F1B-49EA-BD95-247B7ABA020C} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {6B9E1289-C93F-401A-A943-711A584A6913} - System32\Tasks\{7F31A75C-5DC8-448D-866F-8623953A94DF} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {74EEBA2F-16D5-41B0-8F1D-C5E232EB602B} - System32\Tasks\{9074627A-86BB-4D2A-AB90-819DDABD9C6C} => C:\Users\TEMP\Desktop\p0sixspwn-v1.0.7-win\p0sixspwn-v1.0.7.exe
Task: {7C4AB186-0620-47A8-AD43-F7ECB889FD0D} - System32\Tasks\{1F2EA81D-5D3B-462C-841C-904E15FBF997} => C:\Users\TEMP\AppData\Roaming\mjusbsp\magicJackLoader.exe [2012-02-01] (magicJack L.P.)
Task: {8E4F494C-2020-4083-BDDE-2C3995541620} - System32\Tasks\{9857DA48-2A17-43D4-B653-DADB3683ED44} => C:\Users\TEMP\AppData\Roaming\mjusbsp\magicJackLoader.exe [2012-02-01] (magicJack L.P.)
Task: {965FC9DB-0EB9-40D5-8DDC-B249136B124D} - System32\Tasks\{2D30AD81-077D-4630-BACB-9DDB97453B67} => C:\Users\TEMP\Desktop\p0sixspwn-v1.0.7-win\p0sixspwn-v1.0.7.exe
Task: {9B3AF2A0-7F97-4AB6-A357-9BB6745033CD} - System32\Tasks\{30963116-E6E5-4C30-BB30-C03FE2E0ED61} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {AC808921-4FAD-4A6F-ABA4-1D16DE73B87E} - System32\Tasks\{5F7AEEEE-B2D6-4A9E-946E-BB0DFC276AB6} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {BDB47287-CA44-4B94-815D-99D87D38D922} - System32\Tasks\{3D8C8678-4288-49E8-88D3-30CE5D3DB240} => pcalua.exe -a H:\GarageDrummerSetup.exe -d H:\
Task: {CA08A5FB-9402-47C9-A0E2-A373B7FC9494} - System32\Tasks\{0A781EF8-B60E-4E7E-9D57-9D683F23D0F5} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {D9B5F72C-C054-40C1-8857-7EDF89EB36EF} - System32\Tasks\{A6921E1B-1302-416B-9298-1D0F2CFC6AEE} => pcalua.exe -a G:\Setup.EXE -d G:\
Task: {DD6A3D44-F841-46B1-AA67-D92F6D2BF148} - System32\Tasks\{757E1C94-167C-4870-A9EF-73F6008616A4} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {E2AB7E0A-727F-4563-9A7F-3B7DD5637768} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-12] (Google Inc.)
Task: {F2C2B004-BEF9-4C76-A3C0-60D4ECDAE62B} - System32\Tasks\ALEKTNWT => C:\ProgramData\b56cf4adaac246968dfa350519c41346\b56cf4adaac246968dfa350519c41346.exe
Task: {F784E16B-2B1F-4C79-B5B1-21E0F93F9EDD} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: {FF145B71-F00C-4B2C-AA24-A97ECA662DD2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Registry Areas =====================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2165876073-2920801462-2768486518-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: ArcService => 3
MSCONFIG\Services: AVGIDSAgent => 2
MSCONFIG\Services: avgwd => 2
MSCONFIG\Services: BITCOMET_HELPER_SERVICE => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LavasoftAdAwareService11 => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: vToolbarUpdater18.1.9 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk => C:\Windows\pss\Virtual Router Manager.lnk.CommonStartup
MSCONFIG\startupreg: Ad-Aware Browsing Protection => "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe"
MSCONFIG\startupreg: AVG_UI => "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: cdloader => "C:\Users\TEMP\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DriverMax => "C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe" -agent
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
MSCONFIG\startupreg: snp2uvc => C:\Windows\vsnp2uvc.exe
MSCONFIG\startupreg: tsnp2uvc => C:\Program Files\Common Files\SNP2UVC\tsnp2uvc.exe
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2165876073-2920801462-2768486518-500 - Administrator - Enabled)
Don Juggalo (S-1-5-21-2165876073-2920801462-2768486518-1001 - Administrator - Enabled) => C:\Users\TEMP
Guest (S-1-5-21-2165876073-2920801462-2768486518-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2165876073-2920801462-2768486518-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/10/2015 11:49:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 8.2.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e10
 
Start Time: 01d04558fa2b662b
 
Termination Time: 15
 
Application Path: C:\Users\Don Juggalo\Desktop\FRST.exe
 
Report Id: 06b91ffa-b14d-11e4-8bbb-001372c9aec5
 
 
System errors:
=============
Error: (02/10/2015 11:51:28 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (02/10/2015 11:51:28 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
 
Error: (02/10/2015 11:42:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AS Service component service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/10/2015 11:33:37 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (02/10/2015 11:33:37 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
 
Error: (02/09/2015 08:53:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
 
Microsoft Office Sessions:
=========================
Error: (02/10/2015 11:49:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST.exe8.2.2015.0e1001d04558fa2b662b15C:\Users\Don Juggalo\Desktop\FRST.exe06b91ffa-b14d-11e4-8bbb-001372c9aec5
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® D CPU 2.80GHz
Percentage of memory in use: 28%
Total physical RAM: 3070.15 MB
Available physical RAM: 2193.96 MB
Total Pagefile: 6138.59 MB
Available Pagefile: 5241.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911 MB
 
==================== Drives ================================
 
Drive c: (System Volume) (Fixed) (Total:108.59 GB) (Free:3.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Media Volume) (Fixed) (Total:108.59 GB) (Free:0.99 GB) NTFS
Drive e: (Backup) (Fixed) (Total:37.03 GB) (Free:1.44 GB) NTFS
Drive f: (Backup) (Fixed) (Total:37.03 GB) (Free:1.36 GB) NTFS
Drive h: () (Removable) (Total:14.66 GB) (Free:14.63 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=108.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=37 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.3 GB) - (Type=DB)
 
========================================================
Disk: 1 (Size: 149 GB) (Disk ID: 323C75C1)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=108.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=37 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.3 GB) - (Type=DB)
 
========================================================
Disk: 2 (Size: 14.7 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#12 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:05:31 AM

Posted 10 February 2015 - 01:49 PM

Hi DonJuggalo-

 

Your FRST Fixlist log is incomplete.  Please look for a file entitled “Fixlist.txt” in the same location as your FRST executable then copy and paste the contents of that file into your next reply

 

 ------------------------------------------------------------------

 

IN YOUR NEXT REPLY I NEED:

 

1.) FRST Fixlist log

 

Thanks :)

 

 


avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#13 donjuggalo

donjuggalo
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 10 February 2015 - 08:19 PM

Sorry about that - I think I copied the wrong thing. There's no "fixlist" in the folder, but there is a "fixlog." I hope it's what you need. If not, I can start over and try again. Here's what I have:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-02-2015
Ran by Don Juggalo at 2015-02-10 11:49:40 Run:2
Running from C:\Users\Don Juggalo\Desktop
Loaded Profiles: Don Juggalo (Available profiles: Don Juggalo)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
() C:\Users\TEMP\AppData\Roaming\ASPackage\ASSrv.exe
HKLM\...\RunOnce: [Update] => C:\Users\TEMP\AppData\Roaming\ASPackage\ASPackage.exe [268718 2015-02-09] ( ) <===== ATTENTION
R2 serveras; C:\Users\TEMP\AppData\Roaming\ASPackage\ASSrv.exe [97280 2015-02-09] () [File not signed]
2015-02-09 19:44 - 2015-02-09 19:45 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\ASPackage
2015-02-09 19:44 - 2015-02-09 19:44 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
2015-02-09 19:45 - 2015-02-09 19:45 - 00097280 _____ () C:\Users\TEMP\AppData\Roaming\ASPackage\ASSrv.exe
C:\Users\TEMP\AppData\Roaming\ASPackage\ASPackage.exe
 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
Winsock: Catalog9 01 C:\Windows\system32\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\Windows\system32\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 03 C:\Windows\system32\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 04 C:\Windows\system32\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 33 C:\Windows\system32\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
cmd: netsh winsock reset
2015-01-27 16:43 - 2015-02-09 19:35 - 00005256 _____ () C:\Windows\system32\ColorMedia.ini
2015-01-27 16:43 - 2015-02-09 19:35 - 00002856 _____ () C:\Windows\system32\ColorMediaOff.ini
2015-01-27 16:43 - 2015-01-27 17:31 - 00301168 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia.dll
 
 
S4 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [655352 2014-06-03] ()
 
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [360376 2014-04-22] (BitDefender S.R.L.)
 
HKLM\...\Run: [] => [X]
FF Plugin: @microsoft.com/GENUINE -> disabled No File
S4 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 mlkumidi; system32\DRIVERS\mlkumidi.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
EmptyTemp:
*****************
 
C:\Users\TEMP\AppData\Roaming\ASPackage\ASSrv.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Update => Value not found.
serveras => Service not found.
"C:\Users\TEMP\AppData\Roaming\ASPackage" => File/Directory not found.
"C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage" => File/Directory not found.
"C:\Users\TEMP\AppData\Roaming\ASPackage\ASSrv.exe" => File/Directory not found.
"C:\Users\TEMP\AppData\Roaming\ASPackage\ASPackage.exe" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key not found. 
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => Key deleted successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => Key deleted successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => Key deleted successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => Key deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000033 => Key not found. 
 
=========  netsh winsock reset =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
"C:\Windows\system32\ColorMedia.ini" => File/Directory not found.
"C:\Windows\system32\ColorMediaOff.ini" => File/Directory not found.
"C:\Windows\system32\ColorMedia.dll" => File/Directory not found.
LavasoftAdAwareService11 => Service not found.
Trufos => Service not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => Key not found. 
Bonjour Service => Service not found.
MBAMSwissArmy => Service not found.
mlkumidi => Service not found.
Synth3dVsc => Service not found.
tsusbhub => Service not found.
VGPU => Service not found.
EmptyTemp: => Removed 286.5 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 11:50:09 ====


#14 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:05:31 AM

Posted 12 February 2015 - 10:51 AM

Hi DonJuggalo-
 

There's no "fixlist" in the folder, but there is a "fixlog

 

My error DonJuggalo.  The fixLOG file was indeed what I needed.
 
----------------------------------------------------------------------------------

 

 

We are making progress but we still have some work to do.  Please do the following:
 
 
:step1:    Please copy and paste the contents of the code box below into a notepad file and save it as Fixlist.txt  to the location where your FRST.exe file is located.

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
Run FRST/FRST64 and press the Fix button just once and wait.
 
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
 
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 
 --------------------------------------------------------------------------------------
 

:step2:  Uninstall Chrome

 

1.     Close all Chrome windows and tabs.
2.     Go to the Start menu > Control Panel>Click Programs and Features.
3.     Double-click Google Chrome.
4.     Click Uninstall from the confirmation dialog. If you want to delete your user profile information, like your browser preferences, bookmarks, and history, select the "Also delete your browsing data" checkbox.
5.     Then please reboot
 ------------------------------------------------------------------------------------------------------------

 

   :step3:   Please re install Chrome here:

 

https://www.google.com/chrome/browser/desktop/

 

-------------------------------------------------------------------------------------------------------------
 
   :step4:  Please make sure the Additions.txt option is checked, re run FRST-Just the scan not the fix, and post the 2 logs

 ---------------------------------------------------------------------------------------------------------------------------

 

IN OUR NEXT REPLY I NEED:

 1.)  Your FRST fixlog
 2.)  Confirmation that Chrome has been uninstalled and re installed
 3.)  The 2 new FRST scan logs
 4.)   How is your system running now?  Are you experiencing all, some, or none of the previous issues?
 
Thanks  :)


Edited by Johnny Computer, 12 February 2015 - 11:00 AM.

avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#15 donjuggalo

donjuggalo
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 12 February 2015 - 12:02 PM

1)

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-02-2015 02

Ran by Don Juggalo at 2015-02-12 10:33:49 Run:4
Running from C:\Users\Don Juggalo\Desktop
Loaded Profiles: Don Juggalo (Available profiles: Don Juggalo)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
*****************
 
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ColorMedia" => Key deleted successfully.
 
==== End of Fixlog 10:33:49 ====
 
 
 
2)  YES - I have uninstalled and re-installed Google Chrome by following your instructions. 
 
 
3)  
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-02-2015 02
Ran by Don Juggalo (administrator) on DONJUGGALO-PC on 12-02-2015 10:44:40
Running from C:\Users\Don Juggalo\Desktop
Loaded Profiles: Don Juggalo (Available profiles: Don Juggalo)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-01-18] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
 
FireFox:
========
FF ProfilePath: C:\Users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\t9qse5h5.default
FF DefaultSearchEngine: Google
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files\Perfect World Entertainment\Arc\plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-2165876073-2920801462-2768486518-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\TEMP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
Chrome: 
=======
CHR Profile: C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-12]
CHR Extension: (Google Drive) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-12]
CHR Extension: (YouTube) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-12]
CHR Extension: (Google Search) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-12]
CHR Extension: (Google Sheets) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-12]
CHR Extension: (Google Wallet) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-12]
CHR Extension: (Gmail) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-12]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ArcService; C:\Program Files\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-12-17] (Perfect World Entertainment Inc)
S4 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
S4 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
S4 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
S4 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.)
S4 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.)
S4 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-11] (AVG Technologies)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [113424 2014-05-21] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-09-05] (Disc Soft Ltd)
S3 ipMIDI; C:\Windows\System32\drivers\ipmidi.sys [19456 2013-01-31] (nerds.de)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [20040 2014-01-14] ()
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3566336 2011-10-17] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-12 10:44 - 2015-02-12 10:45 - 00008955 _____ () C:\Users\Don Juggalo\Desktop\FRST.txt
2015-02-12 10:43 - 2015-02-12 10:43 - 00002218 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-12 10:43 - 2015-02-12 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-12 10:40 - 2015-02-12 10:45 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-12 10:40 - 2015-02-12 10:45 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-12 10:39 - 2015-02-12 10:39 - 00880208 _____ (Google Inc.) C:\Users\TEMP\Downloads\ChromeSetup.exe
2015-02-09 20:36 - 2015-02-12 10:33 - 00000000 ____D () C:\Users\Don Juggalo\Desktop\FRST-OlderVersion
2015-02-09 20:27 - 2015-02-09 20:27 - 00001105 _____ () C:\Users\TEMP\Desktop\Continue Live Installation.lnk
2015-02-09 20:08 - 2015-02-09 20:08 - 00001323 _____ () C:\Users\TEMP\Desktop\JRT.txt
2015-02-09 20:05 - 2015-02-09 20:05 - 00001430 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-09 19:41 - 2015-02-12 10:33 - 01125376 _____ (Farbar) C:\Users\Don Juggalo\Desktop\FRST.exe
2015-02-09 19:41 - 2015-02-09 19:38 - 01388274 _____ (Thisisu) C:\Users\Don Juggalo\Desktop\JRT.exe
2015-02-09 19:41 - 2015-02-07 13:46 - 02112512 _____ () C:\Users\Don Juggalo\Desktop\AdwCleaner.exe
2015-02-08 10:50 - 2015-02-09 19:59 - 00000000 ____D () C:\AdwCleaner
2015-02-08 10:49 - 2015-02-07 13:46 - 02112512 _____ () C:\Users\Don Juggalo.DonJuggalo-PC\Desktop\AdwCleaner.exe
2015-02-08 10:21 - 2015-02-05 11:11 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Don Juggalo.DonJuggalo-PC\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-08 10:21 - 2015-02-03 20:21 - 00033406 _____ () C:\Users\Don Juggalo.DonJuggalo-PC\Desktop\Addition.txt
2015-02-08 10:21 - 2015-02-03 20:21 - 00024551 _____ () C:\Users\Don Juggalo.DonJuggalo-PC\Desktop\FRST.txt
2015-02-08 10:05 - 2015-02-03 13:42 - 01122304 _____ (Farbar) C:\Users\Don Juggalo.DonJuggalo-PC\Desktop\FRST.exe
2015-02-03 20:20 - 2015-02-03 20:21 - 00033406 _____ () C:\Users\TEMP\Desktop\Addition.txt
2015-02-03 20:18 - 2015-02-12 10:44 - 00000000 ____D () C:\FRST
2015-02-03 20:18 - 2015-02-03 20:21 - 00024551 _____ () C:\Users\TEMP\Desktop\FRST.txt
2015-02-03 20:18 - 2015-02-03 13:42 - 01122304 _____ (Farbar) C:\Users\TEMP\Desktop\FRST.exe
2015-01-29 17:28 - 2015-01-29 17:28 - 01080608 _____ (Unity Technologies ApS) C:\Users\TEMP\Downloads\UnityWebPlayer.exe
2015-01-29 17:15 - 2015-01-29 17:15 - 00012857 _____ () C:\Users\TEMP\Downloads\[kickass.so]lethal.league.zip.torrent
2015-01-29 17:15 - 2015-01-29 17:15 - 00012857 _____ () C:\Users\TEMP\Downloads\[kickass.so]lethal.league.zip (1).torrent
2015-01-27 16:52 - 2015-01-27 16:52 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\dlg
2015-01-27 16:40 - 2015-01-27 16:41 - 00616328 _____ () C:\Users\TEMP\Downloads\download-windows-movie-maker.exe
2015-01-25 12:16 - 2015-01-25 12:16 - 00528808 _____ () C:\Users\TEMP\Downloads\GarageBand.exe
2015-01-24 22:20 - 2015-01-24 22:20 - 01669280 _____ (nerds.de Daniel Schmitt) C:\Users\TEMP\Downloads\setupipmiditrial.exe
2015-01-24 14:55 - 2015-01-24 15:04 - 00001070 _____ () C:\Windows\mlkumidi.log
2015-01-24 14:55 - 2015-01-24 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicLab
2015-01-24 14:55 - 2015-01-24 15:04 - 00000000 ____D () C:\Program Files\MusicLab
2015-01-23 09:41 - 2015-01-23 09:41 - 00000000 ____D () C:\Windows\pss
2015-01-21 10:19 - 2015-01-21 10:19 - 00000000 ____H () C:\Users\TEMP\Documents\Default.rdp
2015-01-21 09:09 - 2015-01-21 09:09 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-21 09:09 - 2015-01-21 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XLink Kai
2015-01-21 09:09 - 2015-01-21 09:09 - 00000000 ____D () C:\Program Files\XLink Kai
2015-01-15 01:18 - 2015-01-27 11:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-14 13:25 - 2015-01-14 13:25 - 00030057 _____ () C:\Users\TEMP\Documents\CHORES LIST Cunningham Boys 2015.odt
2015-01-14 12:11 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 12:11 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:10 - 2014-12-18 20:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:10 - 2014-12-18 19:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:10 - 2014-12-11 11:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:10 - 2014-12-05 21:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-12 10:45 - 2014-01-12 15:07 - 01135475 _____ () C:\Windows\WindowsUpdate.log
2015-02-12 10:43 - 2014-04-04 14:24 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Google
2015-02-12 10:42 - 2014-01-12 13:54 - 00000000 ____D () C:\Program Files\Google
2015-02-12 10:38 - 2009-07-13 22:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-12 10:38 - 2009-07-13 22:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-12 10:31 - 2014-07-11 10:55 - 00033026 _____ () C:\Windows\setupact.log
2015-02-12 10:31 - 2014-04-20 15:42 - 00000362 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
2015-02-12 10:31 - 2014-04-20 15:42 - 00000362 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job
2015-02-12 10:31 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-10 19:21 - 2014-01-12 12:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-10 11:51 - 2014-08-09 10:31 - 00005596 _____ () C:\Windows\PFRO.log
2015-02-09 20:05 - 2009-07-13 22:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-02-08 10:18 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\tracing
2015-02-03 20:21 - 2014-01-12 12:07 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-29 17:28 - 2014-11-08 17:12 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Unity
2015-01-29 17:21 - 2014-04-05 21:05 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\BitComet
2015-01-29 01:15 - 2014-08-25 13:23 - 00000000 ____D () C:\Program Files\Steam
2015-01-27 17:22 - 2014-04-05 21:17 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\vlc
2015-01-27 17:06 - 2014-02-26 19:26 - 00000000 ____D () C:\Program Files\7-Zip
2015-01-27 17:06 - 2014-01-12 12:31 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-27 16:53 - 2014-06-10 16:16 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-01-27 16:40 - 2014-08-05 11:38 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Windows Live
2015-01-27 13:41 - 2014-04-16 10:11 - 00000000 ____D () C:\Users\TEMP\Desktop\MUSIC TAB SHEETS (Blank)
2015-01-24 22:29 - 2014-04-26 17:21 - 00000000 ____D () C:\Users\TEMP\Documents\Studio One
2015-01-23 13:53 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-23 09:27 - 2014-01-12 12:37 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-23 09:22 - 2014-08-08 15:22 - 00002318 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-01-20 15:29 - 2014-04-02 10:14 - 00000000 ____D () C:\Users\TEMP
2015-01-20 10:41 - 2015-01-05 23:36 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\XLink Kai
2015-01-15 03:13 - 2014-04-16 10:07 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:02 - 2014-04-16 10:06 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 12:21 - 2014-01-12 12:55 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-14 12:21 - 2014-01-12 12:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2014-01-29 18:56 - 2014-06-02 08:30 - 0003744 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2014-08-24 19:08 - 2014-10-26 17:08 - 0003584 _____ () C:\Users\TEMP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-07 02:01 - 2014-08-07 02:01 - 0000000 _____ () C:\Users\TEMP\AppData\Local\{DDC0C5FB-6BBE-4974-8CB4-82C9F1A1AA10}
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-08 10:40
 
==================== End Of Log ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-02-2015 02
Ran by Don Juggalo at 2015-02-12 10:46:52
Running from C:\Users\Don Juggalo\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM\...\7-Zip 9.20) (Version:  - )
Ad-Aware Antivirus (HKLM\...\{CB799B5A-84B8-46A2-BEB5-4FD7D5230361}_AdAwareUpdater) (Version: 11.2.5952.0 - Lavasoft)
AdAwareInstaller (Version: 11.2.5952.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.2.5952.0 - Lavasoft) Hidden
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
AnySend (HKLM\...\ASPackage) (Version: 1.0.0.0 - CMI Limited)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Astroburn Lite (HKLM\...\Astroburn Lite) (Version: 1.8.0.0182 - Disc Soft Ltd)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)
AVG 2014 (Version: 14.0.4257 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
BitComet 1.37 (HKLM\...\BitComet) (Version: 1.37 - CometNetwork)
BlueStacks Notification Center (HKLM\...\{0BED0B96-70B8-4893-884B-DC485DC8C1B7}) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)
Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version:  - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version:  - Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Coby Media Manager (HKLM\...\{D7F70937-6EC3-4129-8089-4974C5873C99}) (Version: 1.0.6316 - Coby)
COWON Media Center - jetAudio Plus VX (HKLM\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.0.0 - COWON)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.2.75.126 - Foxit Corporation)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Horizon v2.7.9.0 (HKLM\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.9.0 - Daring Development Inc.)
iFunbox (v2.7.2386.747), iFunbox DevTeam (HKLM\...\iFunbox_is1) (Version: v2.7.2386.747 - )
iOS Soft Dev Pack + jb iOS 7.1 5.00 (HKLM\...\iOS Soft Dev Pack + jb iOS 7.1 5.00) (Version: 5.00 - www.i-ekb.ru)
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 Update 40 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170400}) (Version: 1.7.0.400 - Oracle)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LADSPA_plugins-win-0.4.15 (HKLM\...\LADSPA_plugins-win_is1) (Version:  - Audacity Team)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
magicJack (HKU\S-1-5-21-2165876073-2920801462-2768486518-1001\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}) (Version: 1.20.146.0 - Microsoft)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MusicLab Garage Drummer (HKLM\...\{1864B4E9-1357-4A57-1357-C2B307597966}) (Version:  - MusicLab, Inc.)
OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PreSonus Studio One 2 (HKLM\...\PreSonus Studio One 2) (Version: 2.6.0.24200 - PreSonus Audio Electronics)
QuickTime (HKLM\...\{EB900AF8-CC61-4E15-871B-98D1EA3E8025}) (Version: 7.67.75.0 - Apple Inc.)
RAR File Open Knife - Free Opener (HKLM\...\RAR File Open Knife - Free Opener) (Version: 3.50 - Philipp Winterberg)
ReBirth ModPacker (HKLM\...\ReBirth ModPacker) (Version:  - )
ReBirth RB-338 2.0 (HKLM\...\ReBirth RB-338 2.0) (Version:  - )
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
Unity Web Player (HKU\S-1-5-21-2165876073-2920801462-2768486518-1001\...\UnityWebPlayer) (Version: 4.6.0f2 - Unity Technologies ApS)
Unturned (HKLM\...\Steam App 304930) (Version:  - Nelson Sexton)
USB Video Device (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 9.15 - Ecom)
Virtual Router v1.0 (HKLM\...\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}) (Version: 1.0 - Chris Pietschmann)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WinDirStat 1.1.2 (HKU\.DEFAULT\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XLink Kai (HKLM\...\{b27eb24b-e5e0-4ad7-a6ea-98de903c3ce1}) (Version: 7.4.28.0 - Team XLink)
XLink Kai (Version: 7.4.28.0 - Team XLink) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2165876073-2920801462-2768486518-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\TEMP\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2165876073-2920801462-2768486518-1001_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\TEMP\AppData\Local\Temp\9857375F\temp\Lethal League.zip.exe No File
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-05-29 21:22 - 2009-06-10 15:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {003C78CF-BBC6-4F21-BBB6-864DD6CB74FD} - System32\Tasks\{EE289926-30FD-4A44-B659-76ED71F720A5} => C:\Users\TEMP\AppData\Roaming\mjusbsp\magicJackLoader.exe [2012-02-01] (magicJack L.P.)
Task: {0A7A1515-CE03-405D-92B1-698864E8E99A} - System32\Tasks\{3E172400-8F78-4CC4-AF2C-AC8CE9E4E8BA} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {196C6899-F8A0-4FF8-85FB-847453CDE4E0} - System32\Tasks\{38B100C4-3C85-412A-B459-026E01E26A16} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {1FBBA5ED-5BAE-4C1B-8D01-50B7EDA4D10C} - System32\Tasks\{898751D1-180E-4F83-8CB5-BC0E3AD12845} => C:\Users\TEMP\AppData\Roaming\mjusbsp\magicJackLoader.exe [2012-02-01] (magicJack L.P.)
Task: {20318E3D-CAFE-4130-8BE8-3DAB357F7F69} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {2EC09464-A078-4537-93FD-DD3C3A46D9EA} - System32\Tasks\{191A063B-97BD-465D-BF66-55BDB4BD0432} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {3D57800C-CB96-4FB6-ADEA-24712D255728} - System32\Tasks\{8B8F6C8F-8E26-4C5B-BF18-45C9D9F56C35} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {4AFFEE3C-390B-4F54-A145-D757CABB888F} - System32\Tasks\{C4BFF075-AEFF-437A-95A5-2A1CB7D79DAE} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {4BF65DAB-DAA5-4C72-8A13-1E3F9B86AC5E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-12] (Google Inc.)
Task: {4CB7F9C7-C37A-4369-BE59-22CAD83A9865} - System32\Tasks\{EBBAFFF3-E83E-4D81-B1DB-C068E3ADCA41} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {51A87160-DD6A-4BA6-9D0B-9FF151558EBE} - System32\Tasks\{22F408A2-9A05-4090-ADA4-2C810CB2EAC7} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {52A17513-BAA7-418F-8A24-3B62DC55E2EB} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: {559F076A-F5A5-442F-AD8B-37597517DAAB} - System32\Tasks\{9A5D86DB-3B60-4A5E-9B39-8EB951A16969} => Firefox.exe 
Task: {57DAEE24-B077-4F6C-A561-9F7B4845DC0D} - System32\Tasks\{20257BCF-A6FD-439A-B8CC-5F2362911810} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {5B4D802F-414E-4DC2-A08C-5FC64EAF14C4} - System32\Tasks\{A6E72052-2C99-4238-8789-72D48F157B62} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {5FEA59F5-E404-4139-8C19-8F4778D9F537} - System32\Tasks\{7DF64FC7-FA60-4274-8652-3AFB8F54FC24} => pcalua.exe -a I:\coby-mediamanager.exe -d I:\
Task: {6053C62F-5D6F-410A-94EE-16483FA8BB06} - System32\Tasks\{DBB85E19-6F1B-49EA-BD95-247B7ABA020C} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {6B9E1289-C93F-401A-A943-711A584A6913} - System32\Tasks\{7F31A75C-5DC8-448D-866F-8623953A94DF} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {74EEBA2F-16D5-41B0-8F1D-C5E232EB602B} - System32\Tasks\{9074627A-86BB-4D2A-AB90-819DDABD9C6C} => C:\Users\TEMP\Desktop\p0sixspwn-v1.0.7-win\p0sixspwn-v1.0.7.exe
Task: {7C4AB186-0620-47A8-AD43-F7ECB889FD0D} - System32\Tasks\{1F2EA81D-5D3B-462C-841C-904E15FBF997} => C:\Users\TEMP\AppData\Roaming\mjusbsp\magicJackLoader.exe [2012-02-01] (magicJack L.P.)
Task: {8E4F494C-2020-4083-BDDE-2C3995541620} - System32\Tasks\{9857DA48-2A17-43D4-B653-DADB3683ED44} => C:\Users\TEMP\AppData\Roaming\mjusbsp\magicJackLoader.exe [2012-02-01] (magicJack L.P.)
Task: {965FC9DB-0EB9-40D5-8DDC-B249136B124D} - System32\Tasks\{2D30AD81-077D-4630-BACB-9DDB97453B67} => C:\Users\TEMP\Desktop\p0sixspwn-v1.0.7-win\p0sixspwn-v1.0.7.exe
Task: {9B3AF2A0-7F97-4AB6-A357-9BB6745033CD} - System32\Tasks\{30963116-E6E5-4C30-BB30-C03FE2E0ED61} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {AC808921-4FAD-4A6F-ABA4-1D16DE73B87E} - System32\Tasks\{5F7AEEEE-B2D6-4A9E-946E-BB0DFC276AB6} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {BDB47287-CA44-4B94-815D-99D87D38D922} - System32\Tasks\{3D8C8678-4288-49E8-88D3-30CE5D3DB240} => pcalua.exe -a H:\GarageDrummerSetup.exe -d H:\
Task: {C675E52C-CCEB-494E-B510-7C04CDEB8C8C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-12] (Google Inc.)
Task: {CA08A5FB-9402-47C9-A0E2-A373B7FC9494} - System32\Tasks\{0A781EF8-B60E-4E7E-9D57-9D683F23D0F5} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {D9B5F72C-C054-40C1-8857-7EDF89EB36EF} - System32\Tasks\{A6921E1B-1302-416B-9298-1D0F2CFC6AEE} => pcalua.exe -a G:\Setup.EXE -d G:\
Task: {DD6A3D44-F841-46B1-AA67-D92F6D2BF148} - System32\Tasks\{757E1C94-167C-4870-A9EF-73F6008616A4} => C:\Program Files\Propellerhead\ReBirth RB-338 2.0\Rebirth.exe [1998-10-22] (Propellerhead Software)
Task: {F2C2B004-BEF9-4C76-A3C0-60D4ECDAE62B} - System32\Tasks\ALEKTNWT => C:\ProgramData\b56cf4adaac246968dfa350519c41346\b56cf4adaac246968dfa350519c41346.exe
Task: {F784E16B-2B1F-4C79-B5B1-21E0F93F9EDD} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: {FF145B71-F00C-4B2C-AA24-A97ECA662DD2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2165876073-2920801462-2768486518-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.15.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: ArcService => 3
MSCONFIG\Services: AVGIDSAgent => 2
MSCONFIG\Services: avgwd => 2
MSCONFIG\Services: BITCOMET_HELPER_SERVICE => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LavasoftAdAwareService11 => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: vToolbarUpdater18.1.9 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk => C:\Windows\pss\Virtual Router Manager.lnk.CommonStartup
MSCONFIG\startupreg: Ad-Aware Browsing Protection => "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe"
MSCONFIG\startupreg: AVG_UI => "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: cdloader => "C:\Users\TEMP\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DriverMax => "C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe" -agent
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
MSCONFIG\startupreg: snp2uvc => C:\Windows\vsnp2uvc.exe
MSCONFIG\startupreg: tsnp2uvc => C:\Program Files\Common Files\SNP2UVC\tsnp2uvc.exe
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2165876073-2920801462-2768486518-500 - Administrator - Enabled)
Don Juggalo (S-1-5-21-2165876073-2920801462-2768486518-1001 - Administrator - Enabled) => C:\Users\TEMP
Guest (S-1-5-21-2165876073-2920801462-2768486518-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2165876073-2920801462-2768486518-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/10/2015 11:49:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 8.2.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e10
 
Start Time: 01d04558fa2b662b
 
Termination Time: 15
 
Application Path: C:\Users\Don Juggalo\Desktop\FRST.exe
 
Report Id: 06b91ffa-b14d-11e4-8bbb-001372c9aec5
 
 
System errors:
=============
Error: (02/12/2015 10:31:05 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (02/12/2015 10:31:05 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
 
Error: (02/10/2015 07:13:06 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (02/10/2015 07:13:06 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
 
Error: (02/10/2015 07:09:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (02/10/2015 06:57:40 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (02/10/2015 06:57:40 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
 
Error: (02/10/2015 11:51:28 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (02/10/2015 11:51:28 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
 
Error: (02/10/2015 11:42:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AS Service component service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (02/10/2015 11:49:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST.exe8.2.2015.0e1001d04558fa2b662b15C:\Users\Don Juggalo\Desktop\FRST.exe06b91ffa-b14d-11e4-8bbb-001372c9aec5
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® D CPU 2.80GHz
Percentage of memory in use: 46%
Total physical RAM: 3070.15 MB
Available physical RAM: 1641.1 MB
Total Pagefile: 6138.59 MB
Available Pagefile: 4785.83 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.02 MB
 
==================== Drives ================================
 
Drive c: (System Volume) (Fixed) (Total:108.59 GB) (Free:3.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Media Volume) (Fixed) (Total:108.59 GB) (Free:0.99 GB) NTFS
Drive e: (Backup) (Fixed) (Total:37.03 GB) (Free:1.44 GB) NTFS
Drive f: (Backup) (Fixed) (Total:37.03 GB) (Free:1.36 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=108.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=37 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.3 GB) - (Type=DB)
 
========================================================
Disk: 1 (Size: 149 GB) (Disk ID: 323C75C1)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=108.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=37 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.3 GB) - (Type=DB)
 
==================== End Of Log ============================
 
 
 
4) The internet has been up for some time now (at least ten minutes), and everything seems to be back to normal. The infection showed itself before within seconds, and I was unable to even look up a single page. This is not the case now, and the programs that would not "uninstall" before seem to be gone now. 
 
 
*** Thank you SO much for all of your help. This website and the people helping us out are truly a godsend. I am a single parent with very limited means to raise my kids, and you can imagine how helpful it is to have somewhere to turn when something unfortunate like this happens. THANK YOU SO MUCH!!! I have recommended your site to people before, and will continue to do so. We will try to be careful, and I will remember what you said about BitComet. Have a great day! 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users