Jump to content

Recommended Posts

This came from an update of videosoft/dvdsoft FreeStudio. Nasty adware will no be defeated by my Malwarebytes subscription on Win7 PC.

 

FRST LOG:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Knight (administrator) on KNIGHT-PC on 27-01-2015 14:01:42
Running from C:\Users\Knight\Desktop
Loaded Profiles: Knight (Available profiles: Knight & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
( ) C:\Windows\System32\lxeccoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe
() C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\5\Plugin.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(JME) C:\Program Files (x86)\jmesoft\hotkey.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [jmekey] => C:\Program Files (x86)\jmesoft\hotkey.exe [114688 2009-07-16] (JME)
HKLM-x32\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\UpdatusUser\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1182291490-1180826050-772089516-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1182291490-1180826050-772089516-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-1182291490-1180826050-772089516-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1182291490-1180826050-772089516-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=https%3A%2F%2Fwww.startpage.com%2F&OSP=http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3D%7BsearchTerms%7D%26form%3DLENDF8%26pc%3DMALN%26src%3DIE%2DSearchBox
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1182291490-1180826050-772089516-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1182291490-1180826050-772089516-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Positive Finds -> {30c85a3d-1d96-4589-b63f-91fb7ef45a41} -> C:\Program Files (x86)\Positive Finds\Extensions\30c85a3d-1d96-4589-b63f-91fb7ef45a41.dll ()
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Tcpip\..\Interfaces\{61EFE29E-D40B-4C22-B3F9-5D9FDC44B62D}: [NameServer] 4.2.2.2,4.2.2.1

FireFox:
========
FF ProfilePath: C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default
FF NewTab: about:blank
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: www.startpage.com
FF Keyword.URL:
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\user.js
FF Extension: Positive Finds - C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\Extensions\{3322faca-e7db-4e4a-ba32-c1ee6c50460f}.xpi [2015-01-26]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]

Chrome:
=======
CHR Profile: C:\Users\Knight\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (FastestChrome - Browse Faster) - C:\Users\Knight\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2013-08-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [566688 2011-02-24] (Affinegy, Inc.)
R2 hasplms; C:\windows\system32\hasplms.exe [4941768 2012-06-28] (SafeNet Inc.)
R2 lxec_device; C:\windows\system32\lxeccoms.exe [1052328 2010-04-14] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 Service Mgr PositiveFinds; C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe [550136 2015-01-27] ()
R2 Update Mgr PositiveFinds; C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe [351992 2015-01-27] ()
S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 GeneStor; C:\Windows\System32\DRIVERS\GeneStor.sys [57856 2010-12-16] (GenesysLogic)
R2 hardlock; C:\windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
R2 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-12-28] (Duplex Secure Ltd.)
S3 ysusb64; C:\Windows\System32\drivers\ysusb64.sys [120104 2013-09-20] (Yamaha Corporation)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 NPF; system32\DRIVERS\npf.sys [X]
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\windows\system32\drivers\TfNetMon.sys [X]
S0 TFSysMon; system32\drivers\TfSysMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 14:01 - 2015-01-27 14:01 - 00013374 _____ () C:\Users\Knight\Desktop\FRST.txt
2015-01-27 14:01 - 2015-01-27 14:01 - 00000000 ____D () C:\FRST
2015-01-27 13:58 - 2015-01-27 13:59 - 02129920 _____ (Farbar) C:\Users\Knight\Desktop\FRST64.exe
2015-01-26 23:38 - 2015-01-26 23:38 - 00006074 _____ () C:\Users\Knight\Desktop\HAARP.wlmp
2015-01-26 20:55 - 2015-01-27 10:24 - 00000000 ____D () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
2015-01-26 20:55 - 2015-01-26 20:56 - 00000000 ____D () C:\Program Files (x86)\Positive Finds
2015-01-26 20:55 - 2015-01-26 20:55 - 00000000 ____D () C:\Users\Knight\AppData\Roaming\RHEng
2015-01-26 13:43 - 2015-01-26 13:44 - 00000000 ____D () C:\Users\Knight\AppData\Local\{DB4E2020-9105-46D0-812D-A437F48C17B1}
2015-01-26 10:00 - 2015-01-26 10:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 19:47 - 2015-01-25 19:47 - 00000000 ____D () C:\Users\Knight\AppData\Local\{47E39320-4742-4FD7-BA62-0EB31BEB690F}
2015-01-25 18:08 - 2015-01-25 18:08 - 00004719 _____ () C:\Users\Knight\AppData\Local\recently-used.xbel
2015-01-24 20:52 - 2015-01-24 20:52 - 00490840 _____ () C:\Users\Knight\Desktop\Turbotax2013.tax2013
2015-01-24 20:39 - 2015-01-24 20:39 - 00000000 ____D () C:\Users\Knight\AppData\Roaming\TaxCut
2015-01-24 14:26 - 2015-01-24 14:26 - 00037401 _____ () C:\Users\Knight\Desktop\TransUnion Online Investigation Service  Updated Credit File.htm
2015-01-24 13:39 - 2015-01-24 13:39 - 02221418 _____ () C:\Users\Knight\Desktop\YOUTUBE WelcomeBackHome Branding Intro HD.wmv
2015-01-24 13:29 - 2015-01-24 13:29 - 00803281 _____ () C:\Users\Knight\Desktop\YOUTUBE WelcomeBackHome Branding Intro.wmv
2015-01-24 13:13 - 2015-01-24 13:29 - 00007290 _____ () C:\Users\Knight\Desktop\YOUTUBE WelcomeBackHome Branding Intro.wlmp
2015-01-24 12:36 - 2015-01-24 12:36 - 00000000 ____D () C:\Users\Knight\AppData\Local\{BA987890-2079-4512-BCBC-7717BA2BC846}
2015-01-23 19:16 - 2015-01-23 19:16 - 00000000 ____D () C:\Users\Knight\AppData\Local\{CAE6AE0D-FC68-4161-8162-9B4A9DB32869}
2015-01-23 17:38 - 2015-01-23 17:38 - 00337440 _____ () C:\Users\Knight\Desktop\911 and LUCKY LARRY SILVERSTEIN.mp4.sfk
2015-01-23 17:26 - 2015-01-23 17:26 - 00013496 _____ () C:\Users\Knight\Desktop\LUCKY LARRY.mp4
2015-01-23 17:17 - 2015-01-23 18:35 - 00013400 _____ () C:\Users\Knight\Desktop\LUCKY LARRY.vf
2015-01-23 17:17 - 2015-01-23 17:38 - 00013400 _____ () C:\Users\Knight\Desktop\LUCKY LARRY.vf.bak
2015-01-22 18:23 - 2015-01-24 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2014
2015-01-22 18:23 - 2015-01-22 18:23 - 00002029 _____ () C:\Users\Public\Desktop\H&R Block 2014.lnk
2015-01-22 18:22 - 2015-01-24 21:05 - 00000000 ____D () C:\Users\Knight\Documents\HRBlock
2015-01-22 18:22 - 2015-01-22 18:23 - 00000000 ____D () C:\Program Files (x86)\HRBlock2014
2015-01-22 18:22 - 2015-01-22 18:22 - 00000000 ____D () C:\Program Files (x86)\PDF995
2015-01-22 18:20 - 2015-01-22 18:20 - 00000000 ____D () C:\ProgramData\TaxCut
2015-01-22 10:36 - 2015-01-22 10:37 - 00000000 ____D () C:\Users\Knight\AppData\Local\{648D93C2-3930-4C25-8EE1-0796AE406866}
2015-01-20 17:32 - 2015-01-20 17:32 - 00000000 ____D () C:\Users\Knight\AppData\Roaming\DVDVideoSoftIEHelpers
2015-01-19 18:09 - 2015-01-19 18:09 - 00686393 _____ () C:\Users\Knight\Desktop\2014 Federal Tax Return.tax2014
2015-01-17 10:47 - 2015-01-18 09:50 - 00000000 ____D () C:\Users\Knight\AppData\Local\{46010BE6-D2DA-4B68-9C9A-62220B0F7D39}
2015-01-14 21:38 - 2015-01-14 21:38 - 11560942 _____ () C:\Users\Knight\Desktop\Dogs Beach Headturn 01 Alaska 3 2014.xcf
2015-01-14 14:01 - 2015-01-15 15:59 - 00000000 ____D () C:\Users\Knight\AppData\Local\gtk-2.0
2015-01-14 14:01 - 2015-01-14 14:01 - 01775941 _____ () C:\Users\Knight\Desktop\RockyPark .xcf
2015-01-14 13:37 - 2015-01-14 13:37 - 00000000 ____D () C:\Users\Knight\AppData\Local\webkit
2015-01-14 13:32 - 2015-01-14 13:32 - 00000894 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-01-14 13:31 - 2015-01-14 13:32 - 00000000 ____D () C:\Program Files\GIMP 2
2015-01-05 14:38 - 2015-01-08 16:15 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-05 14:38 - 2015-01-05 14:38 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-12-30 18:54 - 2014-12-30 18:54 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 13:50 - 2014-10-09 22:17 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-27 13:49 - 2009-07-13 19:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-27 13:49 - 2009-07-13 19:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-27 13:46 - 2009-07-13 20:13 - 00779898 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-27 13:45 - 2014-06-26 11:27 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-27 13:45 - 2011-04-26 17:58 - 01608039 _____ () C:\windows\WindowsUpdate.log
2015-01-27 13:42 - 2011-08-29 17:47 - 00171463 _____ () C:\ProgramData\lxecscan.log
2015-01-27 13:41 - 2014-10-23 19:21 - 00021034 _____ () C:\windows\setupact.log
2015-01-27 13:41 - 2011-12-17 20:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-27 13:41 - 2010-11-20 18:47 - 00085696 _____ () C:\windows\PFRO.log
2015-01-27 13:41 - 2009-07-13 20:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-27 13:25 - 2012-01-10 17:19 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 23:39 - 2014-06-27 16:43 - 00000000 ____D () C:\Users\Knight\Documents\Movie Studio Platinum 13.0 Projects
2015-01-26 21:15 - 2012-03-03 21:21 - 00000000 ____D () C:\Users\Knight\AppData\Roaming\DVDVideoSoft
2015-01-26 21:15 - 2012-03-03 21:21 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-01-26 20:35 - 2012-06-05 18:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-26 19:42 - 2012-04-26 17:37 - 00003934 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{95933BC7-5B2A-4501-8F0A-C2812D7CAED4}
2015-01-25 18:10 - 2012-08-19 14:30 - 00000000 ____D () C:\Users\Knight\.gimp-2.8
2015-01-24 19:51 - 2014-10-09 22:17 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 19:51 - 2013-10-21 18:38 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 19:51 - 2013-10-21 18:38 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 13:01 - 2012-03-03 21:26 - 00000000 ____D () C:\Users\Knight\Documents\DVDVideoSoft
2015-01-24 12:36 - 2011-12-11 20:52 - 00000000 ____D () C:\Users\Knight\AppData\Local\Windows Live
2015-01-23 14:56 - 2009-07-13 19:45 - 00443880 _____ () C:\windows\system32\FNTCACHE.DAT
2015-01-22 19:47 - 2011-07-18 06:53 - 00084888 _____ () C:\Users\Knight\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-21 19:14 - 2011-08-29 18:11 - 00000000 ____D () C:\ProgramData\Lx_cats
2015-01-21 19:02 - 2011-07-17 13:55 - 00000000 ____D () C:\Users\Knight\AppData\Roaming\Adobe
2015-01-19 17:53 - 2011-08-29 18:46 - 00111292 _____ () C:\ProgramData\lxecJSW.log
2015-01-14 21:35 - 2014-03-28 22:21 - 00000000 ____D () C:\Users\Knight\AppData\Roaming\Nikon
2015-01-14 21:35 - 2014-03-01 12:26 - 00000020 ____H () C:\ProgramData\PKP_DLev.DAT
2015-01-13 22:33 - 2012-03-05 14:45 - 00000000 ____D () C:\Users\Knight\Documents\My Logo design Studio Projects
2015-01-13 19:50 - 2014-03-03 15:51 - 00002277 _____ () C:\Users\Knight\Desktop\Cubase LE AI Elements 6 64bit.lnk
2015-01-05 14:38 - 2011-04-26 18:10 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-05 14:37 - 2011-07-22 19:09 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-31 02:14 - 2010-11-20 18:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-03-01 12:26 - 2014-03-01 12:26 - 0000268 ___RH () C:\Users\Knight\AppData\Roaming\Piano
2014-03-01 12:27 - 2014-03-01 12:27 - 0000268 ___RH () C:\Users\Knight\AppData\Roaming\Piano Hard
2014-03-01 12:26 - 2014-03-01 12:26 - 0000268 ___RH () C:\Users\Knight\AppData\Roaming\Piano Med
2014-03-01 12:23 - 2014-03-01 12:23 - 0000268 ___RH () C:\Users\Knight\AppData\Roaming\Pop Kit
2012-12-07 18:41 - 2012-12-07 18:41 - 0001181 _____ () C:\Users\Knight\AppData\Roaming\trace_FilterInstaller.1.txt
2012-12-07 18:41 - 2013-08-20 18:53 - 0000919 _____ () C:\Users\Knight\AppData\Roaming\trace_FilterInstaller.txt
2012-12-07 18:41 - 2013-08-20 18:53 - 0000000 _____ () C:\Users\Knight\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2015-01-25 18:08 - 2015-01-25 18:08 - 0004719 _____ () C:\Users\Knight\AppData\Local\recently-used.xbel
2012-04-11 18:47 - 2013-06-18 15:12 - 0007647 _____ () C:\Users\Knight\AppData\Local\resmon.resmoncfg
2011-08-29 17:44 - 2011-08-29 17:44 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2013-04-10 09:00 - 2013-04-10 09:00 - 0000120 _____ () C:\ProgramData\Coinstaller.log
2011-08-29 18:41 - 2011-08-29 18:41 - 0000252 _____ () C:\ProgramData\FastPics.log
2012-01-02 17:23 - 2013-04-08 14:04 - 0005061 _____ () C:\ProgramData\lxec.log
2012-10-24 13:04 - 2013-04-08 13:58 - 0000370 _____ () C:\ProgramData\lxecDiagnostics.log
2011-08-29 18:46 - 2015-01-19 17:53 - 0111292 _____ () C:\ProgramData\lxecJSW.log
2011-08-29 17:47 - 2015-01-27 13:42 - 0171463 _____ () C:\ProgramData\lxecscan.log
2011-08-29 17:44 - 2011-08-29 17:44 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2012-04-16 18:01 - 2014-09-05 11:29 - 0000935 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-03-01 12:26 - 2014-03-01 12:26 - 0000268 ___RH () C:\ProgramData\Pick Bass
2014-03-01 12:27 - 2014-03-01 12:27 - 0000268 ___RH () C:\ProgramData\Pipe Organ
2014-03-28 21:24 - 2014-03-28 21:24 - 0000000 _____ () C:\ProgramData\PKP_DLbx.DAT
2014-03-01 12:23 - 2014-03-01 12:23 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2014-03-01 12:27 - 2014-04-29 17:42 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-03-01 12:26 - 2014-03-01 12:26 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-03-01 12:26 - 2015-01-14 21:35 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2014-03-01 12:26 - 2014-03-01 12:26 - 0000268 ___RH () C:\ProgramData\Planets
2014-03-01 12:23 - 2014-03-01 12:26 - 0000012 ___RH () C:\ProgramData\PrintingModule
2014-03-01 12:27 - 2014-03-01 12:27 - 0000012 ___RH () C:\ProgramData\Profiles
2014-03-01 12:26 - 2014-03-01 12:26 - 0000012 ___RH () C:\ProgramData\Quartz Composer
2014-03-01 12:23 - 2014-03-01 12:23 - 0000012 ___RH () C:\ProgramData\Sound Effects
2013-01-08 06:43 - 2013-01-08 06:43 - 0584454 _____ () C:\ProgramData\SPL74F1.tmp
2011-08-29 17:44 - 2011-08-29 17:44 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

Some content of TEMP:
====================
C:\Users\Knight\AppData\Local\Temp\FreeStudio.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 17:46

==================== End Of Log ============================

 

ADDITION LOG:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Knight at 2015-01-27 14:02:15
Running from C:\Users\Knight\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AnalogX SimpleServer:Shout (HKLM-x32\...\AnalogX SimpleServer:Shout) (Version:  - AnalogX)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
ArcSoft Panorama Maker 6 (HKLM-x32\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft)
Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version:  - )
Belkin USB Wireless Adaptor (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.10 - Belkin)
Belkin USB Wireless Adaptor (x32 Version: 1.0.0.10 - Belkin) Hidden
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CAP88-PC 4 (HKLM-x32\...\{ECE828D8-515A-4F81-9B65-F14BFCB1544A}) (Version: 4.0.0 - CAP88)
Capture NX 2 (HKLM\...\Capture NX 2) (Version: 2.4.6 - NIKON CORPORATION)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DVD Architect Studio 5.0 (HKLM-x32\...\{3822E74F-08F8-11E3-99EE-F04DA23A5C58}) (Version: 5.0.186 - Sony)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.7.1.8141 - Steinberg Media Technologies GmbH)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.0.1.1 - Genesys Logic)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
H&R Block Deluxe + Efile 2014 (HKLM-x32\...\{C89CA854-CE87-4CC6-A79F-86E0D7FB0B32}) (Version: 14.04.5801 - HRB Technology, LLC.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2246 - Intel Corporation)
Java 6 Update 30 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416030FF}) (Version: 6.0.300 - Oracle)
Java 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JHelioviewer (HKLM\...\JHelioviewer) (Version: 2.2.1.477 - European Space Agency)
Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.10.1809 - Lenovo)
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)
Lenovo Rescue System (Version: 3.0.1409 - CyberLink Corp.) Hidden
LogoDesignStudio (HKLM-x32\...\{2FCACAAD-A690-42E4-B2CF-1CD53EB6F322}) (Version: 4.0 - Summitsoft Corporation)
LXH-JME2207FN Hotkey Driver (HKLM-x32\...\{42B21298-C850-4272-AFD9-636CBC005421}) (Version: 5.1.0804 - Lenovo)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Studio Platinum 13.0 (64-bit) (HKLM\...\{402E168F-CC02-11E3-812F-F04DA23A5C58}) (Version: 13.0.932 - Sony)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.0 - Nikon)
NVIDIA 3D Vision Controller Driver 306.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.23 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.0 - Nikon)
Positive Finds (HKLM-x32\...\Positive Finds) (Version: 2.0.5504.16541 - Positive Finds) <==== ATTENTION!
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Revo Uninstaller Pro 2.5.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.8 - VS Revo Group, Ltd.)
SOHO Science Archive v1.6 (HKU\S-1-5-21-1182291490-1180826050-772089516-1001\...\SOHO Science Archive v1.6) (Version:  - ESA)
Steinberg Cubase LE AI Elements 6 64bit (HKLM\...\{8EEEB23E-A3EB-44A4-AEE9-D2FD6F96E4A0}) (Version: 6.0.2 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 2.0.0.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\...\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 1.5.2 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE Content for Cubase LE AI Elements (HKLM-x32\...\{CF45002F-2205-4116-BB51-2D015F436CAC}) (Version: 1.5.2.000 - Steinberg Media Technologies GmbH)
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version:  - Intuit, Inc)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
UnzipLite 0.7.0.0 (HKLM-x32\...\UnzipLite) (Version: 0.7.0.0 - Amnis Technology Ltd)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.9.0 - Nikon)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E1}) (Version: 18.0.11023 - WinZip Computing, S.L. )
Yamaha Steinberg USB Driver (HKLM-x32\...\InstallShield_{A6BA3C40-EA3A-4A23-A02D-DC25EFBAF093}) (Version: 1.8.3 - Yamaha Corporation)
Yamaha Steinberg USB Driver (Version: 1.8.3 - Yamaha Corporation) Hidden
YAMAHA THR Editor (HKLM-x32\...\{ECC6D4D5-EBD7-4117-BBA1-B76D93DD2A76}) (Version: 1.1.0 - Yamaha Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

22-01-2015 18:21:59 Installed HR Block 2014.
24-01-2015 23:45:41 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-04-23 11:21 - 2012-04-27 22:40 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0063B25E-24C1-44D8-B5A9-138372508597} - System32\Tasks\{9AF0192C-04D4-4930-AAC1-3F1A9F53EFC7} => Firefox.exe
Task: {08FD5842-3FDF-4A97-A91E-762564F6F466} - System32\Tasks\{8548BB18-951B-4206-8359-B946B346D5AA} => Firefox.exe
Task: {2190EAA6-7C6D-4BFF-AE34-FD12AEED478D} - System32\Tasks\{1BF4AD25-0163-4B3A-B971-8D0959E10868} => pcalua.exe -a C:\Users\Knight\Desktop\HijackThis.exe -d C:\Users\Knight\Desktop
Task: {36ED2877-E8E7-41EE-9BC3-3FFD72E3F403} - System32\Tasks\{D9FA57B9-2B48-4BEE-8124-A9F7F38C9DF8} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {4717D743-B701-4EDA-BD42-E0D70D05DBC4} - System32\Tasks\{2745FDAE-9FC2-4808-92E4-1CF0605B89A4} => Firefox.exe
Task: {5CA698A5-5A9B-4F6B-B6B0-7198AC42D518} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
Task: {66AA07C2-88DE-4802-BA14-6AA2E09A10AC} - System32\Tasks\{BB6D78DE-967D-477C-BE77-4C6D129125D1} => C:\Program Files (x86)\DVDVideoSoft\Free Video Dub\FreeVideoDub.exe
Task: {676B07E5-857A-4B68-A956-E73D70B9F0E3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {70EABB8E-4714-4DBB-8671-B8203C2C2DE4} - System32\Tasks\{6BBD51E0-8AEB-415C-8776-7CFF4B3AD03F} => Firefox.exe
Task: {7E1D7781-A79B-4620-848F-E9AE099FC074} - System32\Tasks\{5405FF05-0BBC-45DC-AED2-BF70B521890D} => pcalua.exe -a "C:\Program Files (x86)\NETGEAR\WNDA3100v2\Uninstall.exe" -d "C:\Program Files (x86)\InstallShield Installation Information\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" -c -GUID {3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0} -L -z "-Remove"
Task: {7FB63045-A21C-4ABB-8D26-191548420D1D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {84497FB5-0BC7-4357-90F8-DEB3A45958CB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8E7ECC37-61EA-4106-87EF-0E78A3F64D2B} - System32\Tasks\{E2534764-8316-452B-9052-96F854FA42C1} => C:\Users\Knight\Downloads\THR_V2_Updater_Win\THR_V2_Updater_Win\THR_V2_Updater.exe [2013-12-12] (YAMAHA CORPORATION)
Task: {A6B7C981-71D9-4FEC-AD8A-FBE6911872F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {DAD04AA8-6AD0-4EDB-BD25-5C0696BB1CCA} - System32\Tasks\{A8E522E5-3105-415D-A341-F90570C45CEB} => C:\Users\Knight\Desktop\EEScreen.exe
Task: {DF39B869-7EAF-4779-A12C-90D756E709EC} - System32\Tasks\{AC99F7B6-67ED-44C2-A5F0-DA140C9CC333} => pcalua.exe -a "C:\Users\Knight\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O9L1JEJ6\startuplite-setup-1.07.exe" -d C:\Users\Knight\Desktop
Task: {EF530005-E83E-4EB0-90B1-C344AEB29BEF} - System32\Tasks\{499BC569-5603-4B1C-8896-B5A346394718} => C:\Program Files (x86)\DVDVideoSoft\Free Video Dub\FreeVideoDub.exe
Task: {F49AC17B-783E-4E60-A2D1-9354FA053597} - System32\Tasks\{A2AB24E9-9B09-43E8-945B-39FDD0331862} => Firefox.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-05-25 18:13 - 2013-01-18 06:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-08-29 17:48 - 2009-11-04 11:18 - 00189440 _____ () C:\windows\system32\spool\PRTPROCS\x64\lxecdrpp.dll
2015-01-26 18:51 - 2015-01-27 05:11 - 00550136 _____ () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe
2015-01-26 18:51 - 2015-01-27 04:11 - 00351992 _____ () C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe
2015-01-27 05:12 - 2015-01-27 05:12 - 00518904 _____ () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\5\plugin.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-23 16:15 - 2012-01-23 16:15 - 00854016 _____ () C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2012-01-23 16:15 - 2012-01-23 16:15 - 00476520 _____ () C:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2011-04-26 18:02 - 2009-07-16 07:20 - 00032768 _____ () C:\Program Files (x86)\jmesoft\Keyhook.dll
2011-04-26 18:02 - 2007-12-31 08:27 - 00007168 _____ () C:\Program Files (x86)\jmesoft\VistaVolume.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:430C6D84
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
AlternateDataStreams: C:\Users\Knight\VeronicaBabyCakes.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Knight\VeronicaBabyCakes.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Knight\Documents\VeronicaPicwithDad.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Knight\Documents\VeronicaPicwithDad.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: cdloader => "C:\Users\Knight\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Knight\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: InstaLAN => "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: UMonit => C:\windows\SysWOW64\UMonit.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-1182291490-1180826050-772089516-500 - Administrator - Disabled)
Guest (S-1-5-21-1182291490-1180826050-772089516-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1182291490-1180826050-772089516-1003 - Limited - Enabled)
Knight (S-1-5-21-1182291490-1180826050-772089516-1001 - Administrator - Enabled) => C:\Users\Knight
UpdatusUser (S-1-5-21-1182291490-1180826050-772089516-1006 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/27/2015 02:01:29 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (01/27/2015 02:01:29 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (01/27/2015 02:01:29 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (01/27/2015 02:01:28 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.MapPI> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (01/27/2015 02:01:28 PM) (Source: Windows Search Service) (EventID: 3057) (User: )
Description: The plug-in manager <Search.MapPI> cannot be initialized.

Context: Windows Application


Details:
    (HRESULT : 0x80040154) (0x80040154)

Error: (01/27/2015 01:49:29 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (01/27/2015 01:49:29 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (01/27/2015 01:49:29 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (01/27/2015 01:49:29 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.MapPI> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (01/27/2015 01:49:29 PM) (Source: Windows Search Service) (EventID: 3057) (User: )
Description: The plug-in manager <Search.MapPI> cannot be initialized.

Context: Windows Application


Details:
    (HRESULT : 0x80040154) (0x80040154)


System errors:
=============
Error: (01/27/2015 02:01:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 5 time(s).

Error: (01/27/2015 02:01:29 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147218170.

Error: (01/27/2015 01:49:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 4 time(s).

Error: (01/27/2015 01:49:29 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147218170.

Error: (01/27/2015 01:45:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 3 time(s).

Error: (01/27/2015 01:45:38 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147218170.

Error: (01/27/2015 01:45:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (01/27/2015 01:45:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (01/27/2015 01:45:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/27/2015 01:45:07 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147218170.


Microsoft Office Sessions:
=========================
Error: (01/27/2015 02:01:29 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (01/27/2015 02:01:29 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application


Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (01/27/2015 02:01:29 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (01/27/2015 02:01:28 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
Search.MapPI

Error: (01/27/2015 02:01:28 PM) (Source: Windows Search Service) (EventID: 3057) (User: )
Description: Context: Windows Application


Details:
    (HRESULT : 0x80040154) (0x80040154)
Search.MapPI

Error: (01/27/2015 01:49:29 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (01/27/2015 01:49:29 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application


Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (01/27/2015 01:49:29 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (01/27/2015 01:49:29 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
Search.MapPI

Error: (01/27/2015 01:49:29 PM) (Source: Windows Search Service) (EventID: 3057) (User: )
Description: Context: Windows Application


Details:
    (HRESULT : 0x80040154) (0x80040154)
Search.MapPI


CodeIntegrity Errors:
===================================
  Date: 2013-09-10 21:17:43.605
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-10 21:11:03.599
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-10 19:11:36.073
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-10 18:58:06.359
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-10 18:35:51.099
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-10 17:54:03.720
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-10 16:12:19.788
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-10 15:51:01.317
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-10 14:53:39.380
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-10 11:22:36.400
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU G620 @ 2.60GHz
Percentage of memory in use: 20%
Total physical RAM: 8174.45 MB
Available physical RAM: 6472.57 MB
Total Pagefile: 16347.09 MB
Available Pagefile: 14579.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:906.34 GB) (Free:752.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BBE2FBBA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=906.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)

==================== End Of Log ============================

 

FRST.txt

Addition.txt

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

fixlist.txt

Link to post
Share on other sites

Oops, forgot to post, here is the fix log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015
Ran by Knight at 2015-01-28 11:52:51 Run:1
Running from C:\Users\Knight\Desktop
Loaded Profiles: Knight (Available profiles: Knight & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
closeprocesses:
C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
Startup: C:\Users\UpdatusUser\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
C:\ProgramData\Best Buy pc app
KLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1182291490-1180826050-772089516-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-1182291490-1180826050-772089516-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-1182291490-1180826050-772089516-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....rc=IE-SearchBox
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1182291490-1180826050-772089516-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1182291490-1180826050-772089516-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
BHO-x32: Positive Finds -> {30c85a3d-1d96-4589-b63f-91fb7ef45a41} -> C:\Program Files (x86)\Positive Finds\Extensions\30c85a3d-1d96-4589-b63f-91fb7ef45a41.dll ()
C:\Program Files (x86)\Positive Finds
Tcpip\..\Interfaces\{61EFE29E-D40B-4C22-B3F9-5D9FDC44B62D}: [NameServer] 4.2.2.2,4.2.2.1
FF NewTab: about:blank
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: www.startpage.com
FF Keyword.URL:
FF NetworkProxy: "type", 4
FF user.js: detected! => C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\user.js
FF Extension: Positive Finds - C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\Extensions\{3322faca-e7db-4e4a-ba32-c1ee6c50460f}.xpi [2015-01-26]
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
CHR Extension: (FastestChrome - Browse Faster) - C:\Users\Knight\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2013-08-10]
R2 Service Mgr PositiveFinds; C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe [550136 2015-01-27] ()
R2 Update Mgr PositiveFinds; C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe [351992 2015-01-27] ()
S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 NPF; system32\DRIVERS\npf.sys [X]
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\windows\system32\drivers\TfNetMon.sys [X]
S0 TFSysMon; system32\drivers\TfSysMon.sys [X]
C:\Users\Knight\AppData\Local\Temp\FreeStudio.exe

*****************

Processes closed successfully.
C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602 => Moved successfully.
C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602 => Moved successfully.
C:\Users\UpdatusUser\Start Menu\Programs\Startup\Best Buy pc app.lnk => Moved successfully.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
"C:\ProgramData\Best Buy pc app" => File/Directory not found.
HKU\KLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
"HKU\S-1-5-21-1182291490-1180826050-772089516-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value deleted successfully.
HKU\S-1-5-21-1182291490-1180826050-772089516-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-1182291490-1180826050-772089516-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-1182291490-1180826050-772089516-1001\Software\Microsoft\Internet Explorer\Main\\First Home Page => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-1182291490-1180826050-772089516-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1182291490-1180826050-772089516-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30c85a3d-1d96-4589-b63f-91fb7ef45a41}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{30c85a3d-1d96-4589-b63f-91fb7ef45a41}" => Key deleted successfully.
C:\Program Files (x86)\Positive Finds => Moved successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{61EFE29E-D40B-4C22-B3F9-5D9FDC44B62D}\\NameServer => value deleted successfully.
Firefox newtab deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
Firefox Proxy settings were reset.
C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\user.js => Moved successfully.
C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\Extensions\{3322faca-e7db-4e4a-ba32-c1ee6c50460f}.xpi => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0" => Key deleted successfully.
C:\Users\Knight\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm => Moved successfully.
Service Mgr PositiveFinds => Service deleted successfully.
Update Mgr PositiveFinds => Service deleted successfully.
WinDefend => Service deleted successfully.
IntcAzAudAddService => Service deleted successfully.
NPF => Service deleted successfully.
TfFsMon => Service deleted successfully.
TfNetMon => Service deleted successfully.
TFSysMon => Service deleted successfully.
C:\Users\Knight\AppData\Local\Temp\FreeStudio.exe => Moved successfully.


The system needed a reboot.

==== End of Fixlog 11:52:52 ====

Link to post
Share on other sites

  • 3 weeks later...

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.