Jump to content

mattmin

Members
  • Posts

    15
  • Joined

  • Last visited

Reputation

0 Neutral

About mattmin

  • Birthday 03/31/1957

Profile Information

  • Interests
    Jesus, reading the bible praying for others, sports, going places with my wife.
  1. Addition.txt file: Additional scan result of Farbar Recovery Scan Tool (x86) Version:23-09-2015 Ran by Matt's Services (2015-09-25 11:58:22) Running from C:\Users\Matt's Services\Documents\_Programs Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2010-01-04 18:38:13) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1968118532-1448927574-937044247-500 - Administrator - Disabled) Guest (S-1-5-21-1968118532-1448927574-937044247-501 - Limited - Enabled) Matt's Services (S-1-5-21-1968118532-1448927574-937044247-1002 - Administrator - Enabled) => C:\Users\Matt's Services ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19480 - Adobe Systems Incorporated) Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.63 - NOS Microsystems Ltd.) Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Reader XI (11.0.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated) Aimersoft Video Converter Pro(Build 4.1.2.0) (HKLM\...\Aimersoft Video Converter Pro_is1) (Version: - Aimersoft Software) AMD Catalyst Install Manager (HKLM\...\{DE7D695C-2EC7-AFDF-F786-6E938DE83175}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden aTube Catcher version 3.8 (HKLM\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp) Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.0.2.0 - Auslogics Labs Pty Ltd) AVG 2011 (Version: 10.0.424 - AVG Technologies) Hidden AVS Registry Cleaner 2.3.4.261 (HKLM\...\AVS Registry Cleaner_is1) (Version: 2.3.4.261 - Online Media Technologies Ltd.) AVS Video Converter 9.0 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: 9.0.1.566 - Online Media Technologies Ltd.) AVS Video Editor 7.0 (HKLM\...\AVS Video Editor_is1) (Version: 7.0.1.258 - Online Media Technologies Ltd.) AVS Video ReMaker 4.3.2.166 (HKLM\...\AVS Video ReMaker_is1) (Version: 4.3.2.166 - Online Media Technologies Ltd.) Belkin Desktop PCI Card Driver (HKLM\...\{50D47CE8-9C16-42D1-A8D8-B143B22E232A}) (Version: 1.12.0005 - Belkin) Brother MFL-Pro Suite MFC-495CW (HKLM\...\{0A02D347-5E53-48A5-BC49-1469393103FA}) (Version: 2.0.0.0 - Brother Industries, Ltd.) Casper 7.0 (HKLM\...\{B28C64A1-22A0-4106-B040-DCD78859AAF3}) (Version: 7.0.2754 - Future Systems Solutions, Inc.) Chinese Traditional Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-2448-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated) Corel VideoStudio 12 (HKLM\...\InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}) (Version: 12.0.0.0000 - Corel Corporation) CuteFTP 7 Professional (HKLM\...\{1CCBCF78-EF12-4137-B3CA-99F30A2E7D21}) (Version: 7.20.1000 - GlobalSCAPE) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC) Driver Detective (HKLM\...\DriversHQ.DriverDetective.Client) (Version: 10.1.2.41 - PC Drivers HeadQuarters LP) EaseUS Partition Master 9.2.1 Home Edition (HKLM\...\EaseUS Partition Master Home Edition_is1) (Version: - EaseUS) Elevated Installer (Version: 4.0.16.0 - Garmin Ltd or its subsidiaries) Hidden Eye Candy 4000 (HKLM\...\Eye Candy 4000) (Version: - ) Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) ffdshow v1.3.4532 [2014-07-17] (HKLM\...\ffdshow_is1) (Version: 1.3.4532.0 - ) FlipShare (HKLM\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video) Garmin Communicator Plugin (HKLM\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM\...\{01b90f4a-c495-47c4-a33b-1391f41398ce}) (Version: 4.0.16.0 - Garmin Ltd or its subsidiaries) Garmin Express (Version: 4.0.16.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (Version: 4.0.16.0 - Garmin Ltd or its subsidiaries) Hidden Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries) HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro) ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden ImTOO Download YouTube Video (HKLM\...\ImTOO Download YouTube Video) (Version: 5.6.3.20150119 - ImTOO) Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) JGsoft EditPad Pro 4.5.5 (HKLM\...\EditPad Pro) (Version: - ) JPEG to PDF 1.0 (HKLM\...\{4097ADD8-7890-4CBD-953A-1187EF2C6FA5}_is1) (Version: - jpegtopdf.com) Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Karaoke Anything! (HKLM\...\Karaoke Anything!1.0) (Version: - ) LightScribe System Software (HKLM\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe) Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Media Player Codec Pack 4.2.7 (HKLM\...\Media Player - Codec Pack) (Version: 4.2.7 - Media Player Codec Pack) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation) Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version: - ) Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 40.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 7 Ultra Edition (HKLM\...\{98EFD8F0-08DE-48DB-B922-A2EBAB711033}) (Version: 7.03.1151 - Nero AG) ophcrack 3.5.0 (HKLM\...\ophcrack) (Version: 3.5.0 - OS Objectif Sécurité SA) Paint Shop Pro 7 (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.1.0000 - Jasc Software Inc) QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden Quicken 2013 (HKLM\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit) QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: - ) Realtek Ethernet Controller All-In-One Windows Driver (HKLM\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0011 - Realtek) Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.32.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.1.32.0 - Renesas Electronics Corporation) Hidden Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation) Skype™ 5.10 (HKLM\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 5.10.116 - Skype Technologies S.A.) SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.5.0 - SmartSound Software Inc) SmartSound Quicktracks Plugin (Version: 3.0.5.0 - SmartSound Software Inc) Hidden Sony Sound Forge Audio Studio 9.0 (HKLM\...\{20207CCE-A8FA-44A7-AA3D-1E43EB307B27}) (Version: 9.0.232 - Sony) Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden VideoStudio (Version: 12.0.0.0000 - Corel Corporation) Hidden Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation) Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - ) WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) WinZip (HKLM\...\WinZip) (Version: 9.0 SR-1 (6224) - WinZip Computing, Inc.) Xenofex 1.1 (HKLM\...\Xenofex 1.0) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002_Classes\CLSID\{02172B7A-11D6-42b6-9550-41B281804714}\localserver32 -> C:\Program Files\GlobalSCAPE\CuteFTP 7 Professional\ftpte.exe (GlobalSCAPE Texas, LP.) CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Matt's Services\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe No File CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Matt's Services\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File ==================== Restore Points ========================= 22-09-2015 21:57:59 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:04 - 2015-09-17 17:57 - 00450786 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 007guard.com 127.0.0.1 www.007guard.com 127.0.0.1 008i.com 127.0.0.1 008k.com 127.0.0.1 www.008k.com 127.0.0.1 00hq.com 127.0.0.1 www.00hq.com 127.0.0.1 010402.com 127.0.0.1 032439.com 127.0.0.1 www.032439.com 127.0.0.1 0scan.com 127.0.0.1 www.0scan.com 127.0.0.1 1-2005-search.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-domains-registrations.com 127.0.0.1 www.1-domains-registrations.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com There are 1000 more lines. ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {24F324DA-E578-465D-863A-E3FE325AB668} - System32\Tasks\Future Systems Solutions\Casper\Casper 7.0 Update Notification Task => C:\Program Files\Future Systems Solutions\Casper 7.0\CASPER.EXE [2012-11-30] (Future Systems Solutions, Inc.) Task: {250CF564-3F31-4D4F-926F-A1CDE8666B26} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser Task: {2D27F9D9-E573-42FE-9A04-7E3F49505A31} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-24] (Adobe Systems Incorporated) Task: {4D47AB5B-1A0E-4B1C-8FCC-A47C440C7FCA} - System32\Tasks\{764FCD57-7840-4C64-B2BD-06D352057454} => pcalua.exe -a C:\Windows\unvise32.exe -c C:\PROGRAM FILES\JASC SOFTWARE INC\PAINT SHOP PRO 7\FILTERS\DreamSuite Bonus\DreamSuite Bonus Uninstall.log Task: {64ED2775-3AB8-48DD-B186-F171F0A2B1D6} - System32\Tasks\Driver Detective-RTMRules => C:\Program Files\Driver Detective\DriversHQ.DriverDetective.Client.exe [2015-09-22] (PC Drivers Headquarters) Task: {76E77048-62DF-4975-BF40-D12EA27DD6E8} - System32\Tasks\Driver Detective-RTMUpdater => C:\Program Files\Driver Detective\DriversHQ.DriverDetective.Client.exe [2015-09-22] (PC Drivers Headquarters) Task: {7E5CCC65-F4F6-4C54-A561-14082EDAFAF5} - System32\Tasks\Driver Detective => C:\Program Files\Driver Detective\DriversHQ.DriverDetective.Client.exe [2015-09-22] (PC Drivers Headquarters) Task: {EB897E6F-6CA2-4D78-822B-FDAB05650DAC} - System32\Tasks\Driver Detective-RTMScan => C:\Program Files\Driver Detective\DriversHQ.DriverDetective.Client.exe [2015-09-22] (PC Drivers Headquarters) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (Whitelisted) ============== 2015-09-02 16:29 - 2015-09-22 21:56 - 00354592 _____ () C:\Program Files\Driver Detective\Agent.Common.XmlSerializers.dll 2015-09-02 16:30 - 2015-09-22 21:55 - 00810272 _____ () C:\Program Files\Driver Detective\ThemePack.Default.dll 2015-09-02 16:29 - 2015-09-22 21:56 - 00485664 _____ () C:\Program Files\Driver Detective\Agent.Communication.XmlSerializers.dll 2015-09-02 16:30 - 2015-09-02 16:30 - 00071968 _____ () C:\Program Files\Driver Detective\RuleEngine.XmlSerializers.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7868 more restricted sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1968118532-1448927574-937044247-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Matt's Services\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AVGIDSAgent => 2 MSCONFIG\Services: avgwd => 2 MSCONFIG\Services: FlipShare Service => 2 MSCONFIG\Services: FlipShareServer => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodecPackUpdateChecker.lnk => C:\Windows\pss\CodecPackUpdateChecker.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Find Fast.lnk => C:\Windows\pss\Microsoft Find Fast.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office Shortcut Bar.lnk => C:\Windows\pss\Microsoft Office Shortcut Bar.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Office Startup.lnk => C:\Windows\pss\Office Startup.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Matt's Services^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup MSCONFIG\startupfolder: C:^Users^Matt's Services^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Socialbox.lnk => C:\Windows\pss\Socialbox.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" MSCONFIG\startupreg: BrMfcWnd => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN MSCONFIG\startupreg: ControlCenter3 => C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun MSCONFIG\startupreg: DiscWizardMonitor.exe => "C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe MSCONFIG\startupreg: Facebook Update => "C:\Users\Matt's Services\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe MSCONFIG\startupreg: NUSB3MON => "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Seagate Scheduler2 Service => "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: snp2uvc => C:\Windows\vsnp2uvc.exe MSCONFIG\startupreg: SoundMan => SOUNDMAN.EXE MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SynTPEnh => MSCONFIG\startupreg: UVS12 Preload => C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe MSCONFIG\startupreg: WD Drive Manager => C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{018B52C2-DEF6-4660-8CC8-E134FFC7D0D5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{C75D015C-C400-4463-BE7F-BF8D51082F99}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{7857E873-FBC5-49CE-AC5A-091853587C5E}] => (Allow) LPort=50000 ==================== Faulty Device Manager Devices ============= Name: Null Description: Null Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Null Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Patin Couffin engine Description: Patin Couffin engine Class Guid: {ff646f80-8def-11d2-9449-00105a075f6b} Manufacturer: VSO Software Service: Pcouffin Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39) Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (09/24/2015 05:55:54 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: STI BrtSTI: [2015/09/24 17:55:54.056]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2 Error: (09/24/2015 05:55:53 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: STI BrtSTI: [2015/09/24 17:55:53.056]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2 Error: (09/24/2015 05:55:52 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: STI BrtSTI: [2015/09/24 17:55:52.056]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2 Error: (09/24/2015 05:55:51 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: STI BrtSTI: [2015/09/24 17:55:51.056]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2 Error: (09/24/2015 05:55:50 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: STI BrtSTI: [2015/09/24 17:55:50.056]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2 Error: (09/24/2015 05:55:49 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: STI BrtSTI: [2015/09/24 17:55:49.056]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2 Error: (09/24/2015 05:55:48 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: STI BrtSTI: [2015/09/24 17:55:48.025]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2 Error: (09/24/2015 05:55:46 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: STI BrtSTI: [2015/09/24 17:55:46.947]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2 Error: (09/24/2015 05:55:45 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: STI BrtSTI: [2015/09/24 17:55:45.900]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2 Error: (09/24/2015 05:55:44 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: STI BrtSTI: [2015/09/24 17:55:44.900]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2 System errors: ============= Error: (09/25/2015 11:48:34 AM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for FailureCommand with the following error: %%5 Error: (09/25/2015 11:47:52 AM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for Start with the following error: %%5 Error: (09/25/2015 11:39:20 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: ASPI32 invrgg Null Error: (09/25/2015 11:38:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Garmin Device Interaction Service service failed to start due to the following error: %%1053 Error: (09/25/2015 11:38:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect. Error: (09/24/2015 05:54:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: ASPI32 invrgg Null Error: (09/24/2015 05:54:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Garmin Device Interaction Service service failed to start due to the following error: %%1053 Error: (09/24/2015 05:54:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect. Error: (09/24/2015 01:39:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: ASPI32 invrgg Null Error: (09/24/2015 01:38:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Garmin Device Interaction Service service failed to start due to the following error: %%1053 ==================== Memory info =========================== Processor: AMD Athlon 64 Processor 3500+ Percentage of memory in use: 42% Total physical RAM: 3518.55 MB Available physical RAM: 2007.26 MB Total Virtual: 7035.42 MB Available Virtual: 5284.93 MB ==================== Drives ================================ Drive c: (Hard Drive) (Fixed) (Total:148.76 GB) (Free:96.32 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 68796879) Partition 1: (Not Active) - (Size=148.8 GB) - (Type=07 NTFS) Partition 2: (Active) - (Size=290 MB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  2. Maniac, Here are my new FRST Reports: Thanks so much for your help You Rock! FARBAR report Addition.txt will be in another windows reply after this one. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-09-2015 Ran by Matt's Services (administrator) on MATTSSERVICES (25-09-2015 11:57:13) Running from C:\Users\Matt's Services\Documents\_Programs Loaded Profiles: Matt's Services (Available Profiles: Matt's Services) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgrsx.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Future Systems Solutions, Inc.) C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (PC Drivers HeadQuarters LP) C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe (PC Drivers Headquarters) C:\Program Files\Driver Detective\DriversHQ.DriverDetective.Client.exe (PC Drivers HeadQuarters LP) C:\Program Files\Veloxum\iPTE\DriverSupportAO.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe (Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation) HKLM\...\RunOnce: [b Register C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer HKU\S-1-5-21-1968118532-1448927574-937044247-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-1968118532-1448927574-937044247-1002\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 HKU\S-1-5-21-1968118532-1448927574-937044247-1002\...\Policies\Explorer: [NoResolveSearch] 1 HKU\S-1-5-21-1968118532-1448927574-937044247-1002\...\Policies\Explorer: [NoInternetOpenWith] 1 HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\tray.exe [1010008 2015-04-10] (Garmin Ltd. or its subsidiaries) BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /syncC:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{B6638127-D991-40AB-89C8-B0F581C94D40}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1968118532-1448927574-937044247-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002 -> DefaultScope {1F82DE6F-0F35-44BC-924F-D6FE5DD5E405} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002 -> {09EB195F-BF90-4FDB-98EA-7DF014221FD8} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002 -> {0A1A0E6D-2C13-45E4-A436-9FAFB9490689} URL = hxxp://www.bing.com/search?FORM=UP76DF&PC=UP76&dt=042113&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002 -> {1F82DE6F-0F35-44BC-924F-D6FE5DD5E405} URL = hxxps://www.google.com/search?q={searchTerms} BHO: IGMONObj Class -> {02464DDC-3187-11D8-8004-0020ED227566} -> No File BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-06] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-06] (Oracle Corporation) DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} hxxp://dealers.carsforsale.com/WebResource.axd?d=cagL7lkRPEDVEh50kjo19oaXrSwMwB3tO4EZqePf6ToaKu0al8cTImjf6oP1qfbnz6FvTlr7N58v2x_m0nXhEqdIe3DTKqMqk10zSa7FUmqnXRxsSB1FozIZrdbVavmvoctSVcE7MmiBLwyObipNf-d7UmBcf9JXG5VZpZUfIZs0Eiap0&t=634481451840000000 DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Matt's Services\AppData\Roaming\Mozilla\Firefox\Profiles\on2nu21w.default FF DefaultSearchEngine: Google FF DefaultSearchEngine.US: Google FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-15] () FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.) FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-06] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-06] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1968118532-1448927574-937044247-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Matt's Services\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-12-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-12-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-12-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-12-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-12-17] (Apple Inc.) FF SearchPlugin: C:\Users\Matt's Services\AppData\Roaming\Mozilla\Firefox\Profiles\on2nu21w.default\searchplugins\bigseekpro.xml [2010-09-07] FF Extension: Default Manager - C:\Users\Matt's Services\AppData\Roaming\Mozilla\Firefox\Profiles\on2nu21w.default\Extensions\DefaultManager@Microsoft [2013-05-03] FF Extension: Block site - C:\Users\Matt's Services\AppData\Roaming\Mozilla\Firefox\Profiles\on2nu21w.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-05-28] FF Extension: Pin It Button - C:\Users\Matt's Services\AppData\Roaming\Mozilla\Firefox\Profiles\on2nu21w.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2014-12-21] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-09-02] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-09-02] FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-08-19] (Advanced Micro Devices, Inc.) [File not signed] R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) R2 casperhpb; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE [368944 2012-11-30] (Future Systems Solutions, Inc.) R2 DSAO; C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe [2029008 2015-08-05] (PC Drivers HeadQuarters LP) S4 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] () S4 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed] S2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [708104 2015-04-10] (Garmin Ltd. or its subsidiaries) R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation) R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed] R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) S4 AVGIDSAgent; "C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [X] S4 avgwd; "C:\Program Files\AVG\AVG10\avgwdsvc.exe" [X] S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [X] S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation) R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.) R0 amacpi; C:\Windows\System32\DRIVERS\null.sys [4608 2009-07-13] (Microsoft Corporation) S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [123472 2010-08-19] (AVG Technologies CZ, s.r.o. ) R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [25680 2010-09-13] (AVG Technologies CZ, s.r.o. ) S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [30288 2010-08-19] (AVG Technologies CZ, s.r.o. ) S3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [21072 2010-08-19] (AVG Technologies CZ, s.r.o. ) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [249424 2010-09-07] (AVG Technologies CZ, s.r.o.) R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34384 2010-09-07] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [26064 2010-09-07] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [298448 2010-09-07] (AVG Technologies CZ, s.r.o.) R1 ElRawDisk; C:\Windows\system32\drivers\elrawdsk.sys [20560 2007-03-22] (EldoS Corporation) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14920 2012-12-21] () [File not signed] S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9160 2012-12-21] () [File not signed] R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [128016 2009-06-15] (Kaspersky Lab) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-25] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.) S3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [75776 2012-03-15] (Renesas Electronics Corporation) S3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [168960 2012-03-15] (Renesas Electronics Corporation) R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [15688 2013-09-30] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] () S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3482240 2009-08-05] () [File not signed] S3 TucbAudio; C:\Windows\System32\drivers\TucbAudio.sys [23096 2010-02-18] (Windows ® Codename Longhorn DDK provider) S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [41472 2010-04-16] (Apple, Inc.) [File not signed] R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [83392 2012-04-27] (Acronis) S1 ASPI32; no ImagePath S3 catchme; \??\C:\Users\MATT'S~1\AppData\Local\Temp\catchme.sys [X] S0 invrgg; System32\drivers\fygprsc.sys [X] S3 LVRS; system32\DRIVERS\lvrs.sys [X] S3 LVUVC; system32\DRIVERS\lvuvc.sys [X] S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X] S3 Pcouffin; System32\Drivers\Pcouffin.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-25 11:50 - 2015-09-25 11:51 - 01695744 _____ (Farbar) C:\Users\Matt's Services\Downloads\FRST(3).exe 2015-09-24 13:39 - 2015-09-24 13:39 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\06FA3BF5.sys 2015-09-22 22:05 - 2015-09-22 22:06 - 00033955 _____ C:\Users\Matt's Services\Downloads\Addition.txt 2015-09-22 22:03 - 2015-09-25 11:57 - 00000000 ____D C:\FRST 2015-09-22 22:03 - 2015-09-22 22:06 - 00038394 _____ C:\Users\Matt's Services\Downloads\FRST.txt 2015-09-22 22:02 - 2015-09-22 22:02 - 01695232 _____ (Farbar) C:\Users\Matt's Services\Downloads\FRST(2).exe 2015-09-22 21:50 - 2015-09-22 21:50 - 00899072 _____ (Farbar) C:\Users\Matt's Services\Downloads\FSS(1).exe 2015-09-17 18:26 - 2015-09-17 18:26 - 00002737 _____ C:\Users\Public\Desktop\Nero StartSmart.lnk 2015-09-17 18:26 - 2015-09-17 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition 2015-09-17 18:21 - 2015-09-17 18:23 - 00000000 ____D C:\Program Files\Common Files\Ahead 2015-09-17 18:21 - 2015-09-17 18:21 - 00000000 ____D C:\Program Files\Nero 2015-09-17 17:57 - 2015-09-17 17:50 - 00450786 ____R C:\Windows\system32\Drivers\etc\hosts.20150917-175723.backup 2015-09-17 17:50 - 2015-09-17 17:49 - 00000836 ____R C:\Windows\system32\Drivers\etc\hosts.20150917-175049.backup 2015-09-17 17:49 - 2015-08-03 20:55 - 00000834 _____ C:\Windows\system32\Drivers\etc\hosts.20150917-174904.backup 2015-09-17 16:20 - 2015-09-17 16:20 - 00001604 _____ C:\Users\Matt's Services\Desktop\SpybotSD.lnk 2015-09-17 15:59 - 2015-09-17 15:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2015-09-16 09:46 - 2015-09-16 09:46 - 00000000 __SHD C:\found.001 2015-09-15 22:59 - 2015-09-15 22:59 - 00000000 ____D C:\Users\Matt's Services\Desktop\MSIE Bookmarks 2015-09-15 17:36 - 2015-09-15 17:36 - 00000000 ____D C:\Users\Matt's Services\AppData\Local\Hewlett-Packard 2015-09-15 17:35 - 2015-09-15 17:35 - 00000000 ____D C:\Users\Matt's Services\AppData\Roaming\Hewlett-Packard 2015-09-15 17:20 - 2015-09-15 17:44 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2015-09-15 16:46 - 2015-09-15 16:46 - 00000000 ____D C:\Users\Matt's Services\Documents\SmartPack 2015-09-15 16:44 - 2015-09-15 16:44 - 00000000 ____D C:\Program Files\AMD 2015-09-15 16:29 - 2015-09-15 16:29 - 00000000 ____D C:\Users\Matt's Services\Downloads\Driver Support 2015-09-15 16:28 - 2015-09-15 16:28 - 00001721 _____ C:\Users\Matt's Services\Desktop\DriversHQ.DriverDetective.Client.lnk 2015-09-15 16:27 - 2015-09-15 16:27 - 00000000 ____D C:\ProgramData\Driver Support 2015-09-15 16:24 - 2015-09-22 21:57 - 00000000 ____D C:\ProgramData\UAB 2015-09-15 16:24 - 2015-09-15 16:24 - 00000000 ____D C:\Program Files\Veloxum 2015-09-15 16:23 - 2015-09-15 16:23 - 00000000 ____D C:\Users\Matt's Services\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Detective 2015-09-15 16:22 - 2015-09-22 21:57 - 00000000 ____D C:\Program Files\Driver Detective 2015-09-15 15:53 - 2015-09-15 16:12 - 00000000 ____D C:\AdwCleaner 2015-09-15 14:48 - 2015-09-15 15:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-09-15 14:46 - 2015-09-15 18:26 - 00000000 ____D C:\Users\Matt's Services\Desktop\mbar 2015-09-15 13:50 - 2015-09-25 11:51 - 00506091 _____ C:\Windows\WindowsUpdate.log 2015-09-15 13:48 - 2015-09-25 11:37 - 00001344 _____ C:\Windows\setupact.log 2015-09-15 13:48 - 2015-09-15 13:48 - 00000000 _____ C:\Windows\setuperr.log 2015-09-15 11:30 - 2015-09-15 11:30 - 00001280 _____ C:\Users\Matt's Services\Desktop\AVS Registry Cleaner.lnk 2015-09-15 11:26 - 2015-09-15 11:26 - 00000468 _____ C:\Users\Matt's Services\Desktop\Local Disk (D).lnk 2015-09-15 00:02 - 2015-09-15 00:02 - 00000000 ____D C:\AMD 2015-09-14 23:48 - 2015-09-14 23:48 - 00032832 _____ C:\Windows\system32\rnd_chunk.bin 2015-09-14 23:27 - 2015-08-17 21:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-09-14 23:27 - 2015-08-15 02:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-09-14 23:27 - 2015-08-15 01:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-09-14 23:27 - 2015-08-15 01:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-09-14 23:27 - 2015-08-15 01:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-09-14 23:27 - 2015-08-15 01:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-09-14 23:27 - 2015-08-15 01:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-09-14 23:27 - 2015-08-15 01:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-09-14 23:27 - 2015-08-15 01:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-09-14 23:27 - 2015-08-15 01:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-09-14 23:27 - 2015-08-15 01:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-09-14 23:27 - 2015-08-15 01:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-09-14 23:27 - 2015-08-15 01:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-09-14 23:27 - 2015-08-15 01:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-09-14 23:27 - 2015-08-15 01:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-09-14 23:27 - 2015-08-15 01:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-09-14 23:27 - 2015-08-15 01:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-09-14 23:27 - 2015-08-15 01:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-09-14 23:27 - 2015-08-15 01:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-09-14 23:27 - 2015-08-15 01:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-09-14 23:27 - 2015-08-15 01:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-09-14 23:27 - 2015-08-15 01:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-09-14 23:27 - 2015-08-15 01:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-09-14 23:27 - 2015-08-15 01:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-09-14 23:27 - 2015-08-15 01:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-09-14 23:27 - 2015-08-15 01:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-09-14 23:27 - 2015-08-15 01:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-09-14 23:27 - 2015-08-15 01:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-09-14 23:27 - 2015-08-15 01:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-09-14 23:27 - 2015-08-15 00:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-09-14 23:27 - 2015-08-15 00:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-09-14 23:27 - 2015-08-15 00:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-09-14 23:24 - 2015-08-04 13:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-09-14 23:24 - 2015-08-04 13:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-09-14 23:24 - 2015-08-04 13:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-09-14 23:24 - 2015-08-04 13:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-09-14 23:24 - 2015-08-04 13:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-09-14 23:24 - 2015-08-04 12:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-09-14 23:23 - 2015-09-01 22:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-09-14 23:23 - 2015-09-01 22:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-09-14 23:23 - 2015-09-01 22:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-09-14 23:23 - 2015-09-01 22:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-09-14 23:23 - 2015-09-01 21:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-09-14 23:23 - 2015-09-01 21:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-09-14 23:23 - 2015-08-27 13:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-09-14 23:23 - 2015-08-27 13:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-09-14 23:23 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2015-09-14 23:23 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-09-14 23:23 - 2015-08-05 13:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2015-09-14 23:23 - 2015-08-05 13:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-09-14 23:23 - 2015-08-05 13:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-09-14 23:20 - 2015-08-26 13:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-09-14 23:20 - 2015-08-26 13:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-09-14 23:20 - 2015-08-26 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-09-14 23:20 - 2015-08-26 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-09-14 23:20 - 2015-08-26 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-09-14 23:20 - 2015-08-26 13:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-09-14 23:20 - 2015-08-26 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-09-14 23:20 - 2015-08-26 13:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-09-14 23:20 - 2015-08-26 13:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-09-14 23:20 - 2015-08-26 13:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-09-14 23:20 - 2015-08-26 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-09-14 21:49 - 2015-09-14 21:49 - 00000000 ____D C:\Users\Matt's Services\Downloads\PC Drivers HeadQuarters 2015-09-14 21:46 - 2015-09-15 23:50 - 00000000 ____D C:\Users\Matt's Services\AppData\Local\PC_Drivers_Headquarters 2015-09-14 21:46 - 2015-09-14 21:46 - 00000000 ____D C:\ProgramData\PC Drivers HeadQuarters 2015-09-04 19:33 - 2015-09-05 17:46 - 00002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2015-09-04 13:57 - 2015-09-04 14:00 - 00000000 ____D C:\ProgramData\Auslogics 2015-09-04 13:56 - 2015-09-05 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics 2015-09-04 13:56 - 2015-09-04 13:56 - 00001253 _____ C:\Users\Matt's Services\Desktop\Auslogics DiskDefrag.lnk 2015-09-02 18:41 - 2015-09-15 11:35 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-25 11:47 - 2009-07-14 00:34 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-25 11:47 - 2009-07-14 00:34 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-25 11:38 - 2015-08-07 12:36 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-25 11:37 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-24 18:00 - 2013-02-26 11:52 - 04775936 _____ C:\Users\Matt's Services\Desktop\QDATA1.QDF 2015-09-24 17:59 - 2010-01-04 14:41 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-24 17:58 - 2012-11-10 16:52 - 04775936 _____ C:\QDATA1.QDF-backup 2015-09-24 17:56 - 2013-02-26 11:52 - 00095856 _____ C:\Users\Matt's Services\Desktop\QDATA1OFXLOG.DAT 2015-09-23 20:13 - 2015-08-15 04:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-09-19 15:25 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\LogFiles 2015-09-17 18:21 - 2010-01-05 02:34 - 00000000 ____D C:\ProgramData\Nero 2015-09-17 18:01 - 2010-01-05 06:37 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2015-09-17 17:50 - 2010-01-05 06:37 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2015-09-17 17:21 - 2014-07-11 22:25 - 00000000 ____D C:\Temp 2015-09-15 23:59 - 2014-11-29 16:15 - 00000000 ____D C:\Users\Matt's Services\AppData\Roaming\AVS4YOU 2015-09-15 23:55 - 2014-03-21 18:17 - 00000260 _____ C:\Windows\system32\cmdVBS.vbs 2015-09-15 23:55 - 2014-03-21 18:17 - 00000256 _____ C:\Windows\system32\MSIevent.bat 2015-09-15 23:54 - 2013-12-27 19:31 - 00000000 ____D C:\Program Files\Hewlett-Packard 2015-09-15 22:39 - 2009-07-14 00:33 - 01066192 _____ C:\Windows\system32\FNTCACHE.DAT 2015-09-15 18:02 - 2014-11-29 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU 2015-09-15 18:02 - 2014-11-29 16:11 - 00000000 ____D C:\Program Files\AVS4YOU 2015-09-15 17:45 - 2013-12-27 23:28 - 00000000 ____D C:\Users\Matt's Services\AppData\Roaming\hpqLog 2015-09-15 17:44 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Help 2015-09-15 17:43 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache 2015-09-15 17:21 - 2013-12-27 23:54 - 00000000 ____D C:\SYSTEM.SAV 2015-09-15 17:16 - 2010-01-05 22:08 - 00411568 _____ C:\Users\Matt's Services\AppData\Local\GDIPFONTCACHEV1.DAT 2015-09-15 16:50 - 2010-01-05 06:50 - 00000000 ____D C:\Users\Matt's Services\Documents\Unzipped 2015-09-15 16:39 - 2010-03-04 15:50 - 00000000 ____D C:\Users\Matt's Services\AppData\Local\Apps\2.0 2015-09-15 16:23 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Microsoft.NET 2015-09-15 14:46 - 2015-08-07 12:34 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-09-15 14:41 - 2015-08-07 12:35 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-09-15 14:41 - 2015-08-07 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-09-15 14:41 - 2015-08-07 12:34 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-09-15 13:37 - 2010-01-05 08:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities 2015-09-15 13:36 - 2010-01-05 00:45 - 00000000 ____D C:\Program Files\Microsoft Office 2015-09-15 13:36 - 2009-07-13 22:37 - 00000000 __RSD C:\Windows\Media 2015-09-15 13:36 - 2009-07-13 22:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2015-09-15 13:08 - 2009-07-14 03:50 - 00000000 ____D C:\Program Files\Windows Journal 2015-09-15 13:01 - 2010-01-06 00:09 - 00000000 ____D C:\Program Files\Yoostar Inc 2015-09-15 12:56 - 2010-07-29 12:19 - 00000000 ____D C:\ProgramData\DivX 2015-09-15 12:51 - 2010-01-05 08:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Studio 2015-09-15 12:50 - 2010-01-05 08:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Studio 2015-09-15 12:48 - 2010-01-05 08:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anti-Virus 2015-09-15 12:42 - 2010-01-05 08:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graphics Studio 2015-09-15 12:36 - 2010-01-05 05:12 - 00000000 ____D C:\Program Files\Sony 2015-09-15 12:32 - 2010-01-06 00:09 - 00000000 ____D C:\Users\Public\Documents\yoostar 2015-09-15 12:31 - 2010-03-16 11:36 - 00000000 ____D C:\Users\Matt's Services\AppData\Local\Yahoo 2015-09-15 12:25 - 2010-01-05 02:21 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2015-09-15 12:10 - 2010-03-04 15:50 - 00000000 ____D C:\Users\Matt's Services\AppData\Local\Deployment 2015-09-15 12:03 - 2013-04-20 21:23 - 00000000 ____D C:\Users\Matt's Services\AppData\Local\Windows Live Writer 2015-09-15 11:21 - 2010-01-05 00:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Reference 2015-09-15 01:03 - 2013-07-24 22:07 - 00000000 ____D C:\Windows\system32\MRT 2015-09-15 00:04 - 2013-04-01 20:35 - 00000000 ____D C:\ProgramData\Package Cache 2015-09-05 17:46 - 2012-05-25 22:31 - 00001945 _____ C:\Windows\epplauncher.mif 2015-09-05 17:45 - 2014-03-21 19:46 - 00000000 ____D C:\Program Files\Microsoft Security Client 2015-09-05 15:46 - 2010-05-15 10:24 - 00000000 ____D C:\Program Files\Auslogics 2015-09-03 17:29 - 2012-05-03 16:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-08-27 23:58 - 2013-02-26 11:44 - 00000000 ____D C:\Users\Matt's Services\Desktop\BACKUP 2015-08-27 23:40 - 2010-01-04 14:38 - 00000000 ____D C:\Users\Matt's Services 2015-08-26 18:36 - 2010-01-06 21:50 - 132039072 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Files in the root of some directories ======= 2010-07-21 17:33 - 2014-09-01 00:26 - 0000199 _____ () C:\Users\Matt's Services\AppData\Roaming\default.rss 2010-01-05 06:54 - 2012-07-04 16:03 - 0000977 _____ () C:\Users\Matt's Services\AppData\Roaming\DVDSubEdit.ini 2011-10-18 15:24 - 2011-10-18 15:26 - 0087608 _____ () C:\Users\Matt's Services\AppData\Roaming\inst.exe 2011-10-18 15:24 - 2011-10-18 15:26 - 0007887 _____ () C:\Users\Matt's Services\AppData\Roaming\pcouffin.cat 2011-10-18 15:24 - 2011-10-18 15:26 - 0001144 _____ () C:\Users\Matt's Services\AppData\Roaming\pcouffin.inf 2011-10-18 15:25 - 2011-10-18 15:26 - 0000033 _____ () C:\Users\Matt's Services\AppData\Roaming\pcouffin.log 2011-10-18 15:24 - 2011-10-18 15:26 - 0047360 _____ (VSO Software) C:\Users\Matt's Services\AppData\Roaming\pcouffin.sys 2012-03-26 19:58 - 2012-04-23 16:29 - 0039936 _____ () C:\Users\Matt's Services\AppData\Roaming\SharedSettings.ccs 2011-10-18 15:25 - 2011-10-18 15:26 - 0001041 _____ () C:\Users\Matt's Services\AppData\Roaming\vso_ts_preview.xml 2015-08-03 21:24 - 2015-08-03 21:56 - 0000600 _____ () C:\Users\Matt's Services\AppData\Roaming\winscp.rnd 2010-09-22 13:27 - 2012-07-04 16:06 - 0003584 _____ () C:\Users\Matt's Services\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-03-21 18:18 - 2014-03-21 18:18 - 0009662 _____ () C:\Users\Matt's Services\AppData\Local\MessageCenter.ico 2014-03-21 18:18 - 2014-03-21 18:18 - 0009662 _____ () C:\Users\Matt's Services\AppData\Local\MyVerizon.ico 2014-03-21 18:18 - 2014-03-21 18:18 - 0103749 _____ () C:\Users\Matt's Services\AppData\Local\VZWifiIcon.ico ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-14 23:40 ==================== End of FRST.txt ============================
  3. I posted it after the FRST reports I dunno what happened to it, but I definitely posted addition.txt do you want me to rerun frst again? thanks for your help! Matt
  4. All 3 of my pc keep getting outgoing website msgs blocking me from accessing the website which is a good safe site and is reporting it as bad. This is a false positive. How can I stop this? It is very annoying. In all the years I have had MBAM (over 7 years now) I NEVER got these msgs! Someone please help! Thanks! Mattmin
  5. Boris Here is my FRST report from PC2 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-09-2015 Ran by Matt's Services (administrator) on MATTSSERVICES (22-09-2015 22:03:21) Running from C:\Users\Matt's Services\Downloads Loaded Profiles: Matt's Services (Available Profiles: Matt's Services) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgrsx.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Future Systems Solutions, Inc.) C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe (Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (PC Drivers Headquarters) C:\Program Files\Driver Detective\DriversHQ.DriverDetective.Client.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.207.354.0.exe (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe (PC Drivers HeadQuarters LP) C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe (PC Drivers HeadQuarters LP) C:\Program Files\Veloxum\iPTE\DriverSupportAO.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe (Farbar) C:\Users\Matt's Services\Downloads\FRST(2).exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation) HKLM\...\RunOnce: [b Register C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\tray.exe [1010008 2015-04-10] (Garmin Ltd. or its subsidiaries) BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /syncC:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{B6638127-D991-40AB-89C8-B0F581C94D40}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1968118532-1448927574-937044247-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002 -> DefaultScope {1F82DE6F-0F35-44BC-924F-D6FE5DD5E405} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002 -> {09EB195F-BF90-4FDB-98EA-7DF014221FD8} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002 -> {0A1A0E6D-2C13-45E4-A436-9FAFB9490689} URL = hxxp://www.bing.com/search?FORM=UP76DF&PC=UP76&dt=042113&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002 -> {1F82DE6F-0F35-44BC-924F-D6FE5DD5E405} URL = hxxps://www.google.com/search?q={searchTerms} BHO: IGMONObj Class -> {02464DDC-3187-11D8-8004-0020ED227566} -> No File BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-06] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-06] (Oracle Corporation) DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} hxxp://dealers.carsforsale.com/WebResource.axd?d=cagL7lkRPEDVEh50kjo19oaXrSwMwB3tO4EZqePf6ToaKu0al8cTImjf6oP1qfbnz6FvTlr7N58v2x_m0nXhEqdIe3DTKqMqk10zSa7FUmqnXRxsSB1FozIZrdbVavmvoctSVcE7MmiBLwyObipNf-d7UmBcf9JXG5VZpZUfIZs0Eiap0&t=634481451840000000 DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Matt's Services\AppData\Roaming\Mozilla\Firefox\Profiles\on2nu21w.default FF DefaultSearchEngine: Google FF DefaultSearchEngine.US: Google FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-15] () FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.) FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-06] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-06] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1968118532-1448927574-937044247-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Matt's Services\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-12-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-12-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-12-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-12-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-12-17] (Apple Inc.) FF SearchPlugin: C:\Users\Matt's Services\AppData\Roaming\Mozilla\Firefox\Profiles\on2nu21w.default\searchplugins\bigseekpro.xml [2010-09-07] FF Extension: Default Manager - C:\Users\Matt's Services\AppData\Roaming\Mozilla\Firefox\Profiles\on2nu21w.default\Extensions\DefaultManager@Microsoft [2013-05-03] FF Extension: Block site - C:\Users\Matt's Services\AppData\Roaming\Mozilla\Firefox\Profiles\on2nu21w.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-05-28] FF Extension: Pin It Button - C:\Users\Matt's Services\AppData\Roaming\Mozilla\Firefox\Profiles\on2nu21w.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2014-12-21] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-09-02] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-09-02] FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-08-19] (Advanced Micro Devices, Inc.) [File not signed] R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) R2 casperhpb; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE [368944 2012-11-30] (Future Systems Solutions, Inc.) R2 DSAO; C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe [2029008 2015-08-05] (PC Drivers HeadQuarters LP) S4 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] () S4 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed] S2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [708104 2015-04-10] (Garmin Ltd. or its subsidiaries) R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation) R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed] R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) S4 AVGIDSAgent; "C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [X] S4 avgwd; "C:\Program Files\AVG\AVG10\avgwdsvc.exe" [X] S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [X] S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation) R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.) R0 amacpi; C:\Windows\System32\DRIVERS\null.sys [4608 2009-07-13] (Microsoft Corporation) S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [123472 2010-08-19] (AVG Technologies CZ, s.r.o. ) R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [25680 2010-09-13] (AVG Technologies CZ, s.r.o. ) S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [30288 2010-08-19] (AVG Technologies CZ, s.r.o. ) S3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [21072 2010-08-19] (AVG Technologies CZ, s.r.o. ) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [249424 2010-09-07] (AVG Technologies CZ, s.r.o.) R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34384 2010-09-07] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [26064 2010-09-07] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [298448 2010-09-07] (AVG Technologies CZ, s.r.o.) R1 ElRawDisk; C:\Windows\system32\drivers\elrawdsk.sys [20560 2007-03-22] (EldoS Corporation) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14920 2012-12-21] () [File not signed] S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9160 2012-12-21] () [File not signed] R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [128016 2009-06-15] (Kaspersky Lab) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-22] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation) R1 MpKsl60f84b52; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F3424DDE-16DB-40AF-A5B7-468EABC7E59E}\MpKsl60f84b52.sys [39168 2015-09-22] (Microsoft Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.) S3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [75776 2012-03-15] (Renesas Electronics Corporation) S3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [168960 2012-03-15] (Renesas Electronics Corporation) R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [15688 2013-09-30] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] () S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3482240 2009-08-05] () [File not signed] S3 TucbAudio; C:\Windows\System32\drivers\TucbAudio.sys [23096 2010-02-18] (Windows ® Codename Longhorn DDK provider) S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [41472 2010-04-16] (Apple, Inc.) [File not signed] R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [83392 2012-04-27] (Acronis) S1 ASPI32; no ImagePath S3 catchme; \??\C:\Users\MATT'S~1\AppData\Local\Temp\catchme.sys [X] S0 invrgg; System32\drivers\fygprsc.sys [X] S3 LVRS; system32\DRIVERS\lvrs.sys [X] S3 LVUVC; system32\DRIVERS\lvuvc.sys [X] S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X] S3 Pcouffin; System32\Drivers\Pcouffin.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-22 22:03 - 2015-09-22 22:03 - 00017206 _____ C:\Users\Matt's Services\Downloads\FRST.txt 2015-09-22 22:03 - 2015-09-22 22:03 - 00000000 ____D C:\FRST 2015-09-22 22:02 - 2015-09-22 22:02 - 01695232 _____ (Farbar) C:\Users\Matt's Services\Downloads\FRST(2).exe 2015-09-22 21:50 - 2015-09-22 21:50 - 00899072 _____ (Farbar) C:\Users\Matt's Services\Downloads\FSS(1).exe 2015-09-17 18:26 - 2015-09-17 18:26 - 00002737 _____ C:\Users\Public\Desktop\Nero StartSmart.lnk 2015-09-17 18:26 - 2015-09-17 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition 2015-09-17 18:21 - 2015-09-17 18:23 - 00000000 ____D C:\Program Files\Common Files\Ahead 2015-09-17 18:21 - 2015-09-17 18:21 - 00000000 ____D C:\Program Files\Nero 2015-09-17 17:57 - 2015-09-17 17:50 - 00450786 ____R C:\Windows\system32\Drivers\etc\hosts.20150917-175723.backup 2015-09-17 17:50 - 2015-09-17 17:49 - 00000836 ____R C:\Windows\system32\Drivers\etc\hosts.20150917-175049.backup 2015-09-17 17:49 - 2015-08-03 20:55 - 00000834 _____ C:\Windows\system32\Drivers\etc\hosts.20150917-174904.backup 2015-09-17 16:20 - 2015-09-17 16:20 - 00001604 _____ C:\Users\Matt's Services\Desktop\SpybotSD.lnk 2015-09-17 15:59 - 2015-09-17 15:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2015-09-16 09:46 - 2015-09-16 09:46 - 00000000 __SHD C:\found.001 2015-09-15 22:59 - 2015-09-15 22:59 - 00000000 ____D C:\Users\Matt's Services\Desktop\MSIE Bookmarks 2015-09-15 17:36 - 2015-09-15 17:36 - 00000000 ____D C:\Users\Matt's Services\AppData\Local\Hewlett-Packard 2015-09-15 17:35 - 2015-09-15 17:35 - 00000000 ____D C:\Users\Matt's Services\AppData\Roaming\Hewlett-Packard 2015-09-15 17:20 - 2015-09-15 17:44 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2015-09-15 16:46 - 2015-09-15 16:46 - 00000000 ____D C:\Users\Matt's Services\Documents\SmartPack 2015-09-15 16:44 - 2015-09-15 16:44 - 00000000 ____D C:\Program Files\AMD 2015-09-15 16:29 - 2015-09-15 16:29 - 00000000 ____D C:\Users\Matt's Services\Downloads\Driver Support 2015-09-15 16:28 - 2015-09-15 16:28 - 00001721 _____ C:\Users\Matt's Services\Desktop\DriversHQ.DriverDetective.Client.lnk 2015-09-15 16:27 - 2015-09-15 16:27 - 00000000 ____D C:\ProgramData\Driver Support 2015-09-15 16:24 - 2015-09-22 21:57 - 00000000 ____D C:\ProgramData\UAB 2015-09-15 16:24 - 2015-09-15 16:24 - 00000000 ____D C:\Program Files\Veloxum 2015-09-15 16:23 - 2015-09-15 16:23 - 00000000 ____D C:\Users\Matt's Services\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Detective 2015-09-15 16:22 - 2015-09-22 21:57 - 00000000 ____D C:\Program Files\Driver Detective 2015-09-15 15:53 - 2015-09-15 16:12 - 00000000 ____D C:\AdwCleaner 2015-09-15 14:48 - 2015-09-15 15:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-09-15 14:46 - 2015-09-15 18:26 - 00000000 ____D C:\Users\Matt's Services\Desktop\mbar 2015-09-15 13:50 - 2015-09-22 21:58 - 00399436 _____ C:\Windows\WindowsUpdate.log 2015-09-15 13:48 - 2015-09-22 21:46 - 00001120 _____ C:\Windows\setupact.log 2015-09-15 13:48 - 2015-09-15 13:48 - 00000000 _____ C:\Windows\setuperr.log 2015-09-15 11:30 - 2015-09-15 11:30 - 00001280 _____ C:\Users\Matt's Services\Desktop\AVS Registry Cleaner.lnk 2015-09-15 11:26 - 2015-09-15 11:26 - 00000468 _____ C:\Users\Matt's Services\Desktop\Local Disk (D).lnk 2015-09-15 00:02 - 2015-09-15 00:02 - 00000000 ____D C:\AMD 2015-09-14 23:48 - 2015-09-14 23:48 - 00032832 _____ C:\Windows\system32\rnd_chunk.bin 2015-09-14 23:27 - 2015-08-17 21:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-09-14 23:27 - 2015-08-15 02:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-09-14 23:27 - 2015-08-15 01:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-09-14 23:27 - 2015-08-15 01:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-09-14 23:27 - 2015-08-15 01:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-09-14 23:27 - 2015-08-15 01:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-09-14 23:27 - 2015-08-15 01:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-09-14 23:27 - 2015-08-15 01:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-09-14 23:27 - 2015-08-15 01:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-09-14 23:27 - 2015-08-15 01:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-09-14 23:27 - 2015-08-15 01:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-09-14 23:27 - 2015-08-15 01:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-09-14 23:27 - 2015-08-15 01:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-09-14 23:27 - 2015-08-15 01:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-09-14 23:27 - 2015-08-15 01:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-09-14 23:27 - 2015-08-15 01:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-09-14 23:27 - 2015-08-15 01:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-09-14 23:27 - 2015-08-15 01:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-09-14 23:27 - 2015-08-15 01:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-09-14 23:27 - 2015-08-15 01:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-09-14 23:27 - 2015-08-15 01:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-09-14 23:27 - 2015-08-15 01:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-09-14 23:27 - 2015-08-15 01:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-09-14 23:27 - 2015-08-15 01:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-09-14 23:27 - 2015-08-15 01:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-09-14 23:27 - 2015-08-15 01:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-09-14 23:27 - 2015-08-15 01:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-09-14 23:27 - 2015-08-15 01:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-09-14 23:27 - 2015-08-15 01:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-09-14 23:27 - 2015-08-15 00:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-09-14 23:27 - 2015-08-15 00:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-09-14 23:27 - 2015-08-15 00:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-09-14 23:24 - 2015-08-04 13:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-09-14 23:24 - 2015-08-04 13:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-09-14 23:24 - 2015-08-04 13:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-09-14 23:24 - 2015-08-04 13:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-09-14 23:24 - 2015-08-04 13:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-09-14 23:24 - 2015-08-04 12:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-09-14 23:23 - 2015-09-01 22:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-09-14 23:23 - 2015-09-01 22:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-09-14 23:23 - 2015-09-01 22:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-09-14 23:23 - 2015-09-01 22:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-09-14 23:23 - 2015-09-01 21:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-09-14 23:23 - 2015-09-01 21:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-09-14 23:23 - 2015-08-27 13:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-09-14 23:23 - 2015-08-27 13:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-09-14 23:23 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2015-09-14 23:23 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-09-14 23:23 - 2015-08-05 13:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2015-09-14 23:23 - 2015-08-05 13:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-09-14 23:23 - 2015-08-05 13:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-09-14 23:20 - 2015-08-26 13:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-09-14 23:20 - 2015-08-26 13:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-09-14 23:20 - 2015-08-26 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-09-14 23:20 - 2015-08-26 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-09-14 23:20 - 2015-08-26 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-09-14 23:20 - 2015-08-26 13:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-09-14 23:20 - 2015-08-26 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-09-14 23:20 - 2015-08-26 13:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-09-14 23:20 - 2015-08-26 13:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-09-14 23:20 - 2015-08-26 13:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-09-14 23:20 - 2015-08-26 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-09-14 21:49 - 2015-09-14 21:49 - 00000000 ____D C:\Users\Matt's Services\Downloads\PC Drivers HeadQuarters 2015-09-14 21:46 - 2015-09-15 23:50 - 00000000 ____D C:\Users\Matt's Services\AppData\Local\PC_Drivers_Headquarters 2015-09-14 21:46 - 2015-09-14 21:46 - 00000000 ____D C:\ProgramData\PC Drivers HeadQuarters 2015-09-04 19:33 - 2015-09-05 17:46 - 00002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2015-09-04 13:57 - 2015-09-04 14:00 - 00000000 ____D C:\ProgramData\Auslogics 2015-09-04 13:56 - 2015-09-05 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics 2015-09-04 13:56 - 2015-09-04 13:56 - 00001253 _____ C:\Users\Matt's Services\Desktop\Auslogics DiskDefrag.lnk 2015-09-02 18:41 - 2015-09-15 11:35 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-08-24 17:14 - 2015-07-16 15:12 - 04922368 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-08-24 17:14 - 2015-07-16 15:12 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2015-08-24 17:14 - 2015-07-16 15:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2015-08-23 15:44 - 2015-06-09 15:35 - 02745856 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-08-23 15:44 - 2015-06-09 15:35 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2015-08-23 15:44 - 2015-06-09 11:17 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-22 21:58 - 2009-07-14 00:34 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-22 21:58 - 2009-07-14 00:34 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-22 21:47 - 2015-08-07 12:36 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-22 21:46 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-20 12:13 - 2015-08-15 04:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-09-19 15:25 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\LogFiles 2015-09-19 14:53 - 2010-01-04 14:41 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-18 19:35 - 2013-02-26 11:52 - 04804858 _____ C:\Users\Matt's Services\Desktop\QDATA1.QDF 2015-09-18 19:34 - 2013-02-26 11:52 - 00095408 _____ C:\Users\Matt's Services\Desktop\QDATA1OFXLOG.DAT 2015-09-18 19:33 - 2012-11-10 16:52 - 04808704 _____ C:\QDATA1.QDF-backup 2015-09-17 18:21 - 2010-01-05 02:34 - 00000000 ____D C:\ProgramData\Nero 2015-09-17 18:01 - 2010-01-05 06:37 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2015-09-17 17:50 - 2010-01-05 06:37 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2015-09-17 17:21 - 2014-07-11 22:25 - 00000000 ____D C:\Temp 2015-09-15 23:59 - 2014-11-29 16:15 - 00000000 ____D C:\Users\Matt's Services\AppData\Roaming\AVS4YOU 2015-09-15 23:55 - 2014-03-21 18:17 - 00000260 _____ C:\Windows\system32\cmdVBS.vbs 2015-09-15 23:55 - 2014-03-21 18:17 - 00000256 _____ C:\Windows\system32\MSIevent.bat 2015-09-15 23:54 - 2013-12-27 19:31 - 00000000 ____D C:\Program Files\Hewlett-Packard 2015-09-15 22:39 - 2009-07-14 00:33 - 01066192 _____ C:\Windows\system32\FNTCACHE.DAT 2015-09-15 18:02 - 2014-11-29 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU 2015-09-15 18:02 - 2014-11-29 16:11 - 00000000 ____D C:\Program Files\AVS4YOU 2015-09-15 17:45 - 2013-12-27 23:28 - 00000000 ____D C:\Users\Matt's Services\AppData\Roaming\hpqLog 2015-09-15 17:44 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Help 2015-09-15 17:43 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache 2015-09-15 17:21 - 2013-12-27 23:54 - 00000000 ____D C:\SYSTEM.SAV 2015-09-15 17:16 - 2010-01-05 22:08 - 00411568 _____ C:\Users\Matt's Services\AppData\Local\GDIPFONTCACHEV1.DAT 2015-09-15 16:50 - 2010-01-05 06:50 - 00000000 ____D C:\Users\Matt's Services\Documents\Unzipped 2015-09-15 16:39 - 2010-03-04 15:50 - 00000000 ____D C:\Users\Matt's Services\AppData\Local\Apps\2.0 2015-09-15 16:23 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Microsoft.NET 2015-09-15 14:46 - 2015-08-07 12:34 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-09-15 14:41 - 2015-08-07 12:35 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-09-15 14:41 - 2015-08-07 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-09-15 14:41 - 2015-08-07 12:34 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-09-15 13:37 - 2010-01-05 08:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities 2015-09-15 13:36 - 2010-01-05 00:45 - 00000000 ____D C:\Program Files\Microsoft Office 2015-09-15 13:36 - 2009-07-13 22:37 - 00000000 __RSD C:\Windows\Media 2015-09-15 13:36 - 2009-07-13 22:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2015-09-15 13:08 - 2009-07-14 03:50 - 00000000 ____D C:\Program Files\Windows Journal 2015-09-15 13:01 - 2010-01-06 00:09 - 00000000 ____D C:\Program Files\Yoostar Inc 2015-09-15 12:56 - 2010-07-29 12:19 - 00000000 ____D C:\ProgramData\DivX 2015-09-15 12:51 - 2010-01-05 08:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Studio 2015-09-15 12:50 - 2010-01-05 08:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Studio 2015-09-15 12:48 - 2010-01-05 08:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anti-Virus 2015-09-15 12:42 - 2010-01-05 08:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graphics Studio 2015-09-15 12:36 - 2010-01-05 05:12 - 00000000 ____D C:\Program Files\Sony 2015-09-15 12:32 - 2010-01-06 00:09 - 00000000 ____D C:\Users\Public\Documents\yoostar 2015-09-15 12:31 - 2010-03-16 11:36 - 00000000 ____D C:\Users\Matt's Services\AppData\Local\Yahoo 2015-09-15 12:25 - 2010-01-05 02:21 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2015-09-15 12:16 - 2010-10-18 11:35 - 00000000 ____D C:\found.000 2015-09-15 12:10 - 2010-03-04 15:50 - 00000000 ____D C:\Users\Matt's Services\AppData\Local\Deployment 2015-09-15 12:03 - 2013-04-20 21:23 - 00000000 ____D C:\Users\Matt's Services\AppData\Local\Windows Live Writer 2015-09-15 11:21 - 2010-01-05 00:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Reference 2015-09-15 01:03 - 2013-07-24 22:07 - 00000000 ____D C:\Windows\system32\MRT 2015-09-15 00:04 - 2013-04-01 20:35 - 00000000 ____D C:\ProgramData\Package Cache 2015-09-05 17:46 - 2012-05-25 22:31 - 00001945 _____ C:\Windows\epplauncher.mif 2015-09-05 17:45 - 2014-03-21 19:46 - 00000000 ____D C:\Program Files\Microsoft Security Client 2015-09-05 15:46 - 2010-05-15 10:24 - 00000000 ____D C:\Program Files\Auslogics 2015-09-03 17:29 - 2012-05-03 16:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-08-27 23:58 - 2013-02-26 11:44 - 00000000 ____D C:\Users\Matt's Services\Desktop\BACKUP 2015-08-27 23:40 - 2010-01-04 14:38 - 00000000 ____D C:\Users\Matt's Services 2015-08-26 18:36 - 2010-01-06 21:50 - 132039072 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-08-24 17:01 - 2013-07-12 18:22 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-08-24 17:01 - 2013-07-12 18:22 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-08-23 15:38 - 2015-05-12 20:27 - 00505632 _____ C:\Users\Matt's Services\Desktop\Ruthie's Money Due.QDF 2015-08-23 15:36 - 2015-08-19 19:38 - 00000672 _____ C:\Users\Matt's Services\Desktop\Ruthie's Money DueOFXLOG.DAT ==================== Files in the root of some directories ======= 2010-07-21 17:33 - 2014-09-01 00:26 - 0000199 _____ () C:\Users\Matt's Services\AppData\Roaming\default.rss 2010-01-05 06:54 - 2012-07-04 16:03 - 0000977 _____ () C:\Users\Matt's Services\AppData\Roaming\DVDSubEdit.ini 2011-10-18 15:24 - 2011-10-18 15:26 - 0087608 _____ () C:\Users\Matt's Services\AppData\Roaming\inst.exe 2011-10-18 15:24 - 2011-10-18 15:26 - 0007887 _____ () C:\Users\Matt's Services\AppData\Roaming\pcouffin.cat 2011-10-18 15:24 - 2011-10-18 15:26 - 0001144 _____ () C:\Users\Matt's Services\AppData\Roaming\pcouffin.inf 2011-10-18 15:25 - 2011-10-18 15:26 - 0000033 _____ () C:\Users\Matt's Services\AppData\Roaming\pcouffin.log 2011-10-18 15:24 - 2011-10-18 15:26 - 0047360 _____ (VSO Software) C:\Users\Matt's Services\AppData\Roaming\pcouffin.sys 2012-03-26 19:58 - 2012-04-23 16:29 - 0039936 _____ () C:\Users\Matt's Services\AppData\Roaming\SharedSettings.ccs 2011-10-18 15:25 - 2011-10-18 15:26 - 0001041 _____ () C:\Users\Matt's Services\AppData\Roaming\vso_ts_preview.xml 2015-08-03 21:24 - 2015-08-03 21:56 - 0000600 _____ () C:\Users\Matt's Services\AppData\Roaming\winscp.rnd 2010-09-22 13:27 - 2012-07-04 16:06 - 0003584 _____ () C:\Users\Matt's Services\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-03-21 18:18 - 2014-03-21 18:18 - 0009662 _____ () C:\Users\Matt's Services\AppData\Local\MessageCenter.ico 2014-03-21 18:18 - 2014-03-21 18:18 - 0009662 _____ () C:\Users\Matt's Services\AppData\Local\MyVerizon.ico 2014-03-21 18:18 - 2014-03-21 18:18 - 0103749 _____ () C:\Users\Matt's Services\AppData\Local\VZWifiIcon.ico ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-14 23:40 ==================== End of FRST.txt ============================
  6. Borislav here is my new HijackThis Scan after I removed over 20 pgms from PC2 I will also after this post post the latest FRST Scan. Thanks so much for you help! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:00:39 PM, on 9/22/2015 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v11.0 (11.00.9600.18015) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\system32\GWX\GWX.exe C:\Windows\system32\taskeng.exe C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Driver Detective\DriversHQ.DriverDetective.Client.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe C:\Windows\system32\conhost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, enhanced for Bing and MSN O2 - BHO: IGMONObj Class - {02464DDC-3187-11D8-8004-0020ED227566} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\RunOnce: [b Register C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\tray.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\tray.exe" (User 'Default user') O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://apps.driversupport.com O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.1.0.0/GarminAxControl_32.CAB O16 - DPF: PackageCab - http://www.imgag.com/cp/install/AxCtp2.cab O16 - DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} (Image Uploader Control) - http://dealers.carsforsale.com/WebResource.axd?d=cagL7lkRPEDVEh50kjo19oaXrSwMwB3tO4EZqePf6ToaKu0al8cTImjf6oP1qfbnz6FvTlr7N58v2x_m0nXhEqdIe3DTKqMqk10zSa7FUmqnXRxsSB1FozIZrdbVavmvoctSVcE7MmiBLwyObipNf-d7UmBcf9JXG5VZpZUfIZs0Eiap0&t=634481451840000000 O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Casper SmartSense (casperhpb) - Future Systems Solutions, Inc. - C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE O23 - Service: Driver Support AO Service (DSAO) - PC Drivers HeadQuarters LP - C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files\Garmin\Device Interaction Service\GarminService.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- End of file - 5037 bytes
  7. I hope Borislav can help me if not can anyone else help me? I am very upset at being hacked over 8.5 years! Thanks Mattmin
  8. Borislav, Normally when I ran this Falbar error tool it came up with a white screen warning you, I didn't get that screen, I ran the tool and produced the reports FRST and Attach and posted them, but this tool when finishing opens up a cmd box window and says "Press any key to continue" and restart you PC, I didn't get the cmd prompt at all with that message. It just ending leaving the tool on my desktop. I reran it again the 2nd time and it produced the attach report that wasnt creaated the 1st time but it chrashed the 1st time. again no cmd or dos box.....does that make sense to you? I'm trying to make you understand....Thanks for all your help....any otherquestions? Matt
  9. Borislav, I reran the Falbar Recovery Tool again it produced these 2 reports for PC1 It still did not give me the dos screen saying press any key to end and reboot msg... FRST.txt results: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2015 Ran by Matt's Services (administrator) on MATT-P9P1JU7H1A (17-08-2015 16:42:26) Running from C:\Documents and Settings\Matt's Services\Desktop Loaded Profiles: Matt's Services (Available Profiles: Matt's Services & Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\WINDOWS\system32\UMonit.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Future Systems Solutions, Inc.) C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE (Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe (JGsoft - Just Great Software) C:\Program Files\JGsoft\EditPadPro\EditPadPro.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [uMonit] => C:\WINDOWS\system32\UMonit.exe [36864 2014-02-07] () HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6127840 2015-08-03] (AVAST Software) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-03] (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-839522115-1979792683-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search SearchScopes: HKU\S-1-5-21-839522115-1979792683-725345543-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search SearchScopes: HKU\S-1-5-21-839522115-1979792683-725345543-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-03] (AVAST Software) DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-14] (Microsoft Corporation) ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{B588F20E-4FA6-4719-B91E-2CD625CB0FD7}: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Matt's Services\Application Data\Mozilla\Firefox\Profiles\fdzkht7u.default FF Homepage: hxxp://www.google.com FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-10] () FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-839522115-1979792683-725345543-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Matt's Services\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2015-08-08] (Citrix Online) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-02-08] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-03] Chrome: ======= CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-08-03] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-03] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-03] (AVAST Software) R2 casperhpb; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE [368944 2012-11-30] (Future Systems Solutions, Inc.) R2 Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed] R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4030144 2007-04-25] (Realtek Semiconductor Corp.) [File not signed] R1 as6eio; C:\WINDOWS\System32\drivers\as6eio.sys [3616 1997-12-09] () [File not signed] R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-08-03] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-08-03] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-08-03] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-08-03] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788784 2015-08-03] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433264 2015-08-03] (AVAST Software) R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [161472 2015-08-03] (AVAST Software) S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-08-03] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-08-03] (AVAST Software) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R3 FET5X86V; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [48128 2014-02-07] (VIA Technologies, Inc. ) S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. ) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-08-17] (Malwarebytes Corporation) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) R0 nusb3hub; C:\WINDOWS\System32\DRIVERS\nusb3hub.sys [67456 2011-04-13] (Renesas Electronics Corporation) R0 nusb3xhc; C:\WINDOWS\System32\DRIVERS\nusb3xhc.sys [161024 2011-04-13] (Renesas Electronics Corporation) R3 P17; C:\WINDOWS\System32\drivers\P17.sys [1127936 2007-06-15] (Creative Technology Ltd.) R1 PQNTDrv; C:\WINDOWS\system32\Drivers\PQNTDrv.sys [4228 2004-05-05] (PowerQuest Corporation) [File not signed] R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.) R3 viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [134144 2004-02-04] (Copyright © VIA/S3 Graphics, Inc.) R0 ViaIde; C:\WINDOWS\System32\DRIVERS\viaidexp.sys [6144 2005-08-11] (VIA Technologies, Inc.) R3 VIAudio; C:\WINDOWS\System32\drivers\vinyl97.sys [204672 2006-08-10] (VIA Technologies, Inc.) R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [13976 2014-02-07] (VIA Technologies, Inc.) R3 vulfnths; C:\WINDOWS\System32\Drivers\vulfnth.sys [6912 2014-02-08] (VIA Technologies, Inc.) [File not signed] R3 vulfntrs; C:\WINDOWS\System32\Drivers\vulfntr.sys [11264 2014-02-08] (VIA Technologies, Inc.) [File not signed] S4 hpt3xx; no ImagePath S4 IntelIde; no ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-17 16:42 - 2015-08-17 16:42 - 00009938 _____ C:\Documents and Settings\Matt's Services\Desktop\FRST.txt 2015-08-17 16:24 - 2015-08-17 16:42 - 00000000 ____D C:\FRST 2015-08-17 16:12 - 2015-08-17 16:24 - 01677312 _____ (Farbar) C:\Documents and Settings\Matt's Services\Desktop\FRST.exe 2015-08-11 18:24 - 2015-08-11 18:24 - 00000000 ____D C:\Program Files\Trend Micro 2015-08-11 17:25 - 2015-08-17 16:24 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-08-11 16:56 - 2015-08-11 16:56 - 00001444 _____ C:\WINDOWS\COM+.log 2015-08-10 22:54 - 2015-08-10 22:54 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk 2015-08-10 22:26 - 2015-08-17 16:10 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-08-10 22:25 - 2015-08-17 16:36 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-08-10 22:25 - 2015-08-10 22:25 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2015-08-10 22:24 - 2015-08-10 22:24 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-08-10 22:24 - 2015-08-10 22:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2015-08-10 22:24 - 2015-06-18 09:38 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-08-10 22:24 - 2015-06-18 09:38 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-08-08 19:18 - 2015-08-08 19:19 - 00000000 ____D C:\Documents and Settings\Matt's Services\Local Settings\Application Data\Citrix 2015-08-07 15:54 - 2015-08-08 17:19 - 00000000 ____D C:\Documents and Settings\Matt's Services\My Documents\Casper Fixes and files 2015-08-07 15:51 - 2015-08-05 17:25 - 00001924 _____ C:\Documents and Settings\Matt's Services\Desktop\Norton PartitionMagic 8.0.lnk 2015-08-06 00:27 - 2015-08-09 19:41 - 00000000 ____D C:\Documents and Settings\Matt's Services\My Documents\Casper Error Report 2015-08-06 00:22 - 2015-08-06 00:22 - 00001005 _____ C:\Documents and Settings\Matt's Services\Desktop\Casper 7.0.lnk 2015-08-06 00:22 - 2015-08-06 00:22 - 00000444 _____ C:\WINDOWS\Tasks\Casper 7.0 Update Notification Task.job 2015-08-06 00:22 - 2015-08-06 00:22 - 00000000 ____D C:\Program Files\Future Systems Solutions 2015-08-06 00:22 - 2015-08-06 00:22 - 00000000 ____D C:\Program Files\Common Files\Future Systems Solutions 2015-08-06 00:12 - 2015-08-06 00:12 - 00000000 __SHD C:\WINDOWS\system32\AI_RecycleBin 2015-08-05 18:04 - 2015-08-05 18:04 - 00000000 ____D C:\Documents and Settings\Matt's Services\Application Data\WinRAR 2015-08-05 18:03 - 2015-08-05 18:03 - 00000000 ____D C:\Program Files\WinRAR 2015-08-05 17:55 - 2015-08-05 17:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Brother 2015-08-05 17:54 - 2015-08-05 17:54 - 00000000 ____D C:\Documents and Settings\Matt's Services\My Documents\Brother 2015-08-05 17:51 - 2015-08-05 17:51 - 00000000 ____D C:\Program Files\Brother 2015-08-05 17:25 - 2015-08-05 17:25 - 00000000 ____D C:\Program Files\Symantec 2015-08-05 17:09 - 2015-08-05 17:29 - 00000000 ____D C:\Documents and Settings\Matt's Services\My Documents\Norton PM 8 2015-08-05 16:53 - 2015-08-05 16:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\launcher 2015-08-05 16:53 - 2015-08-05 16:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\explauncher 2015-08-05 16:53 - 2015-08-05 16:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\createonepart 2015-08-04 02:18 - 2015-08-11 21:11 - 00000375 _____ C:\WINDOWS\setupact.log 2015-08-04 02:18 - 2015-08-04 02:18 - 00000000 _____ C:\WINDOWS\setuperr.log 2015-08-04 02:18 - 2008-04-14 00:15 - 00010368 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidusb.sys 2015-08-04 02:18 - 2008-04-14 00:15 - 00010368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys 2015-08-04 02:18 - 2001-08-17 13:48 - 00012160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mouhid.sys 2015-08-04 02:18 - 2001-08-17 13:48 - 00012160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys 2015-08-04 01:44 - 2015-08-11 21:11 - 00038122 _____ C:\WINDOWS\setupapi.log 2015-08-03 22:17 - 2015-08-17 15:53 - 00000159 _____ C:\WINDOWS\wiadebug.log 2015-08-03 22:17 - 2015-08-17 15:53 - 00000049 _____ C:\WINDOWS\wiaservc.log 2015-08-03 22:17 - 2015-08-15 08:42 - 00032624 _____ C:\WINDOWS\SchedLgU.Txt 2015-08-03 22:17 - 2015-08-03 22:17 - 00000000 _____ C:\WINDOWS\Sti_Trace.log 2015-08-03 22:16 - 2015-08-17 16:02 - 00349373 _____ C:\WINDOWS\WindowsUpdate.log 2015-08-03 21:38 - 2015-08-03 21:38 - 00000000 ____D C:\Documents and Settings\Matt's Services\Application Data\BlueSprig 2015-08-03 21:32 - 2015-08-03 21:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro 2015-08-03 21:30 - 2015-08-03 22:00 - 00000600 _____ C:\Documents and Settings\Matt's Services\Application Data\winscp.rnd 2015-08-03 20:57 - 2015-08-03 22:00 - 00000000 ____D C:\CSV 2015-08-03 20:57 - 2015-08-03 20:57 - 00000000 ____D C:\Documents and Settings\All Users\Local Settings\Temp 2015-08-03 20:57 - 2015-08-03 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp 2015-08-03 20:56 - 2015-08-03 22:00 - 00000000 ____D C:\remote-service 2015-08-03 20:46 - 2015-08-05 18:13 - 00000213 ___SH C:\boot.ini 2015-08-03 20:46 - 2015-08-03 20:46 - 00000000 ____D C:\WINDOWS\CSC 2015-08-03 18:20 - 2015-08-03 18:20 - 00000000 ____D C:\Documents and Settings\Matt's Services\Local Settings\Application Data\Temp 2015-08-03 16:49 - 2015-08-03 16:49 - 00000000 ____D C:\Documents and Settings\Matt's Services\Application Data\AVAST Software 2015-08-03 16:41 - 2015-08-03 16:41 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk 2015-08-03 16:41 - 2015-08-03 16:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$ 2015-08-03 16:41 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll 2015-08-03 16:40 - 2015-08-17 16:40 - 00000382 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2015-08-03 16:40 - 2015-08-03 16:36 - 00788784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2015-08-03 16:40 - 2015-08-03 16:36 - 00433264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2015-08-03 16:40 - 2015-08-03 16:36 - 00208664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2015-08-03 16:40 - 2015-08-03 16:36 - 00161472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys 2015-08-03 16:40 - 2015-08-03 16:36 - 00076000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2015-08-03 16:40 - 2015-08-03 16:36 - 00057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2015-08-03 16:40 - 2015-08-03 16:36 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2015-08-03 16:40 - 2015-08-03 16:36 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2015-08-03 16:40 - 2015-08-03 16:36 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2015-08-03 16:36 - 2015-08-03 16:36 - 00313472 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2015-08-03 16:36 - 2015-08-03 16:36 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2015-08-03 16:27 - 2015-08-03 16:27 - 00000000 ____D C:\Program Files\AVAST Software 2015-08-03 16:22 - 2015-08-03 16:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-17 16:42 - 2014-02-07 20:51 - 00000000 ____D C:\Documents and Settings\Matt's Services\Local Settings\Temp 2015-08-17 16:36 - 2014-02-08 01:22 - 00778440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-08-17 16:36 - 2014-02-08 01:22 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-08-17 16:24 - 2014-02-08 01:31 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-08-17 16:13 - 2014-02-07 08:42 - 00000000 ____D C:\WINDOWS\Registration 2015-08-17 15:59 - 2014-02-07 03:36 - 00602708 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-08-17 15:53 - 2001-08-23 08:00 - 00013002 _____ C:\WINDOWS\system32\wpa.dbl 2015-08-17 15:52 - 2014-02-07 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-08-15 08:42 - 2014-02-07 20:51 - 00000178 ___SH C:\Documents and Settings\Matt's Services\ntuser.ini 2015-08-15 08:16 - 2014-02-07 08:43 - 00000000 ____D C:\WINDOWS\system32\Restore 2015-08-11 20:03 - 2014-02-07 21:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Virus Removal Utils 2015-08-10 22:53 - 2014-02-24 22:27 - 00000000 ____D C:\Program Files\Common Files\Adobe 2015-08-10 21:37 - 2014-02-08 04:59 - 00000000 ____D C:\Temp 2015-08-10 21:37 - 2014-02-07 20:51 - 00000000 ____D C:\Documents and Settings\Matt's Services 2015-08-10 21:27 - 2001-08-23 08:00 - 00000577 _____ C:\WINDOWS\win.ini 2015-08-10 21:27 - 2001-08-23 08:00 - 00000298 _____ C:\WINDOWS\system.ini 2015-08-07 18:27 - 2014-02-07 21:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Utils Studio 2015-08-05 18:11 - 2014-02-07 20:56 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2015-08-04 02:00 - 2014-03-19 02:04 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2015-08-04 01:58 - 2014-03-19 02:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2015-08-03 22:17 - 2014-02-07 03:35 - 00885496 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-08-03 21:57 - 2014-03-04 21:36 - 00000000 ____D C:\WINDOWS\system32\URTTEMP 2015-08-03 21:39 - 2014-02-08 02:22 - 00000000 ____D C:\WINDOWS\Minidump 2015-08-03 21:30 - 2014-02-07 22:34 - 00350088 _____ C:\Documents and Settings\Matt's Services\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2015-08-03 21:10 - 2014-02-07 08:45 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb 2015-08-03 21:10 - 2014-02-07 08:45 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb 2015-08-03 18:39 - 2014-02-08 00:43 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-08-03 17:15 - 2014-02-08 01:40 - 00001945 _____ C:\WINDOWS\epplauncher.mif 2015-08-03 17:08 - 2014-02-07 08:48 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp ==================== Files in the root of some directories ======= 2015-08-03 21:30 - 2015-08-03 22:00 - 0000600 _____ () C:\Documents and Settings\Matt's Services\Application Data\winscp.rnd 2014-02-24 23:15 - 2014-02-24 23:15 - 0003584 _____ () C:\Documents and Settings\Matt's Services\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Some files in TEMP: ==================== C:\Documents and Settings\Matt's Services\Local Settings\Temp\HitmanPro.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of log ============================ Addition.txt Results: Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-08-2015 Ran by Matt's Services (2015-08-17 16:43:51) Running from C:\Documents and Settings\Matt's Services\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-839522115-1979792683-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator ASPNET (S-1-5-21-839522115-1979792683-725345543-1004 - Limited - Enabled) Guest (S-1-5-21-839522115-1979792683-725345543-501 - Limited - Disabled) HelpAssistant (S-1-5-21-839522115-1979792683-725345543-1000 - Limited - Disabled) Matt's Services (S-1-5-21-839522115-1979792683-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Matt's Services SUPPORT_388945a0 (S-1-5-21-839522115-1979792683-725345543-1002 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - ) Avast Free Antivirus (HKLM\...\Avast) (Version: 10.3.2225 - AVAST Software) Casper 7.0 (HKLM\...\{B28C64A1-22A0-4106-B040-DCD78859AAF3}) (Version: 7.0.2754 - Future Systems Solutions, Inc.) CD LabelMaker (HKLM\...\CD LabelMaker) (Version: - ) Citrix Online Launcher (HKLM\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix) Cool Edit Pro 2.1 (HKLM\...\Cool Edit Pro 2.1) (Version: - ) Creative EAX Settings (HKLM\...\EAXSet) (Version: - ) Creative MediaSource (HKLM\...\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}) (Version: 3.00 - ) Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - Creative Technology Limited) Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: - ) Creative Speaker Settings (HKLM\...\SPEAKER) (Version: - ) Creative System Information (HKLM\...\SysInfo) (Version: - ) Creative WaveStudio 7 (HKLM\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited) CuteFTP 7 Professional (HKLM\...\{1CCBCF78-EF12-4137-B3CA-99F30A2E7D21}) (Version: 7.20.1000 - GlobalSCAPE) DDR - Pen Drive Recovery (HKLM\...\DDR - Pen Drive Recovery) (Version: - ) Device Control (HKLM\...\Device Control) (Version: - ) FairStars Audio Converter 1.97 (HKLM\...\FairStars Audio Converter_is1) (Version: - FairStars Soft) FairStars CD Ripper 1.70 (HKLM\...\FairStars CD Ripper_is1) (Version: - FairStars Soft) HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro) ImageReader Director (HKLM\...\ImageReader Director) (Version: - ) ImageReader Director Manuals (HKLM\...\ImageReader Director Manuals) (Version: - ) InfoCenter 32 (HKLM\...\InfoCenter 32) (Version: - ) JGsoft EditPad Pro 4.4.0 (HKLM\...\EditPad Pro) (Version: - ) JPEG to PDF 1.0 (HKLM\...\{4097ADD8-7890-4CBD-953A-1187EF2C6FA5}_is1) (Version: - jpegtopdf.com) Karaoke Anything! (HKLM\...\Karaoke Anything!1.0) (Version: - ) LADSPA_plugins-win-0.4.15 (HKLM\...\LADSPA_plugins-win_is1) (Version: - Audacity Team) Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version: - ) Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Mozilla Firefox 40.0 (x86 en-US) (HKLM\...\Mozilla Firefox 40.0 (x86 en-US)) (Version: 40.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.0.5697 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Multimedia Card Reader (HKLM\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 3.0.7.0 - ) Nero 7 Ultra Edition (HKLM\...\{7516254D-7F98-49DD-8209-5D2208BD1033}) (Version: 7.03.0647 - Nero AG) Norton PartitionMagic (Version: 8.05.000 - Symantec) Hidden Norton PartitionMagic 8.0 (HKLM\...\InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}) (Version: 8.05.000 - Symantec) Online Bible9.03.02 (HKLM\...\OnlineBible) (Version: - ) Paint Shop Pro 7 (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.1.0000 - Jasc Software Inc) PictureFun! (HKLM\...\CDPMUDeinstKey) (Version: - ) Platform (Version: 1.13 - VIA Technologies, Inc.) Hidden Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.35 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.16.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.1.16.0 - Renesas Electronics Corporation) Hidden S3 S3Display (HKLM\...\VTDisplay) (Version: - ) S3 S3Gamma2 (HKLM\...\VTGamma2) (Version: - ) S3 S3Info2 (HKLM\...\VTInfo2) (Version: - ) S3 S3Overlay (HKLM\...\VTOverlay) (Version: - ) Sound Blaster Audigy (HKLM\...\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}) (Version: 1.0 - ) Syntrillium Tremolo DirectX Plug-In (HKLM\...\Tremolo DirectX Plug-In) (Version: - ) TextBridge Pro Millennium (HKLM\...\{5AB1BFD2-819E-11D3-80D9-00C04F559BE6}) (Version: 9.5.000 - ScanSoft) UniChrome IGP Driver and Utilities (HKLM\...\S3) (Version: - ) VIA Audio Driver Setup Program (HKLM\...\VIA Audio Driver Setup Program) (Version: - ) VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.13 - VIA Technologies, Inc.) VIA Rhine-Family Fast-Ethernet Adapter (HKLM\...\VN_VUIns_Rhine_VIA) (Version: - ) VST Bridge 1.1 (HKLM\...\VST Bridge_is1) (Version: - ) WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) Hidden Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation) Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation) WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) WinZip (HKLM\...\WinZip) (Version: 9.0 SR-1 (6224) - WinZip Computing, Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-839522115-1979792683-725345543-1003_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-839522115-1979792683-725345543-1003_Classes\CLSID\{02172B7A-11D6-42b6-9550-41B281804714}\localserver32 -> C:\Program Files\GlobalSCAPE\CuteFTP 7 Professional\ftpte.exe (GlobalSCAPE Texas, LP.) CustomCLSID: HKU\S-1-5-21-839522115-1979792683-725345543-1003_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-839522115-1979792683-725345543-1003_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-839522115-1979792683-725345543-1003_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-839522115-1979792683-725345543-1003_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-839522115-1979792683-725345543-1003_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-839522115-1979792683-725345543-1003_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-839522115-1979792683-725345543-1003_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-839522115-1979792683-725345543-1003_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-839522115-1979792683-725345543-1003_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-839522115-1979792683-725345543-1003_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-839522115-1979792683-725345543-1003_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-839522115-1979792683-725345543-1003_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-839522115-1979792683-725345543-1003_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation) ==================== Restore Points ========================= 15-08-2015 08:16:37 System Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2001-08-23 08:00 - 2015-08-03 20:57 - 00000732 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: C:\WINDOWS\Tasks\Casper 7.0 Update Notification Task.job => C:\Program Files\Future Systems Solutions\Casper 7.0\CASPER.EXE Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => 0x010501004C33329149FE824F817C7BC722B0364046004E0100000000F0000100200000000014730F000000000313040050028021000000000000000000000000000000000000380043003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F0066007400200053006500630075007200690074007900200043006C00690065006E0074005C004D00700043006D006400520075006E002E00650078006500000026005300630061006E0020002D005300630068006500640075006C0065004A006F00620020002D0052006500730074007200690063007400500072006900760069006C006500670065007300000000000700530059005300540045004D000000140050006500720069006F0064006900630020007300630061006E0020007400610073006B002E000000000008000313040000000000010030000000DF0702000F000000000000000100260000000000000000000000000002000000010001000000000000000000 ==================== Loaded Modules (Whitelisted) ============== 2015-08-05 18:03 - 2007-09-20 18:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll 2015-08-03 16:36 - 2015-08-03 16:36 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-08-03 16:36 - 2015-08-03 16:36 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-08-15 08:42 - 2015-08-15 08:42 - 02962432 _____ () C:\Program Files\AVAST Software\Avast\defs\15081500\algo.dll 2015-08-17 15:59 - 2015-08-17 15:59 - 02961920 _____ () C:\Program Files\AVAST Software\Avast\defs\15081702\algo.dll 2013-01-06 15:50 - 2013-01-06 15:50 - 00054977 _____ () C:\WINDOWS\system32\REE6AM.DLL 2014-02-07 23:57 - 2014-02-07 23:57 - 00036864 _____ () C:\WINDOWS\system32\UMonit.exe 2014-02-07 23:57 - 2014-02-07 23:57 - 00180224 _____ () C:\WINDOWS\system32\ustor.dll 2015-08-03 16:36 - 2015-08-03 16:36 - 38327808 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7865 more restricted sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-839522115-1979792683-725345543-1003\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.1 Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk => C:\WINDOWS\pss\Office Startup.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^Matt's Services^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk => C:\WINDOWS\pss\reminder-ScanSoft Product Registration.lnkStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AudioDeck => C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" MSCONFIG\startupreg: BrowserSafeguard => MSCONFIG\startupreg: Creative Detector => "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe MSCONFIG\startupreg: CTSysVol => C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r MSCONFIG\startupreg: InstantAccess => C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe /h MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe MSCONFIG\startupreg: NUSB3MON => "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" MSCONFIG\startupreg: P17Helper => Rundll32 P17.dll,P17Helper MSCONFIG\startupreg: SoundMan => SOUNDMAN.EXE MSCONFIG\startupreg: UpdReg => C:\WINDOWS\UpdReg.EXE MSCONFIG\startupreg: VTTimer => VTTimer.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/17/2015 04:31:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application frst.exe, version 17.8.2015.0, faulting module frst.exe, version 17.8.2015.0, fault address 0x0002105e. Processing media-specific event for [frst.exe!ws!] Error: (08/17/2015 04:30:21 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application FRST.exe, version 17.8.2015.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (08/17/2015 04:14:11 PM) (Source: VSS) (EventID: 12289) (User: ) Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{99f049f2-3bbd-11e5-851f-00110906ec75},0xc0000000,0x00000003,...). hr = 0x80070005. Error: (08/17/2015 04:00:46 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application mbam.exe, version 2.3.55.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (08/15/2015 08:31:59 AM) (Source: VSS) (EventID: 12289) (User: ) Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{8e6fa184-908b-11e3-80dc-00110906ec75},0xc0000000,0x00000003,...). hr = 0x80070005. Error: (08/15/2015 08:22:16 AM) (Source: VSS) (EventID: 12289) (User: ) Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{679719bf-3a6e-11e5-8512-00110906ec75},0xc0000000,0x00000003,...). hr = 0x80070005. Error: (08/11/2015 09:13:18 PM) (Source: VSS) (EventID: 12289) (User: ) Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{8e6fa184-908b-11e3-80dc-00110906ec75},0xc0000000,0x00000003,...). hr = 0x80070005. Error: (08/11/2015 09:02:36 PM) (Source: VSS) (EventID: 12289) (User: ) Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{99f049f2-3bbd-11e5-851f-00110906ec75},0xc0000000,0x00000003,...). hr = 0x80070005. Error: (08/11/2015 05:56:48 PM) (Source: VSS) (EventID: 12289) (User: ) Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{99f049f2-3bbd-11e5-851f-00110906ec75},0xc0000000,0x00000003,...). hr = 0x80070005. Error: (08/11/2015 05:12:53 PM) (Source: VSS) (EventID: 12289) (User: ) Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{679719bf-3a6e-11e5-8512-00110906ec75},0xc0000000,0x00000003,...). hr = 0x80070005. System errors: ============= Error: (08/17/2015 04:34:36 PM) (Source: 0) (EventID: 9) (User: ) Description: \Device\Ide\IdePort1 Error: (08/17/2015 04:33:48 PM) (Source: 0) (EventID: 9) (User: ) Description: \Device\Ide\IdePort1 Error: (08/17/2015 04:15:00 PM) (Source: Distributed Link Tracking Client) (EventID: 12507) (User: ) Description: The volume ID for D: has been reset, since it was a duplicate of that on G:. This volume ID is used by Distributed Link Tracking to automatically repair file links, such as Shell Shortcuts and OLE links, when for some reason those links become broken. Error: (08/15/2015 08:35:32 AM) (Source: Distributed Link Tracking Client) (EventID: 12507) (User: ) Description: The volume ID for H: has been reset, since it was a duplicate of that on C:. This volume ID is used by Distributed Link Tracking to automatically repair file links, such as Shell Shortcuts and OLE links, when for some reason those links become broken. Error: (08/15/2015 08:25:18 AM) (Source: Distributed Link Tracking Client) (EventID: 12507) (User: ) Description: The volume ID for C: has been reset, since it was a duplicate of that on G:. This volume ID is used by Distributed Link Tracking to automatically repair file links, such as Shell Shortcuts and OLE links, when for some reason those links become broken. Error: (08/15/2015 08:16:38 AM) (Source: 0) (EventID: 1) (User: ) Description: 0xC0000034_filelst.cfgHarddiskVolume1 Error: (08/11/2015 09:07:59 PM) (Source: Distributed Link Tracking Client) (EventID: 12507) (User: ) Description: The volume ID for G: has been reset, since it was a duplicate of that on D:. This volume ID is used by Distributed Link Tracking to automatically repair file links, such as Shell Shortcuts and OLE links, when for some reason those links become broken. Error: (08/11/2015 05:57:34 PM) (Source: Distributed Link Tracking Client) (EventID: 12507) (User: ) Description: The volume ID for G: has been reset, since it was a duplicate of that on D:. This volume ID is used by Distributed Link Tracking to automatically repair file links, such as Shell Shortcuts and OLE links, when for some reason those links become broken. Error: (08/11/2015 05:42:43 PM) (Source: Distributed Link Tracking Client) (EventID: 12507) (User: ) Description: The volume ID for G: has been reset, since it was a duplicate of that on C:. This volume ID is used by Distributed Link Tracking to automatically repair file links, such as Shell Shortcuts and OLE links, when for some reason those links become broken. Error: (08/11/2015 04:12:17 PM) (Source: 0) (EventID: 11) (User: ) Description: \Device\Harddisk0\D Microsoft Office: ========================= Error: (08/17/2015 04:31:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: frst.exe17.8.2015.0frst.exe17.8.2015.00002105e Error: (08/17/2015 04:30:21 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: FRST.exe17.8.2015.0hungapp0.0.0.000000000 Error: (08/17/2015 04:14:11 PM) (Source: VSS) (EventID: 12289) (User: ) Description: CreateFileW(\\?\Volume{99f049f2-3bbd-11e5-851f-00110906ec75},0xc0000000,0x00000003,...)0x80070005 Error: (08/17/2015 04:00:46 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: mbam.exe2.3.55.0hungapp0.0.0.000000000 Error: (08/15/2015 08:31:59 AM) (Source: VSS) (EventID: 12289) (User: ) Description: CreateFileW(\\?\Volume{8e6fa184-908b-11e3-80dc-00110906ec75},0xc0000000,0x00000003,...)0x80070005 Error: (08/15/2015 08:22:16 AM) (Source: VSS) (EventID: 12289) (User: ) Description: CreateFileW(\\?\Volume{679719bf-3a6e-11e5-8512-00110906ec75},0xc0000000,0x00000003,...)0x80070005 Error: (08/11/2015 09:13:18 PM) (Source: VSS) (EventID: 12289) (User: ) Description: CreateFileW(\\?\Volume{8e6fa184-908b-11e3-80dc-00110906ec75},0xc0000000,0x00000003,...)0x80070005 Error: (08/11/2015 09:02:36 PM) (Source: VSS) (EventID: 12289) (User: ) Description: CreateFileW(\\?\Volume{99f049f2-3bbd-11e5-851f-00110906ec75},0xc0000000,0x00000003,...)0x80070005 Error: (08/11/2015 05:56:48 PM) (Source: VSS) (EventID: 12289) (User: ) Description: CreateFileW(\\?\Volume{99f049f2-3bbd-11e5-851f-00110906ec75},0xc0000000,0x00000003,...)0x80070005 Error: (08/11/2015 05:12:53 PM) (Source: VSS) (EventID: 12289) (User: ) Description: CreateFileW(\\?\Volume{679719bf-3a6e-11e5-8512-00110906ec75},0xc0000000,0x00000003,...)0x80070005 ==================== Memory info =========================== Processor: AMD Athlon XP 2400+ Percentage of memory in use: 44% Total physical RAM: 2015.48 MB Available physical RAM: 1113.44 MB Total Virtual: 4887.51 MB Available Virtual: 4047.27 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:149.05 GB) (Free:129.57 GB) NTFS ==>[drive with boot components (Windows XP)] Drive d: (Local Disk) (Fixed) (Total:298.08 GB) (Free:112.65 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 12080F19) Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 298.1 GB) (Disk ID: 0A081703) Partition 1: (Not Active) - (Size=298.1 GB) - (Type=OF Extended) ==================== End of log ============================
  10. Here are the resultd for PC 1 Farbar it crashed produced the FRST reports and Addition reports but did not end saying press an key and reboot on either PC.... FRST Report PC 1 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2015 Ran by Matt's Services (administrator) on MATT-P9P1JU7H1A (17-08-2015 16:29:05) Running from C:\Documents and Settings\Matt's Services\Desktop Loaded Profiles: Matt's Services (Available Profiles: Matt's Services & Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\WINDOWS\system32\UMonit.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Future Systems Solutions, Inc.) C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE (Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe (Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [uMonit] => C:\WINDOWS\system32\UMonit.exe [36864 2014-02-07] () HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6127840 2015-08-03] (AVAST Software) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-03] (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-839522115-1979792683-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search SearchScopes: HKU\S-1-5-21-839522115-1979792683-725345543-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search SearchScopes: HKU\S-1-5-21-839522115-1979792683-725345543-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-03] (AVAST Software) DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-14] (Microsoft Corporation) ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{B588F20E-4FA6-4719-B91E-2CD625CB0FD7}: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Matt's Services\Application Data\Mozilla\Firefox\Profiles\fdzkht7u.default FF Homepage: hxxp://www.google.com FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-10] () FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-839522115-1979792683-725345543-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Matt's Services\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2015-08-08] (Citrix Online) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-02-08] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-03] Chrome: ======= CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-08-03] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-03] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-03] (AVAST Software) R2 casperhpb; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE [368944 2012-11-30] (Future Systems Solutions, Inc.) R2 Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed] R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4030144 2007-04-25] (Realtek Semiconductor Corp.) [File not signed] R1 as6eio; C:\WINDOWS\System32\drivers\as6eio.sys [3616 1997-12-09] () [File not signed] R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-08-03] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-08-03] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-08-03] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-08-03] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788784 2015-08-03] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433264 2015-08-03] (AVAST Software) R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [161472 2015-08-03] (AVAST Software) S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-08-03] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-08-03] (AVAST Software) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R3 FET5X86V; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [48128 2014-02-07] (VIA Technologies, Inc. ) S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. ) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-08-17] (Malwarebytes Corporation) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) R0 nusb3hub; C:\WINDOWS\System32\DRIVERS\nusb3hub.sys [67456 2011-04-13] (Renesas Electronics Corporation) R0 nusb3xhc; C:\WINDOWS\System32\DRIVERS\nusb3xhc.sys [161024 2011-04-13] (Renesas Electronics Corporation) R3 P17; C:\WINDOWS\System32\drivers\P17.sys [1127936 2007-06-15] (Creative Technology Ltd.) R1 PQNTDrv; C:\WINDOWS\system32\Drivers\PQNTDrv.sys [4228 2004-05-05] (PowerQuest Corporation) [File not signed] R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.) R3 viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [134144 2004-02-04] (Copyright © VIA/S3 Graphics, Inc.) R0 ViaIde; C:\WINDOWS\System32\DRIVERS\viaidexp.sys [6144 2005-08-11] (VIA Technologies, Inc.) R3 VIAudio; C:\WINDOWS\System32\drivers\vinyl97.sys [204672 2006-08-10] (VIA Technologies, Inc.) R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [13976 2014-02-07] (VIA Technologies, Inc.) R3 vulfnths; C:\WINDOWS\System32\Drivers\vulfnth.sys [6912 2014-02-08] (VIA Technologies, Inc.) [File not signed] R3 vulfntrs; C:\WINDOWS\System32\Drivers\vulfntr.sys [11264 2014-02-08] (VIA Technologies, Inc.) [File not signed] S4 hpt3xx; no ImagePath S4 IntelIde; no ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-17 16:30 - 2015-08-17 16:30 - 00013338 _____ C:\Documents and Settings\Matt's Services\Desktop\Addition.txt 2015-08-17 16:24 - 2015-08-17 16:30 - 00022036 _____ C:\Documents and Settings\Matt's Services\Desktop\FRST.txt 2015-08-17 16:24 - 2015-08-17 16:29 - 00000000 ____D C:\FRST 2015-08-17 16:24 - 2015-08-17 16:24 - 00000000 ____D C:\Documents and Settings\Matt's Services\Desktop\FRST-OlderVersion 2015-08-17 16:12 - 2015-08-17 16:24 - 01677312 _____ (Farbar) C:\Documents and Settings\Matt's Services\Desktop\FRST.exe 2015-08-11 18:24 - 2015-08-11 18:24 - 00000000 ____D C:\Program Files\Trend Micro 2015-08-11 17:25 - 2015-08-17 16:24 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-08-11 16:56 - 2015-08-11 16:56 - 00001444 _____ C:\WINDOWS\COM+.log 2015-08-10 22:54 - 2015-08-10 22:54 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk 2015-08-10 22:26 - 2015-08-17 16:10 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-08-10 22:25 - 2015-08-15 08:35 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-08-10 22:25 - 2015-08-10 22:25 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2015-08-10 22:24 - 2015-08-10 22:24 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-08-10 22:24 - 2015-08-10 22:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2015-08-10 22:24 - 2015-06-18 09:38 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-08-10 22:24 - 2015-06-18 09:38 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-08-08 19:18 - 2015-08-08 19:19 - 00000000 ____D C:\Documents and Settings\Matt's Services\Local Settings\Application Data\Citrix 2015-08-07 15:54 - 2015-08-08 17:19 - 00000000 ____D C:\Documents and Settings\Matt's Services\My Documents\Casper Fixes and files 2015-08-07 15:51 - 2015-08-05 17:25 - 00001924 _____ C:\Documents and Settings\Matt's Services\Desktop\Norton PartitionMagic 8.0.lnk 2015-08-06 00:27 - 2015-08-09 19:41 - 00000000 ____D C:\Documents and Settings\Matt's Services\My Documents\Casper Error Report 2015-08-06 00:22 - 2015-08-06 00:22 - 00001005 _____ C:\Documents and Settings\Matt's Services\Desktop\Casper 7.0.lnk 2015-08-06 00:22 - 2015-08-06 00:22 - 00000444 _____ C:\WINDOWS\Tasks\Casper 7.0 Update Notification Task.job 2015-08-06 00:22 - 2015-08-06 00:22 - 00000000 ____D C:\Program Files\Future Systems Solutions 2015-08-06 00:22 - 2015-08-06 00:22 - 00000000 ____D C:\Program Files\Common Files\Future Systems Solutions 2015-08-06 00:12 - 2015-08-06 00:12 - 00000000 __SHD C:\WINDOWS\system32\AI_RecycleBin 2015-08-05 18:04 - 2015-08-05 18:04 - 00000000 ____D C:\Documents and Settings\Matt's Services\Application Data\WinRAR 2015-08-05 18:03 - 2015-08-05 18:03 - 00000000 ____D C:\Program Files\WinRAR 2015-08-05 17:55 - 2015-08-05 17:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Brother 2015-08-05 17:54 - 2015-08-05 17:54 - 00000000 ____D C:\Documents and Settings\Matt's Services\My Documents\Brother 2015-08-05 17:51 - 2015-08-05 17:51 - 00000000 ____D C:\Program Files\Brother 2015-08-05 17:25 - 2015-08-05 17:25 - 00000000 ____D C:\Program Files\Symantec 2015-08-05 17:09 - 2015-08-05 17:29 - 00000000 ____D C:\Documents and Settings\Matt's Services\My Documents\Norton PM 8 2015-08-05 16:53 - 2015-08-05 16:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\launcher 2015-08-05 16:53 - 2015-08-05 16:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\explauncher 2015-08-05 16:53 - 2015-08-05 16:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\createonepart 2015-08-04 02:18 - 2015-08-11 21:11 - 00000375 _____ C:\WINDOWS\setupact.log 2015-08-04 02:18 - 2015-08-04 02:18 - 00000000 _____ C:\WINDOWS\setuperr.log 2015-08-04 02:18 - 2008-04-14 00:15 - 00010368 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidusb.sys 2015-08-04 02:18 - 2008-04-14 00:15 - 00010368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys 2015-08-04 02:18 - 2001-08-17 13:48 - 00012160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mouhid.sys 2015-08-04 02:18 - 2001-08-17 13:48 - 00012160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys 2015-08-04 01:44 - 2015-08-11 21:11 - 00038122 _____ C:\WINDOWS\setupapi.log 2015-08-03 22:17 - 2015-08-17 15:53 - 00000159 _____ C:\WINDOWS\wiadebug.log 2015-08-03 22:17 - 2015-08-17 15:53 - 00000049 _____ C:\WINDOWS\wiaservc.log 2015-08-03 22:17 - 2015-08-15 08:42 - 00032624 _____ C:\WINDOWS\SchedLgU.Txt 2015-08-03 22:17 - 2015-08-03 22:17 - 00000000 _____ C:\WINDOWS\Sti_Trace.log 2015-08-03 22:16 - 2015-08-17 16:02 - 00349373 _____ C:\WINDOWS\WindowsUpdate.log 2015-08-03 21:38 - 2015-08-03 21:38 - 00000000 ____D C:\Documents and Settings\Matt's Services\Application Data\BlueSprig 2015-08-03 21:32 - 2015-08-03 21:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro 2015-08-03 21:30 - 2015-08-03 22:00 - 00000600 _____ C:\Documents and Settings\Matt's Services\Application Data\winscp.rnd 2015-08-03 20:57 - 2015-08-03 22:00 - 00000000 ____D C:\CSV 2015-08-03 20:57 - 2015-08-03 20:57 - 00000000 ____D C:\Documents and Settings\All Users\Local Settings\Temp 2015-08-03 20:57 - 2015-08-03 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp 2015-08-03 20:56 - 2015-08-03 22:00 - 00000000 ____D C:\remote-service 2015-08-03 20:46 - 2015-08-05 18:13 - 00000213 ___SH C:\boot.ini 2015-08-03 20:46 - 2015-08-03 20:46 - 00000000 ____D C:\WINDOWS\CSC 2015-08-03 18:20 - 2015-08-03 18:20 - 00000000 ____D C:\Documents and Settings\Matt's Services\Local Settings\Application Data\Temp 2015-08-03 16:49 - 2015-08-03 16:49 - 00000000 ____D C:\Documents and Settings\Matt's Services\Application Data\AVAST Software 2015-08-03 16:41 - 2015-08-03 16:41 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk 2015-08-03 16:41 - 2015-08-03 16:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$ 2015-08-03 16:41 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll 2015-08-03 16:40 - 2015-08-17 16:05 - 00000382 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2015-08-03 16:40 - 2015-08-03 16:36 - 00788784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2015-08-03 16:40 - 2015-08-03 16:36 - 00433264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2015-08-03 16:40 - 2015-08-03 16:36 - 00208664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2015-08-03 16:40 - 2015-08-03 16:36 - 00161472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys 2015-08-03 16:40 - 2015-08-03 16:36 - 00076000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2015-08-03 16:40 - 2015-08-03 16:36 - 00057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2015-08-03 16:40 - 2015-08-03 16:36 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2015-08-03 16:40 - 2015-08-03 16:36 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2015-08-03 16:40 - 2015-08-03 16:36 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2015-08-03 16:36 - 2015-08-03 16:36 - 00313472 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2015-08-03 16:36 - 2015-08-03 16:36 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2015-08-03 16:27 - 2015-08-03 16:27 - 00000000 ____D C:\Program Files\AVAST Software 2015-08-03 16:22 - 2015-08-03 16:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-17 16:30 - 2014-02-07 20:51 - 00000000 ____D C:\Documents and Settings\Matt's Services\Local Settings\Temp 2015-08-17 16:24 - 2014-02-08 01:31 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-08-17 16:13 - 2014-02-07 08:42 - 00000000 ____D C:\WINDOWS\Registration 2015-08-17 15:59 - 2014-02-07 03:36 - 00602708 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-08-17 15:53 - 2001-08-23 08:00 - 00013002 _____ C:\WINDOWS\system32\wpa.dbl 2015-08-17 15:52 - 2014-02-07 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-08-15 08:42 - 2014-02-07 20:51 - 00000178 ___SH C:\Documents and Settings\Matt's Services\ntuser.ini 2015-08-15 08:16 - 2014-02-07 08:43 - 00000000 ____D C:\WINDOWS\system32\Restore 2015-08-11 20:03 - 2014-02-07 21:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Virus Removal Utils 2015-08-10 22:53 - 2014-02-24 22:27 - 00000000 ____D C:\Program Files\Common Files\Adobe 2015-08-10 22:40 - 2014-02-08 01:22 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-08-10 22:40 - 2014-02-08 01:22 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-08-10 21:37 - 2014-02-08 04:59 - 00000000 ____D C:\Temp 2015-08-10 21:37 - 2014-02-07 20:51 - 00000000 ____D C:\Documents and Settings\Matt's Services 2015-08-10 21:27 - 2001-08-23 08:00 - 00000577 _____ C:\WINDOWS\win.ini 2015-08-10 21:27 - 2001-08-23 08:00 - 00000298 _____ C:\WINDOWS\system.ini 2015-08-07 18:27 - 2014-02-07 21:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Utils Studio 2015-08-05 18:11 - 2014-02-07 20:56 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2015-08-04 02:00 - 2014-03-19 02:04 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2015-08-04 01:58 - 2014-03-19 02:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2015-08-03 22:17 - 2014-02-07 03:35 - 00885496 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-08-03 21:57 - 2014-03-04 21:36 - 00000000 ____D C:\WINDOWS\system32\URTTEMP 2015-08-03 21:39 - 2014-02-08 02:22 - 00000000 ____D C:\WINDOWS\Minidump 2015-08-03 21:30 - 2014-02-07 22:34 - 00350088 _____ C:\Documents and Settings\Matt's Services\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2015-08-03 21:10 - 2014-02-07 08:45 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb 2015-08-03 21:10 - 2014-02-07 08:45 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb 2015-08-03 18:39 - 2014-02-08 00:43 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-08-03 17:15 - 2014-02-08 01:40 - 00001945 _____ C:\WINDOWS\epplauncher.mif 2015-08-03 17:08 - 2014-02-07 08:48 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp ==================== Files in the root of some directories ======= 2015-08-03 21:30 - 2015-08-03 22:00 - 0000600 _____ () C:\Documents and Settings\Matt's Services\Application Data\winscp.rnd 2014-02-24 23:15 - 2014-02-24 23:15 - 0003584 _____ () C:\Documents and Settings\Matt's Services\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Some files in TEMP: ==================== C:\Documents and Settings\Matt's Services\Local Settings\Temp\HitmanPro.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed Addition Report PC 1 Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-08-2015 Ran by Matt's Services (2015-08-17 16:31:05) Running from C:\Documents and Settings\Matt's Services\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= I think I am going to have to format both machines they are too far gone and Hijacked, entire Hard Drives deleted, my website deleted even files on Youtube! I sick of this..... I cant even run the diagnostic tools on my pc without the hacker crashing the pgm! Thanks Matt
  11. Borislav, Here are the 2 files created with the Falbar Recovery 2 tool for PC 2; FRST.txt below: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2015 Ran by Matt's Services (administrator) on MATTSSERVICES (17-08-2015 15:38:16) Running from C:\Users\Matt's Services\Documents\Malwarebytes anti Malware\FRST-OlderVersion Loaded Profiles: Matt's Services & (Available Profiles: Matt's Services & UpdatusUser) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgrsx.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Future Systems Solutions, Inc.) C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe (Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (WDC) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [uVS12 Preload] => C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe [397456 2008-06-09] (Corel TW Corp.) HKLM\...\RunOnce: [b Register C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\tray.exe [1010008 2015-04-10] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1968118532-1448927574-937044247-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\tray.exe [1010008 2015-04-10] (Garmin Ltd. or its subsidiaries) BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /syncC:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1968118532-1448927574-937044247-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1968118532-1448927574-937044247-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002 -> DefaultScope {1F82DE6F-0F35-44BC-924F-D6FE5DD5E405} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002 -> {09EB195F-BF90-4FDB-98EA-7DF014221FD8} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002 -> {0A1A0E6D-2C13-45E4-A436-9FAFB9490689} URL = hxxp://www.bing.com/search?FORM=UP76DF&PC=UP76&dt=042113&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002 -> {1F82DE6F-0F35-44BC-924F-D6FE5DD5E405} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {1F82DE6F-0F35-44BC-924F-D6FE5DD5E405} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {09EB195F-BF90-4FDB-98EA-7DF014221FD8} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0A1A0E6D-2C13-45E4-A436-9FAFB9490689} URL = hxxp://www.bing.com/search?FORM=UP76DF&PC=UP76&dt=042113&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {1F82DE6F-0F35-44BC-924F-D6FE5DD5E405} URL = hxxps://www.google.com/search?q={searchTerms} BHO: IGMONObj Class -> {02464DDC-3187-11D8-8004-0020ED227566} -> C:\Program Files\iGetter\Integration\IGMON.dll [2009-11-09] (Presenta Ltd.) BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-06] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-06] (Oracle Corporation) DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} hxxp://dealers.carsforsale.com/WebResource.axd?d=cagL7lkRPEDVEh50kjo19oaXrSwMwB3tO4EZqePf6ToaKu0al8cTImjf6oP1qfbnz6FvTlr7N58v2x_m0nXhEqdIe3DTKqMqk10zSa7FUmqnXRxsSB1FozIZrdbVavmvoctSVcE7MmiBLwyObipNf-d7UmBcf9JXG5VZpZUfIZs0Eiap0&t=634481451840000000 DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll [2009-12-24] (Belarc, Inc.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-04-08] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{B6638127-D991-40AB-89C8-B0F581C94D40}: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Matt's Services\AppData\Roaming\Mozilla\Firefox\Profiles\on2nu21w.default FF DefaultSearchEngine: Google FF DefaultSearchEngine.US: Google FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-15] () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC) FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.) FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-06] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-06] (Oracle Corporation) FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-02-09] (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-02-09] (NVIDIA Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1968118532-1448927574-937044247-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Matt's Services\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-1968118532-1448927574-937044247-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Matt's Services\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-12-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-12-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-12-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-12-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-12-17] (Apple Inc.) FF SearchPlugin: C:\Users\Matt's Services\AppData\Roaming\Mozilla\Firefox\Profiles\on2nu21w.default\searchplugins\bigseekpro.xml [2010-09-07] FF Extension: Default Manager - C:\Users\Matt's Services\AppData\Roaming\Mozilla\Firefox\Profiles\on2nu21w.default\Extensions\DefaultManager@Microsoft [2013-05-03] FF Extension: Block site - C:\Users\Matt's Services\AppData\Roaming\Mozilla\Firefox\Profiles\on2nu21w.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-05-28] FF Extension: Pin It Button - C:\Users\Matt's Services\AppData\Roaming\Mozilla\Firefox\Profiles\on2nu21w.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2014-12-21] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-08-08] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-08-08] FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: No Name - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-05-31] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-08-19] (Advanced Micro Devices, Inc.) [File not signed] R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) R2 casperhpb; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE [368944 2012-11-30] (Future Systems Solutions, Inc.) S4 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] () S4 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed] S2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [708104 2015-04-10] (Garmin Ltd. or its subsidiaries) S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.) R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company) R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2015-01-27] (Verizon) [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation) S4 SgtSch2Svc; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [845808 2011-04-29] (Seagate) S3 Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.) R2 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [102400 2012-05-01] (WDC) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) S4 AVGIDSAgent; "C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [X] S4 avgwd; "C:\Program Files\AVG\AVG10\avgwdsvc.exe" [X] S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation) R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.) R0 amacpi; C:\Windows\System32\DRIVERS\null.sys [4608 2009-07-13] (Microsoft Corporation) S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [123472 2010-08-19] (AVG Technologies CZ, s.r.o. ) R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [25680 2010-09-13] (AVG Technologies CZ, s.r.o. ) S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [30288 2010-08-19] (AVG Technologies CZ, s.r.o. ) S3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [21072 2010-08-19] (AVG Technologies CZ, s.r.o. ) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [249424 2010-09-07] (AVG Technologies CZ, s.r.o.) R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34384 2010-09-07] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [26064 2010-09-07] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [298448 2010-09-07] (AVG Technologies CZ, s.r.o.) R2 CDRPDACC; C:\Program Files\321Studios\Shared\CDRPDACC.SYS [5273 2003-10-28] (Arrowkey) [File not signed] R1 ElRawDisk; C:\Windows\system32\drivers\elrawdsk.sys [20560 2007-03-22] (EldoS Corporation) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14920 2012-12-21] () [File not signed] S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9160 2012-12-21] () [File not signed] R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [128016 2009-06-15] (Kaspersky Lab) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-08-17] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.) S3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [75776 2012-03-15] (Renesas Electronics Corporation) S3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [168960 2012-03-15] (Renesas Electronics Corporation) R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [15688 2013-09-30] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] () S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3482240 2009-08-05] () S3 TucbAudio; C:\Windows\System32\drivers\TucbAudio.sys [23096 2010-02-18] (Windows ® Codename Longhorn DDK provider) R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [125472 2012-04-27] (Acronis) R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [83392 2012-04-27] (Acronis) S1 ASPI32; no ImagePath S3 catchme; \??\C:\Users\MATT'S~1\AppData\Local\Temp\catchme.sys [X] S0 invrgg; System32\drivers\fygprsc.sys [X] S3 LVRS; system32\DRIVERS\lvrs.sys [X] S3 LVUVC; system32\DRIVERS\lvuvc.sys [X] S3 Pcouffin; System32\Drivers\Pcouffin.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-17 15:33 - 2015-08-17 15:37 - 00000000 ____D C:\Users\Matt's Services\Documents\Malwarebytes anti Malware 2015-08-17 15:30 - 2015-08-17 15:38 - 00000000 ____D C:\FRST 2015-08-17 15:27 - 2015-08-17 15:27 - 00000000 ____D C:\Users\Matt's Services\Documents\MBAM Reports PC2 2015-08-15 21:49 - 2015-08-15 21:52 - 00001307 _____ C:\Users\Public\Desktop\Corel VideoStudio 12.lnk 2015-08-15 21:49 - 2015-08-15 21:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel VideoStudio 12 2015-08-15 21:46 - 2015-08-15 21:46 - 00000000 ____D C:\Program Files\Corel 2015-08-15 21:08 - 2015-08-15 21:28 - 00000092 _____ C:\Windows\system32\Install.log 2015-08-15 20:08 - 2015-08-15 20:08 - 00000000 ____D C:\Users\Matt's Services\AppData\Local\Garmin_Ltd._or_its_subsid 2015-08-15 04:36 - 2015-08-17 15:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-08-13 16:40 - 2015-08-13 16:40 - 00000000 ____D C:\Users\Matt's Services\Documents\MBAM AVAST EXCLUSIONS 2015-08-13 16:24 - 2015-07-28 16:04 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-08-13 16:24 - 2015-07-28 16:00 - 00952832 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-08-13 16:24 - 2015-07-28 16:00 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-08-13 16:24 - 2015-07-28 16:00 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-08-13 16:24 - 2015-07-28 16:00 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-08-13 16:24 - 2015-07-28 16:00 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-08-13 16:24 - 2015-07-28 16:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-08-13 16:24 - 2015-07-28 15:54 - 00934400 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-08-13 16:24 - 2015-07-10 13:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-08-13 16:24 - 2015-07-10 13:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2015-08-13 16:24 - 2015-07-10 13:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2015-08-13 16:23 - 2015-07-20 13:56 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-08-13 16:23 - 2015-07-20 13:56 - 02061312 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-08-13 16:23 - 2015-07-20 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-08-13 16:23 - 2015-07-20 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-08-13 16:23 - 2015-07-20 13:56 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-08-13 16:23 - 2015-07-20 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-08-13 16:23 - 2015-07-20 13:56 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-08-13 16:23 - 2015-07-20 13:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-08-13 16:23 - 2015-07-20 13:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-08-13 16:23 - 2015-07-20 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-08-13 16:23 - 2015-07-20 13:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-08-13 16:22 - 2015-07-15 13:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-08-13 16:22 - 2015-07-15 13:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-08-13 16:22 - 2015-07-15 13:59 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-08-13 16:22 - 2015-07-15 13:59 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-08-13 16:22 - 2015-07-15 13:59 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-08-13 16:22 - 2015-07-15 13:56 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-08-13 16:22 - 2015-07-15 13:55 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll 2015-08-13 16:22 - 2015-07-15 13:55 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-08-13 16:22 - 2015-07-15 13:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-08-13 16:22 - 2015-07-15 13:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-08-13 16:22 - 2015-07-15 13:55 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-08-13 16:22 - 2015-07-15 13:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-08-13 16:22 - 2015-07-15 13:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-08-13 16:22 - 2015-07-15 13:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-08-13 16:22 - 2015-07-15 13:55 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-08-13 16:22 - 2015-07-15 13:54 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-08-13 16:22 - 2015-07-15 13:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-08-13 16:22 - 2015-07-15 13:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-08-13 16:22 - 2015-07-15 13:54 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-08-13 16:22 - 2015-07-15 13:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-08-13 16:22 - 2015-07-15 13:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-08-13 16:22 - 2015-07-15 13:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-08-13 16:22 - 2015-07-15 13:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-08-13 16:22 - 2015-07-15 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-08-13 16:22 - 2015-07-15 13:54 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-08-13 16:22 - 2015-07-15 13:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-08-13 16:22 - 2015-07-15 13:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-08-13 16:22 - 2015-07-15 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-08-13 16:22 - 2015-07-15 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-08-13 16:22 - 2015-07-15 13:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-08-13 16:22 - 2015-07-15 13:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-08-13 16:22 - 2015-07-15 13:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-08-13 16:22 - 2015-07-15 12:36 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-08-13 16:22 - 2015-07-15 12:36 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-08-13 16:22 - 2015-07-15 12:36 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-08-13 16:22 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-08-13 16:22 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-08-13 16:22 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-08-13 16:22 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2015-08-13 16:21 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-08-13 16:21 - 2015-07-30 13:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-08-13 16:21 - 2015-07-30 13:57 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-08-13 16:21 - 2015-07-30 13:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-08-13 16:21 - 2015-07-30 13:57 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-08-13 16:21 - 2015-07-30 13:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-08-13 16:21 - 2015-07-30 13:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-08-13 16:21 - 2015-07-30 12:52 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-08-13 16:21 - 2015-07-30 12:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-08-13 16:21 - 2015-07-14 22:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-08-13 16:21 - 2015-07-14 22:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-08-13 16:21 - 2015-07-14 22:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2015-08-13 16:21 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2015-08-13 16:21 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-08-13 15:35 - 2015-07-20 20:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-08-13 15:35 - 2015-07-16 16:20 - 19870208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-08-13 15:35 - 2015-07-16 16:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-08-13 15:35 - 2015-07-16 16:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-08-13 15:35 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-08-13 15:35 - 2015-07-16 15:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-08-13 15:35 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-08-13 15:35 - 2015-07-16 15:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-08-13 15:35 - 2015-07-16 15:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-08-13 15:35 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-08-13 15:35 - 2015-07-16 15:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-08-13 15:35 - 2015-07-16 15:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-08-13 15:35 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-08-13 15:35 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-08-13 15:35 - 2015-07-16 15:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-08-13 15:35 - 2015-07-16 15:39 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-08-13 15:35 - 2015-07-16 15:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-08-13 15:35 - 2015-07-16 15:32 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-08-13 15:35 - 2015-07-16 15:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-08-13 15:35 - 2015-07-16 15:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-08-13 15:35 - 2015-07-16 15:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-08-13 15:35 - 2015-07-16 15:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-08-13 15:35 - 2015-07-16 15:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-08-13 15:35 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-08-13 15:35 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-08-13 15:35 - 2015-07-16 15:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-08-13 15:35 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-08-13 15:35 - 2015-07-16 15:06 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-08-13 15:35 - 2015-07-16 15:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-08-13 15:35 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-08-13 15:35 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-08-13 15:35 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-08-13 15:32 - 2015-07-10 13:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-08-13 15:32 - 2015-05-09 14:09 - 00715200 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll 2015-08-13 04:41 - 2015-08-13 04:41 - 01677824 _____ (Farbar) C:\Users\Matt's Services\Downloads\FRST(1).exe 2015-08-12 21:58 - 2015-08-12 21:59 - 01791580 _____ (Malwarebytes Corporation) C:\Users\Matt's Services\Downloads\JRT.exe 2015-08-12 21:56 - 2015-08-12 21:56 - 02248704 _____ C:\Users\Matt's Services\Downloads\AdwCleaner.exe 2015-08-12 21:56 - 2015-08-12 21:56 - 00899072 _____ (Farbar) C:\Users\Matt's Services\Downloads\FSS.exe 2015-08-12 21:55 - 2015-08-12 21:56 - 02173952 _____ (Farbar) C:\Users\Matt's Services\Downloads\FRST64.exe 2015-08-12 21:54 - 2015-08-12 21:55 - 01677824 _____ (Farbar) C:\Users\Matt's Services\Downloads\FRST.exe 2015-08-11 21:25 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-11 18:36 - 2015-08-11 18:36 - 00002049 _____ C:\Users\UpdatusUser\Desktop\HijackThis.lnk 2015-08-11 18:36 - 2015-08-11 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis 2015-08-08 16:27 - 2015-08-08 16:36 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-08-07 13:35 - 2015-08-07 13:38 - 00000000 ____D C:\Users\Matt's Services\Documents\Casper Fixes 2015-08-07 12:36 - 2015-08-17 15:14 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-07 12:35 - 2015-08-07 12:35 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-08-07 12:35 - 2015-08-07 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-08-07 12:34 - 2015-08-12 22:13 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-08-07 12:34 - 2015-08-07 12:34 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-08-07 12:34 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-08-07 12:34 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-08-07 12:34 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-08-05 23:12 - 2015-08-05 23:12 - 00001298 _____ C:\Users\Matt's Services\Desktop\My Documents.lnk 2015-08-05 23:06 - 2015-08-05 23:13 - 00000000 ____D C:\Users\Matt's Services\Documents\MBAM Hotfixes 2015-08-05 19:13 - 2015-01-14 11:27 - 02894848 _____ C:\Windows\system32\pwNative.exe 2015-08-05 19:13 - 2013-09-30 16:26 - 00015688 ____N C:\Windows\system32\pwdrvio.sys 2015-08-05 19:12 - 2015-08-05 19:28 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Free 9.0 2015-08-05 19:12 - 2013-09-30 16:26 - 00010320 ____N C:\Windows\system32\pwdspio.sys 2015-08-04 02:21 - 2015-08-09 19:22 - 00015452 _____ C:\Windows\PFRO.log 2015-08-03 22:04 - 2015-08-17 14:50 - 01609581 _____ C:\Windows\WindowsUpdate.log 2015-08-03 21:59 - 2015-08-17 14:33 - 00002644 _____ C:\Windows\setupact.log 2015-08-03 21:59 - 2015-08-03 21:59 - 00000000 _____ C:\Windows\setuperr.log 2015-08-03 21:36 - 2015-08-03 21:36 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2015-08-03 21:36 - 2015-08-03 21:36 - 00000000 ____D C:\Users\Matt's Services\AppData\Roaming\BlueSprig 2015-08-03 21:27 - 2015-08-03 21:36 - 00000000 ____D C:\ProgramData\HitmanPro 2015-08-03 21:27 - 2015-08-03 21:27 - 00000000 ____D C:\Program Files\HitmanPro 2015-08-03 21:24 - 2015-08-03 21:56 - 00000600 _____ C:\Users\Matt's Services\AppData\Roaming\winscp.rnd 2015-08-03 20:54 - 2015-08-03 21:56 - 00000000 ____D C:\CSV 2015-08-03 20:52 - 2015-08-03 21:56 - 00000000 ____D C:\remote-service 2015-08-01 14:53 - 2015-06-15 17:47 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-08-01 14:53 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-08-01 14:53 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-08-01 14:53 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2015-08-01 14:53 - 2015-06-15 17:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2015-08-01 14:53 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2015-08-01 14:53 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2015-08-01 14:52 - 2015-06-11 13:57 - 00919552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-08-01 14:52 - 2015-06-11 13:15 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-08-01 14:52 - 2015-06-11 13:15 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2015-08-01 14:51 - 2015-07-04 13:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2015-08-01 14:51 - 2015-06-17 13:39 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-08-01 14:51 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-08-01 14:51 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-08-01 14:51 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-08-01 14:51 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-08-01 14:50 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-17 15:37 - 2010-01-04 14:41 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-17 14:50 - 2009-07-14 00:34 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-08-17 14:50 - 2009-07-14 00:34 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-08-17 14:34 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-17 14:33 - 2010-01-07 17:05 - 00000000 ____D C:\ProgramData\NVIDIA 2015-08-15 21:54 - 2015-05-12 20:27 - 00501520 _____ C:\Users\Matt's Services\Desktop\Ruthie's Money Due.QDF 2015-08-15 21:50 - 2010-04-02 19:38 - 00000000 ____D C:\ProgramData\Apple Computer 2015-08-15 21:48 - 2010-01-05 04:56 - 00000000 ____D C:\Program Files\Common Files\Ulead Systems 2015-08-15 21:46 - 2010-01-05 04:56 - 00000000 ____D C:\ProgramData\Ulead Systems 2015-08-15 20:26 - 2013-02-26 11:52 - 04747264 _____ C:\Users\Matt's Services\Desktop\QDATA1.QDF 2015-08-15 20:25 - 2012-11-10 16:52 - 04747264 _____ C:\QDATA1.QDF-backup 2015-08-15 20:22 - 2013-02-26 11:52 - 00069152 _____ C:\Users\Matt's Services\Desktop\QDATA1OFXLOG.DAT 2015-08-15 04:36 - 2013-07-12 18:22 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-08-15 04:36 - 2013-07-12 18:22 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-08-14 23:41 - 2013-02-26 11:44 - 00000000 ____D C:\Users\Matt's Services\Desktop\BACKUP 2015-08-14 19:24 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache 2015-08-14 18:04 - 2009-07-14 00:33 - 01061416 _____ C:\Windows\system32\FNTCACHE.DAT 2015-08-14 18:00 - 2014-12-10 18:34 - 00000000 ____D C:\Windows\system32\appraiser 2015-08-14 18:00 - 2014-05-06 00:01 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-08-13 16:49 - 2011-06-13 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-08-13 16:48 - 2011-06-13 20:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-08-12 23:38 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Microsoft.NET 2015-08-11 21:33 - 2013-07-24 22:07 - 00000000 ____D C:\Windows\system32\MRT 2015-08-11 21:26 - 2010-01-06 21:50 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-08-09 21:15 - 2009-07-14 00:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-08-09 19:22 - 2012-05-03 16:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-08-05 21:57 - 2015-04-04 16:43 - 00000000 ___SD C:\Windows\system32\GWX 2015-08-05 20:48 - 2014-11-29 16:11 - 00000000 ____D C:\Program Files\AVS4YOU 2015-08-05 19:52 - 2012-05-25 22:31 - 00002198 _____ C:\Windows\epplauncher.mif 2015-08-03 23:11 - 2010-01-05 02:10 - 00296448 _____ C:\Windows\Xenofex.ini 2015-08-03 22:01 - 2009-07-14 03:48 - 00000000 ___RD C:\Users\Public\Recorded TV 2015-08-03 21:53 - 2011-09-19 02:59 - 00000000 ____D C:\Windows\Minidump 2015-08-03 21:38 - 2013-05-13 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain 2015-08-03 21:38 - 2013-05-13 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ophcrack 2015-08-03 21:38 - 2013-05-03 21:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack 2015-08-03 21:38 - 2013-04-20 21:45 - 00000000 ____D C:\Users\Matt's Services\Tracing 2015-08-03 21:38 - 2011-10-18 15:24 - 00000000 ____D C:\Users\Matt's Services\AppData\Roaming\Vso 2015-08-03 21:38 - 2011-10-17 14:18 - 00000000 ____D C:\Users\Matt's Services\AppData\Roaming\Skype 2015-08-03 21:38 - 2010-01-05 08:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anti-Virus 2015-08-03 21:23 - 2010-01-05 22:08 - 00410440 _____ C:\Users\Matt's Services\AppData\Local\GDIPFONTCACHEV1.DAT 2015-08-01 16:45 - 2009-07-14 00:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-08-01 16:30 - 2014-08-25 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX 2015-08-01 16:30 - 2010-07-29 12:19 - 00000000 ____D C:\ProgramData\DivX 2015-08-01 16:30 - 2010-01-05 05:36 - 00000000 ____D C:\Program Files\DivX 2015-08-01 16:30 - 2010-01-05 05:36 - 00000000 ____D C:\Program Files\Common Files\DivX Shared 2015-08-01 16:12 - 2010-01-05 05:06 - 00000000 ____D C:\Users\Matt's Services\AppData\Roaming\Ulead Systems 2015-08-01 15:07 - 2014-10-13 00:09 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-08-01 13:38 - 2010-04-19 22:04 - 00000000 ____D C:\Users\Matt's Services\AppData\Local\Adobe ==================== Files in the root of some directories ======= 2010-07-21 17:33 - 2014-09-01 00:26 - 0000199 _____ () C:\Users\Matt's Services\AppData\Roaming\default.rss 2010-01-05 06:54 - 2012-07-04 16:03 - 0000977 _____ () C:\Users\Matt's Services\AppData\Roaming\DVDSubEdit.ini 2011-10-18 15:24 - 2011-10-18 15:26 - 0087608 _____ () C:\Users\Matt's Services\AppData\Roaming\inst.exe 2011-10-18 15:24 - 2011-10-18 15:26 - 0007887 _____ () C:\Users\Matt's Services\AppData\Roaming\pcouffin.cat 2011-10-18 15:24 - 2011-10-18 15:26 - 0001144 _____ () C:\Users\Matt's Services\AppData\Roaming\pcouffin.inf 2011-10-18 15:25 - 2011-10-18 15:26 - 0000033 _____ () C:\Users\Matt's Services\AppData\Roaming\pcouffin.log 2011-10-18 15:24 - 2011-10-18 15:26 - 0047360 _____ (VSO Software) C:\Users\Matt's Services\AppData\Roaming\pcouffin.sys 2012-03-26 19:58 - 2012-04-23 16:29 - 0039936 _____ () C:\Users\Matt's Services\AppData\Roaming\SharedSettings.ccs 2011-10-18 15:25 - 2011-10-18 15:26 - 0001041 _____ () C:\Users\Matt's Services\AppData\Roaming\vso_ts_preview.xml 2015-08-03 21:24 - 2015-08-03 21:56 - 0000600 _____ () C:\Users\Matt's Services\AppData\Roaming\winscp.rnd 2010-09-22 13:27 - 2012-07-04 16:06 - 0003584 _____ () C:\Users\Matt's Services\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-03-21 18:18 - 2014-03-21 18:18 - 0009662 _____ () C:\Users\Matt's Services\AppData\Local\MessageCenter.ico 2014-03-21 18:18 - 2014-03-21 18:18 - 0009662 _____ () C:\Users\Matt's Services\AppData\Local\MyVerizon.ico 2014-03-21 18:18 - 2014-03-21 18:18 - 0103749 _____ () C:\Users\Matt's Services\AppData\Local\VZWifiIcon.ico Some files in TEMP: ==================== C:\Users\Matt's Services\AppData\Local\temp\HitmanPro.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-13 05:41 ==================== End of log ============================ Addition.txt below; Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-08-2015 Ran by Matt's Services (2015-08-17 15:41:20) Running from C:\Users\Matt's Services\Documents\Malwarebytes anti Malware\FRST-OlderVersion Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1968118532-1448927574-937044247-500 - Administrator - Disabled) Guest (S-1-5-21-1968118532-1448927574-937044247-501 - Limited - Enabled) Matt's Services (S-1-5-21-1968118532-1448927574-937044247-1002 - Administrator - Enabled) => C:\Users\Matt's Services UpdatusUser (S-1-5-21-1968118532-1448927574-937044247-1005 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19480 - Adobe Systems Incorporated) Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.63 - NOS Microsystems Ltd.) Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Reader XI (11.0.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated) Aimersoft Video Converter Pro(Build 4.1.2.0) (HKLM\...\Aimersoft Video Converter Pro_is1) (Version: - Aimersoft Software) AMD Catalyst Install Manager (HKLM\...\{F39BE87B-E80E-AF64-8722-A5BA2FF82997}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}) (Version: 3.0.1.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) aTube Catcher version 3.8 (HKLM\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp) Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.4 - Auslogics Software Pty Ltd) AVG 2011 (Version: 10.0.424 - AVG Technologies) Hidden AVS Audio Converter 7.3 (HKLM\...\AVS Audio Converter_is1) (Version: 7.3.1.535 - Online Media Technologies Ltd.) AVS Audio Editor 7.3 (HKLM\...\AVS Audio Editor_is1) (Version: 7.3.1.493 - Online Media Technologies Ltd.) AVS Disc Creator 5.2 (HKLM\...\AVS Disc Creator_is1) (Version: 5.2.2.532 - Online Media Technologies Ltd.) AVS Document Converter 2.3.2 (HKLM\...\AVS Document Converter_is1) (Version: 2.3.2.233 - Online Media Technologies Ltd.) AVS Image Converter 3.2.1.277 (HKLM\...\AVS Image Converter_is1) (Version: 3.2.1.277 - Online Media Technologies Ltd.) AVS Media Player 4.2.3.106 (HKLM\...\AVS Media Player_is1) (Version: 4.2.3.106 - Online Media Technologies Ltd.) AVS Photo Editor 2.3.1.144 (HKLM\...\AVS Photo Editor_is1) (Version: 2.3.1.144 - Online Media Technologies Ltd.) AVS Registry Cleaner 2.3.4.261 (HKLM\...\AVS Registry Cleaner_is1) (Version: 2.3.4.261 - Online Media Technologies Ltd.) AVS Video Converter 9.0 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: 9.0.1.566 - Online Media Technologies Ltd.) AVS Video Editor 7.0 (HKLM\...\AVS Video Editor_is1) (Version: 7.0.1.258 - Online Media Technologies Ltd.) AVS Video ReMaker 4.3.2.166 (HKLM\...\AVS Video ReMaker_is1) (Version: 4.3.2.166 - Online Media Technologies Ltd.) Belarc Advisor 8.1 (HKLM\...\Belarc Advisor) (Version: - ) Belkin Desktop PCI Card Driver (HKLM\...\{50D47CE8-9C16-42D1-A8D8-B143B22E232A}) (Version: 1.12.0005 - Belkin) Bonjour (HKLM\...\{8A253629-0511-4854-8B4E-46E57E66005C}) (Version: 2.0.1.2 - Apple Inc.) Brother MFL-Pro Suite MFC-495CW (HKLM\...\{0A02D347-5E53-48A5-BC49-1469393103FA}) (Version: 2.0.0.0 - Brother Industries, Ltd.) Cain & Abel v4.9.44 (HKLM\...\Cain & Abel v4.9.44) (Version: - ) Casper 7.0 (HKLM\...\{B28C64A1-22A0-4106-B040-DCD78859AAF3}) (Version: 7.0.2754 - Future Systems Solutions, Inc.) CCleaner (HKLM\...\CCleaner) (Version: 3.00 - Piriform) Chinese Traditional Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-2448-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated) CoffeeCup Shopping Cart Creator (HKLM\...\CoffeeCup Shopping Cart Creator 3.9.4296) (Version: 3.9.4296 - CoffeeCup Software, Inc.) Cool Edit Pro 2.1 (HKLM\...\Cool Edit Pro 2.1) (Version: - ) Corel VideoStudio 12 (HKLM\...\InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}) (Version: 12.0.0.0000 - Corel Corporation) CuteFTP 7 Professional (HKLM\...\{1CCBCF78-EF12-4137-B3CA-99F30A2E7D21}) (Version: 7.20.1000 - GlobalSCAPE) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden dBpoweramp m4a Codec (HKLM\...\dBpoweramp m4a Codec) (Version: Release 14 - Illustrate) Dell Driver Download Manager (HKU\S-1-5-21-1968118532-1448927574-937044247-1002\...\f031ef6ac137efc5) (Version: 2.0.0.0 - Dell Inc.) Dell Driver Download Manager (HKU\S-1-5-21-1968118532-1448927574-937044247-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\f031ef6ac137efc5) (Version: 2.0.0.0 - Dell Inc.) DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.) DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.) DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.) DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC) DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.) dMC Power Pack (HKLM\...\dMC Power Pack) (Version: - ) dMC Sveta Portable Audio (HKLM\...\dMC Sveta Portable Audio) (Version: - ) DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version: - DVD Shrink) DVD Wizard Pro (HKLM\...\DVD Wizard Pro1.0) (Version: 1.0 - 123 DVD Studios) DVD X Rescue (HKLM\...\DVD X Rescue) (Version: 2.1.2 - 321 Studios) EaseUS Partition Master 9.2.1 Home Edition (HKLM\...\EaseUS Partition Master Home Edition_is1) (Version: - EaseUS) Elevated Installer (Version: 4.0.16.0 - Garmin Ltd or its subsidiaries) Hidden Eye Candy 4000 (HKLM\...\Eye Candy 4000) (Version: - ) Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) FairStars Audio Converter 1.90 (HKLM\...\FairStars Audio Converter_is1) (Version: - FairStars Soft) FairStars CD Ripper 1.70 (HKLM\...\FairStars CD Ripper_is1) (Version: - FairStars Soft) ffdshow v1.3.4532 [2014-07-17] (HKLM\...\ffdshow_is1) (Version: 1.3.4532.0 - ) Firesage MBRWizard (HKLM\...\{C8CF2D17-5DBB-46B1-B526-439E902BDA2D}) (Version: 3.0.0 - Firesage) FlipShare (HKLM\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video) FXhome PhotoKey 3 Pro (remove only) (HKLM\...\FXhome PhotoKey 3 Pro) (Version: - ) FXhome VisionLab Studio (remove only) (HKLM\...\FXhome VisionLab Studio) (Version: - ) Garmin Communicator Plugin (HKLM\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM\...\{01b90f4a-c495-47c4-a33b-1391f41398ce}) (Version: 4.0.16.0 - Garmin Ltd or its subsidiaries) Garmin Express (Version: 4.0.16.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (Version: 4.0.16.0 - Garmin Ltd or its subsidiaries) Hidden Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries) Helix Producer Plus 9 (HKLM\...\{4A0BB402-E957-4320-99D1-814322F8D8AD}) (Version: - ) HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro) HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.17.1 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company) IHA_MessageCenter (HKLM\...\{45F447E8-E029-4CA5-B4CD-38820D4CFE5D}) (Version: 1.9.7 - Verizon) ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden ImTOO Download YouTube Video (HKLM\...\ImTOO Download YouTube Video) (Version: 5.6.2.20141119 - ImTOO) Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) JGsoft EditPad Pro 4.5.5 (HKLM\...\EditPad Pro) (Version: - ) JPEG to PDF 1.0 (HKLM\...\{4097ADD8-7890-4CBD-953A-1187EF2C6FA5}_is1) (Version: - jpegtopdf.com) Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Karaoke Anything! (HKLM\...\Karaoke Anything!1.0) (Version: - ) LeechGet 2006 Version 2.0 (HKLM\...\LeechGet 2006_is1) (Version: - LeechGet.net) LightScribe System Software (HKLM\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe) Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Media Player Codec Pack 4.2.7 (HKLM\...\Media Player - Codec Pack) (Version: 4.2.7 - Media Player Codec Pack) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation) Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version: - ) Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Morph Man v.3.1 (HKLM\...\{0408547F-59FE-4789-9F41-46DC4CE9A060}) (Version: - ) Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 39.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 7 Ultra Edition (HKLM\...\{98EFD8F0-08DE-48DB-B922-A2EBAB711033}) (Version: 7.03.1151 - Nero AG) NewBlue Cartoonr for Vegas (HKLM\...\NewBlue Cartoonr for Vegas) (Version: - ) NVIDIA 3D Vision Controller Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.07 - NVIDIA Corporation) NVIDIA 3D Vision Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.07 - NVIDIA Corporation) NVIDIA Graphics Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.07 - NVIDIA Corporation) NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation) ophcrack 3.5.0 (HKLM\...\ophcrack) (Version: 3.5.0 - OS Objectif Sécurité SA) Paint Shop Pro 7 (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.1.0000 - Jasc Software Inc) QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden Quicken 2013 (HKLM\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit) QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Real Alternative 2.0.2 (HKLM\...\RealAlt_is1) (Version: 2.0.2 - ) RealProducer Plus 8.5 (HKLM\...\RealProducer 8.5) (Version: - ) Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: - ) Realtek Ethernet Controller All-In-One Windows Driver (HKLM\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0011 - Realtek) Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.32.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.1.32.0 - Renesas Electronics Corporation) Hidden Seagate DiscWizard (HKLM\...\{8FB2A014-A0B0-42D8-8E18-9AFC6A6E2814}) (Version: 13.0.14382 - Seagate) Sibelius Scorch (Firefox, Opera, Netscape only) (HKLM\...\{10ABE49D-343A-463E-9753-C4C5A05ECEF9}) (Version: 6.2.0 - Sibelius Software) Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation) Skype™ 5.10 (HKLM\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 5.10.116 - Skype Technologies S.A.) SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.5.0 - SmartSound Software Inc) SmartSound Quicktracks Plugin (Version: 3.0.5.0 - SmartSound Software Inc) Hidden Sony DVD Architect Studio 4.5 (HKLM\...\{B7C7A59F-CF70-481E-A94F-7C2563AA5ADD}) (Version: 4.5.107 - Sony) Sony Sound Forge Audio Studio 9.0 (HKLM\...\{20207CCE-A8FA-44A7-AA3D-1E43EB307B27}) (Version: 9.0.232 - Sony) Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited) Symantec Technical Support Web Controls (HKLM\...\{20C53FA2-4307-4671-A93F-9463B29DFCF1}) (Version: 3.5.3 - Symantec Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.21.0 - Synaptics Incorporated) Uninstall DreamSuite Bonus (HKLM\...\DreamSuite Bonus) (Version: - ) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden Vegas Movie Studio Platinum 9.0 (HKLM\...\{97E038E1-41AD-4C93-BCDC-6A2394AEE352}) (Version: 9.0.92 - Sony) VideoStudio (Version: 12.0.0.0000 - Corel Corporation) Hidden WD Drive Manager (x86) (HKLM\...\{666668AC-3B27-413C-92F1-1CD78731357B}) (Version: 2.116 - Western Digital) Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation) Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - ) WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) WinZip (HKLM\...\WinZip) (Version: 9.0 SR-1 (6224) - WinZip Computing, Inc.) Xenofex 1.1 (HKLM\...\Xenofex 1.0) (Version: - ) Xvid Codec 1.1.3 (HKLM\...\Xvid Codec_is1) (Version: - Xvid Development Team) Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) yoostar (HKLM\...\{881F7A8B-D77C-422C-8610-40477480443A}) (Version: 2.0.3249 - Yoostar Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{02172B7A-11D6-42b6-9550-41B281804714}\localserver32 -> C:\Program Files\GlobalSCAPE\CuteFTP 7 Professional\ftpte.exe (GlobalSCAPE Texas, LP.) CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{05716308-1784-4166-942E-0A09F1DE83D1}\localserver32 -> C:\Program Files\Seagate\DiscWizard\aszbrowsehelper.exe (Seagate) CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Matt's Services\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.) CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Matt's Services\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited) CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Matt's Services\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002_Classes\CLSID\{02172B7A-11D6-42b6-9550-41B281804714}\localserver32 -> C:\Program Files\GlobalSCAPE\CuteFTP 7 Professional\ftpte.exe (GlobalSCAPE Texas, LP.) CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002_Classes\CLSID\{05716308-1784-4166-942E-0A09F1DE83D1}\localserver32 -> C:\Program Files\Seagate\DiscWizard\aszbrowsehelper.exe (Seagate) CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Matt's Services\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.) CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Matt's Services\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited) CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Matt's Services\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{02172B7A-11D6-42b6-9550-41B281804714}\localserver32 -> C:\Program Files\GlobalSCAPE\CuteFTP 7 Professional\ftpte.exe (GlobalSCAPE Texas, LP.) CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{05716308-1784-4166-942E-0A09F1DE83D1}\localserver32 -> C:\Program Files\Seagate\DiscWizard\aszbrowsehelper.exe (Seagate) CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll No File CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1061\G2MOutlookAddin.dll No File CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\UpdatusUser\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe No File CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File ==================== Restore Points ========================= 17-08-2015 14:48:38 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:04 - 2015-08-03 20:55 - 00000834 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {24F324DA-E578-465D-863A-E3FE325AB668} - System32\Tasks\Future Systems Solutions\Casper\Casper 7.0 Update Notification Task => C:\Program Files\Future Systems Solutions\Casper 7.0\CASPER.EXE [2012-11-30] (Future Systems Solutions, Inc.) Task: {250CF564-3F31-4D4F-926F-A1CDE8666B26} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser Task: {2D27F9D9-E573-42FE-9A04-7E3F49505A31} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-15] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (Whitelisted) ============== 2012-11-20 00:54 - 2013-02-09 20:35 - 00078624 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2010-04-08 01:05 - 2001-09-07 21:53 - 00100864 _____ () C:\Program Files\WinRAR\rarext.dll 2003-09-04 10:50 - 2003-09-04 10:50 - 00088064 _____ () C:\Program Files\LeechGet 2006\ShellExtension.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\.DEFAULT-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None) HKU\S-1-5-21-1968118532-1448927574-937044247-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Matt's Services\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-1968118532-1448927574-937044247-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Matt's Services\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AVGIDSAgent => 2 MSCONFIG\Services: avgwd => 2 MSCONFIG\Services: FlipShare Service => 2 MSCONFIG\Services: FlipShareServer => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodecPackUpdateChecker.lnk => C:\Windows\pss\CodecPackUpdateChecker.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Find Fast.lnk => C:\Windows\pss\Microsoft Find Fast.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office Shortcut Bar.lnk => C:\Windows\pss\Microsoft Office Shortcut Bar.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Office Startup.lnk => C:\Windows\pss\Office Startup.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Matt's Services^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup MSCONFIG\startupfolder: C:^Users^Matt's Services^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Socialbox.lnk => C:\Windows\pss\Socialbox.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" MSCONFIG\startupreg: BrMfcWnd => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN MSCONFIG\startupreg: ControlCenter3 => C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun MSCONFIG\startupreg: DiscWizardMonitor.exe => "C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe MSCONFIG\startupreg: Facebook Update => "C:\Users\Matt's Services\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe MSCONFIG\startupreg: NUSB3MON => "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Seagate Scheduler2 Service => "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: snp2uvc => C:\Windows\vsnp2uvc.exe MSCONFIG\startupreg: SoundMan => SOUNDMAN.EXE MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe MSCONFIG\startupreg: UVS12 Preload => C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe MSCONFIG\startupreg: WD Drive Manager => C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{399E8673-3132-4FD5-95FA-55299251F5BB}] => (Allow) LPort=50000 FirewallRules: [{018B52C2-DEF6-4660-8CC8-E134FFC7D0D5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{C75D015C-C400-4463-BE7F-BF8D51082F99}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{7857E873-FBC5-49CE-AC5A-091853587C5E}] => (Allow) LPort=50000 ==================== Faulty Device Manager Devices ============= Name: Null Description: Null Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Null Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Patin Couffin engine Description: Patin Couffin engine Class Guid: {ff646f80-8def-11d2-9449-00105a075f6b} Manufacturer: VSO Software Service: Pcouffin Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39) Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. ==================== Event log errors: ========================= Application errors: ================== Error: (08/17/2015 02:48:38 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT). hr = 0x80070539, The security ID structure is invalid. . Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {6c84779d-aa5e-4beb-9028-2383770f5429} Error: (08/16/2015 02:36:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17923, time stamp: 0x55945712 Faulting module name: ntdll.dll, version: 6.1.7601.18933, time stamp: 0x55a69d9f Exception code: 0xc0000005 Fault offset: 0x00032228 Faulting process id: 0x14ec Faulting application start time: 0xGWXUX.exe0 Faulting application path: GWXUX.exe1 Faulting module path: GWXUX.exe2 Report Id: GWXUX.exe3 Error: (08/15/2015 09:50:15 PM) (Source: MsiInstaller) (EventID: 10005) (User: MattsServices) Description: Product: QuickTime -- A newer version of QuickTime is already installed. This installation cannot proceed while the newer version of QuickTime is installed. Error: (08/15/2015 09:42:30 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT). hr = 0x80070539, The security ID structure is invalid. . Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {12708516-539a-431f-85f7-22660bb3c467} Error: (08/15/2015 09:42:27 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT). hr = 0x80070539, The security ID structure is invalid. . Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {12708516-539a-431f-85f7-22660bb3c467} Error: (08/15/2015 09:41:50 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT). hr = 0x80070539, The security ID structure is invalid. . Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {12708516-539a-431f-85f7-22660bb3c467} Error: (08/15/2015 09:41:49 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {c6f4bcde-1bd7-46c5-9843-f305386e5ba1} Error: (08/15/2015 09:41:49 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT). hr = 0x80070539, The security ID structure is invalid. . Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {12708516-539a-431f-85f7-22660bb3c467} Error: (08/15/2015 09:21:38 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT). hr = 0x80070539, The security ID structure is invalid. . Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {31f52819-c1fe-4f6b-a31f-79e435cba4b4} Error: (08/15/2015 09:21:32 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT). hr = 0x80070539, The security ID structure is invalid. . Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {31f52819-c1fe-4f6b-a31f-79e435cba4b4} System errors: ============= Error: (08/17/2015 02:46:33 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for FailureCommand with the following error: %%5 Error: (08/17/2015 02:44:29 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for Start with the following error: %%5 Error: (08/17/2015 02:37:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error: (08/17/2015 02:37:58 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (08/17/2015 02:35:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: ASPI32 invrgg Null Error: (08/17/2015 02:34:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Garmin Device Interaction Service service failed to start due to the following error: %%1053 Error: (08/17/2015 02:34:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect. Error: (08/16/2015 02:59:06 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for FailureCommand with the following error: %%5 Error: (08/16/2015 02:58:06 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for Start with the following error: %%5 Error: (08/16/2015 02:51:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Microsoft Office: ========================= Error: (08/17/2015 02:48:38 PM) (Source: VSS) (EventID: 8193) (User: ) Description: ConvertStringSidToSid(.DEFAULT)0x80070539, The security ID structure is invalid. Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {6c84779d-aa5e-4beb-9028-2383770f5429} Error: (08/16/2015 02:36:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: GWXUX.exe6.3.9600.1792355945712ntdll.dll6.1.7601.1893355a69d9fc00000050003222814ec01d0d8526a95df14C:\Windows\System32\GWX\GWXUX.exeC:\Windows\SYSTEM32\ntdll.dllaa0a64ab-4445-11e5-bffa-001a92252564 Error: (08/15/2015 09:50:15 PM) (Source: MsiInstaller) (EventID: 10005) (User: MattsServices) Description: Product: QuickTime -- A newer version of QuickTime is already installed. This installation cannot proceed while the newer version of QuickTime is installed.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (08/15/2015 09:42:30 PM) (Source: VSS) (EventID: 8193) (User: ) Description: ConvertStringSidToSid(.DEFAULT)0x80070539, The security ID structure is invalid. Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {12708516-539a-431f-85f7-22660bb3c467} Error: (08/15/2015 09:42:27 PM) (Source: VSS) (EventID: 8193) (User: ) Description: ConvertStringSidToSid(.DEFAULT)0x80070539, The security ID structure is invalid. Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {12708516-539a-431f-85f7-22660bb3c467} Error: (08/15/2015 09:41:50 PM) (Source: VSS) (EventID: 8193) (User: ) Description: ConvertStringSidToSid(.DEFAULT)0x80070539, The security ID structure is invalid. Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {12708516-539a-431f-85f7-22660bb3c467} Error: (08/15/2015 09:41:49 PM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005, Access is denied. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {c6f4bcde-1bd7-46c5-9843-f305386e5ba1} Error: (08/15/2015 09:41:49 PM) (Source: VSS) (EventID: 8193) (User: ) Description: ConvertStringSidToSid(.DEFAULT)0x80070539, The security ID structure is invalid. Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {12708516-539a-431f-85f7-22660bb3c467} Error: (08/15/2015 09:21:38 PM) (Source: VSS) (EventID: 8193) (User: ) Description: ConvertStringSidToSid(.DEFAULT)0x80070539, The security ID structure is invalid. Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {31f52819-c1fe-4f6b-a31f-79e435cba4b4} Error: (08/15/2015 09:21:32 PM) (Source: VSS) (EventID: 8193) (User: ) Description: ConvertStringSidToSid(.DEFAULT)0x80070539, The security ID structure is invalid. Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {31f52819-c1fe-4f6b-a31f-79e435cba4b4} ==================== Memory info =========================== Processor: AMD Athlon 64 Processor 3500+ Percentage of memory in use: 60% Total physical RAM: 3518.55 MB Available physical RAM: 1377.39 MB Total Virtual: 7035.42 MB Available Virtual: 4783.06 MB ==================== Drives ================================ Drive c: (Hard Drive) (Fixed) (Total:74.24 GB) (Free:11.51 GB) NTFS Drive d: (Local Disk) (Fixed) (Total:298.08 GB) (Free:106.96 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 23EBA6EF) Partition 1: (Not Active) - (Size=74.2 GB) - (Type=07 NTFS) Partition 2: (Active) - (Size=298 MB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 298.1 GB) (Disk ID: 1A1A0DF8) Partition 1: (Not Active) - (Size=298.1 GB) - (Type=OF Extended) ==================== End of log ============================
  12. Thanks Borislav, I will follow your instructions, this is for PC. If u have 2 drives C system and D data they could both be infected right? Mattmin
  13. This is for PC 2 These files are only for the C: Drives, I also have D: data drives on each pc. Should I install Hijack this on those drives and give you guys those logs as well? the D: drives could have infected files on them or hijackers...Not really Sure... Thanks for all your help! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:37:27 PM, on 8/11/2015 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v11.0 (11.00.9600.17909) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\system32\GWX\GWX.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\explorer.exe C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, enhanced for Bing and MSN R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: IGMONObj Class - {02464DDC-3187-11D8-8004-0020ED227566} - C:\Program Files\iGetter\Integration\IGMON.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\RunOnce: [b Register C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\tray.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\tray.exe" (User 'Default user') O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2006\\Wizard.html O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.1.0.0/GarminAxControl_32.CAB O16 - DPF: PackageCab - http://www.imgag.com/cp/install/AxCtp2.cab O16 - DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} (Image Uploader Control) - http://dealers.carsforsale.com/WebResource.axd?d=cagL7lkRPEDVEh50kjo19oaXrSwMwB3tO4EZqePf6ToaKu0al8cTImjf6oP1qfbnz6FvTlr7N58v2x_m0nXhEqdIe3DTKqMqk10zSa7FUmqnXRxsSB1FozIZrdbVavmvoctSVcE7MmiBLwyObipNf-d7UmBcf9JXG5VZpZUfIZs0Eiap0&t=634481451840000000 O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Casper SmartSense (casperhpb) - Future Systems Solutions, Inc. - C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files\Garmin\Device Interaction Service\GarminService.exe O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe O23 - Service: IHA_MessageCenter - Verizon - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- End of file - 6248 bytes
  14. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:25:38 PM, on 8/11/2015 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\UMonit.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\dllhost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [uMonit] C:\WINDOWS\system32\UMonit.exe O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Casper SmartSense (casperhpb) - Future Systems Solutions, Inc. - C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- End of file - 4179 bytes
  15. Please add select all boxes to your panel that shows the results and also on the ignore panel, this way people can select all the malware or ignore all or select whatever they want to ignore or delete.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.