Jump to content

My 2 PC's have been Hijacked for over 8 years PC1 Help Please!


Recommended Posts

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:25:38 PM, on 8/11/2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\UMonit.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [uMonit] C:\WINDOWS\system32\UMonit.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Casper SmartSense (casperhpb) - Future Systems Solutions, Inc. - C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 4179 bytes
 

Link to post
Share on other sites

This is for PC 2 These files are only for the C: Drives, I also have D: data drives on each pc.

 

Should I install Hijack this on those drives and give you guys those logs as well?  the D: drives could have infected files on them or hijackers...Not really Sure...

 

Thanks for all your help!

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:37:27 PM, on 8/11/2015
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.17909)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\explorer.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, enhanced for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IGMONObj Class - {02464DDC-3187-11D8-8004-0020ED227566} - C:\Program Files\iGetter\Integration\IGMON.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\RunOnce: [b Register C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\tray.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\tray.exe" (User 'Default user')
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.1.0.0/GarminAxControl_32.CAB
O16 - DPF: PackageCab - http://www.imgag.com/cp/install/AxCtp2.cab
O16 - DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} (Image Uploader Control) - http://dealers.carsforsale.com/WebResource.axd?d=cagL7lkRPEDVEh50kjo19oaXrSwMwB3tO4EZqePf6ToaKu0al8cTImjf6oP1qfbnz6FvTlr7N58v2x_m0nXhEqdIe3DTKqMqk10zSa7FUmqnXRxsSB1FozIZrdbVavmvoctSVcE7MmiBLwyObipNf-d7UmBcf9JXG5VZpZUfIZs0Eiap0&t=634481451840000000
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Casper SmartSense (casperhpb) - Future Systems Solutions, Inc. - C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: IHA_MessageCenter - Verizon - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 6248 bytes
 

Link to post
Share on other sites

Hello mattmin! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
You should have one topic per PC, so here I could help you with one of them. Now, please follow the instructions here and then post your log files in a new reply in this topic:

https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/

Link to post
Share on other sites

Borislav, Here are the 2 files created with the Falbar Recovery 2 tool for PC 2;

 

FRST.txt below:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2015
Ran by Matt's Services (administrator) on MATTSSERVICES (17-08-2015 15:38:16)
Running from C:\Users\Matt's Services\Documents\Malwarebytes anti Malware\FRST-OlderVersion
Loaded Profiles: Matt's Services &  (Available Profiles: Matt's Services & UpdatusUser)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgrsx.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Future Systems Solutions, Inc.) C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(WDC) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [uVS12 Preload] => C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe [397456 2008-06-09] (Corel TW Corp.)
HKLM\...\RunOnce: [b Register C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\tray.exe [1010008 2015-04-10] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1968118532-1448927574-937044247-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\tray.exe [1010008 2015-04-10] (Garmin Ltd. or its subsidiaries)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /syncC:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1968118532-1448927574-937044247-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1968118532-1448927574-937044247-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002 -> DefaultScope {1F82DE6F-0F35-44BC-924F-D6FE5DD5E405} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002 -> {09EB195F-BF90-4FDB-98EA-7DF014221FD8} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002 -> {0A1A0E6D-2C13-45E4-A436-9FAFB9490689} URL = hxxp://www.bing.com/search?FORM=UP76DF&PC=UP76&dt=042113&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002 -> {1F82DE6F-0F35-44BC-924F-D6FE5DD5E405} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {1F82DE6F-0F35-44BC-924F-D6FE5DD5E405} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {09EB195F-BF90-4FDB-98EA-7DF014221FD8} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0A1A0E6D-2C13-45E4-A436-9FAFB9490689} URL = hxxp://www.bing.com/search?FORM=UP76DF&PC=UP76&dt=042113&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {1F82DE6F-0F35-44BC-924F-D6FE5DD5E405} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: IGMONObj Class -> {02464DDC-3187-11D8-8004-0020ED227566} -> C:\Program Files\iGetter\Integration\IGMON.dll [2009-11-09] (Presenta Ltd.)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-06] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-06] (Oracle Corporation)
DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} hxxp://dealers.carsforsale.com/WebResource.axd?d=cagL7lkRPEDVEh50kjo19oaXrSwMwB3tO4EZqePf6ToaKu0al8cTImjf6oP1qfbnz6FvTlr7N58v2x_m0nXhEqdIe3DTKqMqk10zSa7FUmqnXRxsSB1FozIZrdbVavmvoctSVcE7MmiBLwyObipNf-d7UmBcf9JXG5VZpZUfIZs0Eiap0&t=634481451840000000
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll [2009-12-24] (Belarc, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-04-08] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B6638127-D991-40AB-89C8-B0F581C94D40}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Matt's Services\AppData\Roaming\Mozilla\Firefox\Profiles\on2nu21w.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-15] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-06] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-02-09] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-02-09] (NVIDIA Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1968118532-1448927574-937044247-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Matt's Services\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1968118532-1448927574-937044247-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Matt's Services\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-12-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-12-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-12-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-12-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-12-17] (Apple Inc.)
FF SearchPlugin: C:\Users\Matt's Services\AppData\Roaming\Mozilla\Firefox\Profiles\on2nu21w.default\searchplugins\bigseekpro.xml [2010-09-07]
FF Extension: Default Manager - C:\Users\Matt's Services\AppData\Roaming\Mozilla\Firefox\Profiles\on2nu21w.default\Extensions\DefaultManager@Microsoft [2013-05-03]
FF Extension: Block site - C:\Users\Matt's Services\AppData\Roaming\Mozilla\Firefox\Profiles\on2nu21w.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-05-28]
FF Extension: Pin It Button - C:\Users\Matt's Services\AppData\Roaming\Mozilla\Firefox\Profiles\on2nu21w.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2014-12-21]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-08-08]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-08-08]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-05-31]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-08-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 casperhpb; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE [368944 2012-11-30] (Future Systems Solutions, Inc.)
S4 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
S4 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
S2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [708104 2015-04-10] (Garmin Ltd. or its subsidiaries)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2015-01-27] (Verizon) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S4 SgtSch2Svc; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [845808 2011-04-29] (Seagate)
S3 Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.)
R2 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [102400 2012-05-01] (WDC) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 AVGIDSAgent; "C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [X]
S4 avgwd; "C:\Program Files\AVG\AVG10\avgwdsvc.exe" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation)
R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R0 amacpi; C:\Windows\System32\DRIVERS\null.sys [4608 2009-07-13] (Microsoft Corporation)
S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [123472 2010-08-19] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [25680 2010-09-13] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [30288 2010-08-19] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [21072 2010-08-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [249424 2010-09-07] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34384 2010-09-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [26064 2010-09-07] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [298448 2010-09-07] (AVG Technologies CZ, s.r.o.)
R2 CDRPDACC; C:\Program Files\321Studios\Shared\CDRPDACC.SYS [5273 2003-10-28] (Arrowkey) [File not signed]
R1 ElRawDisk; C:\Windows\system32\drivers\elrawdsk.sys [20560 2007-03-22] (EldoS Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14920 2012-12-21] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9160 2012-12-21] () [File not signed]
R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [128016 2009-06-15] (Kaspersky Lab)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-08-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [75776 2012-03-15] (Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [168960 2012-03-15] (Renesas Electronics Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3482240 2009-08-05] ()
S3 TucbAudio; C:\Windows\System32\drivers\TucbAudio.sys [23096 2010-02-18] (Windows ® Codename Longhorn DDK provider)
R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [125472 2012-04-27] (Acronis)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [83392 2012-04-27] (Acronis)
S1 ASPI32; no ImagePath
S3 catchme; \??\C:\Users\MATT'S~1\AppData\Local\Temp\catchme.sys [X]
S0 invrgg; System32\drivers\fygprsc.sys [X]
S3 LVRS; system32\DRIVERS\lvrs.sys [X]
S3 LVUVC; system32\DRIVERS\lvuvc.sys [X]
S3 Pcouffin; System32\Drivers\Pcouffin.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-17 15:33 - 2015-08-17 15:37 - 00000000 ____D C:\Users\Matt's Services\Documents\Malwarebytes anti Malware
2015-08-17 15:30 - 2015-08-17 15:38 - 00000000 ____D C:\FRST
2015-08-17 15:27 - 2015-08-17 15:27 - 00000000 ____D C:\Users\Matt's Services\Documents\MBAM Reports PC2
2015-08-15 21:49 - 2015-08-15 21:52 - 00001307 _____ C:\Users\Public\Desktop\Corel VideoStudio 12.lnk
2015-08-15 21:49 - 2015-08-15 21:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel VideoStudio 12
2015-08-15 21:46 - 2015-08-15 21:46 - 00000000 ____D C:\Program Files\Corel
2015-08-15 21:08 - 2015-08-15 21:28 - 00000092 _____ C:\Windows\system32\Install.log
2015-08-15 20:08 - 2015-08-15 20:08 - 00000000 ____D C:\Users\Matt's Services\AppData\Local\Garmin_Ltd._or_its_subsid
2015-08-15 04:36 - 2015-08-17 15:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-13 16:40 - 2015-08-13 16:40 - 00000000 ____D C:\Users\Matt's Services\Documents\MBAM AVAST EXCLUSIONS
2015-08-13 16:24 - 2015-07-28 16:04 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-13 16:24 - 2015-07-28 16:00 - 00952832 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-13 16:24 - 2015-07-28 16:00 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-13 16:24 - 2015-07-28 16:00 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-13 16:24 - 2015-07-28 16:00 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-13 16:24 - 2015-07-28 16:00 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-13 16:24 - 2015-07-28 16:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-13 16:24 - 2015-07-28 15:54 - 00934400 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-13 16:24 - 2015-07-10 13:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-13 16:24 - 2015-07-10 13:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-13 16:24 - 2015-07-10 13:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-13 16:23 - 2015-07-20 13:56 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-13 16:23 - 2015-07-20 13:56 - 02061312 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-13 16:23 - 2015-07-20 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-13 16:23 - 2015-07-20 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-13 16:23 - 2015-07-20 13:56 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-13 16:23 - 2015-07-20 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-13 16:23 - 2015-07-20 13:56 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-13 16:23 - 2015-07-20 13:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-13 16:23 - 2015-07-20 13:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-13 16:23 - 2015-07-20 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-13 16:23 - 2015-07-20 13:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-13 16:22 - 2015-07-15 13:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-13 16:22 - 2015-07-15 13:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-13 16:22 - 2015-07-15 13:59 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-13 16:22 - 2015-07-15 13:59 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-13 16:22 - 2015-07-15 13:59 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-13 16:22 - 2015-07-15 13:56 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-13 16:22 - 2015-07-15 13:55 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-13 16:22 - 2015-07-15 13:55 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-13 16:22 - 2015-07-15 13:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-13 16:22 - 2015-07-15 13:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-13 16:22 - 2015-07-15 13:55 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-13 16:22 - 2015-07-15 13:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-13 16:22 - 2015-07-15 13:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-13 16:22 - 2015-07-15 13:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-13 16:22 - 2015-07-15 13:55 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-13 16:22 - 2015-07-15 13:54 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-13 16:22 - 2015-07-15 13:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-13 16:22 - 2015-07-15 13:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-13 16:22 - 2015-07-15 13:54 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-13 16:22 - 2015-07-15 13:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-13 16:22 - 2015-07-15 13:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-13 16:22 - 2015-07-15 13:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-13 16:22 - 2015-07-15 13:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-13 16:22 - 2015-07-15 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-13 16:22 - 2015-07-15 13:54 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-13 16:22 - 2015-07-15 13:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-13 16:22 - 2015-07-15 13:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-13 16:22 - 2015-07-15 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-13 16:22 - 2015-07-15 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-13 16:22 - 2015-07-15 13:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-13 16:22 - 2015-07-15 13:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-13 16:22 - 2015-07-15 13:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-13 16:22 - 2015-07-15 12:36 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-13 16:22 - 2015-07-15 12:36 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-13 16:22 - 2015-07-15 12:36 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-13 16:22 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-13 16:22 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-13 16:22 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-13 16:22 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-13 16:21 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-13 16:21 - 2015-07-30 13:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-13 16:21 - 2015-07-30 13:57 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-13 16:21 - 2015-07-30 13:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-13 16:21 - 2015-07-30 13:57 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-13 16:21 - 2015-07-30 13:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-13 16:21 - 2015-07-30 13:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-13 16:21 - 2015-07-30 12:52 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-13 16:21 - 2015-07-30 12:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-13 16:21 - 2015-07-14 22:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-13 16:21 - 2015-07-14 22:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-13 16:21 - 2015-07-14 22:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-13 16:21 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-13 16:21 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-13 15:35 - 2015-07-20 20:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-13 15:35 - 2015-07-16 16:20 - 19870208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-13 15:35 - 2015-07-16 16:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-13 15:35 - 2015-07-16 16:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-13 15:35 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-13 15:35 - 2015-07-16 15:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-13 15:35 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-13 15:35 - 2015-07-16 15:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-13 15:35 - 2015-07-16 15:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-13 15:35 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-13 15:35 - 2015-07-16 15:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-13 15:35 - 2015-07-16 15:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-13 15:35 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-13 15:35 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-13 15:35 - 2015-07-16 15:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-13 15:35 - 2015-07-16 15:39 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-13 15:35 - 2015-07-16 15:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-13 15:35 - 2015-07-16 15:32 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-13 15:35 - 2015-07-16 15:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-13 15:35 - 2015-07-16 15:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-13 15:35 - 2015-07-16 15:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-13 15:35 - 2015-07-16 15:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-13 15:35 - 2015-07-16 15:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-13 15:35 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-13 15:35 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-13 15:35 - 2015-07-16 15:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-13 15:35 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-13 15:35 - 2015-07-16 15:06 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-13 15:35 - 2015-07-16 15:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-13 15:35 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-13 15:35 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-13 15:35 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-13 15:32 - 2015-07-10 13:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-13 15:32 - 2015-05-09 14:09 - 00715200 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-13 04:41 - 2015-08-13 04:41 - 01677824 _____ (Farbar) C:\Users\Matt's Services\Downloads\FRST(1).exe
2015-08-12 21:58 - 2015-08-12 21:59 - 01791580 _____ (Malwarebytes Corporation) C:\Users\Matt's Services\Downloads\JRT.exe
2015-08-12 21:56 - 2015-08-12 21:56 - 02248704 _____ C:\Users\Matt's Services\Downloads\AdwCleaner.exe
2015-08-12 21:56 - 2015-08-12 21:56 - 00899072 _____ (Farbar) C:\Users\Matt's Services\Downloads\FSS.exe
2015-08-12 21:55 - 2015-08-12 21:56 - 02173952 _____ (Farbar) C:\Users\Matt's Services\Downloads\FRST64.exe
2015-08-12 21:54 - 2015-08-12 21:55 - 01677824 _____ (Farbar) C:\Users\Matt's Services\Downloads\FRST.exe
2015-08-11 21:25 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 18:36 - 2015-08-11 18:36 - 00002049 _____ C:\Users\UpdatusUser\Desktop\HijackThis.lnk
2015-08-11 18:36 - 2015-08-11 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
2015-08-08 16:27 - 2015-08-08 16:36 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-07 13:35 - 2015-08-07 13:38 - 00000000 ____D C:\Users\Matt's Services\Documents\Casper Fixes
2015-08-07 12:36 - 2015-08-17 15:14 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-07 12:35 - 2015-08-07 12:35 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-07 12:35 - 2015-08-07 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-07 12:34 - 2015-08-12 22:13 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-07 12:34 - 2015-08-07 12:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-07 12:34 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-07 12:34 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-07 12:34 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-05 23:12 - 2015-08-05 23:12 - 00001298 _____ C:\Users\Matt's Services\Desktop\My Documents.lnk
2015-08-05 23:06 - 2015-08-05 23:13 - 00000000 ____D C:\Users\Matt's Services\Documents\MBAM Hotfixes
2015-08-05 19:13 - 2015-01-14 11:27 - 02894848 _____ C:\Windows\system32\pwNative.exe
2015-08-05 19:13 - 2013-09-30 16:26 - 00015688 ____N C:\Windows\system32\pwdrvio.sys
2015-08-05 19:12 - 2015-08-05 19:28 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Free 9.0
2015-08-05 19:12 - 2013-09-30 16:26 - 00010320 ____N C:\Windows\system32\pwdspio.sys
2015-08-04 02:21 - 2015-08-09 19:22 - 00015452 _____ C:\Windows\PFRO.log
2015-08-03 22:04 - 2015-08-17 14:50 - 01609581 _____ C:\Windows\WindowsUpdate.log
2015-08-03 21:59 - 2015-08-17 14:33 - 00002644 _____ C:\Windows\setupact.log
2015-08-03 21:59 - 2015-08-03 21:59 - 00000000 _____ C:\Windows\setuperr.log
2015-08-03 21:36 - 2015-08-03 21:36 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-08-03 21:36 - 2015-08-03 21:36 - 00000000 ____D C:\Users\Matt's Services\AppData\Roaming\BlueSprig
2015-08-03 21:27 - 2015-08-03 21:36 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-03 21:27 - 2015-08-03 21:27 - 00000000 ____D C:\Program Files\HitmanPro
2015-08-03 21:24 - 2015-08-03 21:56 - 00000600 _____ C:\Users\Matt's Services\AppData\Roaming\winscp.rnd
2015-08-03 20:54 - 2015-08-03 21:56 - 00000000 ____D C:\CSV
2015-08-03 20:52 - 2015-08-03 21:56 - 00000000 ____D C:\remote-service
2015-08-01 14:53 - 2015-06-15 17:47 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-08-01 14:53 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-08-01 14:53 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-08-01 14:53 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-08-01 14:53 - 2015-06-15 17:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-08-01 14:53 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-08-01 14:53 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-08-01 14:52 - 2015-06-11 13:57 - 00919552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-08-01 14:52 - 2015-06-11 13:15 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-08-01 14:52 - 2015-06-11 13:15 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-08-01 14:51 - 2015-07-04 13:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-08-01 14:51 - 2015-06-17 13:39 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-08-01 14:51 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-08-01 14:51 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-08-01 14:51 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-08-01 14:51 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-08-01 14:50 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-17 15:37 - 2010-01-04 14:41 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-17 14:50 - 2009-07-14 00:34 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-17 14:50 - 2009-07-14 00:34 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-17 14:34 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-17 14:33 - 2010-01-07 17:05 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-15 21:54 - 2015-05-12 20:27 - 00501520 _____ C:\Users\Matt's Services\Desktop\Ruthie's Money Due.QDF
2015-08-15 21:50 - 2010-04-02 19:38 - 00000000 ____D C:\ProgramData\Apple Computer
2015-08-15 21:48 - 2010-01-05 04:56 - 00000000 ____D C:\Program Files\Common Files\Ulead Systems
2015-08-15 21:46 - 2010-01-05 04:56 - 00000000 ____D C:\ProgramData\Ulead Systems
2015-08-15 20:26 - 2013-02-26 11:52 - 04747264 _____ C:\Users\Matt's Services\Desktop\QDATA1.QDF
2015-08-15 20:25 - 2012-11-10 16:52 - 04747264 _____ C:\QDATA1.QDF-backup
2015-08-15 20:22 - 2013-02-26 11:52 - 00069152 _____ C:\Users\Matt's Services\Desktop\QDATA1OFXLOG.DAT
2015-08-15 04:36 - 2013-07-12 18:22 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-15 04:36 - 2013-07-12 18:22 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-14 23:41 - 2013-02-26 11:44 - 00000000 ____D C:\Users\Matt's Services\Desktop\BACKUP
2015-08-14 19:24 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2015-08-14 18:04 - 2009-07-14 00:33 - 01061416 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-14 18:00 - 2014-12-10 18:34 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-14 18:00 - 2014-05-06 00:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-13 16:49 - 2011-06-13 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 16:48 - 2011-06-13 20:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 23:38 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-11 21:33 - 2013-07-24 22:07 - 00000000 ____D C:\Windows\system32\MRT
2015-08-11 21:26 - 2010-01-06 21:50 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-09 21:15 - 2009-07-14 00:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-09 19:22 - 2012-05-03 16:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-05 21:57 - 2015-04-04 16:43 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-05 20:48 - 2014-11-29 16:11 - 00000000 ____D C:\Program Files\AVS4YOU
2015-08-05 19:52 - 2012-05-25 22:31 - 00002198 _____ C:\Windows\epplauncher.mif
2015-08-03 23:11 - 2010-01-05 02:10 - 00296448 _____ C:\Windows\Xenofex.ini
2015-08-03 22:01 - 2009-07-14 03:48 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-08-03 21:53 - 2011-09-19 02:59 - 00000000 ____D C:\Windows\Minidump
2015-08-03 21:38 - 2013-05-13 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
2015-08-03 21:38 - 2013-05-13 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ophcrack
2015-08-03 21:38 - 2013-05-03 21:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack
2015-08-03 21:38 - 2013-04-20 21:45 - 00000000 ____D C:\Users\Matt's Services\Tracing
2015-08-03 21:38 - 2011-10-18 15:24 - 00000000 ____D C:\Users\Matt's Services\AppData\Roaming\Vso
2015-08-03 21:38 - 2011-10-17 14:18 - 00000000 ____D C:\Users\Matt's Services\AppData\Roaming\Skype
2015-08-03 21:38 - 2010-01-05 08:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anti-Virus
2015-08-03 21:23 - 2010-01-05 22:08 - 00410440 _____ C:\Users\Matt's Services\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-01 16:45 - 2009-07-14 00:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-01 16:30 - 2014-08-25 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-08-01 16:30 - 2010-07-29 12:19 - 00000000 ____D C:\ProgramData\DivX
2015-08-01 16:30 - 2010-01-05 05:36 - 00000000 ____D C:\Program Files\DivX
2015-08-01 16:30 - 2010-01-05 05:36 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2015-08-01 16:12 - 2010-01-05 05:06 - 00000000 ____D C:\Users\Matt's Services\AppData\Roaming\Ulead Systems
2015-08-01 15:07 - 2014-10-13 00:09 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-08-01 13:38 - 2010-04-19 22:04 - 00000000 ____D C:\Users\Matt's Services\AppData\Local\Adobe

==================== Files in the root of some directories =======

2010-07-21 17:33 - 2014-09-01 00:26 - 0000199 _____ () C:\Users\Matt's Services\AppData\Roaming\default.rss
2010-01-05 06:54 - 2012-07-04 16:03 - 0000977 _____ () C:\Users\Matt's Services\AppData\Roaming\DVDSubEdit.ini
2011-10-18 15:24 - 2011-10-18 15:26 - 0087608 _____ () C:\Users\Matt's Services\AppData\Roaming\inst.exe
2011-10-18 15:24 - 2011-10-18 15:26 - 0007887 _____ () C:\Users\Matt's Services\AppData\Roaming\pcouffin.cat
2011-10-18 15:24 - 2011-10-18 15:26 - 0001144 _____ () C:\Users\Matt's Services\AppData\Roaming\pcouffin.inf
2011-10-18 15:25 - 2011-10-18 15:26 - 0000033 _____ () C:\Users\Matt's Services\AppData\Roaming\pcouffin.log
2011-10-18 15:24 - 2011-10-18 15:26 - 0047360 _____ (VSO Software) C:\Users\Matt's Services\AppData\Roaming\pcouffin.sys
2012-03-26 19:58 - 2012-04-23 16:29 - 0039936 _____ () C:\Users\Matt's Services\AppData\Roaming\SharedSettings.ccs
2011-10-18 15:25 - 2011-10-18 15:26 - 0001041 _____ () C:\Users\Matt's Services\AppData\Roaming\vso_ts_preview.xml
2015-08-03 21:24 - 2015-08-03 21:56 - 0000600 _____ () C:\Users\Matt's Services\AppData\Roaming\winscp.rnd
2010-09-22 13:27 - 2012-07-04 16:06 - 0003584 _____ () C:\Users\Matt's Services\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-21 18:18 - 2014-03-21 18:18 - 0009662 _____ () C:\Users\Matt's Services\AppData\Local\MessageCenter.ico
2014-03-21 18:18 - 2014-03-21 18:18 - 0009662 _____ () C:\Users\Matt's Services\AppData\Local\MyVerizon.ico
2014-03-21 18:18 - 2014-03-21 18:18 - 0103749 _____ () C:\Users\Matt's Services\AppData\Local\VZWifiIcon.ico

Some files in TEMP:
====================
C:\Users\Matt's Services\AppData\Local\temp\HitmanPro.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-13 05:41

==================== End of log ============================

 

Addition.txt below;

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-08-2015
Ran by Matt's Services (2015-08-17 15:41:20)
Running from C:\Users\Matt's Services\Documents\Malwarebytes anti Malware\FRST-OlderVersion
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1968118532-1448927574-937044247-500 - Administrator - Disabled)
Guest (S-1-5-21-1968118532-1448927574-937044247-501 - Limited - Enabled)
Matt's Services (S-1-5-21-1968118532-1448927574-937044247-1002 - Administrator - Enabled) => C:\Users\Matt's Services
UpdatusUser (S-1-5-21-1968118532-1448927574-937044247-1005 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19480 - Adobe Systems Incorporated)
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.63 - NOS Microsystems Ltd.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Aimersoft Video Converter Pro(Build 4.1.2.0) (HKLM\...\Aimersoft Video Converter Pro_is1) (Version:  - Aimersoft Software)
AMD Catalyst Install Manager (HKLM\...\{F39BE87B-E80E-AF64-8722-A5BA2FF82997}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}) (Version: 3.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
aTube Catcher version 3.8 (HKLM\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.4 - Auslogics Software Pty Ltd)
AVG 2011 (Version: 10.0.424 - AVG Technologies) Hidden
AVS Audio Converter 7.3 (HKLM\...\AVS Audio Converter_is1) (Version: 7.3.1.535 - Online Media Technologies Ltd.)
AVS Audio Editor 7.3 (HKLM\...\AVS Audio Editor_is1) (Version: 7.3.1.493 - Online Media Technologies Ltd.)
AVS Disc Creator 5.2 (HKLM\...\AVS Disc Creator_is1) (Version: 5.2.2.532 - Online Media Technologies Ltd.)
AVS Document Converter 2.3.2 (HKLM\...\AVS Document Converter_is1) (Version: 2.3.2.233 - Online Media Technologies Ltd.)
AVS Image Converter 3.2.1.277 (HKLM\...\AVS Image Converter_is1) (Version: 3.2.1.277 - Online Media Technologies Ltd.)
AVS Media Player 4.2.3.106 (HKLM\...\AVS Media Player_is1) (Version: 4.2.3.106 - Online Media Technologies Ltd.)
AVS Photo Editor 2.3.1.144 (HKLM\...\AVS Photo Editor_is1) (Version: 2.3.1.144 - Online Media Technologies Ltd.)
AVS Registry Cleaner 2.3.4.261 (HKLM\...\AVS Registry Cleaner_is1) (Version: 2.3.4.261 - Online Media Technologies Ltd.)
AVS Video Converter 9.0 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: 9.0.1.566 - Online Media Technologies Ltd.)
AVS Video Editor 7.0 (HKLM\...\AVS Video Editor_is1) (Version: 7.0.1.258 - Online Media Technologies Ltd.)
AVS Video ReMaker 4.3.2.166 (HKLM\...\AVS Video ReMaker_is1) (Version: 4.3.2.166 - Online Media Technologies Ltd.)
Belarc Advisor 8.1 (HKLM\...\Belarc Advisor) (Version:  - )
Belkin Desktop PCI Card Driver (HKLM\...\{50D47CE8-9C16-42D1-A8D8-B143B22E232A}) (Version: 1.12.0005 - Belkin)
Bonjour (HKLM\...\{8A253629-0511-4854-8B4E-46E57E66005C}) (Version: 2.0.1.2 - Apple Inc.)
Brother MFL-Pro Suite MFC-495CW (HKLM\...\{0A02D347-5E53-48A5-BC49-1469393103FA}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Cain & Abel v4.9.44 (HKLM\...\Cain & Abel v4.9.44) (Version:  - )
Casper 7.0 (HKLM\...\{B28C64A1-22A0-4106-B040-DCD78859AAF3}) (Version: 7.0.2754 - Future Systems Solutions, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.00 - Piriform)
Chinese Traditional Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-2448-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
CoffeeCup Shopping Cart Creator (HKLM\...\CoffeeCup Shopping Cart Creator 3.9.4296) (Version: 3.9.4296 - CoffeeCup Software, Inc.)
Cool Edit Pro 2.1 (HKLM\...\Cool Edit Pro 2.1) (Version:  - )
Corel VideoStudio 12 (HKLM\...\InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}) (Version: 12.0.0.0000 - Corel Corporation)
CuteFTP 7 Professional (HKLM\...\{1CCBCF78-EF12-4137-B3CA-99F30A2E7D21}) (Version: 7.20.1000 - GlobalSCAPE)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
dBpoweramp m4a Codec (HKLM\...\dBpoweramp m4a Codec) (Version: Release 14 - Illustrate)
Dell Driver Download Manager (HKU\S-1-5-21-1968118532-1448927574-937044247-1002\...\f031ef6ac137efc5) (Version: 2.0.0.0 - Dell Inc.)
Dell Driver Download Manager (HKU\S-1-5-21-1968118532-1448927574-937044247-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\f031ef6ac137efc5) (Version: 2.0.0.0 - Dell Inc.)
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
dMC Power Pack (HKLM\...\dMC Power Pack) (Version:  - )
dMC Sveta Portable Audio (HKLM\...\dMC Sveta Portable Audio) (Version:  - )
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVD Wizard Pro (HKLM\...\DVD Wizard Pro1.0) (Version: 1.0 - 123 DVD Studios)
DVD X Rescue (HKLM\...\DVD X Rescue) (Version: 2.1.2 - 321 Studios)
EaseUS Partition Master 9.2.1 Home Edition (HKLM\...\EaseUS Partition Master Home Edition_is1) (Version:  - EaseUS)
Elevated Installer (Version: 4.0.16.0 - Garmin Ltd or its subsidiaries) Hidden
Eye Candy 4000 (HKLM\...\Eye Candy 4000) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FairStars Audio Converter 1.90 (HKLM\...\FairStars Audio Converter_is1) (Version:  - FairStars Soft)
FairStars CD Ripper 1.70 (HKLM\...\FairStars CD Ripper_is1) (Version:  - FairStars Soft)
ffdshow v1.3.4532 [2014-07-17] (HKLM\...\ffdshow_is1) (Version: 1.3.4532.0 - )
Firesage MBRWizard (HKLM\...\{C8CF2D17-5DBB-46B1-B526-439E902BDA2D}) (Version: 3.0.0 - Firesage)
FlipShare (HKLM\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)
FXhome PhotoKey 3 Pro (remove only) (HKLM\...\FXhome PhotoKey 3 Pro) (Version:  - )
FXhome VisionLab Studio (remove only) (HKLM\...\FXhome VisionLab Studio) (Version:  - )
Garmin Communicator Plugin (HKLM\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{01b90f4a-c495-47c4-a33b-1391f41398ce}) (Version: 4.0.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 4.0.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 4.0.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Helix Producer Plus 9 (HKLM\...\{4A0BB402-E957-4320-99D1-814322F8D8AD}) (Version:  - )
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.17.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company)
IHA_MessageCenter (HKLM\...\{45F447E8-E029-4CA5-B4CD-38820D4CFE5D}) (Version: 1.9.7 - Verizon)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
ImTOO Download YouTube Video (HKLM\...\ImTOO Download YouTube Video) (Version: 5.6.2.20141119 - ImTOO)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JGsoft EditPad Pro 4.5.5 (HKLM\...\EditPad Pro) (Version:  - )
JPEG to PDF 1.0 (HKLM\...\{4097ADD8-7890-4CBD-953A-1187EF2C6FA5}_is1) (Version:  - jpegtopdf.com)
Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Karaoke Anything! (HKLM\...\Karaoke Anything!1.0) (Version:  - )
LeechGet 2006 Version 2.0 (HKLM\...\LeechGet 2006_is1) (Version:  - LeechGet.net)
LightScribe System Software (HKLM\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Media Player Codec Pack 4.2.7 (HKLM\...\Media Player - Codec Pack) (Version: 4.2.7 - Media Player Codec Pack)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version:  - )
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Morph Man v.3.1 (HKLM\...\{0408547F-59FE-4789-9F41-46DC4CE9A060}) (Version:  - )
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM\...\{98EFD8F0-08DE-48DB-B922-A2EBAB711033}) (Version: 7.03.1151 - Nero AG)
NewBlue Cartoonr for Vegas (HKLM\...\NewBlue Cartoonr for Vegas) (Version:  - )
NVIDIA 3D Vision Controller Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.07 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.07 - NVIDIA Corporation)
NVIDIA Graphics Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.07 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
ophcrack 3.5.0 (HKLM\...\ophcrack) (Version: 3.5.0 - OS Objectif Sécurité SA)
Paint Shop Pro 7 (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.1.0000 - Jasc Software Inc)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
Quicken 2013 (HKLM\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Real Alternative 2.0.2 (HKLM\...\RealAlt_is1) (Version: 2.0.2 - )
RealProducer Plus 8.5 (HKLM\...\RealProducer 8.5) (Version:  - )
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version:  - )
Realtek Ethernet Controller All-In-One Windows Driver (HKLM\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0011 - Realtek)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.1.32.0 - Renesas Electronics Corporation) Hidden
Seagate DiscWizard (HKLM\...\{8FB2A014-A0B0-42D8-8E18-9AFC6A6E2814}) (Version: 13.0.14382 - Seagate)
Sibelius Scorch (Firefox, Opera, Netscape only) (HKLM\...\{10ABE49D-343A-463E-9753-C4C5A05ECEF9}) (Version: 6.2.0 - Sibelius Software)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 5.10 (HKLM\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 5.10.116 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.5.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.5.0 - SmartSound Software Inc) Hidden
Sony DVD Architect Studio 4.5 (HKLM\...\{B7C7A59F-CF70-481E-A94F-7C2563AA5ADD}) (Version: 4.5.107 - Sony)
Sony Sound Forge Audio Studio 9.0 (HKLM\...\{20207CCE-A8FA-44A7-AA3D-1E43EB307B27}) (Version: 9.0.232 - Sony)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Symantec Technical Support Web Controls (HKLM\...\{20C53FA2-4307-4671-A93F-9463B29DFCF1}) (Version: 3.5.3 - Symantec Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.21.0 - Synaptics Incorporated)
Uninstall DreamSuite Bonus (HKLM\...\DreamSuite Bonus) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Vegas Movie Studio Platinum 9.0 (HKLM\...\{97E038E1-41AD-4C93-BCDC-6A2394AEE352}) (Version: 9.0.92 - Sony)
VideoStudio (Version: 12.0.0.0000 - Corel Corporation) Hidden
WD Drive Manager (x86) (HKLM\...\{666668AC-3B27-413C-92F1-1CD78731357B}) (Version: 2.116 - Western Digital)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinZip (HKLM\...\WinZip) (Version:  9.0 SR-1 (6224) - WinZip Computing, Inc.)
Xenofex 1.1 (HKLM\...\Xenofex 1.0) (Version:  - )
Xvid Codec 1.1.3 (HKLM\...\Xvid Codec_is1) (Version:  - Xvid Development Team)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
yoostar (HKLM\...\{881F7A8B-D77C-422C-8610-40477480443A}) (Version: 2.0.3249 - Yoostar Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{02172B7A-11D6-42b6-9550-41B281804714}\localserver32 -> C:\Program Files\GlobalSCAPE\CuteFTP 7 Professional\ftpte.exe (GlobalSCAPE Texas, LP.)
CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{05716308-1784-4166-942E-0A09F1DE83D1}\localserver32 -> C:\Program Files\Seagate\DiscWizard\aszbrowsehelper.exe (Seagate)
CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Matt's Services\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Matt's Services\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Matt's Services\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002_Classes\CLSID\{02172B7A-11D6-42b6-9550-41B281804714}\localserver32 -> C:\Program Files\GlobalSCAPE\CuteFTP 7 Professional\ftpte.exe (GlobalSCAPE Texas, LP.)
CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002_Classes\CLSID\{05716308-1784-4166-942E-0A09F1DE83D1}\localserver32 -> C:\Program Files\Seagate\DiscWizard\aszbrowsehelper.exe (Seagate)
CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Matt's Services\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Matt's Services\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Matt's Services\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{02172B7A-11D6-42b6-9550-41B281804714}\localserver32 -> C:\Program Files\GlobalSCAPE\CuteFTP 7 Professional\ftpte.exe (GlobalSCAPE Texas, LP.)
CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{05716308-1784-4166-942E-0A09F1DE83D1}\localserver32 -> C:\Program Files\Seagate\DiscWizard\aszbrowsehelper.exe (Seagate)
CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1061\G2MOutlookAddin.dll No File
CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\UpdatusUser\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe No File
CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File

==================== Restore Points =========================

17-08-2015 14:48:38 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2015-08-03 20:55 - 00000834 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {24F324DA-E578-465D-863A-E3FE325AB668} - System32\Tasks\Future Systems Solutions\Casper\Casper 7.0 Update Notification Task => C:\Program Files\Future Systems Solutions\Casper 7.0\CASPER.EXE [2012-11-30] (Future Systems Solutions, Inc.)
Task: {250CF564-3F31-4D4F-926F-A1CDE8666B26} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {2D27F9D9-E573-42FE-9A04-7E3F49505A31} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-15] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2012-11-20 00:54 - 2013-02-09 20:35 - 00078624 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2010-04-08 01:05 - 2001-09-07 21:53 - 00100864 _____ () C:\Program Files\WinRAR\rarext.dll
2003-09-04 10:50 - 2003-09-04 10:50 - 00088064 _____ () C:\Program Files\LeechGet 2006\ShellExtension.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\.DEFAULT-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-21-1968118532-1448927574-937044247-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Matt's Services\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1968118532-1448927574-937044247-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Matt's Services\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AVGIDSAgent => 2
MSCONFIG\Services: avgwd => 2
MSCONFIG\Services: FlipShare Service => 2
MSCONFIG\Services: FlipShareServer => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodecPackUpdateChecker.lnk => C:\Windows\pss\CodecPackUpdateChecker.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Find Fast.lnk => C:\Windows\pss\Microsoft Find Fast.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office Shortcut Bar.lnk => C:\Windows\pss\Microsoft Office Shortcut Bar.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Office Startup.lnk => C:\Windows\pss\Office Startup.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Matt's Services^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Matt's Services^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Socialbox.lnk => C:\Windows\pss\Socialbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: DiscWizardMonitor.exe => "C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe"
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\Matt's Services\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Seagate Scheduler2 Service => "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: snp2uvc => C:\Windows\vsnp2uvc.exe
MSCONFIG\startupreg: SoundMan => SOUNDMAN.EXE
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: UVS12 Preload => C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
MSCONFIG\startupreg: WD Drive Manager => C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{399E8673-3132-4FD5-95FA-55299251F5BB}] => (Allow) LPort=50000
FirewallRules: [{018B52C2-DEF6-4660-8CC8-E134FFC7D0D5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C75D015C-C400-4463-BE7F-BF8D51082F99}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7857E873-FBC5-49CE-AC5A-091853587C5E}] => (Allow) LPort=50000

==================== Faulty Device Manager Devices =============

Name: Null
Description: Null
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Null
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Patin Couffin engine
Description: Patin Couffin engine
Class Guid: {ff646f80-8def-11d2-9449-00105a075f6b}
Manufacturer: VSO Software
Service: Pcouffin
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/17/2015 02:48:38 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT).  hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {6c84779d-aa5e-4beb-9028-2383770f5429}

Error: (08/16/2015 02:36:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17923, time stamp: 0x55945712
Faulting module name: ntdll.dll, version: 6.1.7601.18933, time stamp: 0x55a69d9f
Exception code: 0xc0000005
Fault offset: 0x00032228
Faulting process id: 0x14ec
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3

Error: (08/15/2015 09:50:15 PM) (Source: MsiInstaller) (EventID: 10005) (User: MattsServices)
Description: Product: QuickTime -- A newer version of QuickTime is already installed.  This installation cannot proceed while the newer version of QuickTime is installed.

Error: (08/15/2015 09:42:30 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT).  hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {12708516-539a-431f-85f7-22660bb3c467}

Error: (08/15/2015 09:42:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT).  hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {12708516-539a-431f-85f7-22660bb3c467}

Error: (08/15/2015 09:41:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT).  hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {12708516-539a-431f-85f7-22660bb3c467}

Error: (08/15/2015 09:41:49 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c6f4bcde-1bd7-46c5-9843-f305386e5ba1}

Error: (08/15/2015 09:41:49 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT).  hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {12708516-539a-431f-85f7-22660bb3c467}

Error: (08/15/2015 09:21:38 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT).  hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {31f52819-c1fe-4f6b-a31f-79e435cba4b4}

Error: (08/15/2015 09:21:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT).  hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {31f52819-c1fe-4f6b-a31f-79e435cba4b4}

System errors:
=============
Error: (08/17/2015 02:46:33 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (08/17/2015 02:44:29 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (08/17/2015 02:37:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (08/17/2015 02:37:58 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (08/17/2015 02:35:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ASPI32
invrgg
Null

Error: (08/17/2015 02:34:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
%%1053

Error: (08/17/2015 02:34:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

Error: (08/16/2015 02:59:06 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (08/16/2015 02:58:06 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (08/16/2015 02:51:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Microsoft Office:
=========================
Error: (08/17/2015 02:48:38 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(.DEFAULT)0x80070539, The security ID structure is invalid.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {6c84779d-aa5e-4beb-9028-2383770f5429}

Error: (08/16/2015 02:36:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.1792355945712ntdll.dll6.1.7601.1893355a69d9fc00000050003222814ec01d0d8526a95df14C:\Windows\System32\GWX\GWXUX.exeC:\Windows\SYSTEM32\ntdll.dllaa0a64ab-4445-11e5-bffa-001a92252564

Error: (08/15/2015 09:50:15 PM) (Source: MsiInstaller) (EventID: 10005) (User: MattsServices)
Description: Product: QuickTime -- A newer version of QuickTime is already installed.  This installation cannot proceed while the newer version of QuickTime is installed.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/15/2015 09:42:30 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(.DEFAULT)0x80070539, The security ID structure is invalid.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {12708516-539a-431f-85f7-22660bb3c467}

Error: (08/15/2015 09:42:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(.DEFAULT)0x80070539, The security ID structure is invalid.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {12708516-539a-431f-85f7-22660bb3c467}

Error: (08/15/2015 09:41:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(.DEFAULT)0x80070539, The security ID structure is invalid.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {12708516-539a-431f-85f7-22660bb3c467}

Error: (08/15/2015 09:41:49 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c6f4bcde-1bd7-46c5-9843-f305386e5ba1}

Error: (08/15/2015 09:41:49 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(.DEFAULT)0x80070539, The security ID structure is invalid.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {12708516-539a-431f-85f7-22660bb3c467}

Error: (08/15/2015 09:21:38 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(.DEFAULT)0x80070539, The security ID structure is invalid.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {31f52819-c1fe-4f6b-a31f-79e435cba4b4}

Error: (08/15/2015 09:21:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(.DEFAULT)0x80070539, The security ID structure is invalid.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {31f52819-c1fe-4f6b-a31f-79e435cba4b4}

==================== Memory info ===========================

Processor: AMD Athlon 64 Processor 3500+
Percentage of memory in use: 60%
Total physical RAM: 3518.55 MB
Available physical RAM: 1377.39 MB
Total Virtual: 7035.42 MB
Available Virtual: 4783.06 MB

==================== Drives ================================

Drive c: (Hard Drive) (Fixed) (Total:74.24 GB) (Free:11.51 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:298.08 GB) (Free:106.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 23EBA6EF)
Partition 1: (Not Active) - (Size=74.2 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=298 MB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 298.1 GB) (Disk ID: 1A1A0DF8)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=OF Extended)

==================== End of log ============================

Link to post
Share on other sites

Here are the resultd for PC 1 Farbar it crashed produced the FRST reports and Addition reports but did not end saying press an key and reboot on either PC....

 

FRST Report PC 1

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2015
Ran by Matt's Services (administrator) on MATT-P9P1JU7H1A (17-08-2015 16:29:05)
Running from C:\Documents and Settings\Matt's Services\Desktop
Loaded Profiles: Matt's Services (Available Profiles: Matt's Services & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\WINDOWS\system32\UMonit.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Future Systems Solutions, Inc.) C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE
(Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [uMonit] => C:\WINDOWS\system32\UMonit.exe [36864 2014-02-07] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6127840 2015-08-03] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-03] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-839522115-1979792683-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\S-1-5-21-839522115-1979792683-725345543-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\S-1-5-21-839522115-1979792683-725345543-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-03] (AVAST Software)
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-14] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B588F20E-4FA6-4719-B91E-2CD625CB0FD7}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Matt's Services\Application Data\Mozilla\Firefox\Profiles\fdzkht7u.default
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-10] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-839522115-1979792683-725345543-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Matt's Services\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2015-08-08] (Citrix Online)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-02-08]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-03]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-08-03]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-03]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-03] (AVAST Software)
R2 casperhpb; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE [368944 2012-11-30] (Future Systems Solutions, Inc.)
R2 Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4030144 2007-04-25] (Realtek Semiconductor Corp.) [File not signed]
R1 as6eio; C:\WINDOWS\System32\drivers\as6eio.sys [3616 1997-12-09] () [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-08-03] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-08-03] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-08-03] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-08-03] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788784 2015-08-03] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433264 2015-08-03] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [161472 2015-08-03] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-08-03] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-08-03] (AVAST Software)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 FET5X86V; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [48128 2014-02-07] (VIA Technologies, Inc.              )
S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc.              )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-08-17] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R0 nusb3hub; C:\WINDOWS\System32\DRIVERS\nusb3hub.sys [67456 2011-04-13] (Renesas Electronics Corporation)
R0 nusb3xhc; C:\WINDOWS\System32\DRIVERS\nusb3xhc.sys [161024 2011-04-13] (Renesas Electronics Corporation)
R3 P17; C:\WINDOWS\System32\drivers\P17.sys [1127936 2007-06-15] (Creative Technology Ltd.)
R1 PQNTDrv; C:\WINDOWS\system32\Drivers\PQNTDrv.sys [4228 2004-05-05] (PowerQuest Corporation) [File not signed]
R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)
R3 viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [134144 2004-02-04] (Copyright © VIA/S3 Graphics, Inc.)
R0 ViaIde; C:\WINDOWS\System32\DRIVERS\viaidexp.sys [6144 2005-08-11] (VIA Technologies, Inc.)
R3 VIAudio; C:\WINDOWS\System32\drivers\vinyl97.sys [204672 2006-08-10] (VIA Technologies, Inc.)
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [13976 2014-02-07] (VIA Technologies, Inc.)
R3 vulfnths; C:\WINDOWS\System32\Drivers\vulfnth.sys [6912 2014-02-08] (VIA Technologies, Inc.) [File not signed]
R3 vulfntrs; C:\WINDOWS\System32\Drivers\vulfntr.sys [11264 2014-02-08] (VIA Technologies, Inc.) [File not signed]
S4 hpt3xx; no ImagePath
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-17 16:30 - 2015-08-17 16:30 - 00013338 _____ C:\Documents and Settings\Matt's Services\Desktop\Addition.txt
2015-08-17 16:24 - 2015-08-17 16:30 - 00022036 _____ C:\Documents and Settings\Matt's Services\Desktop\FRST.txt
2015-08-17 16:24 - 2015-08-17 16:29 - 00000000 ____D C:\FRST
2015-08-17 16:24 - 2015-08-17 16:24 - 00000000 ____D C:\Documents and Settings\Matt's Services\Desktop\FRST-OlderVersion
2015-08-17 16:12 - 2015-08-17 16:24 - 01677312 _____ (Farbar) C:\Documents and Settings\Matt's Services\Desktop\FRST.exe
2015-08-11 18:24 - 2015-08-11 18:24 - 00000000 ____D C:\Program Files\Trend Micro
2015-08-11 17:25 - 2015-08-17 16:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-11 16:56 - 2015-08-11 16:56 - 00001444 _____ C:\WINDOWS\COM+.log
2015-08-10 22:54 - 2015-08-10 22:54 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2015-08-10 22:26 - 2015-08-17 16:10 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-10 22:25 - 2015-08-15 08:35 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-10 22:25 - 2015-08-10 22:25 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-10 22:24 - 2015-08-10 22:24 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-10 22:24 - 2015-08-10 22:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-08-10 22:24 - 2015-06-18 09:38 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-10 22:24 - 2015-06-18 09:38 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-08 19:18 - 2015-08-08 19:19 - 00000000 ____D C:\Documents and Settings\Matt's Services\Local Settings\Application Data\Citrix
2015-08-07 15:54 - 2015-08-08 17:19 - 00000000 ____D C:\Documents and Settings\Matt's Services\My Documents\Casper Fixes and files
2015-08-07 15:51 - 2015-08-05 17:25 - 00001924 _____ C:\Documents and Settings\Matt's Services\Desktop\Norton PartitionMagic 8.0.lnk
2015-08-06 00:27 - 2015-08-09 19:41 - 00000000 ____D C:\Documents and Settings\Matt's Services\My Documents\Casper Error Report
2015-08-06 00:22 - 2015-08-06 00:22 - 00001005 _____ C:\Documents and Settings\Matt's Services\Desktop\Casper 7.0.lnk
2015-08-06 00:22 - 2015-08-06 00:22 - 00000444 _____ C:\WINDOWS\Tasks\Casper 7.0 Update Notification Task.job
2015-08-06 00:22 - 2015-08-06 00:22 - 00000000 ____D C:\Program Files\Future Systems Solutions
2015-08-06 00:22 - 2015-08-06 00:22 - 00000000 ____D C:\Program Files\Common Files\Future Systems Solutions
2015-08-06 00:12 - 2015-08-06 00:12 - 00000000 __SHD C:\WINDOWS\system32\AI_RecycleBin
2015-08-05 18:04 - 2015-08-05 18:04 - 00000000 ____D C:\Documents and Settings\Matt's Services\Application Data\WinRAR
2015-08-05 18:03 - 2015-08-05 18:03 - 00000000 ____D C:\Program Files\WinRAR
2015-08-05 17:55 - 2015-08-05 17:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Brother
2015-08-05 17:54 - 2015-08-05 17:54 - 00000000 ____D C:\Documents and Settings\Matt's Services\My Documents\Brother
2015-08-05 17:51 - 2015-08-05 17:51 - 00000000 ____D C:\Program Files\Brother
2015-08-05 17:25 - 2015-08-05 17:25 - 00000000 ____D C:\Program Files\Symantec
2015-08-05 17:09 - 2015-08-05 17:29 - 00000000 ____D C:\Documents and Settings\Matt's Services\My Documents\Norton PM 8
2015-08-05 16:53 - 2015-08-05 16:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\launcher
2015-08-05 16:53 - 2015-08-05 16:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\explauncher
2015-08-05 16:53 - 2015-08-05 16:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\createonepart
2015-08-04 02:18 - 2015-08-11 21:11 - 00000375 _____ C:\WINDOWS\setupact.log
2015-08-04 02:18 - 2015-08-04 02:18 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-08-04 02:18 - 2008-04-14 00:15 - 00010368 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidusb.sys
2015-08-04 02:18 - 2008-04-14 00:15 - 00010368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2015-08-04 02:18 - 2001-08-17 13:48 - 00012160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mouhid.sys
2015-08-04 02:18 - 2001-08-17 13:48 - 00012160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-08-04 01:44 - 2015-08-11 21:11 - 00038122 _____ C:\WINDOWS\setupapi.log
2015-08-03 22:17 - 2015-08-17 15:53 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-08-03 22:17 - 2015-08-17 15:53 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-08-03 22:17 - 2015-08-15 08:42 - 00032624 _____ C:\WINDOWS\SchedLgU.Txt
2015-08-03 22:17 - 2015-08-03 22:17 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2015-08-03 22:16 - 2015-08-17 16:02 - 00349373 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-03 21:38 - 2015-08-03 21:38 - 00000000 ____D C:\Documents and Settings\Matt's Services\Application Data\BlueSprig
2015-08-03 21:32 - 2015-08-03 21:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2015-08-03 21:30 - 2015-08-03 22:00 - 00000600 _____ C:\Documents and Settings\Matt's Services\Application Data\winscp.rnd
2015-08-03 20:57 - 2015-08-03 22:00 - 00000000 ____D C:\CSV
2015-08-03 20:57 - 2015-08-03 20:57 - 00000000 ____D C:\Documents and Settings\All Users\Local Settings\Temp
2015-08-03 20:57 - 2015-08-03 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2015-08-03 20:56 - 2015-08-03 22:00 - 00000000 ____D C:\remote-service
2015-08-03 20:46 - 2015-08-05 18:13 - 00000213 ___SH C:\boot.ini
2015-08-03 20:46 - 2015-08-03 20:46 - 00000000 ____D C:\WINDOWS\CSC
2015-08-03 18:20 - 2015-08-03 18:20 - 00000000 ____D C:\Documents and Settings\Matt's Services\Local Settings\Application Data\Temp
2015-08-03 16:49 - 2015-08-03 16:49 - 00000000 ____D C:\Documents and Settings\Matt's Services\Application Data\AVAST Software
2015-08-03 16:41 - 2015-08-03 16:41 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2015-08-03 16:41 - 2015-08-03 16:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$
2015-08-03 16:41 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2015-08-03 16:40 - 2015-08-17 16:05 - 00000382 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-08-03 16:40 - 2015-08-03 16:36 - 00788784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-08-03 16:40 - 2015-08-03 16:36 - 00433264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-08-03 16:40 - 2015-08-03 16:36 - 00208664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-08-03 16:40 - 2015-08-03 16:36 - 00161472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-08-03 16:40 - 2015-08-03 16:36 - 00076000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-08-03 16:40 - 2015-08-03 16:36 - 00057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-08-03 16:40 - 2015-08-03 16:36 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-08-03 16:40 - 2015-08-03 16:36 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-08-03 16:40 - 2015-08-03 16:36 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-08-03 16:36 - 2015-08-03 16:36 - 00313472 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-08-03 16:36 - 2015-08-03 16:36 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-08-03 16:27 - 2015-08-03 16:27 - 00000000 ____D C:\Program Files\AVAST Software
2015-08-03 16:22 - 2015-08-03 16:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-17 16:30 - 2014-02-07 20:51 - 00000000 ____D C:\Documents and Settings\Matt's Services\Local Settings\Temp
2015-08-17 16:24 - 2014-02-08 01:31 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-17 16:13 - 2014-02-07 08:42 - 00000000 ____D C:\WINDOWS\Registration
2015-08-17 15:59 - 2014-02-07 03:36 - 00602708 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-17 15:53 - 2001-08-23 08:00 - 00013002 _____ C:\WINDOWS\system32\wpa.dbl
2015-08-17 15:52 - 2014-02-07 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-15 08:42 - 2014-02-07 20:51 - 00000178 ___SH C:\Documents and Settings\Matt's Services\ntuser.ini
2015-08-15 08:16 - 2014-02-07 08:43 - 00000000 ____D C:\WINDOWS\system32\Restore
2015-08-11 20:03 - 2014-02-07 21:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Virus Removal Utils
2015-08-10 22:53 - 2014-02-24 22:27 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-08-10 22:40 - 2014-02-08 01:22 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-08-10 22:40 - 2014-02-08 01:22 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-08-10 21:37 - 2014-02-08 04:59 - 00000000 ____D C:\Temp
2015-08-10 21:37 - 2014-02-07 20:51 - 00000000 ____D C:\Documents and Settings\Matt's Services
2015-08-10 21:27 - 2001-08-23 08:00 - 00000577 _____ C:\WINDOWS\win.ini
2015-08-10 21:27 - 2001-08-23 08:00 - 00000298 _____ C:\WINDOWS\system.ini
2015-08-07 18:27 - 2014-02-07 21:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Utils Studio
2015-08-05 18:11 - 2014-02-07 20:56 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-08-04 02:00 - 2014-03-19 02:04 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2015-08-04 01:58 - 2014-03-19 02:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-08-03 22:17 - 2014-02-07 03:35 - 00885496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-03 21:57 - 2014-03-04 21:36 - 00000000 ____D C:\WINDOWS\system32\URTTEMP
2015-08-03 21:39 - 2014-02-08 02:22 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-03 21:30 - 2014-02-07 22:34 - 00350088 _____ C:\Documents and Settings\Matt's Services\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-08-03 21:10 - 2014-02-07 08:45 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2015-08-03 21:10 - 2014-02-07 08:45 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2015-08-03 18:39 - 2014-02-08 00:43 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-03 17:15 - 2014-02-08 01:40 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2015-08-03 17:08 - 2014-02-07 08:48 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp

==================== Files in the root of some directories =======

2015-08-03 21:30 - 2015-08-03 22:00 - 0000600 _____ () C:\Documents and Settings\Matt's Services\Application Data\winscp.rnd
2014-02-24 23:15 - 2014-02-24 23:15 - 0003584 _____ () C:\Documents and Settings\Matt's Services\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Documents and Settings\Matt's Services\Local Settings\Temp\HitmanPro.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

 

Addition Report PC 1

Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-08-2015
Ran by Matt's Services (2015-08-17 16:31:05)
Running from C:\Documents and Settings\Matt's Services\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

 I think I am going to have to format both machines they are too far gone and Hijacked, entire Hard Drives deleted, my website deleted even files on Youtube!    I sick of this.....   I cant even run the diagnostic tools on my pc without the hacker crashing the pgm!

 

Thanks Matt

Link to post
Share on other sites

Borislav,

 

I reran the Falbar Recovery Tool again it produced these 2 reports for PC1 It still did not give me the dos screen saying press any key to end and reboot msg...

 

FRST.txt results:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2015
Ran by Matt's Services (administrator) on MATT-P9P1JU7H1A (17-08-2015 16:42:26)
Running from C:\Documents and Settings\Matt's Services\Desktop
Loaded Profiles: Matt's Services (Available Profiles: Matt's Services & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\WINDOWS\system32\UMonit.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Future Systems Solutions, Inc.) C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE
(Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(JGsoft - Just Great Software) C:\Program Files\JGsoft\EditPadPro\EditPadPro.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [uMonit] => C:\WINDOWS\system32\UMonit.exe [36864 2014-02-07] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6127840 2015-08-03] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-03] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-839522115-1979792683-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\S-1-5-21-839522115-1979792683-725345543-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\S-1-5-21-839522115-1979792683-725345543-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-03] (AVAST Software)
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-14] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B588F20E-4FA6-4719-B91E-2CD625CB0FD7}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Matt's Services\Application Data\Mozilla\Firefox\Profiles\fdzkht7u.default
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-10] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-839522115-1979792683-725345543-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Matt's Services\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2015-08-08] (Citrix Online)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-02-08]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-03]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-08-03]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-03]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-03] (AVAST Software)
R2 casperhpb; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE [368944 2012-11-30] (Future Systems Solutions, Inc.)
R2 Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4030144 2007-04-25] (Realtek Semiconductor Corp.) [File not signed]
R1 as6eio; C:\WINDOWS\System32\drivers\as6eio.sys [3616 1997-12-09] () [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-08-03] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-08-03] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-08-03] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-08-03] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788784 2015-08-03] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433264 2015-08-03] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [161472 2015-08-03] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-08-03] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-08-03] (AVAST Software)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 FET5X86V; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [48128 2014-02-07] (VIA Technologies, Inc.              )
S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc.              )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-08-17] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R0 nusb3hub; C:\WINDOWS\System32\DRIVERS\nusb3hub.sys [67456 2011-04-13] (Renesas Electronics Corporation)
R0 nusb3xhc; C:\WINDOWS\System32\DRIVERS\nusb3xhc.sys [161024 2011-04-13] (Renesas Electronics Corporation)
R3 P17; C:\WINDOWS\System32\drivers\P17.sys [1127936 2007-06-15] (Creative Technology Ltd.)
R1 PQNTDrv; C:\WINDOWS\system32\Drivers\PQNTDrv.sys [4228 2004-05-05] (PowerQuest Corporation) [File not signed]
R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)
R3 viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [134144 2004-02-04] (Copyright © VIA/S3 Graphics, Inc.)
R0 ViaIde; C:\WINDOWS\System32\DRIVERS\viaidexp.sys [6144 2005-08-11] (VIA Technologies, Inc.)
R3 VIAudio; C:\WINDOWS\System32\drivers\vinyl97.sys [204672 2006-08-10] (VIA Technologies, Inc.)
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [13976 2014-02-07] (VIA Technologies, Inc.)
R3 vulfnths; C:\WINDOWS\System32\Drivers\vulfnth.sys [6912 2014-02-08] (VIA Technologies, Inc.) [File not signed]
R3 vulfntrs; C:\WINDOWS\System32\Drivers\vulfntr.sys [11264 2014-02-08] (VIA Technologies, Inc.) [File not signed]
S4 hpt3xx; no ImagePath
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-17 16:42 - 2015-08-17 16:42 - 00009938 _____ C:\Documents and Settings\Matt's Services\Desktop\FRST.txt
2015-08-17 16:24 - 2015-08-17 16:42 - 00000000 ____D C:\FRST
2015-08-17 16:12 - 2015-08-17 16:24 - 01677312 _____ (Farbar) C:\Documents and Settings\Matt's Services\Desktop\FRST.exe
2015-08-11 18:24 - 2015-08-11 18:24 - 00000000 ____D C:\Program Files\Trend Micro
2015-08-11 17:25 - 2015-08-17 16:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-11 16:56 - 2015-08-11 16:56 - 00001444 _____ C:\WINDOWS\COM+.log
2015-08-10 22:54 - 2015-08-10 22:54 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2015-08-10 22:26 - 2015-08-17 16:10 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-10 22:25 - 2015-08-17 16:36 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-10 22:25 - 2015-08-10 22:25 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-10 22:24 - 2015-08-10 22:24 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-10 22:24 - 2015-08-10 22:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-08-10 22:24 - 2015-06-18 09:38 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-10 22:24 - 2015-06-18 09:38 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-08 19:18 - 2015-08-08 19:19 - 00000000 ____D C:\Documents and Settings\Matt's Services\Local Settings\Application Data\Citrix
2015-08-07 15:54 - 2015-08-08 17:19 - 00000000 ____D C:\Documents and Settings\Matt's Services\My Documents\Casper Fixes and files
2015-08-07 15:51 - 2015-08-05 17:25 - 00001924 _____ C:\Documents and Settings\Matt's Services\Desktop\Norton PartitionMagic 8.0.lnk
2015-08-06 00:27 - 2015-08-09 19:41 - 00000000 ____D C:\Documents and Settings\Matt's Services\My Documents\Casper Error Report
2015-08-06 00:22 - 2015-08-06 00:22 - 00001005 _____ C:\Documents and Settings\Matt's Services\Desktop\Casper 7.0.lnk
2015-08-06 00:22 - 2015-08-06 00:22 - 00000444 _____ C:\WINDOWS\Tasks\Casper 7.0 Update Notification Task.job
2015-08-06 00:22 - 2015-08-06 00:22 - 00000000 ____D C:\Program Files\Future Systems Solutions
2015-08-06 00:22 - 2015-08-06 00:22 - 00000000 ____D C:\Program Files\Common Files\Future Systems Solutions
2015-08-06 00:12 - 2015-08-06 00:12 - 00000000 __SHD C:\WINDOWS\system32\AI_RecycleBin
2015-08-05 18:04 - 2015-08-05 18:04 - 00000000 ____D C:\Documents and Settings\Matt's Services\Application Data\WinRAR
2015-08-05 18:03 - 2015-08-05 18:03 - 00000000 ____D C:\Program Files\WinRAR
2015-08-05 17:55 - 2015-08-05 17:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Brother
2015-08-05 17:54 - 2015-08-05 17:54 - 00000000 ____D C:\Documents and Settings\Matt's Services\My Documents\Brother
2015-08-05 17:51 - 2015-08-05 17:51 - 00000000 ____D C:\Program Files\Brother
2015-08-05 17:25 - 2015-08-05 17:25 - 00000000 ____D C:\Program Files\Symantec
2015-08-05 17:09 - 2015-08-05 17:29 - 00000000 ____D C:\Documents and Settings\Matt's Services\My Documents\Norton PM 8
2015-08-05 16:53 - 2015-08-05 16:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\launcher
2015-08-05 16:53 - 2015-08-05 16:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\explauncher
2015-08-05 16:53 - 2015-08-05 16:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\createonepart
2015-08-04 02:18 - 2015-08-11 21:11 - 00000375 _____ C:\WINDOWS\setupact.log
2015-08-04 02:18 - 2015-08-04 02:18 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-08-04 02:18 - 2008-04-14 00:15 - 00010368 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidusb.sys
2015-08-04 02:18 - 2008-04-14 00:15 - 00010368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2015-08-04 02:18 - 2001-08-17 13:48 - 00012160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mouhid.sys
2015-08-04 02:18 - 2001-08-17 13:48 - 00012160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-08-04 01:44 - 2015-08-11 21:11 - 00038122 _____ C:\WINDOWS\setupapi.log
2015-08-03 22:17 - 2015-08-17 15:53 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-08-03 22:17 - 2015-08-17 15:53 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-08-03 22:17 - 2015-08-15 08:42 - 00032624 _____ C:\WINDOWS\SchedLgU.Txt
2015-08-03 22:17 - 2015-08-03 22:17 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2015-08-03 22:16 - 2015-08-17 16:02 - 00349373 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-03 21:38 - 2015-08-03 21:38 - 00000000 ____D C:\Documents and Settings\Matt's Services\Application Data\BlueSprig
2015-08-03 21:32 - 2015-08-03 21:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2015-08-03 21:30 - 2015-08-03 22:00 - 00000600 _____ C:\Documents and Settings\Matt's Services\Application Data\winscp.rnd
2015-08-03 20:57 - 2015-08-03 22:00 - 00000000 ____D C:\CSV
2015-08-03 20:57 - 2015-08-03 20:57 - 00000000 ____D C:\Documents and Settings\All Users\Local Settings\Temp
2015-08-03 20:57 - 2015-08-03 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2015-08-03 20:56 - 2015-08-03 22:00 - 00000000 ____D C:\remote-service
2015-08-03 20:46 - 2015-08-05 18:13 - 00000213 ___SH C:\boot.ini
2015-08-03 20:46 - 2015-08-03 20:46 - 00000000 ____D C:\WINDOWS\CSC
2015-08-03 18:20 - 2015-08-03 18:20 - 00000000 ____D C:\Documents and Settings\Matt's Services\Local Settings\Application Data\Temp
2015-08-03 16:49 - 2015-08-03 16:49 - 00000000 ____D C:\Documents and Settings\Matt's Services\Application Data\AVAST Software
2015-08-03 16:41 - 2015-08-03 16:41 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2015-08-03 16:41 - 2015-08-03 16:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$
2015-08-03 16:41 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2015-08-03 16:40 - 2015-08-17 16:40 - 00000382 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-08-03 16:40 - 2015-08-03 16:36 - 00788784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-08-03 16:40 - 2015-08-03 16:36 - 00433264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-08-03 16:40 - 2015-08-03 16:36 - 00208664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-08-03 16:40 - 2015-08-03 16:36 - 00161472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-08-03 16:40 - 2015-08-03 16:36 - 00076000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-08-03 16:40 - 2015-08-03 16:36 - 00057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-08-03 16:40 - 2015-08-03 16:36 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-08-03 16:40 - 2015-08-03 16:36 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-08-03 16:40 - 2015-08-03 16:36 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-08-03 16:36 - 2015-08-03 16:36 - 00313472 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-08-03 16:36 - 2015-08-03 16:36 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-08-03 16:27 - 2015-08-03 16:27 - 00000000 ____D C:\Program Files\AVAST Software
2015-08-03 16:22 - 2015-08-03 16:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-17 16:42 - 2014-02-07 20:51 - 00000000 ____D C:\Documents and Settings\Matt's Services\Local Settings\Temp
2015-08-17 16:36 - 2014-02-08 01:22 - 00778440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-08-17 16:36 - 2014-02-08 01:22 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-08-17 16:24 - 2014-02-08 01:31 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-17 16:13 - 2014-02-07 08:42 - 00000000 ____D C:\WINDOWS\Registration
2015-08-17 15:59 - 2014-02-07 03:36 - 00602708 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-17 15:53 - 2001-08-23 08:00 - 00013002 _____ C:\WINDOWS\system32\wpa.dbl
2015-08-17 15:52 - 2014-02-07 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-15 08:42 - 2014-02-07 20:51 - 00000178 ___SH C:\Documents and Settings\Matt's Services\ntuser.ini
2015-08-15 08:16 - 2014-02-07 08:43 - 00000000 ____D C:\WINDOWS\system32\Restore
2015-08-11 20:03 - 2014-02-07 21:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Virus Removal Utils
2015-08-10 22:53 - 2014-02-24 22:27 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-08-10 21:37 - 2014-02-08 04:59 - 00000000 ____D C:\Temp
2015-08-10 21:37 - 2014-02-07 20:51 - 00000000 ____D C:\Documents and Settings\Matt's Services
2015-08-10 21:27 - 2001-08-23 08:00 - 00000577 _____ C:\WINDOWS\win.ini
2015-08-10 21:27 - 2001-08-23 08:00 - 00000298 _____ C:\WINDOWS\system.ini
2015-08-07 18:27 - 2014-02-07 21:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Utils Studio
2015-08-05 18:11 - 2014-02-07 20:56 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-08-04 02:00 - 2014-03-19 02:04 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2015-08-04 01:58 - 2014-03-19 02:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-08-03 22:17 - 2014-02-07 03:35 - 00885496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-03 21:57 - 2014-03-04 21:36 - 00000000 ____D C:\WINDOWS\system32\URTTEMP
2015-08-03 21:39 - 2014-02-08 02:22 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-03 21:30 - 2014-02-07 22:34 - 00350088 _____ C:\Documents and Settings\Matt's Services\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-08-03 21:10 - 2014-02-07 08:45 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2015-08-03 21:10 - 2014-02-07 08:45 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2015-08-03 18:39 - 2014-02-08 00:43 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-03 17:15 - 2014-02-08 01:40 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2015-08-03 17:08 - 2014-02-07 08:48 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp

==================== Files in the root of some directories =======

2015-08-03 21:30 - 2015-08-03 22:00 - 0000600 _____ () C:\Documents and Settings\Matt's Services\Application Data\winscp.rnd
2014-02-24 23:15 - 2014-02-24 23:15 - 0003584 _____ () C:\Documents and Settings\Matt's Services\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Documents and Settings\Matt's Services\Local Settings\Temp\HitmanPro.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

 

Addition.txt Results:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-08-2015
Ran by Matt's Services (2015-08-17 16:43:51)
Running from C:\Documents and Settings\Matt's Services\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-839522115-1979792683-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-839522115-1979792683-725345543-1004 - Limited - Enabled)
Guest (S-1-5-21-839522115-1979792683-725345543-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-839522115-1979792683-725345543-1000 - Limited - Disabled)
Matt's Services (S-1-5-21-839522115-1979792683-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Matt's Services
SUPPORT_388945a0 (S-1-5-21-839522115-1979792683-725345543-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.3.2225 - AVAST Software)
Casper 7.0 (HKLM\...\{B28C64A1-22A0-4106-B040-DCD78859AAF3}) (Version: 7.0.2754 - Future Systems Solutions, Inc.)
CD LabelMaker (HKLM\...\CD LabelMaker) (Version:  - )
Citrix Online Launcher (HKLM\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Cool Edit Pro 2.1 (HKLM\...\Cool Edit Pro 2.1) (Version:  - )
Creative EAX Settings (HKLM\...\EAXSet) (Version:  - )
Creative MediaSource (HKLM\...\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}) (Version: 3.00 - )
Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version:  - )
Creative Speaker Settings (HKLM\...\SPEAKER) (Version:  - )
Creative System Information (HKLM\...\SysInfo) (Version:  - )
Creative WaveStudio 7 (HKLM\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
CuteFTP 7 Professional (HKLM\...\{1CCBCF78-EF12-4137-B3CA-99F30A2E7D21}) (Version: 7.20.1000 - GlobalSCAPE)
DDR - Pen Drive Recovery (HKLM\...\DDR - Pen Drive Recovery) (Version:  - )
Device Control (HKLM\...\Device Control) (Version:  - )
FairStars Audio Converter 1.97 (HKLM\...\FairStars Audio Converter_is1) (Version:  - FairStars Soft)
FairStars CD Ripper 1.70 (HKLM\...\FairStars CD Ripper_is1) (Version:  - FairStars Soft)
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
ImageReader Director (HKLM\...\ImageReader Director) (Version:  - )
ImageReader Director Manuals (HKLM\...\ImageReader Director Manuals) (Version:  - )
InfoCenter 32 (HKLM\...\InfoCenter 32) (Version:  - )
JGsoft EditPad Pro 4.4.0 (HKLM\...\EditPad Pro) (Version:  - )
JPEG to PDF 1.0 (HKLM\...\{4097ADD8-7890-4CBD-953A-1187EF2C6FA5}_is1) (Version:  - jpegtopdf.com)
Karaoke Anything! (HKLM\...\Karaoke Anything!1.0) (Version:  - )
LADSPA_plugins-win-0.4.15 (HKLM\...\LADSPA_plugins-win_is1) (Version:  - Audacity Team)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version:  - )
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Mozilla Firefox 40.0 (x86 en-US) (HKLM\...\Mozilla Firefox 40.0 (x86 en-US)) (Version: 40.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.0.5697 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 3.0.7.0 - )
Nero 7 Ultra Edition (HKLM\...\{7516254D-7F98-49DD-8209-5D2208BD1033}) (Version: 7.03.0647 - Nero AG)
Norton PartitionMagic (Version: 8.05.000 - Symantec) Hidden
Norton PartitionMagic 8.0 (HKLM\...\InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}) (Version: 8.05.000 - Symantec)
Online Bible9.03.02 (HKLM\...\OnlineBible) (Version:  - )
Paint Shop Pro 7 (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.1.0000 - Jasc Software Inc)
PictureFun! (HKLM\...\CDPMUDeinstKey) (Version:  - )
Platform (Version: 1.13 - VIA Technologies, Inc.) Hidden
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.35 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.16.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.1.16.0 - Renesas Electronics Corporation) Hidden
S3 S3Display (HKLM\...\VTDisplay) (Version:  - )
S3 S3Gamma2 (HKLM\...\VTGamma2) (Version:  - )
S3 S3Info2 (HKLM\...\VTInfo2) (Version:  - )
S3 S3Overlay (HKLM\...\VTOverlay) (Version:  - )
Sound Blaster Audigy (HKLM\...\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}) (Version: 1.0 - )
Syntrillium Tremolo DirectX Plug-In (HKLM\...\Tremolo DirectX Plug-In) (Version:  - )
TextBridge Pro Millennium (HKLM\...\{5AB1BFD2-819E-11D3-80D9-00C04F559BE6}) (Version: 9.5.000 - ScanSoft)
UniChrome IGP Driver and Utilities (HKLM\...\S3) (Version:  - )
VIA Audio Driver Setup Program (HKLM\...\VIA Audio Driver Setup Program) (Version:  - )
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.13 - VIA Technologies, Inc.)
VIA Rhine-Family Fast-Ethernet Adapter (HKLM\...\VN_VUIns_Rhine_VIA) (Version:  - )
VST Bridge 1.1 (HKLM\...\VST Bridge_is1) (Version:  - )
WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinZip (HKLM\...\WinZip) (Version:  9.0 SR-1 (6224) - WinZip Computing, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-839522115-1979792683-725345543-1003_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-839522115-1979792683-725345543-1003_Classes\CLSID\{02172B7A-11D6-42b6-9550-41B281804714}\localserver32 -> C:\Program Files\GlobalSCAPE\CuteFTP 7 Professional\ftpte.exe (GlobalSCAPE Texas, LP.)
CustomCLSID: HKU\S-1-5-21-839522115-1979792683-725345543-1003_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-839522115-1979792683-725345543-1003_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-839522115-1979792683-725345543-1003_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-839522115-1979792683-725345543-1003_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-839522115-1979792683-725345543-1003_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-839522115-1979792683-725345543-1003_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-839522115-1979792683-725345543-1003_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-839522115-1979792683-725345543-1003_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-839522115-1979792683-725345543-1003_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-839522115-1979792683-725345543-1003_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-839522115-1979792683-725345543-1003_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-839522115-1979792683-725345543-1003_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-839522115-1979792683-725345543-1003_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)

==================== Restore Points =========================

15-08-2015 08:16:37 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-23 08:00 - 2015-08-03 20:57 - 00000732 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Casper 7.0 Update Notification Task.job => C:\Program Files\Future Systems Solutions\Casper 7.0\CASPER.EXE
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => 0x010501004C33329149FE824F817C7BC722B0364046004E0100000000F0000100200000000014730F000000000313040050028021000000000000000000000000000000000000380043003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F0066007400200053006500630075007200690074007900200043006C00690065006E0074005C004D00700043006D006400520075006E002E00650078006500000026005300630061006E0020002D005300630068006500640075006C0065004A006F00620020002D0052006500730074007200690063007400500072006900760069006C006500670065007300000000000700530059005300540045004D000000140050006500720069006F0064006900630020007300630061006E0020007400610073006B002E000000000008000313040000000000010030000000DF0702000F000000000000000100260000000000000000000000000002000000010001000000000000000000

==================== Loaded Modules (Whitelisted) ==============

2015-08-05 18:03 - 2007-09-20 18:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2015-08-03 16:36 - 2015-08-03 16:36 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-03 16:36 - 2015-08-03 16:36 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-15 08:42 - 2015-08-15 08:42 - 02962432 _____ () C:\Program Files\AVAST Software\Avast\defs\15081500\algo.dll
2015-08-17 15:59 - 2015-08-17 15:59 - 02961920 _____ () C:\Program Files\AVAST Software\Avast\defs\15081702\algo.dll
2013-01-06 15:50 - 2013-01-06 15:50 - 00054977 _____ () C:\WINDOWS\system32\REE6AM.DLL
2014-02-07 23:57 - 2014-02-07 23:57 - 00036864 _____ () C:\WINDOWS\system32\UMonit.exe
2014-02-07 23:57 - 2014-02-07 23:57 - 00180224 _____ () C:\WINDOWS\system32\ustor.dll
2015-08-03 16:36 - 2015-08-03 16:36 - 38327808 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-839522115-1979792683-725345543-1003\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk => C:\WINDOWS\pss\Office Startup.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Matt's Services^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk => C:\WINDOWS\pss\reminder-ScanSoft Product Registration.lnkStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AudioDeck => C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: BrowserSafeguard =>
MSCONFIG\startupreg: Creative Detector => "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: CTSysVol => C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
MSCONFIG\startupreg: InstantAccess => C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe /h
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: P17Helper => Rundll32 P17.dll,P17Helper
MSCONFIG\startupreg: SoundMan => SOUNDMAN.EXE
MSCONFIG\startupreg: UpdReg => C:\WINDOWS\UpdReg.EXE
MSCONFIG\startupreg: VTTimer => VTTimer.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/17/2015 04:31:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 17.8.2015.0, faulting module frst.exe, version 17.8.2015.0, fault address 0x0002105e.
Processing media-specific event for [frst.exe!ws!]

Error: (08/17/2015 04:30:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application FRST.exe, version 17.8.2015.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/17/2015 04:14:11 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{99f049f2-3bbd-11e5-851f-00110906ec75},0xc0000000,0x00000003,...).  hr = 0x80070005.

Error: (08/17/2015 04:00:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mbam.exe, version 2.3.55.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/15/2015 08:31:59 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{8e6fa184-908b-11e3-80dc-00110906ec75},0xc0000000,0x00000003,...).  hr = 0x80070005.

Error: (08/15/2015 08:22:16 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{679719bf-3a6e-11e5-8512-00110906ec75},0xc0000000,0x00000003,...).  hr = 0x80070005.

Error: (08/11/2015 09:13:18 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{8e6fa184-908b-11e3-80dc-00110906ec75},0xc0000000,0x00000003,...).  hr = 0x80070005.

Error: (08/11/2015 09:02:36 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{99f049f2-3bbd-11e5-851f-00110906ec75},0xc0000000,0x00000003,...).  hr = 0x80070005.

Error: (08/11/2015 05:56:48 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{99f049f2-3bbd-11e5-851f-00110906ec75},0xc0000000,0x00000003,...).  hr = 0x80070005.

Error: (08/11/2015 05:12:53 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{679719bf-3a6e-11e5-8512-00110906ec75},0xc0000000,0x00000003,...).  hr = 0x80070005.


System errors:
=============
Error: (08/17/2015 04:34:36 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort1

Error: (08/17/2015 04:33:48 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort1

Error: (08/17/2015 04:15:00 PM) (Source: Distributed Link Tracking Client) (EventID: 12507) (User: )
Description: The volume ID for D: has been reset, since it was a duplicate of that on G:.  This volume ID is used by Distributed Link Tracking to automatically repair file links, such as Shell Shortcuts and OLE links, when for some reason those links become broken.

Error: (08/15/2015 08:35:32 AM) (Source: Distributed Link Tracking Client) (EventID: 12507) (User: )
Description: The volume ID for H: has been reset, since it was a duplicate of that on C:.  This volume ID is used by Distributed Link Tracking to automatically repair file links, such as Shell Shortcuts and OLE links, when for some reason those links become broken.

Error: (08/15/2015 08:25:18 AM) (Source: Distributed Link Tracking Client) (EventID: 12507) (User: )
Description: The volume ID for C: has been reset, since it was a duplicate of that on G:.  This volume ID is used by Distributed Link Tracking to automatically repair file links, such as Shell Shortcuts and OLE links, when for some reason those links become broken.

Error: (08/15/2015 08:16:38 AM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000034_filelst.cfgHarddiskVolume1

Error: (08/11/2015 09:07:59 PM) (Source: Distributed Link Tracking Client) (EventID: 12507) (User: )
Description: The volume ID for G: has been reset, since it was a duplicate of that on D:.  This volume ID is used by Distributed Link Tracking to automatically repair file links, such as Shell Shortcuts and OLE links, when for some reason those links become broken.

Error: (08/11/2015 05:57:34 PM) (Source: Distributed Link Tracking Client) (EventID: 12507) (User: )
Description: The volume ID for G: has been reset, since it was a duplicate of that on D:.  This volume ID is used by Distributed Link Tracking to automatically repair file links, such as Shell Shortcuts and OLE links, when for some reason those links become broken.

Error: (08/11/2015 05:42:43 PM) (Source: Distributed Link Tracking Client) (EventID: 12507) (User: )
Description: The volume ID for G: has been reset, since it was a duplicate of that on C:.  This volume ID is used by Distributed Link Tracking to automatically repair file links, such as Shell Shortcuts and OLE links, when for some reason those links become broken.

Error: (08/11/2015 04:12:17 PM) (Source: 0) (EventID: 11) (User: )
Description: \Device\Harddisk0\D


Microsoft Office:
=========================
Error: (08/17/2015 04:31:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: frst.exe17.8.2015.0frst.exe17.8.2015.00002105e

Error: (08/17/2015 04:30:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST.exe17.8.2015.0hungapp0.0.0.000000000

Error: (08/17/2015 04:14:11 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{99f049f2-3bbd-11e5-851f-00110906ec75},0xc0000000,0x00000003,...)0x80070005

Error: (08/17/2015 04:00:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe2.3.55.0hungapp0.0.0.000000000

Error: (08/15/2015 08:31:59 AM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{8e6fa184-908b-11e3-80dc-00110906ec75},0xc0000000,0x00000003,...)0x80070005

Error: (08/15/2015 08:22:16 AM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{679719bf-3a6e-11e5-8512-00110906ec75},0xc0000000,0x00000003,...)0x80070005

Error: (08/11/2015 09:13:18 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{8e6fa184-908b-11e3-80dc-00110906ec75},0xc0000000,0x00000003,...)0x80070005

Error: (08/11/2015 09:02:36 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{99f049f2-3bbd-11e5-851f-00110906ec75},0xc0000000,0x00000003,...)0x80070005

Error: (08/11/2015 05:56:48 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{99f049f2-3bbd-11e5-851f-00110906ec75},0xc0000000,0x00000003,...)0x80070005

Error: (08/11/2015 05:12:53 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{679719bf-3a6e-11e5-8512-00110906ec75},0xc0000000,0x00000003,...)0x80070005


==================== Memory info ===========================

Processor: AMD Athlon XP 2400+
Percentage of memory in use: 44%
Total physical RAM: 2015.48 MB
Available physical RAM: 1113.44 MB
Total Virtual: 4887.51 MB
Available Virtual: 4047.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.05 GB) (Free:129.57 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (Local Disk) (Fixed) (Total:298.08 GB) (Free:112.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 12080F19)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 298.1 GB) (Disk ID: 0A081703)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=OF Extended)

==================== End of log ============================

Link to post
Share on other sites

Borislav,

 

Normally when I ran this Falbar error tool it came up with a white screen warning you, I didn't get that screen, I ran the tool and produced the reports FRST and Attach and posted them, but this tool when finishing opens up a cmd box window and says "Press any key to continue" and restart you PC, I didn't get the cmd prompt at all with that message.  It just ending leaving the tool on my desktop.  I reran it again the 2nd time and it produced the attach report that wasnt creaated the 1st time but it chrashed the 1st time. again no cmd or dos box.....does that make sense to you?  I'm trying to make you understand....Thanks for all your help....any otherquestions?   Matt

Link to post
Share on other sites

  • 1 month later...

Borislav here is my new HijackThis Scan after I removed over 20 pgms from PC2

 

I will also after this post post the latest FRST Scan.

 

Thanks so much for you help!

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:39 PM, on 9/22/2015
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.18015)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\GWX\GWX.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Driver Detective\DriversHQ.DriverDetective.Client.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, enhanced for Bing and MSN
O2 - BHO: IGMONObj Class - {02464DDC-3187-11D8-8004-0020ED227566} - (no file)
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\RunOnce: [b Register C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\tray.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\tray.exe" (User 'Default user')
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://apps.driversupport.com
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.1.0.0/GarminAxControl_32.CAB
O16 - DPF: PackageCab - http://www.imgag.com/cp/install/AxCtp2.cab
O16 - DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} (Image Uploader Control) - http://dealers.carsforsale.com/WebResource.axd?d=cagL7lkRPEDVEh50kjo19oaXrSwMwB3tO4EZqePf6ToaKu0al8cTImjf6oP1qfbnz6FvTlr7N58v2x_m0nXhEqdIe3DTKqMqk10zSa7FUmqnXRxsSB1FozIZrdbVavmvoctSVcE7MmiBLwyObipNf-d7UmBcf9JXG5VZpZUfIZs0Eiap0&t=634481451840000000
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Casper SmartSense (casperhpb) - Future Systems Solutions, Inc. - C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE
O23 - Service: Driver Support AO Service (DSAO) - PC Drivers HeadQuarters LP - C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe
O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 5037 bytes
 

Link to post
Share on other sites

Boris Here is my FRST report from PC2

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-09-2015
Ran by Matt's Services (administrator) on MATTSSERVICES (22-09-2015 22:03:21)
Running from C:\Users\Matt's Services\Downloads
Loaded Profiles: Matt's Services (Available Profiles: Matt's Services)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgrsx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Future Systems Solutions, Inc.) C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(PC Drivers Headquarters) C:\Program Files\Driver Detective\DriversHQ.DriverDetective.Client.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.207.354.0.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(PC Drivers HeadQuarters LP) C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe
(PC Drivers HeadQuarters LP) C:\Program Files\Veloxum\iPTE\DriverSupportAO.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
(Farbar) C:\Users\Matt's Services\Downloads\FRST(2).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\RunOnce: [b Register C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\tray.exe [1010008 2015-04-10] (Garmin Ltd. or its subsidiaries)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /syncC:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B6638127-D991-40AB-89C8-B0F581C94D40}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1968118532-1448927574-937044247-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002 -> DefaultScope {1F82DE6F-0F35-44BC-924F-D6FE5DD5E405} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002 -> {09EB195F-BF90-4FDB-98EA-7DF014221FD8} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002 -> {0A1A0E6D-2C13-45E4-A436-9FAFB9490689} URL = hxxp://www.bing.com/search?FORM=UP76DF&PC=UP76&dt=042113&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002 -> {1F82DE6F-0F35-44BC-924F-D6FE5DD5E405} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: IGMONObj Class -> {02464DDC-3187-11D8-8004-0020ED227566} ->  No File
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-06] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-06] (Oracle Corporation)
DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} hxxp://dealers.carsforsale.com/WebResource.axd?d=cagL7lkRPEDVEh50kjo19oaXrSwMwB3tO4EZqePf6ToaKu0al8cTImjf6oP1qfbnz6FvTlr7N58v2x_m0nXhEqdIe3DTKqMqk10zSa7FUmqnXRxsSB1FozIZrdbVavmvoctSVcE7MmiBLwyObipNf-d7UmBcf9JXG5VZpZUfIZs0Eiap0&t=634481451840000000
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Matt's Services\AppData\Roaming\Mozilla\Firefox\Profiles\on2nu21w.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-15] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1968118532-1448927574-937044247-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Matt's Services\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-12-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-12-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-12-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-12-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-12-17] (Apple Inc.)
FF SearchPlugin: C:\Users\Matt's Services\AppData\Roaming\Mozilla\Firefox\Profiles\on2nu21w.default\searchplugins\bigseekpro.xml [2010-09-07]
FF Extension: Default Manager - C:\Users\Matt's Services\AppData\Roaming\Mozilla\Firefox\Profiles\on2nu21w.default\Extensions\DefaultManager@Microsoft [2013-05-03]
FF Extension: Block site - C:\Users\Matt's Services\AppData\Roaming\Mozilla\Firefox\Profiles\on2nu21w.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-05-28]
FF Extension: Pin It Button - C:\Users\Matt's Services\AppData\Roaming\Mozilla\Firefox\Profiles\on2nu21w.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2014-12-21]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-09-02]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-09-02]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-08-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 casperhpb; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE [368944 2012-11-30] (Future Systems Solutions, Inc.)
R2 DSAO; C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe [2029008 2015-08-05] (PC Drivers HeadQuarters LP)
S4 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
S4 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
S2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [708104 2015-04-10] (Garmin Ltd. or its subsidiaries)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 AVGIDSAgent; "C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [X]
S4 avgwd; "C:\Program Files\AVG\AVG10\avgwdsvc.exe" [X]
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation)
R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R0 amacpi; C:\Windows\System32\DRIVERS\null.sys [4608 2009-07-13] (Microsoft Corporation)
S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [123472 2010-08-19] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [25680 2010-09-13] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [30288 2010-08-19] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [21072 2010-08-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [249424 2010-09-07] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34384 2010-09-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [26064 2010-09-07] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [298448 2010-09-07] (AVG Technologies CZ, s.r.o.)
R1 ElRawDisk; C:\Windows\system32\drivers\elrawdsk.sys [20560 2007-03-22] (EldoS Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14920 2012-12-21] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9160 2012-12-21] () [File not signed]
R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [128016 2009-06-15] (Kaspersky Lab)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 MpKsl60f84b52; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F3424DDE-16DB-40AF-A5B7-468EABC7E59E}\MpKsl60f84b52.sys [39168 2015-09-22] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [75776 2012-03-15] (Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [168960 2012-03-15] (Renesas Electronics Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3482240 2009-08-05] () [File not signed]
S3 TucbAudio; C:\Windows\System32\drivers\TucbAudio.sys [23096 2010-02-18] (Windows ® Codename Longhorn DDK provider)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [41472 2010-04-16] (Apple, Inc.) [File not signed]
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [83392 2012-04-27] (Acronis)
S1 ASPI32; no ImagePath
S3 catchme; \??\C:\Users\MATT'S~1\AppData\Local\Temp\catchme.sys [X]
S0 invrgg; System32\drivers\fygprsc.sys [X]
S3 LVRS; system32\DRIVERS\lvrs.sys [X]
S3 LVUVC; system32\DRIVERS\lvuvc.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 Pcouffin; System32\Drivers\Pcouffin.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-22 22:03 - 2015-09-22 22:03 - 00017206 _____ C:\Users\Matt's Services\Downloads\FRST.txt
2015-09-22 22:03 - 2015-09-22 22:03 - 00000000 ____D C:\FRST
2015-09-22 22:02 - 2015-09-22 22:02 - 01695232 _____ (Farbar) C:\Users\Matt's Services\Downloads\FRST(2).exe
2015-09-22 21:50 - 2015-09-22 21:50 - 00899072 _____ (Farbar) C:\Users\Matt's Services\Downloads\FSS(1).exe
2015-09-17 18:26 - 2015-09-17 18:26 - 00002737 _____ C:\Users\Public\Desktop\Nero StartSmart.lnk
2015-09-17 18:26 - 2015-09-17 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition
2015-09-17 18:21 - 2015-09-17 18:23 - 00000000 ____D C:\Program Files\Common Files\Ahead
2015-09-17 18:21 - 2015-09-17 18:21 - 00000000 ____D C:\Program Files\Nero
2015-09-17 17:57 - 2015-09-17 17:50 - 00450786 ____R C:\Windows\system32\Drivers\etc\hosts.20150917-175723.backup
2015-09-17 17:50 - 2015-09-17 17:49 - 00000836 ____R C:\Windows\system32\Drivers\etc\hosts.20150917-175049.backup
2015-09-17 17:49 - 2015-08-03 20:55 - 00000834 _____ C:\Windows\system32\Drivers\etc\hosts.20150917-174904.backup
2015-09-17 16:20 - 2015-09-17 16:20 - 00001604 _____ C:\Users\Matt's Services\Desktop\SpybotSD.lnk
2015-09-17 15:59 - 2015-09-17 15:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2015-09-16 09:46 - 2015-09-16 09:46 - 00000000 __SHD C:\found.001
2015-09-15 22:59 - 2015-09-15 22:59 - 00000000 ____D C:\Users\Matt's Services\Desktop\MSIE Bookmarks
2015-09-15 17:36 - 2015-09-15 17:36 - 00000000 ____D C:\Users\Matt's Services\AppData\Local\Hewlett-Packard
2015-09-15 17:35 - 2015-09-15 17:35 - 00000000 ____D C:\Users\Matt's Services\AppData\Roaming\Hewlett-Packard
2015-09-15 17:20 - 2015-09-15 17:44 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-09-15 16:46 - 2015-09-15 16:46 - 00000000 ____D C:\Users\Matt's Services\Documents\SmartPack
2015-09-15 16:44 - 2015-09-15 16:44 - 00000000 ____D C:\Program Files\AMD
2015-09-15 16:29 - 2015-09-15 16:29 - 00000000 ____D C:\Users\Matt's Services\Downloads\Driver Support
2015-09-15 16:28 - 2015-09-15 16:28 - 00001721 _____ C:\Users\Matt's Services\Desktop\DriversHQ.DriverDetective.Client.lnk
2015-09-15 16:27 - 2015-09-15 16:27 - 00000000 ____D C:\ProgramData\Driver Support
2015-09-15 16:24 - 2015-09-22 21:57 - 00000000 ____D C:\ProgramData\UAB
2015-09-15 16:24 - 2015-09-15 16:24 - 00000000 ____D C:\Program Files\Veloxum
2015-09-15 16:23 - 2015-09-15 16:23 - 00000000 ____D C:\Users\Matt's Services\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Detective
2015-09-15 16:22 - 2015-09-22 21:57 - 00000000 ____D C:\Program Files\Driver Detective
2015-09-15 15:53 - 2015-09-15 16:12 - 00000000 ____D C:\AdwCleaner
2015-09-15 14:48 - 2015-09-15 15:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-15 14:46 - 2015-09-15 18:26 - 00000000 ____D C:\Users\Matt's Services\Desktop\mbar
2015-09-15 13:50 - 2015-09-22 21:58 - 00399436 _____ C:\Windows\WindowsUpdate.log
2015-09-15 13:48 - 2015-09-22 21:46 - 00001120 _____ C:\Windows\setupact.log
2015-09-15 13:48 - 2015-09-15 13:48 - 00000000 _____ C:\Windows\setuperr.log
2015-09-15 11:30 - 2015-09-15 11:30 - 00001280 _____ C:\Users\Matt's Services\Desktop\AVS Registry Cleaner.lnk
2015-09-15 11:26 - 2015-09-15 11:26 - 00000468 _____ C:\Users\Matt's Services\Desktop\Local Disk (D).lnk
2015-09-15 00:02 - 2015-09-15 00:02 - 00000000 ____D C:\AMD
2015-09-14 23:48 - 2015-09-14 23:48 - 00032832 _____ C:\Windows\system32\rnd_chunk.bin
2015-09-14 23:27 - 2015-08-17 21:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-14 23:27 - 2015-08-15 02:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-14 23:27 - 2015-08-15 01:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-14 23:27 - 2015-08-15 01:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-14 23:27 - 2015-08-15 01:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-14 23:27 - 2015-08-15 01:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-14 23:27 - 2015-08-15 01:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-14 23:27 - 2015-08-15 01:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-14 23:27 - 2015-08-15 01:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-14 23:27 - 2015-08-15 01:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-14 23:27 - 2015-08-15 01:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-14 23:27 - 2015-08-15 01:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-14 23:27 - 2015-08-15 01:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-14 23:27 - 2015-08-15 01:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-14 23:27 - 2015-08-15 01:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-14 23:27 - 2015-08-15 01:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-14 23:27 - 2015-08-15 01:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-14 23:27 - 2015-08-15 01:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-14 23:27 - 2015-08-15 01:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-14 23:27 - 2015-08-15 01:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-14 23:27 - 2015-08-15 01:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-14 23:27 - 2015-08-15 01:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-14 23:27 - 2015-08-15 01:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-14 23:27 - 2015-08-15 01:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-14 23:27 - 2015-08-15 01:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-14 23:27 - 2015-08-15 01:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-14 23:27 - 2015-08-15 01:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-14 23:27 - 2015-08-15 01:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-14 23:27 - 2015-08-15 01:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-14 23:27 - 2015-08-15 00:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-14 23:27 - 2015-08-15 00:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-14 23:27 - 2015-08-15 00:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-14 23:24 - 2015-08-04 13:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-14 23:24 - 2015-08-04 13:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-14 23:24 - 2015-08-04 13:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-14 23:24 - 2015-08-04 13:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-14 23:24 - 2015-08-04 13:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-14 23:24 - 2015-08-04 12:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-14 23:23 - 2015-09-01 22:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-14 23:23 - 2015-09-01 22:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-14 23:23 - 2015-09-01 22:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-14 23:23 - 2015-09-01 22:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-14 23:23 - 2015-09-01 21:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-14 23:23 - 2015-09-01 21:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-14 23:23 - 2015-08-27 13:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-14 23:23 - 2015-08-27 13:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-14 23:23 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-14 23:23 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-14 23:23 - 2015-08-05 13:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-14 23:23 - 2015-08-05 13:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-14 23:23 - 2015-08-05 13:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-14 23:20 - 2015-08-26 13:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-14 23:20 - 2015-08-26 13:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-14 23:20 - 2015-08-26 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-14 23:20 - 2015-08-26 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-14 23:20 - 2015-08-26 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-14 23:20 - 2015-08-26 13:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-14 23:20 - 2015-08-26 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-14 23:20 - 2015-08-26 13:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-14 23:20 - 2015-08-26 13:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-14 23:20 - 2015-08-26 13:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-14 23:20 - 2015-08-26 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-14 21:49 - 2015-09-14 21:49 - 00000000 ____D C:\Users\Matt's Services\Downloads\PC Drivers HeadQuarters
2015-09-14 21:46 - 2015-09-15 23:50 - 00000000 ____D C:\Users\Matt's Services\AppData\Local\PC_Drivers_Headquarters
2015-09-14 21:46 - 2015-09-14 21:46 - 00000000 ____D C:\ProgramData\PC Drivers HeadQuarters
2015-09-04 19:33 - 2015-09-05 17:46 - 00002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-09-04 13:57 - 2015-09-04 14:00 - 00000000 ____D C:\ProgramData\Auslogics
2015-09-04 13:56 - 2015-09-05 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2015-09-04 13:56 - 2015-09-04 13:56 - 00001253 _____ C:\Users\Matt's Services\Desktop\Auslogics DiskDefrag.lnk
2015-09-02 18:41 - 2015-09-15 11:35 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-24 17:14 - 2015-07-16 15:12 - 04922368 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-24 17:14 - 2015-07-16 15:12 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-24 17:14 - 2015-07-16 15:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-23 15:44 - 2015-06-09 15:35 - 02745856 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-08-23 15:44 - 2015-06-09 15:35 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-08-23 15:44 - 2015-06-09 11:17 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-22 21:58 - 2009-07-14 00:34 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-22 21:58 - 2009-07-14 00:34 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-22 21:47 - 2015-08-07 12:36 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-22 21:46 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-20 12:13 - 2015-08-15 04:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-19 15:25 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\LogFiles
2015-09-19 14:53 - 2010-01-04 14:41 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-18 19:35 - 2013-02-26 11:52 - 04804858 _____ C:\Users\Matt's Services\Desktop\QDATA1.QDF
2015-09-18 19:34 - 2013-02-26 11:52 - 00095408 _____ C:\Users\Matt's Services\Desktop\QDATA1OFXLOG.DAT
2015-09-18 19:33 - 2012-11-10 16:52 - 04808704 _____ C:\QDATA1.QDF-backup
2015-09-17 18:21 - 2010-01-05 02:34 - 00000000 ____D C:\ProgramData\Nero
2015-09-17 18:01 - 2010-01-05 06:37 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2015-09-17 17:50 - 2010-01-05 06:37 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-09-17 17:21 - 2014-07-11 22:25 - 00000000 ____D C:\Temp
2015-09-15 23:59 - 2014-11-29 16:15 - 00000000 ____D C:\Users\Matt's Services\AppData\Roaming\AVS4YOU
2015-09-15 23:55 - 2014-03-21 18:17 - 00000260 _____ C:\Windows\system32\cmdVBS.vbs
2015-09-15 23:55 - 2014-03-21 18:17 - 00000256 _____ C:\Windows\system32\MSIevent.bat
2015-09-15 23:54 - 2013-12-27 19:31 - 00000000 ____D C:\Program Files\Hewlett-Packard
2015-09-15 22:39 - 2009-07-14 00:33 - 01066192 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-15 18:02 - 2014-11-29 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2015-09-15 18:02 - 2014-11-29 16:11 - 00000000 ____D C:\Program Files\AVS4YOU
2015-09-15 17:45 - 2013-12-27 23:28 - 00000000 ____D C:\Users\Matt's Services\AppData\Roaming\hpqLog
2015-09-15 17:44 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Help
2015-09-15 17:43 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2015-09-15 17:21 - 2013-12-27 23:54 - 00000000 ____D C:\SYSTEM.SAV
2015-09-15 17:16 - 2010-01-05 22:08 - 00411568 _____ C:\Users\Matt's Services\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-15 16:50 - 2010-01-05 06:50 - 00000000 ____D C:\Users\Matt's Services\Documents\Unzipped
2015-09-15 16:39 - 2010-03-04 15:50 - 00000000 ____D C:\Users\Matt's Services\AppData\Local\Apps\2.0
2015-09-15 16:23 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-15 14:46 - 2015-08-07 12:34 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-15 14:41 - 2015-08-07 12:35 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-15 14:41 - 2015-08-07 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-15 14:41 - 2015-08-07 12:34 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-09-15 13:37 - 2010-01-05 08:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
2015-09-15 13:36 - 2010-01-05 00:45 - 00000000 ____D C:\Program Files\Microsoft Office
2015-09-15 13:36 - 2009-07-13 22:37 - 00000000 __RSD C:\Windows\Media
2015-09-15 13:36 - 2009-07-13 22:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-09-15 13:08 - 2009-07-14 03:50 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-15 13:01 - 2010-01-06 00:09 - 00000000 ____D C:\Program Files\Yoostar Inc
2015-09-15 12:56 - 2010-07-29 12:19 - 00000000 ____D C:\ProgramData\DivX
2015-09-15 12:51 - 2010-01-05 08:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Studio
2015-09-15 12:50 - 2010-01-05 08:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Studio
2015-09-15 12:48 - 2010-01-05 08:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anti-Virus
2015-09-15 12:42 - 2010-01-05 08:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graphics Studio
2015-09-15 12:36 - 2010-01-05 05:12 - 00000000 ____D C:\Program Files\Sony
2015-09-15 12:32 - 2010-01-06 00:09 - 00000000 ____D C:\Users\Public\Documents\yoostar
2015-09-15 12:31 - 2010-03-16 11:36 - 00000000 ____D C:\Users\Matt's Services\AppData\Local\Yahoo
2015-09-15 12:25 - 2010-01-05 02:21 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-09-15 12:16 - 2010-10-18 11:35 - 00000000 ____D C:\found.000
2015-09-15 12:10 - 2010-03-04 15:50 - 00000000 ____D C:\Users\Matt's Services\AppData\Local\Deployment
2015-09-15 12:03 - 2013-04-20 21:23 - 00000000 ____D C:\Users\Matt's Services\AppData\Local\Windows Live Writer
2015-09-15 11:21 - 2010-01-05 00:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Reference
2015-09-15 01:03 - 2013-07-24 22:07 - 00000000 ____D C:\Windows\system32\MRT
2015-09-15 00:04 - 2013-04-01 20:35 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-05 17:46 - 2012-05-25 22:31 - 00001945 _____ C:\Windows\epplauncher.mif
2015-09-05 17:45 - 2014-03-21 19:46 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-09-05 15:46 - 2010-05-15 10:24 - 00000000 ____D C:\Program Files\Auslogics
2015-09-03 17:29 - 2012-05-03 16:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-27 23:58 - 2013-02-26 11:44 - 00000000 ____D C:\Users\Matt's Services\Desktop\BACKUP
2015-08-27 23:40 - 2010-01-04 14:38 - 00000000 ____D C:\Users\Matt's Services
2015-08-26 18:36 - 2010-01-06 21:50 - 132039072 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-24 17:01 - 2013-07-12 18:22 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-24 17:01 - 2013-07-12 18:22 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-23 15:38 - 2015-05-12 20:27 - 00505632 _____ C:\Users\Matt's Services\Desktop\Ruthie's Money Due.QDF
2015-08-23 15:36 - 2015-08-19 19:38 - 00000672 _____ C:\Users\Matt's Services\Desktop\Ruthie's Money DueOFXLOG.DAT

==================== Files in the root of some directories =======

2010-07-21 17:33 - 2014-09-01 00:26 - 0000199 _____ () C:\Users\Matt's Services\AppData\Roaming\default.rss
2010-01-05 06:54 - 2012-07-04 16:03 - 0000977 _____ () C:\Users\Matt's Services\AppData\Roaming\DVDSubEdit.ini
2011-10-18 15:24 - 2011-10-18 15:26 - 0087608 _____ () C:\Users\Matt's Services\AppData\Roaming\inst.exe
2011-10-18 15:24 - 2011-10-18 15:26 - 0007887 _____ () C:\Users\Matt's Services\AppData\Roaming\pcouffin.cat
2011-10-18 15:24 - 2011-10-18 15:26 - 0001144 _____ () C:\Users\Matt's Services\AppData\Roaming\pcouffin.inf
2011-10-18 15:25 - 2011-10-18 15:26 - 0000033 _____ () C:\Users\Matt's Services\AppData\Roaming\pcouffin.log
2011-10-18 15:24 - 2011-10-18 15:26 - 0047360 _____ (VSO Software) C:\Users\Matt's Services\AppData\Roaming\pcouffin.sys
2012-03-26 19:58 - 2012-04-23 16:29 - 0039936 _____ () C:\Users\Matt's Services\AppData\Roaming\SharedSettings.ccs
2011-10-18 15:25 - 2011-10-18 15:26 - 0001041 _____ () C:\Users\Matt's Services\AppData\Roaming\vso_ts_preview.xml
2015-08-03 21:24 - 2015-08-03 21:56 - 0000600 _____ () C:\Users\Matt's Services\AppData\Roaming\winscp.rnd
2010-09-22 13:27 - 2012-07-04 16:06 - 0003584 _____ () C:\Users\Matt's Services\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-21 18:18 - 2014-03-21 18:18 - 0009662 _____ () C:\Users\Matt's Services\AppData\Local\MessageCenter.ico
2014-03-21 18:18 - 2014-03-21 18:18 - 0009662 _____ () C:\Users\Matt's Services\AppData\Local\MyVerizon.ico
2014-03-21 18:18 - 2014-03-21 18:18 - 0103749 _____ () C:\Users\Matt's Services\AppData\Local\VZWifiIcon.ico

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-14 23:40

==================== End of FRST.txt ============================

Link to post
Share on other sites

Maniac, Here are my new FRST Reports:  Thanks so much for your help You Rock! :)  :D

 

FARBAR report Addition.txt will be in another windows reply after this one.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-09-2015
Ran by Matt's Services (administrator) on MATTSSERVICES (25-09-2015 11:57:13)
Running from C:\Users\Matt's Services\Documents\_Programs
Loaded Profiles: Matt's Services (Available Profiles: Matt's Services)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgrsx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Future Systems Solutions, Inc.) C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(PC Drivers HeadQuarters LP) C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe
(PC Drivers Headquarters) C:\Program Files\Driver Detective\DriversHQ.DriverDetective.Client.exe
(PC Drivers HeadQuarters LP) C:\Program Files\Veloxum\iPTE\DriverSupportAO.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\RunOnce: [b Register C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer
HKU\S-1-5-21-1968118532-1448927574-937044247-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1968118532-1448927574-937044247-1002\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-1968118532-1448927574-937044247-1002\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-1968118532-1448927574-937044247-1002\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\tray.exe [1010008 2015-04-10] (Garmin Ltd. or its subsidiaries)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /syncC:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B6638127-D991-40AB-89C8-B0F581C94D40}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1968118532-1448927574-937044247-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002 -> DefaultScope {1F82DE6F-0F35-44BC-924F-D6FE5DD5E405} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002 -> {09EB195F-BF90-4FDB-98EA-7DF014221FD8} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002 -> {0A1A0E6D-2C13-45E4-A436-9FAFB9490689} URL = hxxp://www.bing.com/search?FORM=UP76DF&PC=UP76&dt=042113&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1968118532-1448927574-937044247-1002 -> {1F82DE6F-0F35-44BC-924F-D6FE5DD5E405} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: IGMONObj Class -> {02464DDC-3187-11D8-8004-0020ED227566} ->  No File
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-06] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-06] (Oracle Corporation)
DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} hxxp://dealers.carsforsale.com/WebResource.axd?d=cagL7lkRPEDVEh50kjo19oaXrSwMwB3tO4EZqePf6ToaKu0al8cTImjf6oP1qfbnz6FvTlr7N58v2x_m0nXhEqdIe3DTKqMqk10zSa7FUmqnXRxsSB1FozIZrdbVavmvoctSVcE7MmiBLwyObipNf-d7UmBcf9JXG5VZpZUfIZs0Eiap0&t=634481451840000000
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Matt's Services\AppData\Roaming\Mozilla\Firefox\Profiles\on2nu21w.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-15] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1968118532-1448927574-937044247-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Matt's Services\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-12-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-12-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-12-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-12-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-12-17] (Apple Inc.)
FF SearchPlugin: C:\Users\Matt's Services\AppData\Roaming\Mozilla\Firefox\Profiles\on2nu21w.default\searchplugins\bigseekpro.xml [2010-09-07]
FF Extension: Default Manager - C:\Users\Matt's Services\AppData\Roaming\Mozilla\Firefox\Profiles\on2nu21w.default\Extensions\DefaultManager@Microsoft [2013-05-03]
FF Extension: Block site - C:\Users\Matt's Services\AppData\Roaming\Mozilla\Firefox\Profiles\on2nu21w.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-05-28]
FF Extension: Pin It Button - C:\Users\Matt's Services\AppData\Roaming\Mozilla\Firefox\Profiles\on2nu21w.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2014-12-21]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-09-02]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-09-02]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-08-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 casperhpb; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE [368944 2012-11-30] (Future Systems Solutions, Inc.)
R2 DSAO; C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe [2029008 2015-08-05] (PC Drivers HeadQuarters LP)
S4 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
S4 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
S2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [708104 2015-04-10] (Garmin Ltd. or its subsidiaries)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 AVGIDSAgent; "C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [X]
S4 avgwd; "C:\Program Files\AVG\AVG10\avgwdsvc.exe" [X]
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation)
R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R0 amacpi; C:\Windows\System32\DRIVERS\null.sys [4608 2009-07-13] (Microsoft Corporation)
S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [123472 2010-08-19] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [25680 2010-09-13] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [30288 2010-08-19] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [21072 2010-08-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [249424 2010-09-07] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34384 2010-09-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [26064 2010-09-07] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [298448 2010-09-07] (AVG Technologies CZ, s.r.o.)
R1 ElRawDisk; C:\Windows\system32\drivers\elrawdsk.sys [20560 2007-03-22] (EldoS Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14920 2012-12-21] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9160 2012-12-21] () [File not signed]
R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [128016 2009-06-15] (Kaspersky Lab)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [75776 2012-03-15] (Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [168960 2012-03-15] (Renesas Electronics Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3482240 2009-08-05] () [File not signed]
S3 TucbAudio; C:\Windows\System32\drivers\TucbAudio.sys [23096 2010-02-18] (Windows ® Codename Longhorn DDK provider)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [41472 2010-04-16] (Apple, Inc.) [File not signed]
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [83392 2012-04-27] (Acronis)
S1 ASPI32; no ImagePath
S3 catchme; \??\C:\Users\MATT'S~1\AppData\Local\Temp\catchme.sys [X]
S0 invrgg; System32\drivers\fygprsc.sys [X]
S3 LVRS; system32\DRIVERS\lvrs.sys [X]
S3 LVUVC; system32\DRIVERS\lvuvc.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 Pcouffin; System32\Drivers\Pcouffin.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-25 11:50 - 2015-09-25 11:51 - 01695744 _____ (Farbar) C:\Users\Matt's Services\Downloads\FRST(3).exe
2015-09-24 13:39 - 2015-09-24 13:39 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\06FA3BF5.sys
2015-09-22 22:05 - 2015-09-22 22:06 - 00033955 _____ C:\Users\Matt's Services\Downloads\Addition.txt
2015-09-22 22:03 - 2015-09-25 11:57 - 00000000 ____D C:\FRST
2015-09-22 22:03 - 2015-09-22 22:06 - 00038394 _____ C:\Users\Matt's Services\Downloads\FRST.txt
2015-09-22 22:02 - 2015-09-22 22:02 - 01695232 _____ (Farbar) C:\Users\Matt's Services\Downloads\FRST(2).exe
2015-09-22 21:50 - 2015-09-22 21:50 - 00899072 _____ (Farbar) C:\Users\Matt's Services\Downloads\FSS(1).exe
2015-09-17 18:26 - 2015-09-17 18:26 - 00002737 _____ C:\Users\Public\Desktop\Nero StartSmart.lnk
2015-09-17 18:26 - 2015-09-17 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition
2015-09-17 18:21 - 2015-09-17 18:23 - 00000000 ____D C:\Program Files\Common Files\Ahead
2015-09-17 18:21 - 2015-09-17 18:21 - 00000000 ____D C:\Program Files\Nero
2015-09-17 17:57 - 2015-09-17 17:50 - 00450786 ____R C:\Windows\system32\Drivers\etc\hosts.20150917-175723.backup
2015-09-17 17:50 - 2015-09-17 17:49 - 00000836 ____R C:\Windows\system32\Drivers\etc\hosts.20150917-175049.backup
2015-09-17 17:49 - 2015-08-03 20:55 - 00000834 _____ C:\Windows\system32\Drivers\etc\hosts.20150917-174904.backup
2015-09-17 16:20 - 2015-09-17 16:20 - 00001604 _____ C:\Users\Matt's Services\Desktop\SpybotSD.lnk
2015-09-17 15:59 - 2015-09-17 15:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2015-09-16 09:46 - 2015-09-16 09:46 - 00000000 __SHD C:\found.001
2015-09-15 22:59 - 2015-09-15 22:59 - 00000000 ____D C:\Users\Matt's Services\Desktop\MSIE Bookmarks
2015-09-15 17:36 - 2015-09-15 17:36 - 00000000 ____D C:\Users\Matt's Services\AppData\Local\Hewlett-Packard
2015-09-15 17:35 - 2015-09-15 17:35 - 00000000 ____D C:\Users\Matt's Services\AppData\Roaming\Hewlett-Packard
2015-09-15 17:20 - 2015-09-15 17:44 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-09-15 16:46 - 2015-09-15 16:46 - 00000000 ____D C:\Users\Matt's Services\Documents\SmartPack
2015-09-15 16:44 - 2015-09-15 16:44 - 00000000 ____D C:\Program Files\AMD
2015-09-15 16:29 - 2015-09-15 16:29 - 00000000 ____D C:\Users\Matt's Services\Downloads\Driver Support
2015-09-15 16:28 - 2015-09-15 16:28 - 00001721 _____ C:\Users\Matt's Services\Desktop\DriversHQ.DriverDetective.Client.lnk
2015-09-15 16:27 - 2015-09-15 16:27 - 00000000 ____D C:\ProgramData\Driver Support
2015-09-15 16:24 - 2015-09-22 21:57 - 00000000 ____D C:\ProgramData\UAB
2015-09-15 16:24 - 2015-09-15 16:24 - 00000000 ____D C:\Program Files\Veloxum
2015-09-15 16:23 - 2015-09-15 16:23 - 00000000 ____D C:\Users\Matt's Services\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Detective
2015-09-15 16:22 - 2015-09-22 21:57 - 00000000 ____D C:\Program Files\Driver Detective
2015-09-15 15:53 - 2015-09-15 16:12 - 00000000 ____D C:\AdwCleaner
2015-09-15 14:48 - 2015-09-15 15:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-15 14:46 - 2015-09-15 18:26 - 00000000 ____D C:\Users\Matt's Services\Desktop\mbar
2015-09-15 13:50 - 2015-09-25 11:51 - 00506091 _____ C:\Windows\WindowsUpdate.log
2015-09-15 13:48 - 2015-09-25 11:37 - 00001344 _____ C:\Windows\setupact.log
2015-09-15 13:48 - 2015-09-15 13:48 - 00000000 _____ C:\Windows\setuperr.log
2015-09-15 11:30 - 2015-09-15 11:30 - 00001280 _____ C:\Users\Matt's Services\Desktop\AVS Registry Cleaner.lnk
2015-09-15 11:26 - 2015-09-15 11:26 - 00000468 _____ C:\Users\Matt's Services\Desktop\Local Disk (D).lnk
2015-09-15 00:02 - 2015-09-15 00:02 - 00000000 ____D C:\AMD
2015-09-14 23:48 - 2015-09-14 23:48 - 00032832 _____ C:\Windows\system32\rnd_chunk.bin
2015-09-14 23:27 - 2015-08-17 21:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-14 23:27 - 2015-08-15 02:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-14 23:27 - 2015-08-15 01:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-14 23:27 - 2015-08-15 01:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-14 23:27 - 2015-08-15 01:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-14 23:27 - 2015-08-15 01:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-14 23:27 - 2015-08-15 01:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-14 23:27 - 2015-08-15 01:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-14 23:27 - 2015-08-15 01:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-14 23:27 - 2015-08-15 01:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-14 23:27 - 2015-08-15 01:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-14 23:27 - 2015-08-15 01:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-14 23:27 - 2015-08-15 01:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-14 23:27 - 2015-08-15 01:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-14 23:27 - 2015-08-15 01:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-14 23:27 - 2015-08-15 01:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-14 23:27 - 2015-08-15 01:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-14 23:27 - 2015-08-15 01:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-14 23:27 - 2015-08-15 01:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-14 23:27 - 2015-08-15 01:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-14 23:27 - 2015-08-15 01:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-14 23:27 - 2015-08-15 01:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-14 23:27 - 2015-08-15 01:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-14 23:27 - 2015-08-15 01:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-14 23:27 - 2015-08-15 01:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-14 23:27 - 2015-08-15 01:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-14 23:27 - 2015-08-15 01:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-14 23:27 - 2015-08-15 01:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-14 23:27 - 2015-08-15 01:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-14 23:27 - 2015-08-15 00:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-14 23:27 - 2015-08-15 00:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-14 23:27 - 2015-08-15 00:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-14 23:24 - 2015-08-04 13:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-14 23:24 - 2015-08-04 13:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-14 23:24 - 2015-08-04 13:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-14 23:24 - 2015-08-04 13:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-14 23:24 - 2015-08-04 13:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-14 23:24 - 2015-08-04 12:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-14 23:23 - 2015-09-01 22:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-14 23:23 - 2015-09-01 22:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-14 23:23 - 2015-09-01 22:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-14 23:23 - 2015-09-01 22:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-14 23:23 - 2015-09-01 21:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-14 23:23 - 2015-09-01 21:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-14 23:23 - 2015-08-27 13:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-14 23:23 - 2015-08-27 13:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-14 23:23 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-14 23:23 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-14 23:23 - 2015-08-05 13:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-14 23:23 - 2015-08-05 13:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-14 23:23 - 2015-08-05 13:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-14 23:20 - 2015-08-26 13:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-14 23:20 - 2015-08-26 13:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-14 23:20 - 2015-08-26 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-14 23:20 - 2015-08-26 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-14 23:20 - 2015-08-26 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-14 23:20 - 2015-08-26 13:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-14 23:20 - 2015-08-26 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-14 23:20 - 2015-08-26 13:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-14 23:20 - 2015-08-26 13:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-14 23:20 - 2015-08-26 13:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-14 23:20 - 2015-08-26 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-14 21:49 - 2015-09-14 21:49 - 00000000 ____D C:\Users\Matt's Services\Downloads\PC Drivers HeadQuarters
2015-09-14 21:46 - 2015-09-15 23:50 - 00000000 ____D C:\Users\Matt's Services\AppData\Local\PC_Drivers_Headquarters
2015-09-14 21:46 - 2015-09-14 21:46 - 00000000 ____D C:\ProgramData\PC Drivers HeadQuarters
2015-09-04 19:33 - 2015-09-05 17:46 - 00002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-09-04 13:57 - 2015-09-04 14:00 - 00000000 ____D C:\ProgramData\Auslogics
2015-09-04 13:56 - 2015-09-05 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2015-09-04 13:56 - 2015-09-04 13:56 - 00001253 _____ C:\Users\Matt's Services\Desktop\Auslogics DiskDefrag.lnk
2015-09-02 18:41 - 2015-09-15 11:35 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-25 11:47 - 2009-07-14 00:34 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-25 11:47 - 2009-07-14 00:34 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-25 11:38 - 2015-08-07 12:36 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-25 11:37 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-24 18:00 - 2013-02-26 11:52 - 04775936 _____ C:\Users\Matt's Services\Desktop\QDATA1.QDF
2015-09-24 17:59 - 2010-01-04 14:41 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-24 17:58 - 2012-11-10 16:52 - 04775936 _____ C:\QDATA1.QDF-backup
2015-09-24 17:56 - 2013-02-26 11:52 - 00095856 _____ C:\Users\Matt's Services\Desktop\QDATA1OFXLOG.DAT
2015-09-23 20:13 - 2015-08-15 04:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-19 15:25 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\LogFiles
2015-09-17 18:21 - 2010-01-05 02:34 - 00000000 ____D C:\ProgramData\Nero
2015-09-17 18:01 - 2010-01-05 06:37 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2015-09-17 17:50 - 2010-01-05 06:37 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-09-17 17:21 - 2014-07-11 22:25 - 00000000 ____D C:\Temp
2015-09-15 23:59 - 2014-11-29 16:15 - 00000000 ____D C:\Users\Matt's Services\AppData\Roaming\AVS4YOU
2015-09-15 23:55 - 2014-03-21 18:17 - 00000260 _____ C:\Windows\system32\cmdVBS.vbs
2015-09-15 23:55 - 2014-03-21 18:17 - 00000256 _____ C:\Windows\system32\MSIevent.bat
2015-09-15 23:54 - 2013-12-27 19:31 - 00000000 ____D C:\Program Files\Hewlett-Packard
2015-09-15 22:39 - 2009-07-14 00:33 - 01066192 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-15 18:02 - 2014-11-29 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2015-09-15 18:02 - 2014-11-29 16:11 - 00000000 ____D C:\Program Files\AVS4YOU
2015-09-15 17:45 - 2013-12-27 23:28 - 00000000 ____D C:\Users\Matt's Services\AppData\Roaming\hpqLog
2015-09-15 17:44 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Help
2015-09-15 17:43 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2015-09-15 17:21 - 2013-12-27 23:54 - 00000000 ____D C:\SYSTEM.SAV
2015-09-15 17:16 - 2010-01-05 22:08 - 00411568 _____ C:\Users\Matt's Services\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-15 16:50 - 2010-01-05 06:50 - 00000000 ____D C:\Users\Matt's Services\Documents\Unzipped
2015-09-15 16:39 - 2010-03-04 15:50 - 00000000 ____D C:\Users\Matt's Services\AppData\Local\Apps\2.0
2015-09-15 16:23 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-15 14:46 - 2015-08-07 12:34 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-15 14:41 - 2015-08-07 12:35 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-15 14:41 - 2015-08-07 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-15 14:41 - 2015-08-07 12:34 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-09-15 13:37 - 2010-01-05 08:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
2015-09-15 13:36 - 2010-01-05 00:45 - 00000000 ____D C:\Program Files\Microsoft Office
2015-09-15 13:36 - 2009-07-13 22:37 - 00000000 __RSD C:\Windows\Media
2015-09-15 13:36 - 2009-07-13 22:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-09-15 13:08 - 2009-07-14 03:50 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-15 13:01 - 2010-01-06 00:09 - 00000000 ____D C:\Program Files\Yoostar Inc
2015-09-15 12:56 - 2010-07-29 12:19 - 00000000 ____D C:\ProgramData\DivX
2015-09-15 12:51 - 2010-01-05 08:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Studio
2015-09-15 12:50 - 2010-01-05 08:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Studio
2015-09-15 12:48 - 2010-01-05 08:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anti-Virus
2015-09-15 12:42 - 2010-01-05 08:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graphics Studio
2015-09-15 12:36 - 2010-01-05 05:12 - 00000000 ____D C:\Program Files\Sony
2015-09-15 12:32 - 2010-01-06 00:09 - 00000000 ____D C:\Users\Public\Documents\yoostar
2015-09-15 12:31 - 2010-03-16 11:36 - 00000000 ____D C:\Users\Matt's Services\AppData\Local\Yahoo
2015-09-15 12:25 - 2010-01-05 02:21 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-09-15 12:10 - 2010-03-04 15:50 - 00000000 ____D C:\Users\Matt's Services\AppData\Local\Deployment
2015-09-15 12:03 - 2013-04-20 21:23 - 00000000 ____D C:\Users\Matt's Services\AppData\Local\Windows Live Writer
2015-09-15 11:21 - 2010-01-05 00:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Reference
2015-09-15 01:03 - 2013-07-24 22:07 - 00000000 ____D C:\Windows\system32\MRT
2015-09-15 00:04 - 2013-04-01 20:35 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-05 17:46 - 2012-05-25 22:31 - 00001945 _____ C:\Windows\epplauncher.mif
2015-09-05 17:45 - 2014-03-21 19:46 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-09-05 15:46 - 2010-05-15 10:24 - 00000000 ____D C:\Program Files\Auslogics
2015-09-03 17:29 - 2012-05-03 16:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-27 23:58 - 2013-02-26 11:44 - 00000000 ____D C:\Users\Matt's Services\Desktop\BACKUP
2015-08-27 23:40 - 2010-01-04 14:38 - 00000000 ____D C:\Users\Matt's Services
2015-08-26 18:36 - 2010-01-06 21:50 - 132039072 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2010-07-21 17:33 - 2014-09-01 00:26 - 0000199 _____ () C:\Users\Matt's Services\AppData\Roaming\default.rss
2010-01-05 06:54 - 2012-07-04 16:03 - 0000977 _____ () C:\Users\Matt's Services\AppData\Roaming\DVDSubEdit.ini
2011-10-18 15:24 - 2011-10-18 15:26 - 0087608 _____ () C:\Users\Matt's Services\AppData\Roaming\inst.exe
2011-10-18 15:24 - 2011-10-18 15:26 - 0007887 _____ () C:\Users\Matt's Services\AppData\Roaming\pcouffin.cat
2011-10-18 15:24 - 2011-10-18 15:26 - 0001144 _____ () C:\Users\Matt's Services\AppData\Roaming\pcouffin.inf
2011-10-18 15:25 - 2011-10-18 15:26 - 0000033 _____ () C:\Users\Matt's Services\AppData\Roaming\pcouffin.log
2011-10-18 15:24 - 2011-10-18 15:26 - 0047360 _____ (VSO Software) C:\Users\Matt's Services\AppData\Roaming\pcouffin.sys
2012-03-26 19:58 - 2012-04-23 16:29 - 0039936 _____ () C:\Users\Matt's Services\AppData\Roaming\SharedSettings.ccs
2011-10-18 15:25 - 2011-10-18 15:26 - 0001041 _____ () C:\Users\Matt's Services\AppData\Roaming\vso_ts_preview.xml
2015-08-03 21:24 - 2015-08-03 21:56 - 0000600 _____ () C:\Users\Matt's Services\AppData\Roaming\winscp.rnd
2010-09-22 13:27 - 2012-07-04 16:06 - 0003584 _____ () C:\Users\Matt's Services\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-21 18:18 - 2014-03-21 18:18 - 0009662 _____ () C:\Users\Matt's Services\AppData\Local\MessageCenter.ico
2014-03-21 18:18 - 2014-03-21 18:18 - 0009662 _____ () C:\Users\Matt's Services\AppData\Local\MyVerizon.ico
2014-03-21 18:18 - 2014-03-21 18:18 - 0103749 _____ () C:\Users\Matt's Services\AppData\Local\VZWifiIcon.ico

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-14 23:40

==================== End of FRST.txt ============================

Link to post
Share on other sites

Addition.txt file:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:23-09-2015
Ran by Matt's Services (2015-09-25 11:58:22)
Running from C:\Users\Matt's Services\Documents\_Programs
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2010-01-04 18:38:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1968118532-1448927574-937044247-500 - Administrator - Disabled)
Guest (S-1-5-21-1968118532-1448927574-937044247-501 - Limited - Enabled)
Matt's Services (S-1-5-21-1968118532-1448927574-937044247-1002 - Administrator - Enabled) => C:\Users\Matt's Services

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19480 - Adobe Systems Incorporated)
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.63 - NOS Microsystems Ltd.)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Aimersoft Video Converter Pro(Build 4.1.2.0) (HKLM\...\Aimersoft Video Converter Pro_is1) (Version:  - Aimersoft Software)
AMD Catalyst Install Manager (HKLM\...\{DE7D695C-2EC7-AFDF-F786-6E938DE83175}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
aTube Catcher version 3.8 (HKLM\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.0.2.0 - Auslogics Labs Pty Ltd)
AVG 2011 (Version: 10.0.424 - AVG Technologies) Hidden
AVS Registry Cleaner 2.3.4.261 (HKLM\...\AVS Registry Cleaner_is1) (Version: 2.3.4.261 - Online Media Technologies Ltd.)
AVS Video Converter 9.0 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: 9.0.1.566 - Online Media Technologies Ltd.)
AVS Video Editor 7.0 (HKLM\...\AVS Video Editor_is1) (Version: 7.0.1.258 - Online Media Technologies Ltd.)
AVS Video ReMaker 4.3.2.166 (HKLM\...\AVS Video ReMaker_is1) (Version: 4.3.2.166 - Online Media Technologies Ltd.)
Belkin Desktop PCI Card Driver (HKLM\...\{50D47CE8-9C16-42D1-A8D8-B143B22E232A}) (Version: 1.12.0005 - Belkin)
Brother MFL-Pro Suite MFC-495CW (HKLM\...\{0A02D347-5E53-48A5-BC49-1469393103FA}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Casper 7.0 (HKLM\...\{B28C64A1-22A0-4106-B040-DCD78859AAF3}) (Version: 7.0.2754 - Future Systems Solutions, Inc.)
Chinese Traditional Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-2448-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Corel VideoStudio 12 (HKLM\...\InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}) (Version: 12.0.0.0000 - Corel Corporation)
CuteFTP 7 Professional (HKLM\...\{1CCBCF78-EF12-4137-B3CA-99F30A2E7D21}) (Version: 7.20.1000 - GlobalSCAPE)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
Driver Detective (HKLM\...\DriversHQ.DriverDetective.Client) (Version: 10.1.2.41 - PC Drivers HeadQuarters LP)
EaseUS Partition Master 9.2.1 Home Edition (HKLM\...\EaseUS Partition Master Home Edition_is1) (Version:  - EaseUS)
Elevated Installer (Version: 4.0.16.0 - Garmin Ltd or its subsidiaries) Hidden
Eye Candy 4000 (HKLM\...\Eye Candy 4000) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
ffdshow v1.3.4532 [2014-07-17] (HKLM\...\ffdshow_is1) (Version: 1.3.4532.0 - )
FlipShare (HKLM\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)
Garmin Communicator Plugin (HKLM\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{01b90f4a-c495-47c4-a33b-1391f41398ce}) (Version: 4.0.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 4.0.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 4.0.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
ImTOO Download YouTube Video (HKLM\...\ImTOO Download YouTube Video) (Version: 5.6.3.20150119 - ImTOO)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JGsoft EditPad Pro 4.5.5 (HKLM\...\EditPad Pro) (Version:  - )
JPEG to PDF 1.0 (HKLM\...\{4097ADD8-7890-4CBD-953A-1187EF2C6FA5}_is1) (Version:  - jpegtopdf.com)
Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Karaoke Anything! (HKLM\...\Karaoke Anything!1.0) (Version:  - )
LightScribe System Software (HKLM\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Media Player Codec Pack 4.2.7 (HKLM\...\Media Player - Codec Pack) (Version: 4.2.7 - Media Player Codec Pack)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version:  - )
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM\...\{98EFD8F0-08DE-48DB-B922-A2EBAB711033}) (Version: 7.03.1151 - Nero AG)
ophcrack 3.5.0 (HKLM\...\ophcrack) (Version: 3.5.0 - OS Objectif Sécurité SA)
Paint Shop Pro 7 (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.1.0000 - Jasc Software Inc)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
Quicken 2013 (HKLM\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version:  - )
Realtek Ethernet Controller All-In-One Windows Driver (HKLM\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0011 - Realtek)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.1.32.0 - Renesas Electronics Corporation) Hidden
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 5.10 (HKLM\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 5.10.116 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.5.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.5.0 - SmartSound Software Inc) Hidden
Sony Sound Forge Audio Studio 9.0 (HKLM\...\{20207CCE-A8FA-44A7-AA3D-1E43EB307B27}) (Version: 9.0.232 - Sony)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VideoStudio (Version: 12.0.0.0000 - Corel Corporation) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinZip (HKLM\...\WinZip) (Version:  9.0 SR-1 (6224) - WinZip Computing, Inc.)
Xenofex 1.1 (HKLM\...\Xenofex 1.0) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002_Classes\CLSID\{02172B7A-11D6-42b6-9550-41B281804714}\localserver32 -> C:\Program Files\GlobalSCAPE\CuteFTP 7 Professional\ftpte.exe (GlobalSCAPE Texas, LP.)
CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Matt's Services\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe No File
CustomCLSID: HKU\S-1-5-21-1968118532-1448927574-937044247-1002_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Matt's Services\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File

==================== Restore Points =========================

22-09-2015 21:57:59 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2015-09-17 17:57 - 00450786 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    007guard.com
127.0.0.1    www.007guard.com
127.0.0.1    008i.com
127.0.0.1    008k.com
127.0.0.1    www.008k.com
127.0.0.1    00hq.com
127.0.0.1    www.00hq.com
127.0.0.1    010402.com
127.0.0.1    032439.com
127.0.0.1    www.032439.com
127.0.0.1    0scan.com
127.0.0.1    www.0scan.com
127.0.0.1    1-2005-search.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-domains-registrations.com
127.0.0.1    www.1-domains-registrations.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {24F324DA-E578-465D-863A-E3FE325AB668} - System32\Tasks\Future Systems Solutions\Casper\Casper 7.0 Update Notification Task => C:\Program Files\Future Systems Solutions\Casper 7.0\CASPER.EXE [2012-11-30] (Future Systems Solutions, Inc.)
Task: {250CF564-3F31-4D4F-926F-A1CDE8666B26} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {2D27F9D9-E573-42FE-9A04-7E3F49505A31} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-24] (Adobe Systems Incorporated)
Task: {4D47AB5B-1A0E-4B1C-8FCC-A47C440C7FCA} - System32\Tasks\{764FCD57-7840-4C64-B2BD-06D352057454} => pcalua.exe -a C:\Windows\unvise32.exe -c C:\PROGRAM FILES\JASC SOFTWARE INC\PAINT SHOP PRO 7\FILTERS\DreamSuite Bonus\DreamSuite Bonus Uninstall.log
Task: {64ED2775-3AB8-48DD-B186-F171F0A2B1D6} - System32\Tasks\Driver Detective-RTMRules => C:\Program Files\Driver Detective\DriversHQ.DriverDetective.Client.exe [2015-09-22] (PC Drivers Headquarters)
Task: {76E77048-62DF-4975-BF40-D12EA27DD6E8} - System32\Tasks\Driver Detective-RTMUpdater => C:\Program Files\Driver Detective\DriversHQ.DriverDetective.Client.exe [2015-09-22] (PC Drivers Headquarters)
Task: {7E5CCC65-F4F6-4C54-A561-14082EDAFAF5} - System32\Tasks\Driver Detective => C:\Program Files\Driver Detective\DriversHQ.DriverDetective.Client.exe [2015-09-22] (PC Drivers Headquarters)
Task: {EB897E6F-6CA2-4D78-822B-FDAB05650DAC} - System32\Tasks\Driver Detective-RTMScan => C:\Program Files\Driver Detective\DriversHQ.DriverDetective.Client.exe [2015-09-22] (PC Drivers Headquarters)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-09-02 16:29 - 2015-09-22 21:56 - 00354592 _____ () C:\Program Files\Driver Detective\Agent.Common.XmlSerializers.dll
2015-09-02 16:30 - 2015-09-22 21:55 - 00810272 _____ () C:\Program Files\Driver Detective\ThemePack.Default.dll
2015-09-02 16:29 - 2015-09-22 21:56 - 00485664 _____ () C:\Program Files\Driver Detective\Agent.Communication.XmlSerializers.dll
2015-09-02 16:30 - 2015-09-02 16:30 - 00071968 _____ () C:\Program Files\Driver Detective\RuleEngine.XmlSerializers.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7868 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1968118532-1448927574-937044247-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Matt's Services\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AVGIDSAgent => 2
MSCONFIG\Services: avgwd => 2
MSCONFIG\Services: FlipShare Service => 2
MSCONFIG\Services: FlipShareServer => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodecPackUpdateChecker.lnk => C:\Windows\pss\CodecPackUpdateChecker.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Find Fast.lnk => C:\Windows\pss\Microsoft Find Fast.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office Shortcut Bar.lnk => C:\Windows\pss\Microsoft Office Shortcut Bar.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Office Startup.lnk => C:\Windows\pss\Office Startup.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Matt's Services^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Matt's Services^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Socialbox.lnk => C:\Windows\pss\Socialbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: DiscWizardMonitor.exe => "C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe"
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\Matt's Services\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Seagate Scheduler2 Service => "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: snp2uvc => C:\Windows\vsnp2uvc.exe
MSCONFIG\startupreg: SoundMan => SOUNDMAN.EXE
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh =>
MSCONFIG\startupreg: UVS12 Preload => C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
MSCONFIG\startupreg: WD Drive Manager => C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{018B52C2-DEF6-4660-8CC8-E134FFC7D0D5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C75D015C-C400-4463-BE7F-BF8D51082F99}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7857E873-FBC5-49CE-AC5A-091853587C5E}] => (Allow) LPort=50000

==================== Faulty Device Manager Devices =============

Name: Null
Description: Null
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Null
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Patin Couffin engine
Description: Patin Couffin engine
Class Guid: {ff646f80-8def-11d2-9449-00105a075f6b}
Manufacturer: VSO Software
Service: Pcouffin
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/24/2015 05:55:54 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/09/24 17:55:54.056]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2

Error: (09/24/2015 05:55:53 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/09/24 17:55:53.056]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2

Error: (09/24/2015 05:55:52 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/09/24 17:55:52.056]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2

Error: (09/24/2015 05:55:51 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/09/24 17:55:51.056]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2

Error: (09/24/2015 05:55:50 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/09/24 17:55:50.056]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2

Error: (09/24/2015 05:55:49 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/09/24 17:55:49.056]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2

Error: (09/24/2015 05:55:48 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/09/24 17:55:48.025]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2

Error: (09/24/2015 05:55:46 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/09/24 17:55:46.947]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2

Error: (09/24/2015 05:55:45 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/09/24 17:55:45.900]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2

Error: (09/24/2015 05:55:44 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/09/24 17:55:44.900]: [00003332]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2


System errors:
=============
Error: (09/25/2015 11:48:34 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (09/25/2015 11:47:52 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (09/25/2015 11:39:20 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ASPI32
invrgg
Null

Error: (09/25/2015 11:38:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
%%1053

Error: (09/25/2015 11:38:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

Error: (09/24/2015 05:54:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ASPI32
invrgg
Null

Error: (09/24/2015 05:54:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
%%1053

Error: (09/24/2015 05:54:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

Error: (09/24/2015 01:39:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ASPI32
invrgg
Null

Error: (09/24/2015 01:38:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
%%1053


==================== Memory info ===========================

Processor: AMD Athlon 64 Processor 3500+
Percentage of memory in use: 42%
Total physical RAM: 3518.55 MB
Available physical RAM: 2007.26 MB
Total Virtual: 7035.42 MB
Available Virtual: 5284.93 MB

==================== Drives ================================

Drive c: (Hard Drive) (Fixed) (Total:148.76 GB) (Free:96.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 68796879)
Partition 1: (Not Active) - (Size=148.8 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=290 MB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.