Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

I was told to post here (help I guess?)

Solved 
7K views 45 replies 2 participants last post by  AlwaysScrewed 
#1 ·
I was told to post here by bobs-here.

Here's the issue I'm having:

I'm having multiple strange issues that I don't know what is causing it.

A couple of months ago my SpyBot Search & Destroy wouldn't run at start up sometimes when I right clicked and ran as administrator. When this happened, I couldn't scan for viruses with my Avast either. For awhile the issue stopped but then it started up again.

Eventually I got tired of it and researched SpyBot and saw a lot of posts about it not being good. So I uninstalled it. I'm not sure if that fixed the problem but I've been successfully able to run Avast scans afterwards.

Then, all of a sudden, I've been getting two recurring issues. One is that my reliability history is showing a lot of 'Windows Wireless LAN 802.11 Extensibility Framework' stopped working. However the internet still seems to work and download just fine. The second is all of a sudden my Windows Media Player won't run at all. It opens but it's just a circle and it never loads so I have to use Task Manager to close it and it won't reopen unless I do a restart. The previous SpyBot issue would fix with a restart too.

I've run scans with both Avast Free and MalwareBytes Free with updates and neither detects anything. I also ran the sfc /scannow thing today and it said 'Windows Resource Protection did not find any integrity violations.'

Admittedly I haven't tried running an Avast scan when I get the Windows Media Player issue when it occurs.

Any idea what could be causing this? I have a Windows 7 Asus laptop. I am not sure which version of Windows Media Player I have. Sorry.

I really don't want to restore it to factory settings AGAIN because I don't have the time to reinstall everything and do that again now that I have a job. Having to restart is starting to become a pain. Even though everything else seems to be working okay this just does not make sense.

I'd really appreciate any help with this. Thank you.

I've also already tried the chkdsk thing too.

I don't know what the problem is, and, like I already said, I ran scans with Avast and MalwareBytes updated versions and they did not detect anything.

I would prefer not to download a plethora of other scanning programs just to see if it detects something.

I have a job now and don't exactly have 4+ hours to do stuff like that.

Either way I'd really appreciate any help with this.

Thank you.
 
See less See more
#3 ·
Hello AlwaysScrewed, and Welcome to TGS forums!

My name is wannabeageek and I'll be helping you with any malware problems.

Before you go uninstalling programs, the problem should be identified first. In order to correctly identify any and all issues, I will need you to download to your desktop, programs that will produce logs for you to post here. We will start with TSG - SysInfo utility . Why waste time removing and reinstalling programs when they may not be the problem.

TSG - SysInfo utility
  • Right mouse click on this link: SysInfo utility
  • Select from the pop up box:
    "Save link as..."
  • From the left panel of the pop up box, scroll up and select desktop.
  • Click the "Save" button.
From your desktop:
  • Right Mouse click SysInfo.exe, select "Run As Administrator" to run it... if UAC prompts, please allow it.
  • Right click, select copy and then paste in your next post.
 
#4 ·
Hello AlwaysScrewed, and Welcome to TGS forums!

My name is wannabeageek and I'll be helping you with any malware problems.

Before you go uninstalling programs, the problem should be identified first. In order to correctly identify any and all issues, I will need you to download to your desktop, programs that will produce logs for you to post here. We will start with TSG - SysInfo utility . Why waste time removing and reinstalling programs when they may not be the problem.

TSG - SysInfo utility
  • Right mouse click on this link: SysInfo utility
  • Select from the pop up box:
    "Save link as..."
  • From the left panel of the pop up box, scroll up and select desktop.
  • Click the "Save" button.
From your desktop:
  • Right Mouse click SysInfo.exe, select "Run As Administrator" to run it... if UAC prompts, please allow it.
  • Right click, select copy and then paste in your next post.
Here:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, 64 bit
Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz, Intel64 Family 6 Model 37 Stepping 5
Processor Count: 4
RAM: 3884 Mb
Graphics Card: Intel(R) HD Graphics, 1718 Mb
Hard Drives: C: Total - 588476 MB, Free - 409698 MB;
Motherboard: ASUSTeK Computer Inc., U52F
Antivirus: avast! Antivirus, Updated and Enabled

Please don't make me download 50+ other programs just to do scans to detect something when prior scans had no result.
 
#5 ·
Please don't make me download 50+ other programs just to do scans to detect something when prior scans had no result.
Let me be perfectly clear. Up till now you have been posting in open forums where anyone under the sun can post an answer. People such as admin, trusted advisors, moderators, and the public. And I am not saying that these people do not know what they are doing. Many of the staff here have been helping much longer than me and I started in 2009.

This thread is different in that you deal with only one helper, me. The reasoning for this is every helper has their respective idea on how a problem should be approached. When you get several people giving advise, the process gets confusing. For instance, lets say 5 different people give a suggestion on how to "fix" your problem. Off you go in 5 different directions trying this and trying that. Now it happens that the 2nd person to give a suggestion was trusted helper or advisor. And one of the steps was to reboot your computer or change some obscure program setting and you forgot. Or what if malware added a script to the registry to change back what you were told fix by the trusted advisor? Off you go to suggestion number 3, and you never went back to verify that you had followed all the steps correctly or to verify that you did not overlook some thing in the instructions. And this may not be the case at all.

Now, I am not going to review the past 15 threads you created to find a possible problem. No helper in their right mind would. And I have no intention of having you download 50+ programs, but you will need to download the programs I ask you to download in order to get the information I need in order to come to a successful resolution.

In your comment, "when prior scans had no result.", you are telling me that all programs scan the same thing in the same way and that couldn't be further from the truth. Not all programs scan the same way, nor do they scan the same thing. And this is why we have multiple programs used for scanning different area's of the computer.

Let us start with this:

FRST - Farbar Recovery Scanner Tool


Please download FRST64.exe ... by Farbar. Move this to your desktop.

  1. Right click on FRST64.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it. When the tool opens click Yes to disclaimer.
  2. Press Scan button. ... A log will be created FRST.txt in the same directory the tool is run.
  3. Please copy/paste FRST.txt it to your reply.
    The first time the tool is run, it makes also another log... Addition.txt.
  4. Please copy/paste Addition.txt in your reply.
 
#6 ·
FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-05-2016
Ran by Matt (administrator) on MATT-PC (23-05-2016 18:27:39)
Running from C:\Users\Matt\Desktop
Loaded Profiles: Matt (Available Profiles: Matt)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1441792 2010-06-08] (Intel® Corporation)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-04-29] (COMODO)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-07-02] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400576 2016-05-12] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\Run: [Best Buy pc app] => C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-04-27] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2010-11-15]
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-11-15]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-11-15]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{4CFBE1A1-1B26-42D1-99D8-23A076756452}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Internet Explorer:
==================
HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.aol.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-06] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-06] (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-03] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-03] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-12-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-12-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-12-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-12-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\yq33jfgk.default-1441462611604
FF Homepage: hxxp://www.aol.com/
FF NetworkProxy: "backup.ftp", "198.169.246.30"
FF NetworkProxy: "backup.ftp_port", 80
FF NetworkProxy: "backup.socks", "198.169.246.30"
FF NetworkProxy: "backup.socks_port", 80
FF NetworkProxy: "backup.ssl", "198.169.246.30"
FF NetworkProxy: "backup.ssl_port", 80
FF NetworkProxy: "ftp", "205.189.170.150"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "205.189.170.150"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "205.189.170.150"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "205.189.170.150"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-15] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2016-01-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-05] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\yq33jfgk.default-1441462611604\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-09]
FF Extension: DownThemAll! - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\yq33jfgk.default-1441462611604\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-04-14]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\yq33jfgk.default-1441462611604\extensions\adblockpopups@jessehakanen.net.xpi [2016-04-27]
FF Extension: MEGA - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\yq33jfgk.default-1441462611604\Extensions\firefox@mega.co.nz.xpi [2016-05-18]
FF Extension: Adblock Plus - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\yq33jfgk.default-1441462611604\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-27]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-04-27]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-04-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-04-27] (AVAST Software)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817200 2016-04-29] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-04-29] (COMODO)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-06-07] (Red Bend Ltd.) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-06-07] (Intel(R) Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-04-27] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-04-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-04-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-04-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-04-27] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-04-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-04-27] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-04-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-04-27] (AVAST Software)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31648 2016-04-27] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [829608 2016-04-27] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [56472 2016-04-27] (COMODO)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [116248 2016-04-27] (COMODO)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-23 18:27 - 2016-05-23 18:28 - 00017934 _____ C:\Users\Matt\Desktop\FRST.txt
2016-05-23 18:25 - 2016-05-23 18:27 - 00000000 ____D C:\FRST
2016-05-23 18:25 - 2016-05-23 18:25 - 02383360 _____ (Farbar) C:\Users\Matt\Desktop\FRST64.exe
2016-04-27 15:21 - 2016-04-27 15:21 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-04-27 15:21 - 2016-04-27 15:21 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-04-26 15:50 - 2016-05-04 11:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-23 18:18 - 2014-12-01 17:01 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2D572860-BA3D-443F-8A3D-ACB5E6F02CDE}
2016-05-23 17:34 - 2014-12-02 16:16 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Skype
2016-05-23 16:54 - 2009-07-14 01:13 - 00877290 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-23 16:54 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-05-23 16:32 - 2014-12-01 18:35 - 00010509 _____ C:\Users\Matt\Documents\Online Anime and Shows.xlsx
2016-05-23 15:16 - 2009-07-14 00:45 - 00015904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-23 15:16 - 2009-07-14 00:45 - 00015904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-23 15:08 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-23 11:46 - 2014-12-01 18:48 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-05-21 16:38 - 2015-04-15 11:46 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-20 16:01 - 2014-12-02 16:15 - 00000000 ____D C:\ProgramData\Skype
2016-05-16 17:29 - 2014-12-01 18:35 - 00000000 ____D C:\Users\Matt\Documents\My Downloads
2016-05-15 12:31 - 2014-12-02 18:34 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Audacity
2016-05-15 12:01 - 2014-12-01 19:35 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-15 12:01 - 2014-12-01 19:35 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-15 12:01 - 2014-12-01 19:35 - 00000000 ____D C:\Users\Matt\AppData\Local\Adobe
2016-05-13 18:04 - 2015-12-04 11:55 - 00000000 ___SD C:\Users\Matt\AppData\LocalLow\Temp
2016-05-11 12:42 - 2014-12-24 13:29 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-11 12:37 - 2014-12-01 17:46 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-11 12:37 - 2014-12-01 17:46 - 00000000 ____D C:\Windows\system32\MRT
2016-05-04 11:50 - 2014-12-01 19:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-01 12:42 - 2014-12-02 15:51 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-29 16:10 - 2014-12-02 16:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-29 15:22 - 2014-12-02 16:28 - 00006824 _____ C:\Windows\system32\Drivers\fvstore.dat
2016-04-29 15:22 - 2014-12-01 19:02 - 00001947 _____ C:\Users\Public\Desktop\COMODO Firewall.lnk
2016-04-27 17:09 - 2013-09-24 14:54 - 00116248 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2016-04-27 17:09 - 2013-09-24 14:54 - 00056472 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2016-04-27 17:08 - 2013-11-14 15:38 - 00829608 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2016-04-27 17:08 - 2013-09-24 14:54 - 00031648 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2016-04-27 17:05 - 2013-11-14 15:38 - 00051800 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2016-04-27 17:04 - 2013-09-24 14:53 - 00596232 _____ (COMODO) C:\Windows\system32\guard64.dll
2016-04-27 17:04 - 2013-09-24 14:53 - 00461648 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2016-04-27 17:00 - 2013-09-24 14:53 - 00365752 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2016-04-27 16:58 - 2013-09-24 14:53 - 00051896 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
2016-04-27 16:55 - 2013-09-24 14:53 - 00296120 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2016-04-27 16:53 - 2013-09-24 14:53 - 00046776 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2016-04-27 15:24 - 2016-03-22 19:47 - 00003888 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458690459
2016-04-27 15:21 - 2016-03-22 19:47 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-04-27 15:21 - 2014-12-01 18:48 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-04-27 15:21 - 2014-12-01 18:48 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-04-27 15:21 - 2014-12-01 18:48 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-04-27 15:21 - 2014-12-01 18:48 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-04-27 15:21 - 2014-12-01 18:48 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-04-27 15:21 - 2014-12-01 18:48 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-04-27 15:21 - 2014-12-01 18:48 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-04-27 15:21 - 2014-12-01 18:48 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-04-27 11:39 - 2014-12-02 15:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-04-26 12:22 - 2014-12-02 16:06 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk

==================== Files in the root of some directories =======

2010-11-15 14:10 - 2010-11-15 14:10 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-11-15 14:10 - 2010-11-15 14:10 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2010-11-15 14:44

==================== End of FRST.txt ============================

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-05-2016
Ran by Matt (2016-05-23 18:28:28)
Running from C:\Users\Matt\Desktop
Windows 7 Home Premium (X64) (2014-12-01 20:53:15)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1327673075-2634350226-3933992056-500 - Administrator - Disabled)
Guest (S-1-5-21-1327673075-2634350226-3933992056-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1327673075-2634350226-3933992056-1002 - Limited - Enabled)
Matt (S-1-5-21-1327673075-2634350226-3933992056-1001 - Administrator - Enabled) => C:\Users\Matt

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.10 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.37 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version: - )
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0004 - ASUS)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software)
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
COMODO Firewall (HKLM\...\{901D1D88-408D-48E5-80DD-CC3145BD8456}) (Version: 6.3.39949.2976 - COMODO Security Solutions Inc.)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.8 - ASUS)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
ETDWare PS/2-x64 7.0.5.11_WHQL (HKLM\...\Elantech) (Version: 7.0.5.11 - ELAN Microelectronics Corp.)
Express Gate (HKLM-x32\...\{B5A5627C-0173-4DB2-ADA8-740479370F67}) (Version: 1.4.10.2 - DeviceVM, Inc.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.3.1 - Intel Corporation)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
Intel(R) Wireless Display (HKLM\...\{C298FF86-AB23-4B58-AC53-A23383C07B3A}) (Version: 1.2.20.0 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{6548B189-BEA4-4041-80E0-AEB60548E046}) (Version: 2.03.0005 - Intel Corporation)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Livestream Procaster (HKLM-x32\...\{68E4C751-272B-44E1-94C7-4E1FDC40F7DA}) (Version: 20.3.25 - Procaster)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6110 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.5900 - SRS Labs, Inc.)
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.3 - ASUS)
WinRAR 5.20 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.4 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.17 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {047244BE-BD6B-459E-894D-2B32318BFF38} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-04-29] (COMODO)
Task: {0A363DD2-B5E4-4FF3-880F-CF227BAF8427} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-05-28] (ATK)
Task: {0C2BD7C6-20A0-43E5-BD6F-4F382C80090F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-06] (AVAST Software)
Task: {2B73E791-90FB-4991-996E-51DEDD789671} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1327673075-2634350226-3933992056-1001
Task: {622BEE28-ED22-46A7-939A-771A1C5F8C70} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-05-11] (Adobe Systems Incorporated)
Task: {62C7929F-EC3A-4B8A-B5D2-D2F46BEF3C2A} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-06-09] (asus)
Task: {72FBBCA7-FA6E-45BD-B727-A5FB024EADF7} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-04-29] (COMODO)
Task: {7A96CB20-FEA4-412F-AFDC-F64CACC8E021} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-04-27] (AVAST Software)
Task: {7CC7A8AB-2C2B-4A05-8784-FBD1EF8C2295} - System32\Tasks\SafeZone scheduled Autoupdate 1458690459 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {B2923C21-B3A3-4162-B549-E71B497BDCD5} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-04-29] (COMODO)
Task: {B7FB001F-0F93-4A9F-A46E-567CBEDAF2A9} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {CF12F3DE-418C-467B-A277-4507B127C534} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-26] (Piriform Ltd)
Task: {F1BA919E-EE66-491F-8473-9E582ED568AA} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-03-05 13:21 - 2010-03-05 13:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-01-11 14:27 - 2010-01-11 14:27 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2010-05-05 22:22 - 2010-05-05 22:22 - 00108544 _____ () C:\Program Files\P4G\OvrClk.dll
2008-10-01 03:02 - 2008-10-01 03:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-03-05 13:21 - 2010-03-05 13:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2012-01-11 01:12 - 2012-01-11 01:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-07-02 17:36 - 2010-07-02 17:36 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2010-04-26 14:52 - 2010-04-26 14:52 - 00059904 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exe
2016-04-27 15:21 - 2016-04-27 15:21 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-04-27 15:21 - 2016-04-27 15:21 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-05-23 11:46 - 2016-05-23 11:46 - 02977376 _____ () C:\Program Files\AVAST Software\Avast\defs\16052301\algo.dll
2016-04-27 15:21 - 2016-04-27 15:21 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-04-27 15:21 - 2016-04-27 15:21 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-12-01 16:18 - 2015-12-01 16:18 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-11-02 18:20 - 2009-11-02 18:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 18:23 - 2009-11-02 18:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2010-02-23 19:14 - 2010-02-23 19:14 - 00041472 _____ () C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
2010-02-23 19:14 - 2010-02-23 19:14 - 00071680 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
2010-02-23 19:11 - 2010-02-23 19:11 - 00076288 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
2010-02-23 19:12 - 2010-02-23 19:12 - 00186880 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
2010-02-23 19:14 - 2010-02-23 19:14 - 00050688 _____ () C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepdu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\Matt\Desktop\FRST64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Matt\Desktop\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Matt\Documents\CB2crypt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Matt\Documents\codemanager.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Matt\Documents\Install_AIM.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Matt\Documents\Matt Munsey INTERVIEW QUESTIONS.docx:$CmdTcID [64]
AlternateDataStreams: C:\Users\Matt\Documents\Matt Munsey INTERVIEW QUESTIONS.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Matt\Documents\r4cce.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Matt\Documents\WinRAR.exe:$CmdTcID [64]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7893 more sites.

IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\123simsen.com -> www.123simsen.com

There are 7893 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-04-20 13:12 - 00452125 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15511 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7ADF8979-260C-440E-89BD-17CA246C6DFF}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{19FD1C58-816F-4102-BE94-F6611BD5BB29}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C16C6E42-5542-49F4-AF2B-5481EFEF33EC}] => (Allow) svchost.exe
FirewallRules: [{6670C619-E329-4375-80FD-3BF6EC9696C0}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{AC71F3D4-2CF6-4F03-8849-0A8441D1B993}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{71433CF9-487A-407A-8745-CEC5B600F9CC}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{F1FDEC00-92A4-4BAA-B230-F2E3BD098629}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{181C363B-EB30-4046-99F5-CA1442E04987}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{12F9FC42-20BC-416E-97F4-502226709A5A}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{BFD53E9E-2E2F-48C4-994A-5A8B0F377EBB}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{E6054C48-8D23-47F7-AB58-AC84FEC80129}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{ADDA1536-077F-4678-8AC2-23902A0CD5C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{99739657-20F0-4BBE-8B90-C4E1BDD1677C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1EF91809-DF43-4F5C-BBFC-111FBF8160ED}] => (Allow) C:\Users\Matt\AppData\Local\Temp\nsmFA98.tmp\CnetInstaller-75758254.exe
FirewallRules: [{08A7B28D-AEC2-4DAD-A42F-EED5EC3FD423}] => (Allow) C:\Users\Matt\AppData\Local\Temp\nsmFA98.tmp\CnetInstaller-75758254.exe
FirewallRules: [{CEA5967D-5A22-449E-BC17-A9079AA1E297}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AF53F65B-172F-4058-AF94-97F07337D4A3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Restore Points =========================

01-12-2014 16:53:19 Windows Update
01-12-2014 17:26:42 Installed Microsoft Office Home and Student 2010
01-12-2014 17:43:57 Windows Update
01-12-2014 18:12:58 Windows Update
01-12-2014 18:20:04 Windows Update
01-12-2014 18:47:12 avast! antivirus system restore point
01-12-2014 19:01:01 Device Driver Package Install: COMODO Network Service
01-12-2014 19:07:36 Removed GeekBuddy.
02-12-2014 14:54:39 Windows Update
03-12-2014 16:34:10 Installed Livestream Procaster
03-12-2014 16:50:37 Paint.NET v3.5.11
04-12-2014 15:43:59 Windows Update
10-12-2014 14:32:00 Windows Update
14-01-2015 13:16:03 Windows Update
24-01-2015 17:17:43 Before Jan. 2015 Legends of Equestria
11-02-2015 12:56:42 Windows Update
12-02-2015 13:03:56 Windows Update
20-02-2015 13:09:14 Before Feb. 2015 LoE
03-03-2015 11:31:52 avast! antivirus system restore point
11-03-2015 11:52:15 Windows Update
23-03-2015 12:31:14 avast! antivirus system restore point
24-03-2015 12:30:43 Before Six Nights at Pinkies
25-03-2015 10:46:47 Windows Update
25-03-2015 18:50:18 Before Six Nights at Pinkies Attempt 2
08-04-2015 11:10:42 Windows Update
08-04-2015 11:35:17 Restore Operation
15-04-2015 11:32:31 Windows Update
21-04-2015 15:16:55 avast! antivirus system restore point
13-05-2015 10:54:33 Windows Update
16-05-2015 14:28:31 Installed Xirrus Wi-Fi Inspector
10-06-2015 10:55:38 Windows Update
13-07-2015 10:51:18 avast! antivirus system restore point
15-07-2015 10:52:53 Windows Update
28-07-2015 15:02:21 avast! antivirus system restore point
12-08-2015 10:50:57 Windows Update
12-08-2015 12:41:02 Removed ASUS Live Update
09-09-2015 10:40:01 Windows Update
17-09-2015 12:59:27 avast! antivirus system restore point
21-09-2015 17:52:29 avast! antivirus system restore point
14-10-2015 10:47:25 Windows Update
11-11-2015 11:42:21 Windows Update
09-12-2015 11:43:23 Windows Update
12-01-2016 16:38:12 Windows Update
10-02-2016 12:23:31 Windows Update
09-03-2016 12:25:53 Windows Update
06-04-2016 11:53:19 Windows Update
13-04-2016 13:49:04 Windows Update
04-05-2016 12:01:59 Windows Update
11-05-2016 12:36:19 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/23/2016 03:09:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (05/23/2016 12:09:58 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (05/23/2016 11:44:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (05/22/2016 04:27:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (05/22/2016 11:21:13 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (05/22/2016 11:04:21 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (05/21/2016 04:47:54 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (05/21/2016 04:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (05/21/2016 11:17:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (05/21/2016 11:05:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

System errors:
=============
Error: (05/23/2016 04:39:28 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (05/21/2016 11:13:41 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (05/16/2016 03:24:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (05/16/2016 03:18:13 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (05/11/2016 01:37:34 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:34:54 PM on ‎5/‎11/‎2016 was unexpected.

Error: (05/11/2016 12:33:19 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (05/10/2016 11:51:02 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service hung on starting.

Error: (05/02/2016 03:19:10 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (05/02/2016 03:13:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (05/02/2016 03:13:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 58%
Total physical RAM: 3884.55 MB
Available physical RAM: 1608.86 MB
Total Virtual: 7767.23 MB
Available Virtual: 5137.23 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:574.68 GB) (Free:400.23 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=21.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=574.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
#7 ·
Hi AlwaysScrewed,

I would like you to run this scan and post the log while I look over the FRST logs.
Just to let you know, I see a few things that need fixing - we will get to them.

aswMBR - Scan

Please download aswMBR.exe ... © Avast Software ( 511KB ). Save it to your desktop.
  1. Right click the aswMBR.exe icon... select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. aswmbr uses Avast's virus definition, if prompted to download definitions... reply Yes.
    It may take some time for these definitions to download, please be patient.
  3. Make sure Quick Scan is set in the options... then click the "Scan" button to start the scan.
    The scan wil take a few minutes, please be patient.
  4. On completion... "Scan finished successfully" will be displayed... press the "Save log" button.
  5. You'll be prompted to save a file named "aswMBR.txt"... Save it to your desktop.
  6. Please copy and paste the contents of aswMBR.txt in your next reply.
Note: A file will be created and placed on your desktop when you execute aswMBR, named MBR.dat
This is a copy of your MBR record, before any changes, to be used to recover MBR to previous condition, if problem exist after changes.

Note: Do NOT click Fix or FixMBR.
Note: A file (MBR.dat) will be created on your Desktop. Do NOT click or delete it.
 
#8 · (Edited)
Here it is:

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-05-24 12:01:26
-----------------------------
12:01:26.278 OS Version: Windows x64 6.1.7600
12:01:26.278 Number of processors: 4 586 0x2505
12:01:26.279 ComputerName: MATT-PC UserName: Matt
12:01:29.955 Initialize success
12:01:29.971 VM: initialized successfully
12:01:29.973 VM: Intel CPU supported virtualized
12:01:36.042 VM: not used
12:01:38.073 AVAST engine defs: 16052401
12:02:03.341 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:02:03.341 Disk 0 Vendor: ST964032 0002 Size: 610480MB BusType: 3
12:02:03.512 Disk 0 MBR read successfully
12:02:03.512 Disk 0 MBR scan
12:02:03.512 Disk 0 Windows 7 default MBR code
12:02:03.528 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 22003 MB offset 63
12:02:03.543 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 588476 MB offset 45062325
12:02:03.543 Disk 0 default boot code
12:02:03.668 Disk 0 scanning C:\Windows\system32\drivers
12:02:11.125 Service scanning
12:02:48.971 Modules scanning
12:02:48.986 Disk 0 trace - called modules:
12:02:49.033 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
12:02:49.049 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c51060]
12:02:49.049 3 CLASSPNP.SYS[fffff88001ae443f] -> nt!IofCallDriver -> [0xfffffa8003b7b680]
12:02:49.064 5 ACPI.sys[fffff88000e0b781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049e7050]
12:02:51.139 AVAST engine scan C:\Windows
12:02:53.588 AVAST engine scan C:\Windows\system32
12:04:52.928 AVAST engine scan C:\Windows\system32\drivers
12:05:02.803 AVAST engine scan C:\Users\Matt
12:08:33.918 AVAST engine scan C:\ProgramData
12:09:39.173 Disk 0 statistics 3341684/0/0 @ 5.24 MB/s
12:09:39.173 Scan finished successfully
12:09:59.235 Disk 0 MBR has been saved successfully to "C:\Users\Matt\Desktop\MBR.dat"
12:09:59.251 The log file has been saved successfully to "C:\Users\Matt\Desktop\aswMBR.txt"

EDIT: It happened again while I was waiting for you to respond. I hope there's not much left to this. I don't want this getting worse and the restarting is seriously annoying.
 
#9 ·
Hi again AlwaysScrewed,

Lets start with your Spybot search and destroy issue. Which is actually a:

Multiple Antivirus Programs
You are running more than 1 Antivirus program!
AS: avast! Antivirus
AS: Comodo Defense+

Running - more than one - antivirus program is not recommended because:
  1. They can conflict with each other.
  2. Report the other antivirus software as malicious.
  3. Antivirus programs use an enormous amount of computer's resources... actively scanning your computer.
  4. Can cause your computer to run slowly, become unstable and crash.
I strongly suggest you uninstall one of them. Which one, is your decision.

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}
Yes, I have heard that Avast is supposed to work well with Comodo FireWall. Just not their antivirus and spyware programs. Somewhere during a Comodo update, you accidentally installed part of Comodo's Anti Spy Ware software. You may have to drop Avast and go totally with Comodo if you cannot uninstall Comodo's Anti Spy Ware and then reinstall just the firewall.

But today, you get to make that lovely decision.
Let me know what you decide, please. And by the way, I have never had an issue with SpyBot Search and Destroy. It is actually more of a corporate tool than a home user tool because of the immensity of the program and the time it takes to scan.
 
#10 ·
I already uninstalled SpyBot and no longer have it because I got tired of that particular issue.

Also I don't see Comodo Defense + in the uninstall programs area. I like avast so I would like to keep it.

I don't know how to uninstall Comodo Defense + without also uninstalling the firewall. Any suggestions? I tried Google searching it and couldn't find a solution.

The reason I like Comodo Firewall is because it's pops up sometimes when something wants access to something in my computer and I like that because if it's something I never clearly did myself I can block it and prevent it from possibly being a virus.
 
#11 ·
Hi,

I am not sure of the interoperability of the programs because I do not use COMODO products. Personal preference, you know. I am going to post some links relevant to your issue with these 2 programs and hope you can figure out a solution for your situation. I am sure if I had the computer in front of me I could figure it out, but that is not the case.

The general consensus is to go back to the windows default firewall. Reason is it works well with most routers hardware firewalls.

Does updated Comodo clash with Avast AV?
Basically states what I told you about the clash.

Avast Free Antivirus & Comodo (settings, shields, performance)
This should be of some help to you. Should be.

Avast free with comodo firewall -PLEASE READ-
Also, gives some links for customizing Windows 7 firewall

comodo firewall and avast antivirus
My search criteria using google.

Again, you need to do something different to correct the issue before we can proceed.
 
#13 ·
Hi AlwaysScrewed,

There are a few things here for you to run.

Step 1.
  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
    • If you have trouble copying and pasting, stop, and let me know - I will attach a file for you can down load.
Code:
SearchScopes: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF NetworkProxy: "backup.ftp", "198.169.246.30"
FF NetworkProxy: "backup.ftp_port", 80
FF NetworkProxy: "backup.socks", "198.169.246.30"
FF NetworkProxy: "backup.socks_port", 80
FF NetworkProxy: "backup.ssl", "198.169.246.30"
FF NetworkProxy: "backup.ssl_port", 80
FF NetworkProxy: "ftp", "205.189.170.150"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "205.189.170.150"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "205.189.170.150"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "205.189.170.150"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-15] ()
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
AlternateDataStreams: C:\Windows\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepdu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\Matt\Desktop\FRST64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Matt\Desktop\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Matt\Documents\CB2crypt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Matt\Documents\codemanager.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Matt\Documents\Install_AIM.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Matt\Documents\Matt Munsey INTERVIEW QUESTIONS.docx:$CmdTcID [64]
AlternateDataStreams: C:\Users\Matt\Documents\Matt Munsey INTERVIEW QUESTIONS.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Matt\Documents\r4cce.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Matt\Documents\WinRAR.exe:$CmdTcID [64]
EmptyTemp:
    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Step 2.
AdwCleaner Download and Run


Click on this link to download : ADWCleaner
Click on the Download Now button and save it to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:



You will then see the screen below. Click on the Scan button (as indicated), accept any prompts that appear and allow it to run.
It may take several minutes to complete. When it is done click on the Clean button, accept any prompts that appear and allow the system to reboot.
You will then be presented with the report. Copy & Paste it into your next post.



Please post the content of the C:\AdwCleaner[S?].txt logfile in your next reply.

Step 3.
Please download Junkware Removal Tool and save it to your desktop.
  • Shut down your protection software as shown in This topic now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please post the contents of JRT.txt into your next reply.

Please include in your next reply:
  1. Contents of fixlist.txt
  2. Contents of C:\AdwCleaner[S?].txt
  3. Contents of JRT.txt
  4. Any problem executing the instructions?
  5. How is the computer behaving?
Thanks,
wbg
 
#14 ·
That didn't take as long as I was fearing it would. I will just put numbers and after the numbers are what you listed at the bottom of your previous post. Begins below this.

1.
Fix result of Farbar Recovery Scan Tool (x64) Version:23-05-2016
Ran by Matt (2016-05-26 12:02:20) Run:1
Running from C:\Users\Matt\Desktop
Loaded Profiles: Matt (Available Profiles: Matt)
Boot Mode: Normal
==============================================

fixlist content:
*****************
SearchScopes: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF NetworkProxy: "backup.ftp", "198.169.246.30"
FF NetworkProxy: "backup.ftp_port", 80
FF NetworkProxy: "backup.socks", "198.169.246.30"
FF NetworkProxy: "backup.socks_port", 80
FF NetworkProxy: "backup.ssl", "198.169.246.30"
FF NetworkProxy: "backup.ssl_port", 80
FF NetworkProxy: "ftp", "205.189.170.150"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "205.189.170.150"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "205.189.170.150"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "205.189.170.150"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-15] ()
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
AlternateDataStreams: C:\Windows\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepdu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\Matt\Desktop\FRST64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Matt\Desktop\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Matt\Documents\CB2crypt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Matt\Documents\codemanager.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Matt\Documents\Install_AIM.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Matt\Documents\Matt Munsey INTERVIEW QUESTIONS.docx:$CmdTcID [64]
AlternateDataStreams: C:\Users\Matt\Documents\Matt Munsey INTERVIEW QUESTIONS.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Matt\Documents\r4cce.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Matt\Documents\WinRAR.exe:$CmdTcID [64]
EmptyTemp:
*****************

HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
Firefox Proxy settings were reset.
FF NetworkProxy: "backup.ftp_port", 80 => not found
FF NetworkProxy: "backup.socks", "198.169.246.30" => not found
FF NetworkProxy: "backup.socks_port", 80 => not found
FF NetworkProxy: "backup.ssl", "198.169.246.30" => not found
FF NetworkProxy: "backup.ssl_port", 80 => not found
FF NetworkProxy: "ftp", "205.189.170.150" => not found
FF NetworkProxy: "ftp_port", 80 => not found
FF NetworkProxy: "http", "205.189.170.150" => not found
FF NetworkProxy: "http_port", 80 => not found
FF NetworkProxy: "share_proxy_settings", true => not found
FF NetworkProxy: "socks", "205.189.170.150" => not found
FF NetworkProxy: "socks_port", 80 => not found
FF NetworkProxy: "ssl", "205.189.170.150" => not found
FF NetworkProxy: "ssl_port", 80 => not found
FF NetworkProxy: "type", 0 => not found
"HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer" => key removed successfully
C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer" => key removed successfully
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll => moved successfully
AvastVBoxSvc => service could not remove
VBoxAswDrv => service could not remove
"C:\Windows\avastSS.scr" => ":$CmdTcID" ADS not found.
C:\Windows\system32\acmigration.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\aeinv.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\aepdu.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\aepic.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\aitstatic.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\appraiser.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\CompatTelRunner.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\csrsrv.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\devinv.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\generaltel.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\invagent.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\MRT.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\ntoskrnl.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\smss.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\apisetschema.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\FlashPlayerApp.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\ntkrnlpa.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\ntoskrnl.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\Drivers\mbam.sys => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\Drivers\mbamchameleon.sys => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\Drivers\mwac.sys => ":$CmdTcID" ADS removed successfully.
C:\Users\Matt\Desktop\FRST64.exe => ":$CmdTcID" ADS removed successfully.
C:\Users\Matt\Desktop\FRST64.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Matt\Documents\CB2crypt.exe => ":$CmdTcID" ADS removed successfully.
C:\Users\Matt\Documents\codemanager.exe => ":$CmdTcID" ADS removed successfully.
C:\Users\Matt\Documents\Install_AIM.exe => ":$CmdTcID" ADS removed successfully.
C:\Users\Matt\Documents\Matt Munsey INTERVIEW QUESTIONS.docx => ":$CmdTcID" ADS removed successfully.
C:\Users\Matt\Documents\Matt Munsey INTERVIEW QUESTIONS.docx => ":$CmdZnID" ADS removed successfully.
C:\Users\Matt\Documents\r4cce.exe => ":$CmdTcID" ADS removed successfully.
C:\Users\Matt\Documents\WinRAR.exe => ":$CmdTcID" ADS removed successfully.
EmptyTemp: => 241.2 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 12:02:33 ====

2.
# AdwCleaner v5.118 - Logfile created 26/05/2016 at 12:21:42
# Updated 23/05/2016 by Xplode
# Database : 2016-05-26.2 [Server]
# Operating system : Windows 7 Home Premium (X64)
# Username : Matt - MATT-PC
# Running from : C:\Users\Matt\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[#] Folder Deleted : C:\ProgramData\Best Buy pc app
[#] Folder Deleted : C:\ProgramData\Application Data\Best Buy pc app
[#] Folder Deleted : C:\Users\Matt\AppData\Local\Best Buy pc app
[#] Folder Deleted : C:\Users\Matt\AppData\Local\CrashRpt

***** [ Files ] *****

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\IEHelper.IEButton
[-] Key Deleted : HKLM\SOFTWARE\Classes\IEHelper.IEButton.1
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Best Buy pc app

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1756 bytes] - [26/05/2016 12:21:42]
C:\AdwCleaner\AdwCleaner[S1].txt - [1747 bytes] - [26/05/2016 12:15:11]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1902 bytes] ##########

3.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Home Premium x64
Ran by Matt (Administrator) on Thu 05/26/2016 at 12:33:24.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 16

Failed to delete: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Z31JQO0 (Temporary Internet Files Folder)
Failed to delete: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EJ7DB17Y (Temporary Internet Files Folder)
Failed to delete: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QKCQEJ (Temporary Internet Files Folder)
Failed to delete: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZ43X1JD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Z31JQO0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EJ7DB17Y (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QKCQEJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZ43X1JD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SFQD41UF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TUXUXYVC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UE10EGBB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XBRDU99U (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SFQD41UF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TUXUXYVC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UE10EGBB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XBRDU99U (Temporary Internet Files Folder)

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Best Buy pc app (Registry Value)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 05/26/2016 at 12:35:03.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

4. Not really no.

5. I can't tell. All I can really say is that the issue has yet to reoccur after uninstalling Comodo Firewall.

Also... please let me know when I can uninstall/remove all the stuff you asked me to download as I would prefer not to keep it.

Unless you suggest otherwise of course.
 
#15 ·
That didn't take as long as I was fearing it would.
As much as I hate people screwing with my computers, I really try to keep things short and to the point.

Also... please let me know when I can uninstall/remove all the stuff you asked me to download as I would prefer not to keep it. Unless you suggest otherwise of course.
So I am going to suggest that you bare with me until we're finished at which point I will ask you to down load one last program. This program will remove itself and all the previous programs that I had asked you to download, along with the corresponding logs they created. In addition, I will also provide you with a list of programs and logs to verify that the action was completed successfully. This is why we like to work from the desktop.

-----------------------------------------------------------------------------

Run a New Scan With the Farbar Scan Tool
  • Right click on FRST64.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it. When the tool opens click Yes to disclaimer.
  • Check the box for Addition.txt so it will produce that file again.
  • Press the Scan button.
  • When finished scanning, a new version of the logs FRST.txt and Addition.txt will be saved on your Desktop and opened in Notepad.
  • Please post the contents of both in your next replies.
Separate replies are fine.
 
#17 ·
Okay I couldn't restart and had to force shut down. It hanged on "Logging Off." I started the computer back up and removed and deleted the FRST and Addition logs that had appeared because I figured they were faulty and ran another scan.

Either way here are the results after the restart. FRST first.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-05-2016
Ran by Matt (administrator) on MATT-PC (27-05-2016 12:16:27)
Running from C:\Users\Matt\Desktop
Loaded Profiles: Matt (Available Profiles: Matt)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1441792 2010-06-08] (Intel® Corporation)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-07-02] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400576 2016-05-12] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-04-27] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2010-11-15]
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-11-15]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-11-15]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{4CFBE1A1-1B26-42D1-99D8-23A076756452}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Internet Explorer:
==================
HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.aol.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-06] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-06] (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-03] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-03] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-12-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-12-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-12-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-12-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\yq33jfgk.default-1441462611604
FF Homepage: hxxp://www.aol.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-26] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-26] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2016-01-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-05] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\yq33jfgk.default-1441462611604\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-09]
FF Extension: DownThemAll! - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\yq33jfgk.default-1441462611604\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-04-14]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\yq33jfgk.default-1441462611604\extensions\adblockpopups@jessehakanen.net.xpi [2016-04-27]
FF Extension: MEGA - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\yq33jfgk.default-1441462611604\Extensions\firefox@mega.co.nz.xpi [2016-05-18]
FF Extension: Adblock Plus - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\yq33jfgk.default-1441462611604\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-27]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-04-27]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-04-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-04-27] (AVAST Software)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-06-07] (Red Bend Ltd.) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-06-07] (Intel(R) Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-04-27] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-04-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-04-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-04-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-04-27] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-04-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-04-27] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-04-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-04-27] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-27 12:16 - 2016-05-27 12:16 - 00015825 _____ C:\Users\Matt\Desktop\FRST.txt
2016-05-26 12:35 - 2016-05-26 12:36 - 00003271 _____ C:\Users\Matt\Desktop\JRT.txt
2016-05-26 12:32 - 2016-05-26 12:32 - 01610816 _____ (Malwarebytes) C:\Users\Matt\Desktop\JRT.exe
2016-05-26 12:31 - 2016-05-26 12:31 - 00001981 _____ C:\Users\Matt\Desktop\AdwCleaner[C1].txt
2016-05-26 12:14 - 2016-05-26 12:21 - 00000000 ____D C:\AdwCleaner
2016-05-26 12:13 - 2016-05-26 12:13 - 03678272 _____ C:\Users\Matt\Desktop\AdwCleaner.exe
2016-05-26 12:02 - 2016-05-26 12:02 - 00008060 _____ C:\Users\Matt\Desktop\Fixlog.txt
2016-05-24 12:09 - 2016-05-24 12:09 - 00002119 _____ C:\Users\Matt\Documents\aswMBR.txt
2016-05-24 12:09 - 2016-05-24 12:09 - 00000512 _____ C:\Users\Matt\Desktop\MBR.dat
2016-05-24 12:00 - 2016-05-24 12:00 - 05198336 _____ (AVAST Software) C:\Users\Matt\Desktop\aswMBR.exe
2016-05-23 18:28 - 2016-05-23 18:30 - 00035453 _____ C:\Users\Matt\Documents\Addition.txt
2016-05-23 18:27 - 2016-05-23 18:30 - 00025246 _____ C:\Users\Matt\Documents\FRST.txt
2016-05-23 18:25 - 2016-05-27 12:16 - 00000000 ____D C:\FRST
2016-05-23 18:25 - 2016-05-23 18:25 - 02383360 _____ (Farbar) C:\Users\Matt\Desktop\FRST64.exe
2016-04-27 15:21 - 2016-04-27 15:21 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-04-27 15:21 - 2016-04-27 15:21 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-27 12:15 - 2009-07-14 00:45 - 00015904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-27 12:15 - 2009-07-14 00:45 - 00015904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-27 12:07 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-27 12:02 - 2014-12-01 17:01 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2D572860-BA3D-443F-8A3D-ACB5E6F02CDE}
2016-05-26 13:10 - 2014-12-01 19:35 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-26 13:10 - 2014-12-01 19:35 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-26 13:10 - 2014-12-01 19:35 - 00000000 ____D C:\Users\Matt\AppData\Local\Adobe
2016-05-26 13:10 - 2014-12-01 18:35 - 00000000 ____D C:\Users\Matt\Documents\My Downloads
2016-05-26 12:33 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-05-25 17:33 - 2014-12-02 16:16 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Skype
2016-05-25 16:01 - 2009-07-14 01:13 - 00877044 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-25 12:04 - 2014-12-01 19:00 - 00000000 ____D C:\ProgramData\COMODO
2016-05-25 12:04 - 2014-12-01 19:00 - 00000000 ____D C:\Program Files\COMODO
2016-05-25 11:50 - 2014-12-01 18:48 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-05-23 16:32 - 2014-12-01 18:35 - 00010509 _____ C:\Users\Matt\Documents\Online Anime and Shows.xlsx
2016-05-21 16:38 - 2015-04-15 11:46 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-20 16:01 - 2014-12-02 16:15 - 00000000 ____D C:\ProgramData\Skype
2016-05-15 12:31 - 2014-12-02 18:34 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Audacity
2016-05-13 18:04 - 2015-12-04 11:55 - 00000000 ___SD C:\Users\Matt\AppData\LocalLow\Temp
2016-05-11 12:42 - 2014-12-24 13:29 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-11 12:37 - 2014-12-01 17:46 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-11 12:37 - 2014-12-01 17:46 - 00000000 ____D C:\Windows\system32\MRT
2016-05-04 11:50 - 2016-04-26 15:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-04 11:50 - 2014-12-01 19:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-01 12:42 - 2014-12-02 15:51 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-29 16:10 - 2014-12-02 16:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-27 15:24 - 2016-03-22 19:47 - 00003888 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458690459
2016-04-27 15:21 - 2016-03-22 19:47 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-04-27 15:21 - 2014-12-01 18:48 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-04-27 15:21 - 2014-12-01 18:48 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-04-27 15:21 - 2014-12-01 18:48 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-04-27 15:21 - 2014-12-01 18:48 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-04-27 15:21 - 2014-12-01 18:48 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-04-27 15:21 - 2014-12-01 18:48 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-04-27 15:21 - 2014-12-01 18:48 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-04-27 15:21 - 2014-12-01 18:48 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-04-27 11:39 - 2014-12-02 15:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

==================== Files in the root of some directories =======

2010-11-15 14:10 - 2010-11-15 14:10 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-11-15 14:10 - 2010-11-15 14:10 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some files in TEMP:
====================
C:\Users\Matt\AppData\Local\Temp\libeay32.dll
C:\Users\Matt\AppData\Local\Temp\msvcr120.dll
C:\Users\Matt\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2010-11-15 14:44

==================== End of FRST.txt ============================
 
#18 ·
Here's Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-05-2016
Ran by Matt (2016-05-27 12:17:00)
Running from C:\Users\Matt\Desktop
Windows 7 Home Premium (X64) (2014-12-01 20:53:15)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1327673075-2634350226-3933992056-500 - Administrator - Disabled)
Guest (S-1-5-21-1327673075-2634350226-3933992056-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1327673075-2634350226-3933992056-1002 - Limited - Enabled)
Matt (S-1-5-21-1327673075-2634350226-3933992056-1001 - Administrator - Enabled) => C:\Users\Matt

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.10 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.37 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version: - )
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0004 - ASUS)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software)
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.8 - ASUS)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
ETDWare PS/2-x64 7.0.5.11_WHQL (HKLM\...\Elantech) (Version: 7.0.5.11 - ELAN Microelectronics Corp.)
Express Gate (HKLM-x32\...\{B5A5627C-0173-4DB2-ADA8-740479370F67}) (Version: 1.4.10.2 - DeviceVM, Inc.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.3.1 - Intel Corporation)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
Intel(R) Wireless Display (HKLM\...\{C298FF86-AB23-4B58-AC53-A23383C07B3A}) (Version: 1.2.20.0 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{6548B189-BEA4-4041-80E0-AEB60548E046}) (Version: 2.03.0005 - Intel Corporation)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Livestream Procaster (HKLM-x32\...\{68E4C751-272B-44E1-94C7-4E1FDC40F7DA}) (Version: 20.3.25 - Procaster)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6110 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.5900 - SRS Labs, Inc.)
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.3 - ASUS)
WinRAR 5.20 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.4 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.17 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A363DD2-B5E4-4FF3-880F-CF227BAF8427} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-05-28] (ATK)
Task: {0C2BD7C6-20A0-43E5-BD6F-4F382C80090F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-06] (AVAST Software)
Task: {2B73E791-90FB-4991-996E-51DEDD789671} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1327673075-2634350226-3933992056-1001
Task: {622BEE28-ED22-46A7-939A-771A1C5F8C70} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-05-11] (Adobe Systems Incorporated)
Task: {62C7929F-EC3A-4B8A-B5D2-D2F46BEF3C2A} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-06-09] (asus)
Task: {7A96CB20-FEA4-412F-AFDC-F64CACC8E021} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-04-27] (AVAST Software)
Task: {7CC7A8AB-2C2B-4A05-8784-FBD1EF8C2295} - System32\Tasks\SafeZone scheduled Autoupdate 1458690459 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {B7FB001F-0F93-4A9F-A46E-567CBEDAF2A9} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {CF12F3DE-418C-467B-A277-4507B127C534} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-26] (Piriform Ltd)
Task: {F1BA919E-EE66-491F-8473-9E582ED568AA} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-03-05 13:21 - 2010-03-05 13:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-01-11 14:27 - 2010-01-11 14:27 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2010-05-05 22:22 - 2010-05-05 22:22 - 00108544 _____ () C:\Program Files\P4G\OvrClk.dll
2008-10-01 03:02 - 2008-10-01 03:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-03-05 13:21 - 2010-03-05 13:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2012-01-11 01:12 - 2012-01-11 01:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-07-02 17:36 - 2010-07-02 17:36 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2010-04-26 14:52 - 2010-04-26 14:52 - 00059904 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exe
2016-04-27 15:21 - 2016-04-27 15:21 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-04-27 15:21 - 2016-04-27 15:21 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-05-27 11:45 - 2016-05-27 11:45 - 02982040 _____ () C:\Program Files\AVAST Software\Avast\defs\16052700\algo.dll
2016-04-27 15:21 - 2016-04-27 15:21 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-04-27 15:21 - 2016-04-27 15:21 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-12-01 16:18 - 2015-12-01 16:18 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-11-02 18:20 - 2009-11-02 18:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 18:23 - 2009-11-02 18:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2010-02-23 19:14 - 2010-02-23 19:14 - 00041472 _____ () C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
2010-02-23 19:14 - 2010-02-23 19:14 - 00071680 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
2010-02-23 19:11 - 2010-02-23 19:11 - 00076288 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
2010-02-23 19:12 - 2010-02-23 19:12 - 00186880 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
2010-02-23 19:14 - 2010-02-23 19:14 - 00050688 _____ () C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\Users\Matt\Desktop\aswMBR.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Matt\Desktop\aswMBR.exe:$CmdZnID [26]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7893 more sites.

IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\...\123simsen.com -> www.123simsen.com

There are 7893 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-04-20 13:12 - 00452125 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15511 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1327673075-2634350226-3933992056-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7ADF8979-260C-440E-89BD-17CA246C6DFF}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{19FD1C58-816F-4102-BE94-F6611BD5BB29}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C16C6E42-5542-49F4-AF2B-5481EFEF33EC}] => (Allow) svchost.exe
FirewallRules: [{6670C619-E329-4375-80FD-3BF6EC9696C0}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{AC71F3D4-2CF6-4F03-8849-0A8441D1B993}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{71433CF9-487A-407A-8745-CEC5B600F9CC}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{F1FDEC00-92A4-4BAA-B230-F2E3BD098629}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{181C363B-EB30-4046-99F5-CA1442E04987}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{12F9FC42-20BC-416E-97F4-502226709A5A}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{BFD53E9E-2E2F-48C4-994A-5A8B0F377EBB}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{E6054C48-8D23-47F7-AB58-AC84FEC80129}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{ADDA1536-077F-4678-8AC2-23902A0CD5C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{99739657-20F0-4BBE-8B90-C4E1BDD1677C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1EF91809-DF43-4F5C-BBFC-111FBF8160ED}] => (Allow) C:\Users\Matt\AppData\Local\Temp\nsmFA98.tmp\CnetInstaller-75758254.exe
FirewallRules: [{08A7B28D-AEC2-4DAD-A42F-EED5EC3FD423}] => (Allow) C:\Users\Matt\AppData\Local\Temp\nsmFA98.tmp\CnetInstaller-75758254.exe
FirewallRules: [{CEA5967D-5A22-449E-BC17-A9079AA1E297}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AF53F65B-172F-4058-AF94-97F07337D4A3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Restore Points =========================

01-12-2014 16:53:19 Windows Update
01-12-2014 17:26:42 Installed Microsoft Office Home and Student 2010
01-12-2014 17:43:57 Windows Update
01-12-2014 18:12:58 Windows Update
01-12-2014 18:20:04 Windows Update
01-12-2014 18:47:12 avast! antivirus system restore point
01-12-2014 19:01:01 Device Driver Package Install: COMODO Network Service
01-12-2014 19:07:36 Removed GeekBuddy.
02-12-2014 14:54:39 Windows Update
03-12-2014 16:34:10 Installed Livestream Procaster
03-12-2014 16:50:37 Paint.NET v3.5.11
04-12-2014 15:43:59 Windows Update
10-12-2014 14:32:00 Windows Update
14-01-2015 13:16:03 Windows Update
24-01-2015 17:17:43 Before Jan. 2015 Legends of Equestria
11-02-2015 12:56:42 Windows Update
12-02-2015 13:03:56 Windows Update
20-02-2015 13:09:14 Before Feb. 2015 LoE
03-03-2015 11:31:52 avast! antivirus system restore point
11-03-2015 11:52:15 Windows Update
23-03-2015 12:31:14 avast! antivirus system restore point
24-03-2015 12:30:43 Before Six Nights at Pinkies
25-03-2015 10:46:47 Windows Update
25-03-2015 18:50:18 Before Six Nights at Pinkies Attempt 2
08-04-2015 11:10:42 Windows Update
08-04-2015 11:35:17 Restore Operation
15-04-2015 11:32:31 Windows Update
21-04-2015 15:16:55 avast! antivirus system restore point
13-05-2015 10:54:33 Windows Update
16-05-2015 14:28:31 Installed Xirrus Wi-Fi Inspector
10-06-2015 10:55:38 Windows Update
13-07-2015 10:51:18 avast! antivirus system restore point
15-07-2015 10:52:53 Windows Update
28-07-2015 15:02:21 avast! antivirus system restore point
12-08-2015 10:50:57 Windows Update
12-08-2015 12:41:02 Removed ASUS Live Update
09-09-2015 10:40:01 Windows Update
17-09-2015 12:59:27 avast! antivirus system restore point
21-09-2015 17:52:29 avast! antivirus system restore point
14-10-2015 10:47:25 Windows Update
11-11-2015 11:42:21 Windows Update
09-12-2015 11:43:23 Windows Update
12-01-2016 16:38:12 Windows Update
10-02-2016 12:23:31 Windows Update
09-03-2016 12:25:53 Windows Update
06-04-2016 11:53:19 Windows Update
13-04-2016 13:49:04 Windows Update
04-05-2016 12:01:59 Windows Update
11-05-2016 12:36:19 Windows Update
26-05-2016 12:33:40 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/27/2016 12:08:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (05/27/2016 11:44:08 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (05/26/2016 12:45:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (05/26/2016 12:23:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (05/26/2016 12:04:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (05/26/2016 11:49:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (05/25/2016 04:09:29 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (05/25/2016 03:09:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (05/25/2016 12:02:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (05/25/2016 11:49:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

System errors:
=============
Error: (05/27/2016 12:07:48 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:06:30 PM on ‎5/‎27/‎2016 was unexpected.

Error: (05/27/2016 11:52:08 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (05/26/2016 12:22:19 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (05/26/2016 12:22:19 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (05/26/2016 12:22:19 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (05/26/2016 12:22:18 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (05/26/2016 12:22:12 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (05/26/2016 12:21:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (05/26/2016 12:21:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Management & Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/26/2016 12:21:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TurboBoost service terminated unexpectedly. It has done this 1 time(s).

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 38%
Total physical RAM: 3884.55 MB
Available physical RAM: 2399.42 MB
Total Virtual: 7767.23 MB
Available Virtual: 6053.98 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:574.68 GB) (Free:399.24 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=21.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=574.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
#23 ·
Just to let you know, I do have a Lenovo lap top with Windows 7 Home Premium on it.

Either way, I would like help in fixing this. Can this be fixed?
Yes it can, but we need to find the real cause. Not just a symptom or symptoms which is what we have been observing so far.

If so please help me fix this. It's really annoying.

Again I'd really appreciate any help with this.

Thanks again.
I understand annoyingall too well and I am doing the best I can with the information presnted thus far. And, thank you for your patience.

I would like you to use Internet Explorer if at all possible just because it is easier to use.

ESET online scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic. Scroll down to find your product.
  • Note: Remember to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scanner
  • Press the Blue Run ESET Online Scanner button on the left side of the page.
  • A popup box will open.
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • When the scan is completed and you would like the program removed, select Uninstall application on close. Be sure you have copied the log file first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt. NOTE: The file may not be at this exact location.
  • Copy and paste that log as a reply to this topic.

Note: Remember to re-enable your Anti-Virus application after running the above scan!
 
#24 ·
It only detected two things but here is the scan result:

C:\Users\Matt\Documents\My Downloads\cbsidlm-cbsi145-Revo_Uninstaller-ORG-10687648.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Matt\Documents\My Downloads\ccsetup517.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
 
#29 ·
Hi.

Please run the following:

MiniToolBox

Please download MiniToolBox.exe and save it to your Desktop.
  • Right click on MiniToolBox and select " Run as administrator " to run it. If prompted by UAC, please allow it.
  • Check the following in the list:
    • Report IE proxy settings.
    • Report FireFox proxy settings.
    • List IP Configuration.
    • List Winsock Entries.
    • List last 10 Event Viewer Errors.
    • List Installed Programs.
    • List Users, partitions, and memory size.
    • List Minidump Files.
    • List Restore Points.
  • Click Go.
  • A file name Result.txt will be created in the same location where you downloaded MiniToolBox.exe
  • Please post the contents of the Result.txt in your next Reply.
 
#30 ·
Okay here it is. Kind of long though.

MiniToolBox by Farbar Version: 07-02-2016 01
Ran by Matt (administrator) on 01-06-2016 at 12:10:02
Running from "C:\Users\Matt\Desktop"
Microsoft Windows 7 Home Premium (X64)
Model: U52F Manufacturer: ASUSTeK Computer Inc.
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= IP Configuration: ================================

Intel(R) Centrino(R) Advanced-N 6250 AGN = Wireless Network Connection (Connected)
Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)
Intel(R) Centrino(R) WiMAX 6250 = Local Area Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Matt-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Centrino(R) WiMAX 6250
Physical Address. . . . . . . . . : 64-D4-DA-13-73-37
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : 00-23-15-6F-1D-A5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-23-15-6F-1D-A5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6250 AGN
Physical Address. . . . . . . . . : 00-23-15-6F-1D-A4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2605:a000:c60d:ef00:8520:eed5:b4d8:d3c7(Preferred)
Temporary IPv6 Address. . . . . . : 2605:a000:c60d:ef00:44a5:8bb2:b0d6:3e4f(Preferred)
Link-local IPv6 Address . . . . . : fe80::8520:eed5:b4d8:d3c7%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, June 01, 2016 11:46:00 AM
Lease Expires . . . . . . . . . . : Friday, June 03, 2016 1:46:00 PM
Default Gateway . . . . . . . . . : fe80::d605:98ff:fee2:7ed7%12
192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 301998869
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-73-2E-89-BC-AE-C5-19-4E-AA
DNS Servers . . . . . . . . . . . : 209.18.47.62
209.18.47.61
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : BC-AE-C5-19-4E-AA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{4CFBE1A1-1B26-42D1-99D8-23A076756452}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dns-cac-lb-02.rr.com
Address: 209.18.47.62

Name: google.com
Addresses: 2607:f8b0:4009:807::200e
216.58.192.238

Pinging google.com [2607:f8b0:4009:80b::200e] with 32 bytes of data:
Reply from 2607:f8b0:4009:80b::200e: time=51ms
Reply from 2607:f8b0:4009:80b::200e: time=51ms

Ping statistics for 2607:f8b0:4009:80b::200e:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 51ms, Maximum = 51ms, Average = 51ms
Server: dns-cac-lb-02.rr.com
Address: 209.18.47.62

Name: yahoo.com
Addresses: 2001:4998:44:204::a7
2001:4998:58:c02::a9
2001:4998:c:a06::2:4008
206.190.36.45
98.138.253.109
98.139.183.24

Pinging yahoo.com [2001:4998:58:c02::a9] with 32 bytes of data:
Reply from 2001:4998:58:c02::a9: time=50ms
Reply from 2001:4998:58:c02::a9: time=49ms

Ping statistics for 2001:4998:58:c02::a9:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 49ms, Maximum = 50ms, Average = 49ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
15...64 d4 da 13 73 37 ......Intel(R) Centrino(R) WiMAX 6250
14...00 23 15 6f 1d a5 ......Microsoft Virtual WiFi Miniport Adapter #2
13...00 23 15 6f 1d a5 ......Microsoft Virtual WiFi Miniport Adapter
12...00 23 15 6f 1d a4 ......Intel(R) Centrino(R) Advanced-N 6250 AGN
11...bc ae c5 19 4e aa ......Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.3 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.3 281
192.168.0.3 255.255.255.255 On-link 192.168.0.3 281
192.168.0.255 255.255.255.255 On-link 192.168.0.3 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.3 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.3 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 281 ::/0 fe80::d605:98ff:fee2:7ed7
1 306 ::1/128 On-link
12 33 2605:a000:c60d:ef00::/64 On-link
12 281 2605:a000:c60d:ef00:44a5:8bb2:b0d6:3e4f/128
On-link
12 281 2605:a000:c60d:ef00:8520:eed5:b4d8:d3c7/128
On-link
12 281 fe80::/64 On-link
12 281 fe80::8520:eed5:b4d8:d3c7/128
On-link
1 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/01/2016 11:56:30 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (06/01/2016 11:46:09 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (05/31/2016 03:08:18 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (05/31/2016 12:25:11 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (05/31/2016 11:52:03 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (05/30/2016 03:08:08 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (05/30/2016 12:06:26 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (05/30/2016 11:48:08 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (05/29/2016 04:48:41 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (05/29/2016 01:35:54 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

System errors:
=============
Error: (05/29/2016 05:25:48 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (05/29/2016 05:25:48 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\Matt\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/29/2016 05:25:47 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (05/29/2016 05:25:47 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\Matt\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/29/2016 05:25:47 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (05/29/2016 05:25:47 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\Matt\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/29/2016 05:25:47 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (05/29/2016 05:25:47 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\Matt\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/29/2016 05:25:46 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (05/29/2016 05:25:46 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\Matt\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Microsoft Office Sessions:
=========================
Error: (06/01/2016 11:56:30 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (06/01/2016 11:46:09 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/31/2016 03:08:18 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/31/2016 12:25:11 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (05/31/2016 11:52:03 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/30/2016 03:08:08 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/30/2016 12:06:26 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (05/30/2016 11:48:08 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/29/2016 04:48:41 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/29/2016 01:35:54 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

=========================== Installed Programs ============================

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.10 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.37 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version: - )
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0004 - ASUS)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software)
Best Buy pc app (HKLM\...\{FBBC4667-2521-4E78-B1BD-8706F774549B}) (Version: 3.0.0.0 - Best Buy) Hidden
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
Choice Guard (HKLM-x32\...\{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}) (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.8 - ASUS)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
ETDWare PS/2-x64 7.0.5.11_WHQL (HKLM\...\Elantech) (Version: 7.0.5.11 - ELAN Microelectronics Corp.)
Express Gate (HKLM-x32\...\{B5A5627C-0173-4DB2-ADA8-740479370F67}) (Version: 1.4.10.2 - DeviceVM, Inc.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.3.1 - Intel Corporation)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
Intel(R) Wireless Display (HKLM\...\{C298FF86-AB23-4B58-AC53-A23383C07B3A}) (Version: 1.2.20.0 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{6548B189-BEA4-4041-80E0-AEB60548E046}) (Version: 2.03.0005 - Intel Corporation)
Junk Mail filter update (HKLM-x32\...\{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}) (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Livestream Procaster (HKLM-x32\...\{68E4C751-272B-44E1-94C7-4E1FDC40F7DA}) (Version: 20.3.25 - Procaster)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6110 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.101 (HKLM-x32\...\SafeZone 1.48.2066.101) (Version: 1.48.2066.101 - Avast Software) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.5900 - SRS Labs, Inc.)
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.3 - ASUS)
WinRAR 5.20 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.4 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.17 - ASUS)

========================= Memory info: ===================================

Percentage of memory in use: 48%
Total physical RAM: 3884.55 MB
Available physical RAM: 1986.38 MB
Total Virtual: 7767.23 MB
Available Virtual: 5605.13 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:574.68 GB) (Free:399.04 GB) NTFS

========================= Users: ========================================

User accounts for \\MATT-PC

Administrator Guest Matt

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

01-12-2014 20:53:19 Windows Update
01-12-2014 21:26:42 Installed Microsoft Office Home and Student 2010
01-12-2014 21:43:57 Windows Update
01-12-2014 22:12:58 Windows Update
01-12-2014 22:20:04 Windows Update
01-12-2014 22:47:12 avast! antivirus system restore point
01-12-2014 23:01:01 Device Driver Package Install: COMODO Network Service
01-12-2014 23:07:36 Removed GeekBuddy.
02-12-2014 18:54:39 Windows Update
03-12-2014 20:34:10 Installed Livestream Procaster
03-12-2014 20:50:37 Paint.NET v3.5.11
04-12-2014 19:43:59 Windows Update
10-12-2014 18:32:00 Windows Update
14-01-2015 17:16:03 Windows Update
24-01-2015 21:17:43 Before Jan. 2015 Legends of Equestria
11-02-2015 16:56:42 Windows Update
12-02-2015 17:03:56 Windows Update
20-02-2015 17:09:14 Before Feb. 2015 LoE
03-03-2015 15:31:52 avast! antivirus system restore point
11-03-2015 15:52:15 Windows Update
23-03-2015 16:31:14 avast! antivirus system restore point
24-03-2015 16:30:43 Before Six Nights at Pinkies
25-03-2015 14:46:47 Windows Update
25-03-2015 22:50:18 Before Six Nights at Pinkies Attempt 2
08-04-2015 15:10:42 Windows Update
08-04-2015 15:35:17 Restore Operation
15-04-2015 15:32:31 Windows Update
21-04-2015 19:16:55 avast! antivirus system restore point
13-05-2015 14:54:33 Windows Update
16-05-2015 18:28:31 Installed Xirrus Wi-Fi Inspector
10-06-2015 14:55:38 Windows Update
13-07-2015 14:51:18 avast! antivirus system restore point
15-07-2015 14:52:53 Windows Update
28-07-2015 19:02:21 avast! antivirus system restore point
12-08-2015 14:50:57 Windows Update
12-08-2015 16:41:02 Removed ASUS Live Update
09-09-2015 14:40:01 Windows Update
17-09-2015 16:59:27 avast! antivirus system restore point
21-09-2015 21:52:29 avast! antivirus system restore point
14-10-2015 14:47:25 Windows Update
11-11-2015 15:42:21 Windows Update
09-12-2015 15:43:23 Windows Update
12-01-2016 20:38:12 Windows Update
10-02-2016 16:23:31 Windows Update
09-03-2016 16:25:53 Windows Update
06-04-2016 15:53:19 Windows Update
13-04-2016 17:49:04 Windows Update
04-05-2016 16:01:59 Windows Update
11-05-2016 16:36:19 Windows Update
26-05-2016 16:33:40 JRT Pre-Junkware Removal

**** End of log ****
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top