ExTS Admin Starbuck Posted June 13, 2016 ExTS Admin Posted June 13, 2016 Hi Scott, Ok, let's take a look at your system and see if anything throws some light on this. As you are running a 32bit system.......... For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop. Double-click the downloaded icon to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator http://img.photobucket.com/albums/v708/starbuck50/frsticon_zpsdc3cbdc3.png When the tool opens click Yes to disclaimer. http://img.photobucket.com/albums/v708/starbuck50/frstdis_zps7f598f12.png Make sure that Addition.txt is selected at the bottom Press Scan button. http://img.photobucket.com/albums/v708/starbuck50/newfrst_zpsa63ffa3d.png It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also. If anything needs addressing I'll move the thread to the malware removal forum. Quote Member of:UNITE
SPSpellman Posted June 13, 2016 Posted June 13, 2016 Additional scan result of Farbar Recovery Scan Tool (x86) Version:13-06-2016 Ran by MrBreeze (2016-06-13 16:15:31) Running from C:\Users\MrBreeze\Downloads Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) (2016-04-05 20:52:52) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-67880207-1905697065-243471585-500 - Administrator - Disabled) Guest (S-1-5-21-67880207-1905697065-243471585-501 - Limited - Enabled) MrBreeze (S-1-5-21-67880207-1905697065-243471585-1000 - Administrator - Enabled) => C:\Users\MrBreeze Scott (S-1-5-21-67880207-1905697065-243471585-1005 - Limited - Enabled) => C:\Users\Scott ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ace Utilities (HKLM\...\Ace Utilities_is1) (Version: 6.1.0 - Acelogix Software) Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated) Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated) Application Compatibility Toolkit (Version: 8.100.26641 - Microsoft) Hidden Avast Free Antivirus (HKLM\...\Avast) (Version: 11.2.2262 - AVAST Software) CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform) eMachines Recovery Center Installer (HKLM\...\{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}) (Version: 1.01.009 - eMachines) Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.) Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.) Intel® Network Connections 15.3.68.0 (HKLM\...\PROSetDX) (Version: 15.3.68.0 - Intel) Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation) Kits Configuration Installer (Version: 8.100.25984 - Microsoft) Hidden Local Administrator Password Solution (HKLM\...\{3C5FA570-168B-47B2-A4C9-8B59FFC28459}) (Version: 6.0.1.0 - Microsoft Corporation) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft SharePoint 2010 Products OpsMgr 2007 MP en-us (HKLM\...\{7F52C251-8EB6-410D-9E84-45E8E4993A48}) (Version: 1.0.0.0 - Microsoft) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Registry Backup and Restore (HKLM\...\Registry Backup and Restore_is1) (Version: - Acelogix) SafeZone Stable 1.48.2066.101 (Version: 1.48.2066.101 - Avast Software) Hidden SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5205.0 - SigmaTel) SnapShot (HKLM\...\SnapShot_is1) (Version: 1.0.6 - Bluefive software) Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform) Toolkit Documentation (Version: 8.100.26866 - Microsoft) Hidden Trend Micro RUBotted 2.0 Beta (HKLM\...\{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1) (Version: 2.0.0.1034 - Trend Micro, Inc.) Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.9.1 - Tweaking.com) Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 7.1.0 - Shark007) Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation) Windows Assessment and Deployment Kit for Windows 8.1 (HKLM\...\{e9e06304-a604-434b-b35f-d9beb94dc06d}) (Version: 8.100.26866 - Microsoft Corporation) WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04C5732E-E4CC-4AE5-B8BF-8A56247766EC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-05-13] (Piriform Ltd) Task: {256B542C-44C2-420A-BEF2-DFC720B9990A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-02] (AVAST Software) Task: {30D25F1F-0D94-4911-B53A-76B996003FE2} - \SlimCleaner Run -> No File <==== ATTENTION Task: {355BBC34-14C1-4E46-8C24-6BCC98BB416E} - System32\Tasks\AceUtilsSkipUAC => C:\Program Files\Ace Utilities\au.exe [2015-11-11] (Acelogix Software) Task: {84DF11BB-C896-4B4A-B1EB-665321A19DCD} - System32\Tasks\SafeZone scheduled Autoupdate 1464899852 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software) Task: {8653F2CB-0149-46C6-9B05-16F95F65211B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-06-13] (Google Inc.) Task: {97AD9CE5-9A4A-478B-B492-807826D83D71} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-14] (Adobe Systems Incorporated) Task: {ACE55B44-2D02-455E-977F-27AD60C7BBFD} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ab3ad222f4 => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-06-13] (Google Inc.) Task: {C8C9EA8E-C6EB-4870-9135-1BA9E59AA1F7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-06-13] (Google Inc.) Task: {FE20FBFD-023A-4365-9632-BB2E6A821F53} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One)�Tweaking.com - Windows Repair)Created By Tweaking.com Task: C:\Windows\Tasks\User_Feed_Synchronization-{40FE53E5-E223-4404-89E5-29209F69C377}.job => C:\Windows\system32\msfeedssync.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\MrBreeze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Desktop US Weather Radar.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=acnkplahjeepjhacnmooibhpmdgfilkf ==================== Loaded Modules (Whitelisted) ============== 2016-06-02 15:20 - 2016-06-02 15:20 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2016-06-02 15:20 - 2016-06-02 15:20 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-06-13 15:03 - 2016-06-13 15:03 - 02932736 _____ () C:\Program Files\AVAST Software\Avast\defs\16061301\algo.dll 2016-06-02 15:20 - 2016-06-02 15:20 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll 2016-06-02 15:20 - 2016-06-02 15:20 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-06-12 13:36 - 2010-08-24 19:06 - 00085840 _____ () C:\Program Files\Trend Micro\RUBotted\hc_help.dll 2016-06-02 15:20 - 2016-06-02 15:20 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:E965A533 [111] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\12527038.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\94872584.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\12527038.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\94872584.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\1001movie.com -> 1001movie.com IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\1001night.biz -> 1001night.biz IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\100gal.net -> 100gal.net IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\100***links.com -> 100***links.com There are 4788 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 05:23 - 2016-06-12 12:19 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-67880207-1905697065-243471585-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\eM1_Wide.bmp DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80 FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80 FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80 FirewallRules: [{F2202704-7932-45F5-8D2C-8AC0AF83D78A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: PCI Simple Communications Controller Description: PCI Simple Communications Controller Class Guid: Manufacturer: Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (06/13/2016 04:04:35 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application FRST.exe, version 13.6.2016.0, time stamp 0x575efd24, faulting module FRST.exe, version 13.6.2016.0, time stamp 0x575efd24, exception code 0xc0000005, fault offset 0x000211de, process id 0x119c, application start time 0xFRST.exe0. Error: (06/13/2016 03:16:52 PM) (Source: Windows Search Service) (EventID: 3024) (User: ) Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again. Context: Application, SystemIndex Catalog Error: (06/13/2016 03:14:54 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point on volume (Process = C:\Program Files\HitmanPro\HitmanPro.exe Files\HitmanPro\HitmanPro.exe" ; Descripton = ȃȃȃȃဃဂဂဂ � ဂȂဃဂဂဂ�ဂĂဃĂ Ă ဂဂဂဂဂဂဂ��ȂဃȂ Ȃă䠃ဂဂဂဂဂဂဂဂဂሂဃဂ。ဂဂဂဂᐂᐂဂሂဃဂဂᐂሂဃဂဂဂဂĂăăăăăăăăăăăăăăăăăăăăăăဃ褂; Hr = 0x80070057). Error: (06/13/2016 03:00:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application hmpsched.exe, version 3.7.0.5, time stamp 0x5732f7ec, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000, process id 0x520, application start time 0xhmpsched.exe0. Error: (06/13/2016 02:23:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5, exception code 0xc0000005, fault offset 0x00034ca2, process id 0x874, application start time 0xExplorer.EXE0. Error: (06/12/2016 01:44:21 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point on volume (Process = C:\Program Files\HitmanPro\HitmanPro.exe Files\HitmanPro\HitmanPro.exe" /scan:boot /quiet /quick; Descripton = Checkpoint by HitmanPro; Hr = 0x8000ffff). Error: (06/12/2016 01:44:20 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154. Operation: Gathering Writer Data Executing Asynchronous Operation Context: Execution Context: Requestor Current State: GatherWriterMetadata Error: (06/12/2016 01:44:20 PM) (Source: VSS) (EventID: 34) (User: ) Description: Volume Shadow Copy Service error: The VSS event class is not registered. This will prevent any VSS writers from receiving events. This may be caused due to a setup failure or as a result of an application's installer or uninstaller. Operation: Gathering Writer Data Executing Asynchronous Operation Context: Execution Context: Requestor Current State: GatherWriterMetadata Error: (06/12/2016 12:20:45 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206. Error: (06/12/2016 12:20:45 PM) (Source: EventSystem) (EventID: 4609) (User: ) Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c System errors: ============= Error: (06/13/2016 04:06:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (06/13/2016 03:46:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (06/13/2016 03:02:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (06/13/2016 12:09:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (06/12/2016 04:35:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (06/12/2016 04:25:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (06/12/2016 04:20:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (06/12/2016 04:10:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (06/12/2016 01:58:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (06/12/2016 01:46:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it. CodeIntegrity: =================================== Date: 2016-06-12 13:18:44.176 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2016-06-12 13:18:44.020 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2016-06-12 13:18:43.833 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2016-06-12 13:18:43.630 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2016-06-12 13:13:44.297 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-06-12 13:13:44.017 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-06-12 13:13:43.751 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-06-12 13:13:43.611 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-06-02 16:49:51.471 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-06-02 16:49:51.346 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Celeron® D CPU 3.33GHz Percentage of memory in use: 32% Total physical RAM: 2037.32 MB Available physical RAM: 1372.96 MB Total Virtual: 5989.39 MB Available Virtual: 5262.32 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:103.29 GB) (Free:75.21 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (Recovery) (Fixed) (Total:8.5 GB) (Free:3.61 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: B1E04F8A) Partition 1: (Not Active) - (Size=8.5 GB) - (Type=07 NTFS) Partition 2: (Active) - (Size=103.3 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================I have 2 user accounts I ran on each.These are the Administrator User account "MrBreeze" Quote
SPSpellman Posted June 13, 2016 Posted June 13, 2016 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-06-2016 Ran by MrBreeze (administrator) on MRBREEZE-PC (13-06-2016 16:14:42) Running from C:\Users\MrBreeze\Downloads Loaded Profiles: MrBreeze (Available Profiles: MrBreeze & Scott) Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) Language: English (United States) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) C:\WINDOWS\System32\CISVC.EXE (Microsoft Corporation) C:\WINDOWS\System32\inetsrv\inetinfo.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe (SigmaTel, Inc.) C:\WINDOWS\System32\stacsv.exe (Microsoft Corporation) C:\WINDOWS\System32\mqtgsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe (Google Inc.) C:\Program Files\Google\Update\1.3.30.3\GoogleCrashHandler.exe (Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7405752 2016-06-10] (AVAST Software) HKLM\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKLM\...\Policies\Explorer: [NoDriveAutoRun-] 0 HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun-] 0 HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\Policies\Explorer: [NoDriveAutoRun-] 0 HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\Policies\Explorer: [NoDriveTypeAutoRun-] 0 ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-06-02] (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 209.55.27.13 Tcpip\..\Interfaces\{B5304D28-2BFF-47C8-89B2-44ED34F77672}: [DhcpNameServer] 8.8.8.8 8.8.4.4 209.55.27.13 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-67880207-1905697065-243471585-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3604 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-67880207-1905697065-243471585-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/ HKU\S-1-5-21-67880207-1905697065-243471585-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {47B50246-2234-4B64-AAB2-296D71F49BDE} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage} SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1000 -> {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1000 -> {47B50246-2234-4B64-AAB2-296D71F49BDE} URL = SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1000 -> {6A8CE798-58AC-47A5-A718-6335B9D1F4D8} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage} BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-02] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-02] (AVAST Software) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-02] (Oracle Corporation) DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\Profiles\8t3xh1at.default-1461110741824 FF DefaultSearchEngine.US: Google FF DefaultSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-14] () FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-02] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-02] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-13] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-13] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF user.js: detected! => C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\Profiles\8t3xh1at.default-1461110741824\user.js [2016-06-07] FF Extension: YouTube™ Enhancer Plus - C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\Profiles\8t3xh1at.default-1461110741824\extensions\firefoxaddon@youtubeenhancer.com.xpi [2016-05-01] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-02] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-06-02] Chrome: ======= CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR DefaultSearchURL: Default -> hxxps://www.google.de/search?q={searchTerms}?trackid=sp-006 CHR DefaultSearchKeyword: Default -> google CHR DefaultSuggestURL: Default -> hxxps://www.google.com/complete/search?client=chrome&q={searchTerms} CHR Profile: C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Entanglement Web App) - C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2016-06-13] CHR Extension: (Desktop US Weather Radar) - C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\acnkplahjeepjhacnmooibhpmdgfilkf [2016-06-13] CHR Extension: (Google Drive) - C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-13] CHR Extension: (Avast SafePrice) - C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-06-13] CHR Extension: (Avast Online Security) - C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-13] CHR Extension: (Poppit!) - C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2016-06-13] CHR Extension: (Chrome Web Store Payments) - C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-13] CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-06-02] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-06-02] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-02] (AVAST Software) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [113632 2016-06-05] (SurfRight B.V.) R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2008-01-19] (Microsoft Corporation) S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-04-21] (IObit) R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [125952 2009-04-11] (Microsoft Corporation) R2 RUBotSrv; C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.) R2 STacSV; C:\Windows\system32\STacSV.exe [90112 2016-06-11] (SigmaTel, Inc.) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-06-02] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-06-02] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-06-02] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-06-02] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-06-02] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-06-02] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-06-02] (AVAST Software) R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [187208 2016-06-02] (AVAST Software) S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [67216 2016-06-02] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221368 2016-06-02] (AVAST Software) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2016-06-05] () S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.) R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [323584 2016-06-11] (SigmaTel, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) U3 DFSR; no ImagePath S3 ialm; system32\DRIVERS\igdkmd32.sys [X] S3 igfx; system32\DRIVERS\igdkmd32.sys [X] U0 Partizan; system32\drivers\Partizan.sys [X] U4 UmRdpService; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-13 16:04 - 2016-06-13 16:04 - 00000394 _____ C:\Users\MrBreeze\Downloads\Addition.txt 2016-06-13 16:03 - 2016-06-13 16:14 - 00012988 _____ C:\Users\MrBreeze\Downloads\FRST.txt 2016-06-13 16:03 - 2016-06-13 16:03 - 00000836 _____ C:\Users\MrBreeze\Desktop\FRST - Shortcut.lnk 2016-06-13 16:02 - 2016-06-13 16:02 - 01736192 _____ (Farbar) C:\Users\MrBreeze\Downloads\FRST.exe 2016-06-13 16:00 - 2016-06-13 16:00 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2016-06-13 15:57 - 2016-06-13 15:57 - 00001983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-06-13 15:57 - 2016-06-13 15:57 - 00001971 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-06-13 15:55 - 2016-06-13 16:08 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-06-13 15:55 - 2016-06-13 16:06 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-06-13 15:54 - 2016-06-13 15:55 - 00987728 _____ (Google Inc.) C:\Users\MrBreeze\Downloads\ChromeSetup (1).exe 2016-06-13 15:53 - 2016-06-13 15:55 - 00987728 _____ (Google Inc.) C:\Users\MrBreeze\Downloads\ChromeSetup.exe 2016-06-13 15:40 - 2016-06-13 15:40 - 00044608 _____ C:\Users\MrBreeze\Documents\FRST.txt 2016-06-13 15:40 - 2016-06-13 15:40 - 00028181 _____ C:\Users\MrBreeze\Documents\Addition.txt 2016-06-13 15:36 - 2016-06-13 15:37 - 00028181 _____ C:\Users\Scott\Downloads\Addition.txt 2016-06-13 15:35 - 2016-06-13 15:37 - 00044608 _____ C:\Users\Scott\Downloads\FRST.txt 2016-06-13 15:34 - 2016-06-13 16:14 - 00000000 ____D C:\FRST 2016-06-13 15:32 - 2016-06-13 15:32 - 01736192 _____ (Farbar) C:\Users\Scott\Downloads\FRST.exe 2016-06-13 15:32 - 2016-06-13 15:32 - 00000817 _____ C:\Users\Scott\Desktop\FRST - Shortcut.lnk 2016-06-13 15:20 - 2016-06-13 15:20 - 00987728 _____ (Google Inc.) C:\Users\Scott\Downloads\ChromeSetup.exe 2016-06-13 14:40 - 2016-06-13 14:40 - 00000514 _____ C:\Users\MrBreeze\Documents\hoses.txt 2016-06-12 16:13 - 2016-06-12 16:14 - 00000000 ____D C:\Users\MrBreeze\Desktop\UpDATERS 2016-06-12 13:36 - 2016-06-12 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted 2016-06-12 13:36 - 2016-06-12 13:36 - 00000000 ____D C:\Program Files\Trend Micro 2016-06-12 13:26 - 2016-06-12 13:32 - 00000000 ____D C:\Users\Scott\Downloads\TMRBLog 2016-06-12 13:26 - 2016-06-12 13:26 - 00000000 ____D C:\Users\Scott\Downloads\log 2016-06-12 13:03 - 2016-06-12 13:03 - 00000000 ____D C:\Users\Scott\Downloads\lspfix 2016-06-12 13:02 - 2016-06-12 13:02 - 00183158 _____ C:\Users\Scott\Downloads\lspfix.zip 2016-06-12 12:58 - 2016-06-12 12:58 - 10078720 _____ (Trend Micro Inc.) C:\Users\Scott\Downloads\RootkitBusterV5.0-1198.exe 2016-06-12 12:57 - 2016-06-12 12:57 - 06229392 _____ (Trend Micro, Inc. ) C:\Users\Scott\Downloads\RUBottedSetup.exe 2016-06-12 12:56 - 2016-06-12 12:56 - 10467568 _____ (Akamai Technologies, Inc.) C:\Users\Scott\Downloads\installer.exe 2016-06-12 12:55 - 2016-06-12 12:55 - 02104376 _____ (Trend Micro Inc.) C:\Users\Scott\Downloads\HousecallLauncher.exe 2016-06-12 12:54 - 2016-06-12 12:54 - 00388608 _____ (Trend Micro Inc.) C:\Users\Scott\Downloads\HijackThis.exe 2016-06-12 12:25 - 2016-06-12 12:25 - 00000000 ___SD C:\Users\Scott\AppData\LocalLow\Temp 2016-06-12 12:24 - 2016-06-13 15:19 - 00000680 _____ C:\Users\Scott\AppData\Local\d3d9caps.dat 2016-06-11 14:25 - 2016-06-11 14:21 - 04939776 _____ (SigmaTel, Inc.) C:\Windows\system32\stacgui.cpl 2016-06-11 14:25 - 2016-06-11 14:21 - 00303104 _____ (SigmaTel, Inc.) C:\Windows\sttray.exe 2016-06-11 14:25 - 2016-06-11 14:21 - 00090112 _____ (SigmaTel, Inc.) C:\Windows\system32\stacsv.exe 2016-06-10 14:06 - 2016-06-10 14:06 - 00000000 ____D C:\Users\MrBreeze\.oracle_jre_usage 2016-06-09 13:18 - 2016-06-09 13:18 - 00000411 _____ C:\Users\MrBreeze\Documents\DJTrump.txt 2016-06-08 12:26 - 2016-06-08 12:26 - 00080437 _____ C:\Users\MrBreeze\Documents\Windows Updates text1.txt 2016-06-08 12:23 - 2016-06-08 12:23 - 00080437 _____ C:\Users\MrBreeze\Documents\Windows Updates text.txt 2016-06-07 18:55 - 2016-06-07 18:55 - 03677248 _____ C:\Users\MrBreeze\Downloads\adwcleaner_5.119.exe 2016-06-07 16:36 - 2016-06-07 16:39 - 00000000 ____D C:\Program Files\PCFixKit 2016-06-07 16:00 - 2016-06-07 16:00 - 00000000 ____D C:\Users\MrBreeze\AppData\Local\Acelogix 2016-06-07 15:58 - 2016-06-12 16:33 - 00000000 ____D C:\ProgramData\TEMP 2016-06-07 15:58 - 2016-06-07 15:58 - 00001922 _____ C:\Users\MrBreeze\Desktop\Ace Utilities.lnk 2016-06-07 15:58 - 2016-06-07 15:58 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Utilities 2016-06-07 15:58 - 2016-06-07 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace Utilities 2016-06-07 15:58 - 2016-06-07 15:58 - 00000000 ____D C:\Program Files\Ace Utilities 2016-06-07 15:55 - 2016-06-07 15:55 - 00000078 _____ C:\Windows\system32\MRBREEZE-PC.Windows Vista Home Basic, 32-bit Service Pack 2 (build 6002).txt 2016-06-07 15:55 - 2016-06-07 15:55 - 00000000 ____D C:\Windows\RegBak 2016-06-07 15:54 - 2016-06-07 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Backup and Restore 2016-06-07 15:54 - 2016-06-07 15:54 - 00000000 ____D C:\Program Files\Acelogix 2016-06-07 15:17 - 2016-06-07 15:18 - 06431728 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\OSGS14-WindowsUpgradeAssistant-32bitand64bit-ClientSKU-4141411.exe 2016-06-07 15:06 - 2016-06-07 15:06 - 00027095 _____ C:\Users\MrBreeze\Documents\Win 7.htm 2016-06-07 15:06 - 2016-06-07 15:06 - 00000000 ____D C:\Users\MrBreeze\Documents\img 2016-06-07 15:06 - 2016-06-07 14:42 - 00002640 _____ C:\Users\MrBreeze\Documents\WuaReports.css 2016-06-07 13:58 - 2016-06-12 16:16 - 00000000 ____D C:\Program Files\UnHackMe 2016-06-07 13:56 - 2016-06-13 14:04 - 00069840 _____ C:\Users\MrBreeze\AppData\Local\GDIPFONTCACHEV1.DAT 2016-06-07 13:48 - 2016-06-12 12:23 - 00293288 _____ C:\Windows\system32\FNTCACHE.DAT 2016-06-06 13:08 - 2016-06-06 13:16 - 00000680 _____ C:\Windows\system32\.crusader 2016-06-05 15:08 - 2016-06-05 15:10 - 01016592 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_15.08.26_log.txt 2016-06-05 15:05 - 2016-06-05 15:06 - 00172328 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_15.05.09_log.txt 2016-06-05 15:02 - 2016-06-05 15:03 - 00172162 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_15.02.26_log.txt 2016-06-05 13:59 - 2016-06-05 15:11 - 00000000 ____D C:\Program Files\HitmanPro 2016-06-05 13:59 - 2016-06-05 13:59 - 00001732 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2016-06-05 13:59 - 2016-06-05 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2016-06-05 13:58 - 2016-06-06 13:08 - 00000000 ____D C:\ProgramData\HitmanPro 2016-06-05 13:33 - 2016-06-12 16:18 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Enigma Software Group 2016-06-05 13:26 - 2016-06-05 13:26 - 00019984 _____ C:\Windows\system32\Drivers\EsgScanner.sys 2016-06-05 13:25 - 2016-06-05 13:25 - 03482800 _____ (Enigma Software Group USA, LLC.) C:\Users\MrBreeze\Downloads\SpyHunter-Installer (1).exe 2016-06-05 13:19 - 2016-06-11 14:21 - 01601536 _____ (SigmaTel, Inc.) C:\Windows\system32\stlang.dll 2016-06-05 13:19 - 1999-12-31 19:00 - 05398528 _____ (SigmaTel, Inc.) C:\Windows\system32\IDTSG.cpl 2016-06-05 13:07 - 2016-06-05 13:07 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Bluefive software 2016-06-05 12:35 - 2016-06-05 12:36 - 00347816 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\MicrosoftFixit.wu.MATSKB.Run (1).exe 2016-06-04 11:34 - 2016-06-04 11:37 - 48418520 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\Windows-KB890830-V5.36.exe 2016-06-04 11:34 - 2016-06-04 11:37 - 38808920 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\FileFormatConverters (1).exe 2016-06-04 11:28 - 2016-06-04 11:28 - 00146308 _____ C:\Users\MrBreeze\Downloads\WS08_Vista_SP2_RTM_KBList (1).xlsx 2016-06-03 14:13 - 2016-06-03 14:16 - 75137189 _____ C:\Users\MrBreeze\Downloads\Windows6.0-KB947821-v4-x86.msu 2016-06-02 22:16 - 2016-06-02 22:32 - 02340040 _____ C:\Users\MrBreeze\Downloads\msxml6_SDK (1).msi 2016-06-02 22:16 - 2016-06-02 22:32 - 02324272 _____ C:\Users\MrBreeze\Downloads\msxml6_x64 (1).msi 2016-06-02 22:16 - 2016-06-02 22:32 - 02267192 _____ C:\Users\MrBreeze\Downloads\msxml6_ia64 (1).msi 2016-06-02 22:16 - 2016-06-02 22:32 - 01528320 _____ C:\Users\MrBreeze\Downloads\msxml6 (1).msi 2016-06-02 21:29 - 2016-06-02 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-06-02 21:29 - 2016-06-02 21:27 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2016-06-02 15:38 - 2016-06-02 15:38 - 00000896 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk 2016-06-02 15:38 - 2016-06-02 15:38 - 00000896 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2016-06-02 15:30 - 2016-06-02 15:30 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2016-06-02 15:23 - 2016-06-02 15:23 - 00000000 ____D C:\Users\Scott\AppData\Roaming\AVAST Software 2016-06-02 15:22 - 2016-06-02 15:22 - 00001829 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2016-06-02 15:22 - 2016-06-02 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2016-06-02 15:21 - 2016-06-02 15:20 - 00815792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2016-06-02 15:21 - 2016-06-02 15:20 - 00449640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2016-06-02 15:21 - 2016-06-02 15:20 - 00221368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2016-06-02 15:21 - 2016-06-02 15:20 - 00187208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys 2016-06-02 15:21 - 2016-06-02 15:20 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2016-06-02 15:21 - 2016-06-02 15:20 - 00067216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2016-06-02 15:21 - 2016-06-02 15:20 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2016-06-02 15:21 - 2016-06-02 15:20 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2016-06-02 15:21 - 2016-06-02 15:20 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2016-06-02 15:20 - 2016-06-02 15:20 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2016-06-02 15:20 - 2016-06-02 15:20 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr 2016-06-02 15:20 - 2016-06-02 15:20 - 00000000 ____D C:\Program Files\Windows Sidebar 2016-06-02 15:17 - 2016-06-02 15:29 - 00000000 ____D C:\Program Files\AVAST Software 2016-06-02 15:11 - 2016-06-02 15:30 - 00000000 ____D C:\ProgramData\AVAST Software 2016-06-02 15:10 - 2016-06-02 15:11 - 05080352 _____ (AVAST Software) C:\Users\Scott\Downloads\avast_free_antivirus_setup_online.exe 2016-06-02 14:53 - 2016-06-02 14:53 - 00000391 _____ C:\Users\Scott\Downloads\Microsoft.Powershell.Host_56d66100-99a0-4ffc-a12d-eee9a6718aef_HelpInfo.xml 2016-06-02 14:35 - 2016-06-02 14:46 - 01756144 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\WindowsEmbeddedCompact2013.exe 2016-06-02 14:35 - 2016-06-02 14:35 - 01851544 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\WindowsEmbeddedCompact2013_Update22.exe 2016-06-02 14:35 - 2016-06-02 14:35 - 00112496 _____ C:\Users\Scott\Downloads\Windows Embedded Compact 2013_Update30.htm 2016-06-02 14:32 - 2016-06-02 14:32 - 00323688 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\WindowsServer2003-KB828028-x86-ENU.exe 2016-06-02 14:25 - 2016-06-02 14:25 - 00702840 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\Windows-KB943729-x86-ENU.exe 2016-06-02 14:22 - 2016-06-02 14:22 - 00000000 ____D C:\Program Files\LAPS 2016-06-02 14:19 - 2016-06-02 14:19 - 00954368 _____ C:\Users\Scott\Downloads\LAPS.x86.msi 2016-06-02 14:17 - 2016-06-02 14:17 - 00000238 _____ C:\Users\Scott\Documents\Fixit.txt 2016-06-02 14:04 - 2016-06-02 14:04 - 00347816 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\MicrosoftFixit.wu.Run.exe 2016-06-02 12:05 - 2016-06-02 12:05 - 00000000 ____D C:\Users\Scott\AppData\Roaming\ProductData 2016-06-01 21:18 - 2016-06-01 21:18 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2016-06-01 21:16 - 2016-06-01 21:18 - 21381936 _____ (Tweaking.com) C:\Users\MrBreeze\Downloads\tweaking.com_windows_repair_aio_setup.exe 2016-06-01 21:15 - 2016-06-01 21:15 - 00000286 _____ C:\Windows\Tasks\User_Feed_Synchronization-{40FE53E5-E223-4404-89E5-29209F69C377}.job 2016-06-01 19:35 - 2016-06-01 19:35 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} 2016-06-01 05:17 - 2016-06-01 19:50 - 32337920 _____ C:\Windows\system32\config\components.iobit 2016-06-01 05:17 - 2016-06-01 19:50 - 28155904 _____ C:\Windows\system32\config\software.iobit 2016-06-01 05:17 - 2016-06-01 19:50 - 01077248 _____ C:\Windows\system32\config\default.iobit 2016-06-01 05:17 - 2016-06-01 19:50 - 00090112 _____ C:\Windows\system32\config\sam.iobit 2016-06-01 05:17 - 2016-06-01 19:49 - 00028672 _____ C:\Windows\system32\config\security.iobit 2016-06-01 05:12 - 2016-06-01 05:12 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Apple Computer 2016-06-01 05:07 - 2016-06-01 16:51 - 00000000 ____D C:\ProgramData\ProductData 2016-06-01 05:03 - 2016-06-01 05:13 - 00000000 ____D C:\Users\MrBreeze\AppData\LocalLow\IObit 2016-06-01 05:03 - 2016-06-01 05:03 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled 2016-06-01 05:03 - 2016-06-01 05:03 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\ProductData 2016-06-01 05:02 - 2016-06-01 05:02 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} 2016-06-01 05:01 - 2016-06-01 16:49 - 00000000 ____D C:\Program Files\Common Files\IObit 2016-06-01 04:58 - 2016-06-01 20:25 - 00000000 ____D C:\Program Files\IObit 2016-06-01 04:58 - 2016-06-01 16:49 - 00000000 ____D C:\ProgramData\IObit 2016-06-01 04:44 - 2016-06-01 04:52 - 43891792 _____ (IObit ) C:\Users\MrBreeze\Downloads\advanced-systemcare-setup.exe 2016-05-31 14:25 - 2016-05-31 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 2016-05-31 10:47 - 2016-05-31 10:48 - 00231760 _____ C:\Users\MrBreeze\Downloads\CrucialScan.exe 2016-05-29 13:40 - 2016-06-05 15:11 - 00160840 _____ (SurfRight B.V.) C:\Windows\system32\LnkProtect.dll 2016-05-29 12:57 - 2016-05-29 12:57 - 00001933 _____ C:\Users\MrBreeze\Documents\EVIEW.txt 2016-05-29 12:50 - 2016-05-29 12:50 - 00001867 _____ C:\Users\MrBreeze\Documents\HITMAN EVENT VIEW.txt 2016-05-29 12:43 - 2016-05-29 12:44 - 00000534 _____ C:\Users\MrBreeze\Documents\admin event viewer.txt 2016-05-29 12:42 - 2016-05-29 12:42 - 00000615 _____ C:\Users\MrBreeze\Documents\eventviewerhitmanpro.txt 2016-05-26 19:11 - 2016-05-31 17:14 - 00000000 ____D C:\Windows\CryptoGuard 2016-05-26 15:51 - 2016-05-26 15:53 - 10451640 _____ (SurfRight B.V.) C:\Users\MrBreeze\Downloads\HitmanPro.exe 2016-05-25 19:51 - 2016-05-25 19:51 - 04614144 _____ C:\Users\Scott\Downloads\msxml6_SDK.msi 2016-05-25 19:51 - 2016-05-25 19:51 - 01528320 _____ C:\Users\Scott\Downloads\msxml6.msi 2016-05-25 18:56 - 2016-05-25 18:57 - 04614144 _____ C:\Users\MrBreeze\Downloads\msxml6_SDK.msi 2016-05-25 18:56 - 2016-05-25 18:57 - 03753472 _____ C:\Users\MrBreeze\Downloads\msxml6_ia64.msi 2016-05-25 18:56 - 2016-05-25 18:57 - 02721280 _____ C:\Users\MrBreeze\Downloads\msxml6_x64.msi 2016-05-25 18:56 - 2016-05-25 18:56 - 01528320 _____ C:\Users\MrBreeze\Downloads\msxml6.msi 2016-05-25 15:48 - 2016-05-25 15:48 - 00000000 ____D C:\Users\Default\AppData\Roaming\Sun 2016-05-25 15:48 - 2016-05-25 15:48 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Sun 2016-05-25 15:46 - 2016-05-25 15:46 - 00000000 ____D C:\ProgramData\Oracle 2016-05-25 14:51 - 2016-05-25 14:51 - 00000000 ____D C:\Users\MrBreeze\AppData\Local\Secunia PSI 2016-05-25 14:50 - 2016-05-25 14:50 - 00000000 ____D C:\Program Files\Secunia 2016-05-25 14:49 - 2016-05-25 14:50 - 05490752 _____ (Secunia) C:\Users\MrBreeze\Downloads\PSISetup.exe 2016-05-25 14:16 - 2016-05-25 14:19 - 00930472 _____ C:\TDSSKiller.3.1.0.9_25.05.2016_14.16.19_log.txt 2016-05-25 14:10 - 2016-05-25 14:12 - 00170114 _____ C:\TDSSKiller.3.1.0.9_25.05.2016_14.10.29_log.txt 2016-05-25 14:07 - 2016-05-25 14:08 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\MrBreeze\Downloads\tdsskiller.exe 2016-05-24 11:57 - 2016-05-24 11:57 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Bluefive software 2016-05-23 13:29 - 2016-05-23 13:29 - 00000844 _____ C:\Users\MrBreeze\Desktop\SnapShot.lnk 2016-05-23 13:29 - 2016-05-23 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SnapShot 2016-05-23 13:29 - 2016-05-23 13:29 - 00000000 ____D C:\Program Files\SnapShot 2016-05-23 13:29 - 2008-07-01 10:04 - 01064960 _____ (Chilkat Software, Inc.) C:\Windows\system32\ChilkatFtp2.dll 2016-05-23 13:29 - 2007-12-14 17:34 - 01388032 _____ (Chestysoft) C:\Windows\system32\csXImage.ocx 2016-05-23 13:29 - 2007-06-05 10:00 - 00311296 _____ (AdminSystem Software Limited) C:\Windows\system32\aosmtp.dll 2016-05-23 13:29 - 2004-03-08 23:00 - 00224016 _____ (Microsoft Corporation) C:\Windows\system32\tabctl32.ocx 2016-05-23 13:29 - 2002-02-10 20:28 - 00070144 _____ (Merrion Computing Ltd) C:\Windows\system32\MCLHotkey.ocx 2016-05-23 13:29 - 2001-08-23 13:00 - 01355776 _____ (Microsoft Corporation) C:\Windows\system32\msvbvm50.dll 2016-05-23 13:29 - 2000-07-09 18:15 - 00106496 _____ (Marco Bellinaso) C:\Windows\system32\mbprgbar.ocx 2016-05-23 13:29 - 2000-05-01 23:02 - 00110592 _____ (Common Controls Replacement Project (CCRP)) C:\Windows\system32\ccrpbds6.dll 2016-05-23 13:29 - 1998-06-24 00:00 - 00140096 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.ocx 2016-05-23 12:51 - 2016-05-23 12:51 - 00035114 _____ C:\Users\MrBreeze\Downloads\Extras.Txt 2016-05-23 12:49 - 2016-05-23 13:20 - 00119882 _____ C:\Users\MrBreeze\Downloads\OTL.Txt 2016-05-23 12:27 - 2016-05-23 12:27 - 00602112 _____ (OldTimer Tools) C:\Users\MrBreeze\Downloads\OTL.scr 2016-05-23 12:14 - 2016-05-23 12:14 - 00347816 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\MicrosoftFixit.wu.Run.exe 2016-05-23 10:31 - 2016-05-23 10:39 - 154546261 _____ C:\Users\MrBreeze\Downloads\Windows6.0-KB947821-v35-x86 (2).msu 2016-05-23 10:17 - 2016-05-23 10:17 - 00000000 ____D C:\Users\MrBreeze\Downloads\lspfix 2016-05-23 10:15 - 2016-05-23 10:16 - 00183158 _____ C:\Users\MrBreeze\Downloads\lspfix.zip 2016-05-23 10:05 - 2016-05-23 10:05 - 00000902 _____ C:\Users\Scott\Documents\Rolling Stone.txt 2016-05-22 12:43 - 2016-05-22 12:50 - 00000000 _____ C:\Windows\system32\procdump 2016-05-22 12:39 - 2016-05-22 12:39 - 00000000 ____D C:\Users\MrBreeze\Downloads\Procdump 2016-05-22 12:34 - 2016-05-22 12:34 - 00411028 _____ C:\Users\MrBreeze\Downloads\Procdump.zip 2016-05-21 14:36 - 2016-05-21 14:54 - 649877504 _____ C:\Users\Scott\Downloads\GRMWDK_EN_7600_1.ISO 2016-05-21 12:07 - 2016-05-21 12:07 - 00000000 _RSHD C:\comment.htt 2016-05-20 12:28 - 2016-05-20 12:28 - 00000000 ____D C:\Users\MrBreeze\Downloads\Autoruns 2016-05-20 11:35 - 2016-05-20 11:35 - 00001952 _____ C:\Users\Scott\Desktop\Tweaking.com - Windows Repair.lnk 2016-05-20 09:59 - 2016-05-20 09:59 - 00615478 _____ C:\Users\MrBreeze\Downloads\Autoruns.zip 2016-05-20 09:55 - 2016-05-20 09:56 - 21382440 _____ (Tweaking.com) C:\Users\MrBreeze\Downloads\tweaking.com_windows_repair_aio_setup (1).exe 2016-05-19 17:44 - 2016-05-19 17:44 - 00209432 _____ C:\Windows\RegBootClean.exe 2016-05-19 17:37 - 2016-05-19 17:44 - 00000000 ____D C:\ProgramData\AntiRansomware 2016-05-18 20:38 - 2016-05-18 20:38 - 00000000 ____D C:\e735d206fef05299b92e9a0a60a4a2df 2016-05-18 11:49 - 2016-05-18 11:49 - 00000000 ____D C:\ProgramData\Windows Genuine Advantage 2016-05-18 11:47 - 2016-05-18 11:48 - 00002628 _____ C:\Users\MrBreeze\Downloads\legitcheck.hta 2016-05-18 11:07 - 2016-05-18 11:07 - 00024576 _____ C:\Users\MrBreeze\Documents\EasyBCD Backup (2016-05-18).bcd 2016-05-18 11:07 - 2016-05-18 11:07 - 00000000 ____D C:\Users\MrBreeze\AppData\Local\NeoSmart_Technologies 2016-05-18 11:06 - 2016-05-18 20:38 - 00000000 ____D C:\Program Files\NeoSmart Technologies 2016-05-18 11:04 - 2016-05-18 11:04 - 01923704 _____ C:\Users\MrBreeze\Downloads\EasyBCD 2.3.exe 2016-05-18 10:56 - 2016-05-18 11:00 - 00021948 _____ C:\Windows\system32\sfcdetails.txt 2016-05-18 07:25 - 2016-05-23 13:58 - 00000562 _____ C:\Users\MrBreeze\Desktop\StartUp Failure.txt 2016-05-17 13:46 - 2016-05-18 12:40 - 00000000 ____D C:\ProgramData\BootRacer 2016-05-17 13:43 - 2016-05-18 12:39 - 00040960 _____ C:\Users\Public\Documents\bootracer.his 2016-05-17 13:40 - 2016-05-25 15:25 - 00000728 _____ C:\Users\Public\Documents\bootracer.ini 2016-05-17 13:00 - 2016-05-17 13:00 - 00000010 _____ C:\Users\Scott\Desktop\test.txt 2016-05-17 12:56 - 2016-05-17 12:56 - 00449569 _____ C:\Users\Scott\Desktop\regrunlog.txt 2016-05-17 12:18 - 2016-05-17 12:18 - 00000000 ____D C:\@RestoreQuarantine 2016-05-17 12:13 - 2016-06-07 14:05 - 00000000 ____D C:\Users\MrBreeze\Documents\RegRun2 2016-05-17 11:58 - 2016-06-12 14:00 - 00000370 _____ C:\Windows\system32\PARTIZAN.TXT 2016-05-17 11:39 - 2016-05-17 11:40 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Scott\Downloads\SpyHunter-Installer (1).exe 2016-05-17 11:37 - 2016-05-17 11:39 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Scott\Downloads\SpyHunter-Installer.exe 2016-05-17 11:18 - 2016-06-11 13:49 - 00000000 ____D C:\ProgramData\RegRun 2016-05-17 10:29 - 2016-06-11 13:49 - 00000000 ____D C:\Users\Public\Documents\regruninfo 2016-05-17 10:29 - 2016-06-07 13:58 - 00000002 RSHOT C:\Windows\winstart.bat 2016-05-17 10:29 - 2016-05-21 12:10 - 00000000 ____D C:\Users\Scott\Documents\RegRun2 2016-05-17 10:29 - 2016-04-05 15:17 - 00012808 _____ (Greatis Software, LLC.) C:\Windows\system32\Drivers\UnHackMeDrv.sys 2016-05-17 10:25 - 2016-05-17 10:25 - 00000000 ____D C:\Users\Scott\Downloads\unhackme 2016-05-17 10:23 - 2016-05-17 10:24 - 17475297 _____ C:\Users\Scott\Downloads\unhackme.zip 2016-05-17 10:23 - 2016-05-17 10:23 - 00000400 _____ C:\Users\Scott\Documents\100 cpu.txt 2016-05-16 11:19 - 2016-05-16 11:19 - 00000000 ____D C:\Users\MrBreeze\Downloads\!Safe_WinVista_Home_Basic_SP2_32_Start_v200 2016-05-16 11:09 - 2016-05-16 11:09 - 00146308 _____ C:\Users\MrBreeze\Downloads\WS08_Vista_SP2_RTM_KBList.xlsx 2016-05-16 10:54 - 2016-05-16 10:55 - 18005296 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\IE9-WindowsVista-x86-enu.exe 2016-05-16 10:49 - 2016-05-16 10:49 - 00347816 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\MicrosoftFixit.Performance.RNP.Run.exe 2016-05-16 09:03 - 2016-05-16 09:03 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Macromedia 2016-05-16 08:51 - 2016-05-16 08:51 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Adobe 2016-05-15 22:15 - 2016-05-15 22:15 - 00000000 ____D C:\MATS 2016-05-15 22:13 - 2016-05-15 22:13 - 00347816 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe 2016-05-15 20:28 - 2016-05-15 20:28 - 00000033 _____ C:\Users\MrBreeze\Documents\Knee.txt 2016-05-14 21:40 - 2016-05-14 21:40 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MRBREEZE-PC-Windows-Vista--Home-Basic-(32-bit).dat 2016-05-14 21:40 - 2016-05-14 21:40 - 00000000 ____D C:\RegBackup 2016-05-14 19:29 - 2016-06-01 21:18 - 00001952 _____ C:\Users\MrBreeze\Desktop\Tweaking.com - Windows Repair.lnk 2016-05-14 19:29 - 2016-06-01 21:18 - 00000550 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job 2016-05-14 19:29 - 2016-05-14 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2016-05-14 19:29 - 2016-05-14 19:29 - 00000000 ____D C:\Program Files\Tweaking.com 2016-05-14 16:47 - 2016-05-14 16:47 - 00984576 _____ C:\Users\MrBreeze\Downloads\MicrosoftFixit50906.msi 2016-05-14 14:14 - 2016-05-14 14:14 - 01768236 _____ C:\Users\MrBreeze\Downloads\Windows6.0-KB942288-v2-x86 (1).msu 2016-05-14 14:14 - 2016-05-14 14:14 - 00000000 ____D C:\014e2b9b0cb56244da54 2016-05-14 10:20 - 2016-05-14 10:20 - 00000040 _____ C:\Users\MrBreeze\Documents\net.txt ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-13 16:11 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\inf 2016-06-13 16:11 - 2006-11-02 05:33 - 00796728 _____ C:\Windows\system32\PerfStringBackup.INI 2016-06-13 16:08 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\inetsrv 2016-06-13 16:07 - 2016-04-17 11:07 - 00001356 _____ C:\Users\MrBreeze\AppData\Local\d3d9caps.dat 2016-06-13 16:06 - 2006-11-02 07:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-06-13 16:06 - 2006-11-02 07:45 - 00004800 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2016-06-13 16:06 - 2006-11-02 07:45 - 00004800 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2016-06-13 16:05 - 2006-11-02 07:58 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-06-13 15:57 - 2016-04-29 19:44 - 00000000 ____D C:\Program Files\Google 2016-06-13 15:43 - 2016-04-29 19:45 - 00000000 ____D C:\Users\MrBreeze\AppData\Local\Google 2016-06-13 15:21 - 2016-05-04 22:26 - 00000000 ____D C:\Users\Scott\AppData\Local\Google 2016-06-12 13:24 - 2016-04-21 13:49 - 00346512 _____ C:\Users\MrBreeze\AppData\Local\census.cache 2016-06-12 13:24 - 2016-04-21 13:49 - 00297382 _____ C:\Users\MrBreeze\AppData\Local\ars.cache 2016-06-12 13:21 - 2016-04-19 01:48 - 00000010 _____ C:\Users\MrBreeze\AppData\Local\sponge.last.runtime.cache 2016-06-11 14:32 - 2016-04-05 17:44 - 00000000 ____D C:\Users\MrBreeze 2016-06-11 14:24 - 2016-04-05 12:59 - 00121232 _____ C:\Windows\system32\IScrNBR.bmp 2016-06-11 14:24 - 2016-04-05 12:59 - 00121232 _____ C:\Windows\system32\IScrNB.bmp 2016-06-11 14:23 - 2016-04-05 12:59 - 00319456 _____ (Microsoft Corporation) C:\Windows\system32\difxapi.dll 2016-06-11 14:21 - 2016-04-05 12:58 - 00142848 _____ (SigmaTel, Inc.) C:\Windows\system32\staco.dll 2016-06-11 14:21 - 2007-03-29 11:17 - 00562688 _____ (SigmaTel, Inc.) C:\Windows\system32\stapo.dll 2016-06-11 14:21 - 2007-03-29 11:17 - 00323584 _____ (SigmaTel, Inc.) C:\Windows\system32\Drivers\stwrt.sys 2016-06-11 14:21 - 2007-03-29 11:17 - 00316928 _____ (SigmaTel, Inc.) C:\Windows\system32\stcplx.dll 2016-06-11 14:21 - 2007-03-29 11:17 - 00243712 _____ (SigmaTel, Inc.) C:\Windows\system32\stapi32.dll 2016-06-07 20:34 - 2016-05-10 21:58 - 00000000 ____D C:\AdwCleaner 2016-06-07 16:39 - 2016-04-08 22:01 - 00000000 ___SD C:\Users\MrBreeze\AppData\LocalLow\Temp 2016-06-07 13:58 - 2006-11-02 05:23 - 00002577 _____ C:\Windows\system32\config.nt 2016-06-07 13:58 - 2006-11-02 05:23 - 00001688 _____ C:\Windows\system32\autoexec.nt 2016-06-05 11:45 - 2016-04-21 18:49 - 00000000 ____D C:\Users\MrBreeze\Downloads\backups 2016-06-04 19:31 - 2006-11-02 05:24 - 136686448 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2016-06-03 15:52 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\registration 2016-06-02 21:16 - 2016-04-05 13:07 - 00000000 ____D C:\Program Files\Java 2016-06-02 16:31 - 2016-05-04 21:39 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-06-02 15:17 - 2016-04-13 01:50 - 00001945 _____ C:\Windows\epplauncher.mif 2016-06-02 12:04 - 2016-05-06 17:45 - 00069840 _____ C:\Users\Scott\AppData\Local\GDIPFONTCACHEV1.DAT 2016-06-02 11:54 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_249 2016-06-01 21:41 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_687 2016-06-01 14:34 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_555 2016-06-01 05:33 - 2016-04-29 22:30 - 00000000 ____D C:\Windows\Panther 2016-05-27 12:15 - 2016-04-10 13:32 - 00000000 ____D C:\Windows\Minidump 2016-05-25 19:28 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_428 2016-05-25 13:19 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_219 2016-05-23 11:53 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_626 2016-05-22 22:08 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_183 2016-05-20 12:04 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_408 2016-05-20 09:33 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_570 2016-05-18 11:49 - 2006-11-02 06:18 - 00000000 ___SD C:\Windows\Downloaded Program Files 2016-05-16 11:16 - 2016-04-29 22:51 - 00000000 ____D C:\Users\MrBreeze\AppData\Local\ElevatedDiagnostics 2016-05-16 10:56 - 2016-05-04 22:26 - 00000949 _____ C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-05-16 10:14 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_366 2016-05-15 23:19 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_286 2016-05-15 21:50 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_527 2016-05-15 16:25 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_19 2016-05-14 22:19 - 2016-04-19 18:39 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2016-05-14 22:19 - 2016-04-19 18:39 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2016-05-14 22:10 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_584 2016-05-14 18:09 - 2016-05-10 12:33 - 00000000 ____D C:\363c9100431405d757f164504b44b3 2016-05-14 18:07 - 2016-04-29 21:50 - 00000000 ____D C:\2de5ecb5eb1f30c5571f293ed367 2016-05-14 14:08 - 2006-11-02 05:22 - 32768000 _____ C:\Windows\system32\config\components.bak 2016-05-14 14:08 - 2006-11-02 05:22 - 30146560 _____ C:\Windows\system32\config\software.bak 2016-05-14 14:08 - 2006-11-02 05:22 - 23068672 _____ C:\Windows\system32\config\system.bak 2016-05-14 14:08 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\security.bak 2016-05-14 14:08 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\sam.bak 2016-05-14 14:08 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\default.bak ==================== Files in the root of some directories ======= 2016-04-21 13:49 - 2016-06-12 13:24 - 0297382 _____ () C:\Users\MrBreeze\AppData\Local\ars.cache 2016-04-21 13:49 - 2016-06-12 13:24 - 0346512 _____ () C:\Users\MrBreeze\AppData\Local\census.cache 2016-04-17 11:07 - 2016-06-13 16:07 - 0001356 _____ () C:\Users\MrBreeze\AppData\Local\d3d9caps.dat 2016-04-05 18:11 - 2016-04-26 13:28 - 0005120 _____ () C:\Users\MrBreeze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-04-19 01:19 - 2016-04-19 01:19 - 0000036 _____ () C:\Users\MrBreeze\AppData\Local\housecall.guid.cache 2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\MrBreeze\AppData\Local\setup.txt 2016-04-19 01:48 - 2016-06-12 13:21 - 0000010 _____ () C:\Users\MrBreeze\AppData\Local\sponge.last.runtime.cache ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-06-13 16:12 ==================== End of FRST.txt ============================ Quote
SPSpellman Posted June 13, 2016 Posted June 13, 2016 THIS IS THE STANDARD USER ACCOUNT:Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-06-2016Ran by MrBreeze (administrator) on MRBREEZE-PC (13-06-2016 15:35:05) Running from C:\Users\Scott\Downloads Loaded Profiles: MrBreeze & Scott (Available Profiles: MrBreeze & Scott) Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) Language: English (United States) Internet Explorer Version 9 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) C:\WINDOWS\System32\CISVC.EXE (Microsoft Corporation) C:\WINDOWS\System32\inetsrv\inetinfo.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe (SigmaTel, Inc.) C:\WINDOWS\System32\stacsv.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Microsoft Corporation) C:\WINDOWS\System32\mqtgsvc.exe (Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\WINDOWS\System32\msiexec.exe (Microsoft Corporation) C:\WINDOWS\System32\UI0Detect.exe (Google Inc.) C:\Program Files\Google\Update\1.3.30.3\GoogleCrashHandler.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7405752 2016-06-10] (AVAST Software) HKLM\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKLM\...\Policies\Explorer: [NoDriveAutoRun-] 0 HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun-] 0 HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\Policies\Explorer: [NoDriveAutoRun-] 0 HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\Policies\Explorer: [NoDriveTypeAutoRun-] 0 HKU\S-1-5-21-67880207-1905697065-243471585-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6690008 2016-05-13] (Piriform Ltd) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-06-02] (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 209.55.27.13 Tcpip\..\Interfaces\{B5304D28-2BFF-47C8-89B2-44ED34F77672}: [DhcpNameServer] 8.8.8.8 8.8.4.4 209.55.27.13 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-67880207-1905697065-243471585-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-67880207-1905697065-243471585-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3604 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-67880207-1905697065-243471585-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/ HKU\S-1-5-21-67880207-1905697065-243471585-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-67880207-1905697065-243471585-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-67880207-1905697065-243471585-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/ SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {47B50246-2234-4B64-AAB2-296D71F49BDE} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage} SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1000 -> {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1000 -> {47B50246-2234-4B64-AAB2-296D71F49BDE} URL = SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1000 -> {6A8CE798-58AC-47A5-A718-6335B9D1F4D8} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage} SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1005 -> DefaultScope {E19A97FE-292B-4418-A384-BCCF107983E6} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage} SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1005 -> {47B50246-2234-4B64-AAB2-296D71F49BDE} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage} SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1005 -> {E19A97FE-292B-4418-A384-BCCF107983E6} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage} BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-02] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-02] (AVAST Software) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-02] (Oracle Corporation) DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\Profiles\8t3xh1at.default-1461110741824 FF DefaultSearchEngine.US: Google FF DefaultSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-14] () FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-02] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-02] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-13] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-13] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF user.js: detected! => C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\Profiles\8t3xh1at.default-1461110741824\user.js [2016-06-07] FF Extension: YouTube™ Enhancer Plus - C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\Profiles\8t3xh1at.default-1461110741824\extensions\firefoxaddon@youtubeenhancer.com.xpi [2016-05-01] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-02] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-06-02] Chrome: ======= CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-06-02] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-06-02] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-02] (AVAST Software) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [113632 2016-06-05] (SurfRight B.V.) R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2008-01-19] (Microsoft Corporation) S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-04-21] (IObit) R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [125952 2009-04-11] (Microsoft Corporation) R2 RUBotSrv; C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.) R2 STacSV; C:\Windows\system32\STacSV.exe [90112 2016-06-11] (SigmaTel, Inc.) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-06-02] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-06-02] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-06-02] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-06-02] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-06-02] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-06-02] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-06-02] (AVAST Software) R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [187208 2016-06-02] (AVAST Software) S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [67216 2016-06-02] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221368 2016-06-02] (AVAST Software) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2016-06-05] () S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.) R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [323584 2016-06-11] (SigmaTel, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) U3 DFSR; no ImagePath S3 ialm; system32\DRIVERS\igdkmd32.sys [X] S3 igfx; system32\DRIVERS\igdkmd32.sys [X] U0 Partizan; system32\drivers\Partizan.sys [X] U4 UmRdpService; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-13 15:35 - 2016-06-13 15:35 - 00013014 _____ C:\Users\Scott\Downloads\FRST.txt 2016-06-13 15:34 - 2016-06-13 15:35 - 00000000 ____D C:\FRST 2016-06-13 15:32 - 2016-06-13 15:32 - 01736192 _____ (Farbar) C:\Users\Scott\Downloads\FRST.exe 2016-06-13 15:32 - 2016-06-13 15:32 - 00000817 _____ C:\Users\Scott\Desktop\FRST - Shortcut.lnk 2016-06-13 15:23 - 2016-06-13 15:23 - 00001983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-06-13 15:23 - 2016-06-13 15:23 - 00001971 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-06-13 15:21 - 2016-06-13 15:32 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-06-13 15:21 - 2016-06-13 15:32 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-06-13 15:20 - 2016-06-13 15:20 - 00987728 _____ (Google Inc.) C:\Users\Scott\Downloads\ChromeSetup.exe 2016-06-13 14:40 - 2016-06-13 14:40 - 00000514 _____ C:\Users\MrBreeze\Documents\hoses.txt 2016-06-12 16:13 - 2016-06-12 16:14 - 00000000 ____D C:\Users\MrBreeze\Desktop\UpDATERS 2016-06-12 13:36 - 2016-06-12 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted 2016-06-12 13:36 - 2016-06-12 13:36 - 00000000 ____D C:\Program Files\Trend Micro 2016-06-12 13:26 - 2016-06-12 13:32 - 00000000 ____D C:\Users\Scott\Downloads\TMRBLog 2016-06-12 13:26 - 2016-06-12 13:26 - 00000000 ____D C:\Users\Scott\Downloads\log 2016-06-12 13:03 - 2016-06-12 13:03 - 00000000 ____D C:\Users\Scott\Downloads\lspfix 2016-06-12 13:02 - 2016-06-12 13:02 - 00183158 _____ C:\Users\Scott\Downloads\lspfix.zip 2016-06-12 12:58 - 2016-06-12 12:58 - 10078720 _____ (Trend Micro Inc.) C:\Users\Scott\Downloads\RootkitBusterV5.0-1198.exe 2016-06-12 12:57 - 2016-06-12 12:57 - 06229392 _____ (Trend Micro, Inc. ) C:\Users\Scott\Downloads\RUBottedSetup.exe 2016-06-12 12:56 - 2016-06-12 12:56 - 10467568 _____ (Akamai Technologies, Inc.) C:\Users\Scott\Downloads\installer.exe 2016-06-12 12:55 - 2016-06-12 12:55 - 02104376 _____ (Trend Micro Inc.) C:\Users\Scott\Downloads\HousecallLauncher.exe 2016-06-12 12:54 - 2016-06-12 12:54 - 00388608 _____ (Trend Micro Inc.) C:\Users\Scott\Downloads\HijackThis.exe 2016-06-12 12:25 - 2016-06-12 12:25 - 00000000 ___SD C:\Users\Scott\AppData\LocalLow\Temp 2016-06-12 12:24 - 2016-06-13 15:19 - 00000680 _____ C:\Users\Scott\AppData\Local\d3d9caps.dat 2016-06-11 14:25 - 2016-06-11 14:21 - 04939776 _____ (SigmaTel, Inc.) C:\Windows\system32\stacgui.cpl 2016-06-11 14:25 - 2016-06-11 14:21 - 00303104 _____ (SigmaTel, Inc.) C:\Windows\sttray.exe 2016-06-11 14:25 - 2016-06-11 14:21 - 00090112 _____ (SigmaTel, Inc.) C:\Windows\system32\stacsv.exe 2016-06-10 14:06 - 2016-06-10 14:06 - 00000000 ____D C:\Users\MrBreeze\.oracle_jre_usage 2016-06-09 13:18 - 2016-06-09 13:18 - 00000411 _____ C:\Users\MrBreeze\Documents\DJTrump.txt 2016-06-08 12:26 - 2016-06-08 12:26 - 00080437 _____ C:\Users\MrBreeze\Documents\Windows Updates text1.txt 2016-06-08 12:23 - 2016-06-08 12:23 - 00080437 _____ C:\Users\MrBreeze\Documents\Windows Updates text.txt 2016-06-07 18:55 - 2016-06-07 18:55 - 03677248 _____ C:\Users\MrBreeze\Downloads\adwcleaner_5.119.exe 2016-06-07 16:36 - 2016-06-07 16:39 - 00000000 ____D C:\Program Files\PCFixKit 2016-06-07 16:00 - 2016-06-07 16:00 - 00000000 ____D C:\Users\MrBreeze\AppData\Local\Acelogix 2016-06-07 15:58 - 2016-06-12 16:33 - 00000000 ____D C:\ProgramData\TEMP 2016-06-07 15:58 - 2016-06-07 15:58 - 00001922 _____ C:\Users\MrBreeze\Desktop\Ace Utilities.lnk 2016-06-07 15:58 - 2016-06-07 15:58 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Utilities 2016-06-07 15:58 - 2016-06-07 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace Utilities 2016-06-07 15:58 - 2016-06-07 15:58 - 00000000 ____D C:\Program Files\Ace Utilities 2016-06-07 15:55 - 2016-06-07 15:55 - 00000078 _____ C:\Windows\system32\MRBREEZE-PC.Windows Vista Home Basic, 32-bit Service Pack 2 (build 6002).txt 2016-06-07 15:55 - 2016-06-07 15:55 - 00000000 ____D C:\Windows\RegBak 2016-06-07 15:54 - 2016-06-07 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Backup and Restore 2016-06-07 15:54 - 2016-06-07 15:54 - 00000000 ____D C:\Program Files\Acelogix 2016-06-07 15:17 - 2016-06-07 15:18 - 06431728 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\OSGS14-WindowsUpgradeAssistant-32bitand64bit-ClientSKU-4141411.exe 2016-06-07 15:06 - 2016-06-07 15:06 - 00027095 _____ C:\Users\MrBreeze\Documents\Win 7.htm 2016-06-07 15:06 - 2016-06-07 15:06 - 00000000 ____D C:\Users\MrBreeze\Documents\img 2016-06-07 15:06 - 2016-06-07 14:42 - 00002640 _____ C:\Users\MrBreeze\Documents\WuaReports.css 2016-06-07 13:58 - 2016-06-12 16:16 - 00000000 ____D C:\Program Files\UnHackMe 2016-06-07 13:56 - 2016-06-13 14:04 - 00069840 _____ C:\Users\MrBreeze\AppData\Local\GDIPFONTCACHEV1.DAT 2016-06-07 13:48 - 2016-06-12 12:23 - 00293288 _____ C:\Windows\system32\FNTCACHE.DAT 2016-06-06 13:08 - 2016-06-06 13:16 - 00000680 _____ C:\Windows\system32\.crusader 2016-06-05 15:08 - 2016-06-05 15:10 - 01016592 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_15.08.26_log.txt 2016-06-05 15:05 - 2016-06-05 15:06 - 00172328 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_15.05.09_log.txt 2016-06-05 15:02 - 2016-06-05 15:03 - 00172162 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_15.02.26_log.txt 2016-06-05 13:59 - 2016-06-05 15:11 - 00000000 ____D C:\Program Files\HitmanPro 2016-06-05 13:59 - 2016-06-05 13:59 - 00001732 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2016-06-05 13:59 - 2016-06-05 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2016-06-05 13:58 - 2016-06-06 13:08 - 00000000 ____D C:\ProgramData\HitmanPro 2016-06-05 13:33 - 2016-06-12 16:18 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Enigma Software Group 2016-06-05 13:26 - 2016-06-05 13:26 - 00019984 _____ C:\Windows\system32\Drivers\EsgScanner.sys 2016-06-05 13:25 - 2016-06-05 13:25 - 03482800 _____ (Enigma Software Group USA, LLC.) C:\Users\MrBreeze\Downloads\SpyHunter-Installer (1).exe 2016-06-05 13:19 - 2016-06-11 14:21 - 01601536 _____ (SigmaTel, Inc.) C:\Windows\system32\stlang.dll 2016-06-05 13:19 - 1999-12-31 19:00 - 05398528 _____ (SigmaTel, Inc.) C:\Windows\system32\IDTSG.cpl 2016-06-05 13:07 - 2016-06-05 13:07 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Bluefive software 2016-06-05 12:35 - 2016-06-05 12:36 - 00347816 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\MicrosoftFixit.wu.MATSKB.Run (1).exe 2016-06-04 11:34 - 2016-06-04 11:37 - 48418520 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\Windows-KB890830-V5.36.exe 2016-06-04 11:34 - 2016-06-04 11:37 - 38808920 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\FileFormatConverters (1).exe 2016-06-04 11:28 - 2016-06-04 11:28 - 00146308 _____ C:\Users\MrBreeze\Downloads\WS08_Vista_SP2_RTM_KBList (1).xlsx 2016-06-03 14:13 - 2016-06-03 14:16 - 75137189 _____ C:\Users\MrBreeze\Downloads\Windows6.0-KB947821-v4-x86.msu 2016-06-02 22:16 - 2016-06-02 22:32 - 02340040 _____ C:\Users\MrBreeze\Downloads\msxml6_SDK (1).msi 2016-06-02 22:16 - 2016-06-02 22:32 - 02324272 _____ C:\Users\MrBreeze\Downloads\msxml6_x64 (1).msi 2016-06-02 22:16 - 2016-06-02 22:32 - 02267192 _____ C:\Users\MrBreeze\Downloads\msxml6_ia64 (1).msi 2016-06-02 22:16 - 2016-06-02 22:32 - 01528320 _____ C:\Users\MrBreeze\Downloads\msxml6 (1).msi 2016-06-02 21:29 - 2016-06-02 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-06-02 21:29 - 2016-06-02 21:27 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2016-06-02 15:38 - 2016-06-02 15:38 - 00000896 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk 2016-06-02 15:38 - 2016-06-02 15:38 - 00000896 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2016-06-02 15:30 - 2016-06-02 15:30 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2016-06-02 15:23 - 2016-06-02 15:23 - 00000000 ____D C:\Users\Scott\AppData\Roaming\AVAST Software 2016-06-02 15:22 - 2016-06-02 15:22 - 00001829 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2016-06-02 15:22 - 2016-06-02 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2016-06-02 15:21 - 2016-06-02 15:20 - 00815792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2016-06-02 15:21 - 2016-06-02 15:20 - 00449640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2016-06-02 15:21 - 2016-06-02 15:20 - 00221368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2016-06-02 15:21 - 2016-06-02 15:20 - 00187208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys 2016-06-02 15:21 - 2016-06-02 15:20 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2016-06-02 15:21 - 2016-06-02 15:20 - 00067216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2016-06-02 15:21 - 2016-06-02 15:20 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2016-06-02 15:21 - 2016-06-02 15:20 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2016-06-02 15:21 - 2016-06-02 15:20 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2016-06-02 15:20 - 2016-06-02 15:20 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2016-06-02 15:20 - 2016-06-02 15:20 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr 2016-06-02 15:20 - 2016-06-02 15:20 - 00000000 ____D C:\Program Files\Windows Sidebar 2016-06-02 15:17 - 2016-06-02 15:29 - 00000000 ____D C:\Program Files\AVAST Software 2016-06-02 15:11 - 2016-06-02 15:30 - 00000000 ____D C:\ProgramData\AVAST Software 2016-06-02 15:10 - 2016-06-02 15:11 - 05080352 _____ (AVAST Software) C:\Users\Scott\Downloads\avast_free_antivirus_setup_online.exe 2016-06-02 14:53 - 2016-06-02 14:53 - 00000391 _____ C:\Users\Scott\Downloads\Microsoft.Powershell.Host_56d66100-99a0-4ffc-a12d-eee9a6718aef_HelpInfo.xml 2016-06-02 14:35 - 2016-06-02 14:46 - 01756144 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\WindowsEmbeddedCompact2013.exe 2016-06-02 14:35 - 2016-06-02 14:35 - 01851544 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\WindowsEmbeddedCompact2013_Update22.exe 2016-06-02 14:35 - 2016-06-02 14:35 - 00112496 _____ C:\Users\Scott\Downloads\Windows Embedded Compact 2013_Update30.htm 2016-06-02 14:32 - 2016-06-02 14:32 - 00323688 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\WindowsServer2003-KB828028-x86-ENU.exe 2016-06-02 14:25 - 2016-06-02 14:25 - 00702840 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\Windows-KB943729-x86-ENU.exe 2016-06-02 14:22 - 2016-06-02 14:22 - 00000000 ____D C:\Program Files\LAPS 2016-06-02 14:19 - 2016-06-02 14:19 - 00954368 _____ C:\Users\Scott\Downloads\LAPS.x86.msi 2016-06-02 14:17 - 2016-06-02 14:17 - 00000238 _____ C:\Users\Scott\Documents\Fixit.txt 2016-06-02 14:04 - 2016-06-02 14:04 - 00347816 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\MicrosoftFixit.wu.Run.exe 2016-06-02 12:05 - 2016-06-02 12:05 - 00000000 ____D C:\Users\Scott\AppData\Roaming\ProductData 2016-06-01 21:18 - 2016-06-01 21:18 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2016-06-01 21:16 - 2016-06-01 21:18 - 21381936 _____ (Tweaking.com) C:\Users\MrBreeze\Downloads\tweaking.com_windows_repair_aio_setup.exe 2016-06-01 21:15 - 2016-06-01 21:15 - 00000286 _____ C:\Windows\Tasks\User_Feed_Synchronization-{40FE53E5-E223-4404-89E5-29209F69C377}.job 2016-06-01 19:35 - 2016-06-01 19:35 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} 2016-06-01 05:17 - 2016-06-01 19:50 - 32337920 _____ C:\Windows\system32\config\components.iobit 2016-06-01 05:17 - 2016-06-01 19:50 - 28155904 _____ C:\Windows\system32\config\software.iobit 2016-06-01 05:17 - 2016-06-01 19:50 - 01077248 _____ C:\Windows\system32\config\default.iobit 2016-06-01 05:17 - 2016-06-01 19:50 - 00090112 _____ C:\Windows\system32\config\sam.iobit 2016-06-01 05:17 - 2016-06-01 19:49 - 00028672 _____ C:\Windows\system32\config\security.iobit 2016-06-01 05:12 - 2016-06-01 05:12 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Apple Computer 2016-06-01 05:07 - 2016-06-01 16:51 - 00000000 ____D C:\ProgramData\ProductData 2016-06-01 05:03 - 2016-06-01 05:13 - 00000000 ____D C:\Users\MrBreeze\AppData\LocalLow\IObit 2016-06-01 05:03 - 2016-06-01 05:03 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled 2016-06-01 05:03 - 2016-06-01 05:03 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\ProductData 2016-06-01 05:02 - 2016-06-01 05:02 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} 2016-06-01 05:01 - 2016-06-01 16:49 - 00000000 ____D C:\Program Files\Common Files\IObit 2016-06-01 04:58 - 2016-06-01 20:25 - 00000000 ____D C:\Program Files\IObit 2016-06-01 04:58 - 2016-06-01 16:49 - 00000000 ____D C:\ProgramData\IObit 2016-06-01 04:44 - 2016-06-01 04:52 - 43891792 _____ (IObit ) C:\Users\MrBreeze\Downloads\advanced-systemcare-setup.exe 2016-05-31 14:25 - 2016-05-31 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 2016-05-31 10:47 - 2016-05-31 10:48 - 00231760 _____ C:\Users\MrBreeze\Downloads\CrucialScan.exe 2016-05-29 13:40 - 2016-06-05 15:11 - 00160840 _____ (SurfRight B.V.) C:\Windows\system32\LnkProtect.dll 2016-05-29 12:57 - 2016-05-29 12:57 - 00001933 _____ C:\Users\MrBreeze\Documents\EVIEW.txt 2016-05-29 12:50 - 2016-05-29 12:50 - 00001867 _____ C:\Users\MrBreeze\Documents\HITMAN EVENT VIEW.txt 2016-05-29 12:43 - 2016-05-29 12:44 - 00000534 _____ C:\Users\MrBreeze\Documents\admin event viewer.txt 2016-05-29 12:42 - 2016-05-29 12:42 - 00000615 _____ C:\Users\MrBreeze\Documents\eventviewerhitmanpro.txt 2016-05-26 19:11 - 2016-05-31 17:14 - 00000000 ____D C:\Windows\CryptoGuard 2016-05-26 15:51 - 2016-05-26 15:53 - 10451640 _____ (SurfRight B.V.) C:\Users\MrBreeze\Downloads\HitmanPro.exe 2016-05-25 19:51 - 2016-05-25 19:51 - 04614144 _____ C:\Users\Scott\Downloads\msxml6_SDK.msi 2016-05-25 19:51 - 2016-05-25 19:51 - 01528320 _____ C:\Users\Scott\Downloads\msxml6.msi 2016-05-25 18:56 - 2016-05-25 18:57 - 04614144 _____ C:\Users\MrBreeze\Downloads\msxml6_SDK.msi 2016-05-25 18:56 - 2016-05-25 18:57 - 03753472 _____ C:\Users\MrBreeze\Downloads\msxml6_ia64.msi 2016-05-25 18:56 - 2016-05-25 18:57 - 02721280 _____ C:\Users\MrBreeze\Downloads\msxml6_x64.msi 2016-05-25 18:56 - 2016-05-25 18:56 - 01528320 _____ C:\Users\MrBreeze\Downloads\msxml6.msi 2016-05-25 15:48 - 2016-05-25 15:48 - 00000000 ____D C:\Users\Default\AppData\Roaming\Sun 2016-05-25 15:48 - 2016-05-25 15:48 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Sun 2016-05-25 15:46 - 2016-05-25 15:46 - 00000000 ____D C:\ProgramData\Oracle 2016-05-25 14:51 - 2016-05-25 14:51 - 00000000 ____D C:\Users\MrBreeze\AppData\Local\Secunia PSI 2016-05-25 14:50 - 2016-05-25 14:50 - 00000000 ____D C:\Program Files\Secunia 2016-05-25 14:49 - 2016-05-25 14:50 - 05490752 _____ (Secunia) C:\Users\MrBreeze\Downloads\PSISetup.exe 2016-05-25 14:16 - 2016-05-25 14:19 - 00930472 _____ C:\TDSSKiller.3.1.0.9_25.05.2016_14.16.19_log.txt 2016-05-25 14:10 - 2016-05-25 14:12 - 00170114 _____ C:\TDSSKiller.3.1.0.9_25.05.2016_14.10.29_log.txt 2016-05-25 14:07 - 2016-05-25 14:08 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\MrBreeze\Downloads\tdsskiller.exe 2016-05-24 11:57 - 2016-05-24 11:57 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Bluefive software 2016-05-23 13:29 - 2016-05-23 13:29 - 00000844 _____ C:\Users\MrBreeze\Desktop\SnapShot.lnk 2016-05-23 13:29 - 2016-05-23 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SnapShot 2016-05-23 13:29 - 2016-05-23 13:29 - 00000000 ____D C:\Program Files\SnapShot 2016-05-23 13:29 - 2008-07-01 10:04 - 01064960 _____ (Chilkat Software, Inc.) C:\Windows\system32\ChilkatFtp2.dll 2016-05-23 13:29 - 2007-12-14 17:34 - 01388032 _____ (Chestysoft) C:\Windows\system32\csXImage.ocx 2016-05-23 13:29 - 2007-06-05 10:00 - 00311296 _____ (AdminSystem Software Limited) C:\Windows\system32\aosmtp.dll 2016-05-23 13:29 - 2004-03-08 23:00 - 00224016 _____ (Microsoft Corporation) C:\Windows\system32\tabctl32.ocx 2016-05-23 13:29 - 2002-02-10 20:28 - 00070144 _____ (Merrion Computing Ltd) C:\Windows\system32\MCLHotkey.ocx 2016-05-23 13:29 - 2001-08-23 13:00 - 01355776 _____ (Microsoft Corporation) C:\Windows\system32\msvbvm50.dll 2016-05-23 13:29 - 2000-07-09 18:15 - 00106496 _____ (Marco Bellinaso) C:\Windows\system32\mbprgbar.ocx 2016-05-23 13:29 - 2000-05-01 23:02 - 00110592 _____ (Common Controls Replacement Project (CCRP)) C:\Windows\system32\ccrpbds6.dll 2016-05-23 13:29 - 1998-06-24 00:00 - 00140096 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.ocx 2016-05-23 12:51 - 2016-05-23 12:51 - 00035114 _____ C:\Users\MrBreeze\Downloads\Extras.Txt 2016-05-23 12:49 - 2016-05-23 13:20 - 00119882 _____ C:\Users\MrBreeze\Downloads\OTL.Txt 2016-05-23 12:27 - 2016-05-23 12:27 - 00602112 _____ (OldTimer Tools) C:\Users\MrBreeze\Downloads\OTL.scr 2016-05-23 12:14 - 2016-05-23 12:14 - 00347816 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\MicrosoftFixit.wu.Run.exe 2016-05-23 10:31 - 2016-05-23 10:39 - 154546261 _____ C:\Users\MrBreeze\Downloads\Windows6.0-KB947821-v35-x86 (2).msu 2016-05-23 10:17 - 2016-05-23 10:17 - 00000000 ____D C:\Users\MrBreeze\Downloads\lspfix 2016-05-23 10:15 - 2016-05-23 10:16 - 00183158 _____ C:\Users\MrBreeze\Downloads\lspfix.zip 2016-05-23 10:05 - 2016-05-23 10:05 - 00000902 _____ C:\Users\Scott\Documents\Rolling Stone.txt 2016-05-22 12:43 - 2016-05-22 12:50 - 00000000 _____ C:\Windows\system32\procdump 2016-05-22 12:39 - 2016-05-22 12:39 - 00000000 ____D C:\Users\MrBreeze\Downloads\Procdump 2016-05-22 12:34 - 2016-05-22 12:34 - 00411028 _____ C:\Users\MrBreeze\Downloads\Procdump.zip 2016-05-21 14:36 - 2016-05-21 14:54 - 649877504 _____ C:\Users\Scott\Downloads\GRMWDK_EN_7600_1.ISO 2016-05-21 12:07 - 2016-05-21 12:07 - 00000000 _RSHD C:\comment.htt 2016-05-20 12:28 - 2016-05-20 12:28 - 00000000 ____D C:\Users\MrBreeze\Downloads\Autoruns 2016-05-20 11:35 - 2016-05-20 11:35 - 00001952 _____ C:\Users\Scott\Desktop\Tweaking.com - Windows Repair.lnk 2016-05-20 09:59 - 2016-05-20 09:59 - 00615478 _____ C:\Users\MrBreeze\Downloads\Autoruns.zip 2016-05-20 09:55 - 2016-05-20 09:56 - 21382440 _____ (Tweaking.com) C:\Users\MrBreeze\Downloads\tweaking.com_windows_repair_aio_setup (1).exe 2016-05-19 17:44 - 2016-05-19 17:44 - 00209432 _____ C:\Windows\RegBootClean.exe 2016-05-19 17:37 - 2016-05-19 17:44 - 00000000 ____D C:\ProgramData\AntiRansomware 2016-05-18 20:38 - 2016-05-18 20:38 - 00000000 ____D C:\e735d206fef05299b92e9a0a60a4a2df 2016-05-18 11:49 - 2016-05-18 11:49 - 00000000 ____D C:\ProgramData\Windows Genuine Advantage 2016-05-18 11:47 - 2016-05-18 11:48 - 00002628 _____ C:\Users\MrBreeze\Downloads\legitcheck.hta 2016-05-18 11:07 - 2016-05-18 11:07 - 00024576 _____ C:\Users\MrBreeze\Documents\EasyBCD Backup (2016-05-18).bcd 2016-05-18 11:07 - 2016-05-18 11:07 - 00000000 ____D C:\Users\MrBreeze\AppData\Local\NeoSmart_Technologies 2016-05-18 11:06 - 2016-05-18 20:38 - 00000000 ____D C:\Program Files\NeoSmart Technologies 2016-05-18 11:04 - 2016-05-18 11:04 - 01923704 _____ C:\Users\MrBreeze\Downloads\EasyBCD 2.3.exe 2016-05-18 10:56 - 2016-05-18 11:00 - 00021948 _____ C:\Windows\system32\sfcdetails.txt 2016-05-18 07:25 - 2016-05-23 13:58 - 00000562 _____ C:\Users\MrBreeze\Desktop\StartUp Failure.txt 2016-05-17 13:46 - 2016-05-18 12:40 - 00000000 ____D C:\ProgramData\BootRacer 2016-05-17 13:43 - 2016-05-18 12:39 - 00040960 _____ C:\Users\Public\Documents\bootracer.his 2016-05-17 13:40 - 2016-05-25 15:25 - 00000728 _____ C:\Users\Public\Documents\bootracer.ini 2016-05-17 13:00 - 2016-05-17 13:00 - 00000010 _____ C:\Users\Scott\Desktop\test.txt 2016-05-17 12:56 - 2016-05-17 12:56 - 00449569 _____ C:\Users\Scott\Desktop\regrunlog.txt 2016-05-17 12:18 - 2016-05-17 12:18 - 00000000 ____D C:\@RestoreQuarantine 2016-05-17 12:13 - 2016-06-07 14:05 - 00000000 ____D C:\Users\MrBreeze\Documents\RegRun2 2016-05-17 11:58 - 2016-06-12 14:00 - 00000370 _____ C:\Windows\system32\PARTIZAN.TXT 2016-05-17 11:39 - 2016-05-17 11:40 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Scott\Downloads\SpyHunter-Installer (1).exe 2016-05-17 11:37 - 2016-05-17 11:39 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Scott\Downloads\SpyHunter-Installer.exe 2016-05-17 11:18 - 2016-06-11 13:49 - 00000000 ____D C:\ProgramData\RegRun 2016-05-17 10:29 - 2016-06-11 13:49 - 00000000 ____D C:\Users\Public\Documents\regruninfo 2016-05-17 10:29 - 2016-06-07 13:58 - 00000002 RSHOT C:\Windows\winstart.bat 2016-05-17 10:29 - 2016-05-21 12:10 - 00000000 ____D C:\Users\Scott\Documents\RegRun2 2016-05-17 10:29 - 2016-04-05 15:17 - 00012808 _____ (Greatis Software, LLC.) C:\Windows\system32\Drivers\UnHackMeDrv.sys 2016-05-17 10:25 - 2016-05-17 10:25 - 00000000 ____D C:\Users\Scott\Downloads\unhackme 2016-05-17 10:23 - 2016-05-17 10:24 - 17475297 _____ C:\Users\Scott\Downloads\unhackme.zip 2016-05-17 10:23 - 2016-05-17 10:23 - 00000400 _____ C:\Users\Scott\Documents\100 cpu.txt 2016-05-16 11:19 - 2016-05-16 11:19 - 00000000 ____D C:\Users\MrBreeze\Downloads\!Safe_WinVista_Home_Basic_SP2_32_Start_v200 2016-05-16 11:09 - 2016-05-16 11:09 - 00146308 _____ C:\Users\MrBreeze\Downloads\WS08_Vista_SP2_RTM_KBList.xlsx 2016-05-16 10:54 - 2016-05-16 10:55 - 18005296 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\IE9-WindowsVista-x86-enu.exe 2016-05-16 10:49 - 2016-05-16 10:49 - 00347816 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\MicrosoftFixit.Performance.RNP.Run.exe 2016-05-16 09:03 - 2016-05-16 09:03 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Macromedia 2016-05-16 08:51 - 2016-05-16 08:51 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Adobe 2016-05-15 22:15 - 2016-05-15 22:15 - 00000000 ____D C:\MATS 2016-05-15 22:13 - 2016-05-15 22:13 - 00347816 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe 2016-05-15 20:28 - 2016-05-15 20:28 - 00000033 _____ C:\Users\MrBreeze\Documents\Knee.txt 2016-05-14 21:40 - 2016-05-14 21:40 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MRBREEZE-PC-Windows-Vista--Home-Basic-(32-bit).dat 2016-05-14 21:40 - 2016-05-14 21:40 - 00000000 ____D C:\RegBackup 2016-05-14 19:29 - 2016-06-01 21:18 - 00001952 _____ C:\Users\MrBreeze\Desktop\Tweaking.com - Windows Repair.lnk 2016-05-14 19:29 - 2016-06-01 21:18 - 00000550 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job 2016-05-14 19:29 - 2016-05-14 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2016-05-14 19:29 - 2016-05-14 19:29 - 00000000 ____D C:\Program Files\Tweaking.com 2016-05-14 16:47 - 2016-05-14 16:47 - 00984576 _____ C:\Users\MrBreeze\Downloads\MicrosoftFixit50906.msi 2016-05-14 14:14 - 2016-05-14 14:14 - 01768236 _____ C:\Users\MrBreeze\Downloads\Windows6.0-KB942288-v2-x86 (1).msu 2016-05-14 14:14 - 2016-05-14 14:14 - 00000000 ____D C:\014e2b9b0cb56244da54 2016-05-14 10:20 - 2016-05-14 10:20 - 00000040 _____ C:\Users\MrBreeze\Documents\net.txt ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-13 15:23 - 2016-04-29 19:44 - 00000000 ____D C:\Program Files\Google 2016-06-13 15:21 - 2016-05-04 22:26 - 00000000 ____D C:\Users\Scott\AppData\Local\Google 2016-06-13 15:16 - 2016-04-29 19:45 - 00000000 ____D C:\Users\MrBreeze\AppData\Local\Google 2016-06-13 15:06 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\inf 2016-06-13 15:06 - 2006-11-02 05:33 - 00796728 _____ C:\Windows\system32\PerfStringBackup.INI 2016-06-13 15:04 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\inetsrv 2016-06-13 15:02 - 2006-11-02 07:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-06-13 15:02 - 2006-11-02 07:45 - 00004800 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2016-06-13 15:02 - 2006-11-02 07:45 - 00004800 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2016-06-13 15:01 - 2006-11-02 07:58 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-06-13 14:55 - 2016-04-17 11:07 - 00001356 _____ C:\Users\MrBreeze\AppData\Local\d3d9caps.dat 2016-06-12 13:24 - 2016-04-21 13:49 - 00346512 _____ C:\Users\MrBreeze\AppData\Local\census.cache 2016-06-12 13:24 - 2016-04-21 13:49 - 00297382 _____ C:\Users\MrBreeze\AppData\Local\ars.cache 2016-06-12 13:21 - 2016-04-19 01:48 - 00000010 _____ C:\Users\MrBreeze\AppData\Local\sponge.last.runtime.cache 2016-06-11 14:32 - 2016-04-05 17:44 - 00000000 ____D C:\Users\MrBreeze 2016-06-11 14:24 - 2016-04-05 12:59 - 00121232 _____ C:\Windows\system32\IScrNBR.bmp 2016-06-11 14:24 - 2016-04-05 12:59 - 00121232 _____ C:\Windows\system32\IScrNB.bmp 2016-06-11 14:23 - 2016-04-05 12:59 - 00319456 _____ (Microsoft Corporation) C:\Windows\system32\difxapi.dll 2016-06-11 14:21 - 2016-04-05 12:58 - 00142848 _____ (SigmaTel, Inc.) C:\Windows\system32\staco.dll 2016-06-11 14:21 - 2007-03-29 11:17 - 00562688 _____ (SigmaTel, Inc.) C:\Windows\system32\stapo.dll 2016-06-11 14:21 - 2007-03-29 11:17 - 00323584 _____ (SigmaTel, Inc.) C:\Windows\system32\Drivers\stwrt.sys 2016-06-11 14:21 - 2007-03-29 11:17 - 00316928 _____ (SigmaTel, Inc.) C:\Windows\system32\stcplx.dll 2016-06-11 14:21 - 2007-03-29 11:17 - 00243712 _____ (SigmaTel, Inc.) C:\Windows\system32\stapi32.dll 2016-06-07 20:34 - 2016-05-10 21:58 - 00000000 ____D C:\AdwCleaner 2016-06-07 16:39 - 2016-04-08 22:01 - 00000000 ___SD C:\Users\MrBreeze\AppData\LocalLow\Temp 2016-06-07 13:58 - 2006-11-02 05:23 - 00002577 _____ C:\Windows\system32\config.nt 2016-06-07 13:58 - 2006-11-02 05:23 - 00001688 _____ C:\Windows\system32\autoexec.nt 2016-06-05 11:45 - 2016-04-21 18:49 - 00000000 ____D C:\Users\MrBreeze\Downloads\backups 2016-06-04 19:31 - 2006-11-02 05:24 - 136686448 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2016-06-03 15:52 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\registration 2016-06-02 21:16 - 2016-04-05 13:07 - 00000000 ____D C:\Program Files\Java 2016-06-02 16:31 - 2016-05-04 21:39 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-06-02 15:17 - 2016-04-13 01:50 - 00001945 _____ C:\Windows\epplauncher.mif 2016-06-02 12:04 - 2016-05-06 17:45 - 00069840 _____ C:\Users\Scott\AppData\Local\GDIPFONTCACHEV1.DAT 2016-06-02 11:54 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_249 2016-06-01 21:41 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_687 2016-06-01 14:34 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_555 2016-06-01 05:33 - 2016-04-29 22:30 - 00000000 ____D C:\Windows\Panther 2016-05-27 12:15 - 2016-04-10 13:32 - 00000000 ____D C:\Windows\Minidump 2016-05-25 19:28 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_428 2016-05-25 13:19 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_219 2016-05-23 11:53 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_626 2016-05-22 22:08 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_183 2016-05-20 12:04 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_408 2016-05-20 09:33 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_570 2016-05-18 11:49 - 2006-11-02 06:18 - 00000000 ___SD C:\Windows\Downloaded Program Files 2016-05-16 11:16 - 2016-04-29 22:51 - 00000000 ____D C:\Users\MrBreeze\AppData\Local\ElevatedDiagnostics 2016-05-16 10:56 - 2016-05-04 22:26 - 00000949 _____ C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-05-16 10:14 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_366 2016-05-15 23:19 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_286 2016-05-15 21:50 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_527 2016-05-15 16:25 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_19 2016-05-14 22:19 - 2016-04-19 18:39 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2016-05-14 22:19 - 2016-04-19 18:39 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2016-05-14 22:10 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_584 2016-05-14 18:09 - 2016-05-10 12:33 - 00000000 ____D C:\363c9100431405d757f164504b44b3 2016-05-14 18:07 - 2016-04-29 21:50 - 00000000 ____D C:\2de5ecb5eb1f30c5571f293ed367 2016-05-14 14:08 - 2006-11-02 05:22 - 32768000 _____ C:\Windows\system32\config\components.bak 2016-05-14 14:08 - 2006-11-02 05:22 - 30146560 _____ C:\Windows\system32\config\software.bak 2016-05-14 14:08 - 2006-11-02 05:22 - 23068672 _____ C:\Windows\system32\config\system.bak 2016-05-14 14:08 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\security.bak 2016-05-14 14:08 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\sam.bak 2016-05-14 14:08 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\default.bak ==================== Files in the root of some directories ======= 2016-04-21 13:49 - 2016-06-12 13:24 - 0297382 _____ () C:\Users\MrBreeze\AppData\Local\ars.cache 2016-04-21 13:49 - 2016-06-12 13:24 - 0346512 _____ () C:\Users\MrBreeze\AppData\Local\census.cache 2016-04-17 11:07 - 2016-06-13 14:55 - 0001356 _____ () C:\Users\MrBreeze\AppData\Local\d3d9caps.dat 2016-04-05 18:11 - 2016-04-26 13:28 - 0005120 _____ () C:\Users\MrBreeze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-04-19 01:19 - 2016-04-19 01:19 - 0000036 _____ () C:\Users\MrBreeze\AppData\Local\housecall.guid.cache 2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\MrBreeze\AppData\Local\setup.txt 2016-04-19 01:48 - 2016-06-12 13:21 - 0000010 _____ () C:\Users\MrBreeze\AppData\Local\sponge.last.runtime.cache ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-06-13 15:09 ==================== End of FRST.txt ============================ Quote
SPSpellman Posted June 13, 2016 Posted June 13, 2016 Standard User Account: Scott Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-06-2016 Ran by MrBreeze (administrator) on MRBREEZE-PC (13-06-2016 15:35:05) Running from C:\Users\Scott\Downloads Loaded Profiles: MrBreeze & Scott (Available Profiles: MrBreeze & Scott) Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) Language: English (United States) Internet Explorer Version 9 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) C:\WINDOWS\System32\CISVC.EXE (Microsoft Corporation) C:\WINDOWS\System32\inetsrv\inetinfo.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe (SigmaTel, Inc.) C:\WINDOWS\System32\stacsv.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Microsoft Corporation) C:\WINDOWS\System32\mqtgsvc.exe (Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\WINDOWS\System32\msiexec.exe (Microsoft Corporation) C:\WINDOWS\System32\UI0Detect.exe (Google Inc.) C:\Program Files\Google\Update\1.3.30.3\GoogleCrashHandler.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7405752 2016-06-10] (AVAST Software) HKLM\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKLM\...\Policies\Explorer: [NoDriveAutoRun-] 0 HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun-] 0 HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\Policies\Explorer: [NoDriveAutoRun-] 0 HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\Policies\Explorer: [NoDriveTypeAutoRun-] 0 HKU\S-1-5-21-67880207-1905697065-243471585-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6690008 2016-05-13] (Piriform Ltd) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-06-02] (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 209.55.27.13 Tcpip\..\Interfaces\{B5304D28-2BFF-47C8-89B2-44ED34F77672}: [DhcpNameServer] 8.8.8.8 8.8.4.4 209.55.27.13 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-67880207-1905697065-243471585-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-67880207-1905697065-243471585-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3604 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-67880207-1905697065-243471585-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/ HKU\S-1-5-21-67880207-1905697065-243471585-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-67880207-1905697065-243471585-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-67880207-1905697065-243471585-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/ SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {47B50246-2234-4B64-AAB2-296D71F49BDE} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage} SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1000 -> {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1000 -> {47B50246-2234-4B64-AAB2-296D71F49BDE} URL = SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1000 -> {6A8CE798-58AC-47A5-A718-6335B9D1F4D8} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage} SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1005 -> DefaultScope {E19A97FE-292B-4418-A384-BCCF107983E6} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage} SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1005 -> {47B50246-2234-4B64-AAB2-296D71F49BDE} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage} SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1005 -> {E19A97FE-292B-4418-A384-BCCF107983E6} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage} BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-02] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-02] (AVAST Software) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-02] (Oracle Corporation) DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\Profiles\8t3xh1at.default-1461110741824 FF DefaultSearchEngine.US: Google FF DefaultSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-14] () FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-02] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-02] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-13] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-13] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF user.js: detected! => C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\Profiles\8t3xh1at.default-1461110741824\user.js [2016-06-07] FF Extension: YouTube™ Enhancer Plus - C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\Profiles\8t3xh1at.default-1461110741824\extensions\firefoxaddon@youtubeenhancer.com.xpi [2016-05-01] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-02] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-06-02] Chrome: ======= CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-06-02] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-06-02] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-02] (AVAST Software) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [113632 2016-06-05] (SurfRight B.V.) R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2008-01-19] (Microsoft Corporation) S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-04-21] (IObit) R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [125952 2009-04-11] (Microsoft Corporation) R2 RUBotSrv; C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.) R2 STacSV; C:\Windows\system32\STacSV.exe [90112 2016-06-11] (SigmaTel, Inc.) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-06-02] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-06-02] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-06-02] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-06-02] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-06-02] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-06-02] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-06-02] (AVAST Software) R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [187208 2016-06-02] (AVAST Software) S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [67216 2016-06-02] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221368 2016-06-02] (AVAST Software) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2016-06-05] () S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.) R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [323584 2016-06-11] (SigmaTel, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) U3 DFSR; no ImagePath S3 ialm; system32\DRIVERS\igdkmd32.sys [X] S3 igfx; system32\DRIVERS\igdkmd32.sys [X] U0 Partizan; system32\drivers\Partizan.sys [X] U4 UmRdpService; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-13 15:35 - 2016-06-13 15:35 - 00013014 _____ C:\Users\Scott\Downloads\FRST.txt 2016-06-13 15:34 - 2016-06-13 15:35 - 00000000 ____D C:\FRST 2016-06-13 15:32 - 2016-06-13 15:32 - 01736192 _____ (Farbar) C:\Users\Scott\Downloads\FRST.exe 2016-06-13 15:32 - 2016-06-13 15:32 - 00000817 _____ C:\Users\Scott\Desktop\FRST - Shortcut.lnk 2016-06-13 15:23 - 2016-06-13 15:23 - 00001983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-06-13 15:23 - 2016-06-13 15:23 - 00001971 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-06-13 15:21 - 2016-06-13 15:32 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-06-13 15:21 - 2016-06-13 15:32 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-06-13 15:20 - 2016-06-13 15:20 - 00987728 _____ (Google Inc.) C:\Users\Scott\Downloads\ChromeSetup.exe 2016-06-13 14:40 - 2016-06-13 14:40 - 00000514 _____ C:\Users\MrBreeze\Documents\hoses.txt 2016-06-12 16:13 - 2016-06-12 16:14 - 00000000 ____D C:\Users\MrBreeze\Desktop\UpDATERS 2016-06-12 13:36 - 2016-06-12 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted 2016-06-12 13:36 - 2016-06-12 13:36 - 00000000 ____D C:\Program Files\Trend Micro 2016-06-12 13:26 - 2016-06-12 13:32 - 00000000 ____D C:\Users\Scott\Downloads\TMRBLog 2016-06-12 13:26 - 2016-06-12 13:26 - 00000000 ____D C:\Users\Scott\Downloads\log 2016-06-12 13:03 - 2016-06-12 13:03 - 00000000 ____D C:\Users\Scott\Downloads\lspfix 2016-06-12 13:02 - 2016-06-12 13:02 - 00183158 _____ C:\Users\Scott\Downloads\lspfix.zip 2016-06-12 12:58 - 2016-06-12 12:58 - 10078720 _____ (Trend Micro Inc.) C:\Users\Scott\Downloads\RootkitBusterV5.0-1198.exe 2016-06-12 12:57 - 2016-06-12 12:57 - 06229392 _____ (Trend Micro, Inc. ) C:\Users\Scott\Downloads\RUBottedSetup.exe 2016-06-12 12:56 - 2016-06-12 12:56 - 10467568 _____ (Akamai Technologies, Inc.) C:\Users\Scott\Downloads\installer.exe 2016-06-12 12:55 - 2016-06-12 12:55 - 02104376 _____ (Trend Micro Inc.) C:\Users\Scott\Downloads\HousecallLauncher.exe 2016-06-12 12:54 - 2016-06-12 12:54 - 00388608 _____ (Trend Micro Inc.) C:\Users\Scott\Downloads\HijackThis.exe 2016-06-12 12:25 - 2016-06-12 12:25 - 00000000 ___SD C:\Users\Scott\AppData\LocalLow\Temp 2016-06-12 12:24 - 2016-06-13 15:19 - 00000680 _____ C:\Users\Scott\AppData\Local\d3d9caps.dat 2016-06-11 14:25 - 2016-06-11 14:21 - 04939776 _____ (SigmaTel, Inc.) C:\Windows\system32\stacgui.cpl 2016-06-11 14:25 - 2016-06-11 14:21 - 00303104 _____ (SigmaTel, Inc.) C:\Windows\sttray.exe 2016-06-11 14:25 - 2016-06-11 14:21 - 00090112 _____ (SigmaTel, Inc.) C:\Windows\system32\stacsv.exe 2016-06-10 14:06 - 2016-06-10 14:06 - 00000000 ____D C:\Users\MrBreeze\.oracle_jre_usage 2016-06-09 13:18 - 2016-06-09 13:18 - 00000411 _____ C:\Users\MrBreeze\Documents\DJTrump.txt 2016-06-08 12:26 - 2016-06-08 12:26 - 00080437 _____ C:\Users\MrBreeze\Documents\Windows Updates text1.txt 2016-06-08 12:23 - 2016-06-08 12:23 - 00080437 _____ C:\Users\MrBreeze\Documents\Windows Updates text.txt 2016-06-07 18:55 - 2016-06-07 18:55 - 03677248 _____ C:\Users\MrBreeze\Downloads\adwcleaner_5.119.exe 2016-06-07 16:36 - 2016-06-07 16:39 - 00000000 ____D C:\Program Files\PCFixKit 2016-06-07 16:00 - 2016-06-07 16:00 - 00000000 ____D C:\Users\MrBreeze\AppData\Local\Acelogix 2016-06-07 15:58 - 2016-06-12 16:33 - 00000000 ____D C:\ProgramData\TEMP 2016-06-07 15:58 - 2016-06-07 15:58 - 00001922 _____ C:\Users\MrBreeze\Desktop\Ace Utilities.lnk 2016-06-07 15:58 - 2016-06-07 15:58 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Utilities 2016-06-07 15:58 - 2016-06-07 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace Utilities 2016-06-07 15:58 - 2016-06-07 15:58 - 00000000 ____D C:\Program Files\Ace Utilities 2016-06-07 15:55 - 2016-06-07 15:55 - 00000078 _____ C:\Windows\system32\MRBREEZE-PC.Windows Vista Home Basic, 32-bit Service Pack 2 (build 6002).txt 2016-06-07 15:55 - 2016-06-07 15:55 - 00000000 ____D C:\Windows\RegBak 2016-06-07 15:54 - 2016-06-07 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Backup and Restore 2016-06-07 15:54 - 2016-06-07 15:54 - 00000000 ____D C:\Program Files\Acelogix 2016-06-07 15:17 - 2016-06-07 15:18 - 06431728 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\OSGS14-WindowsUpgradeAssistant-32bitand64bit-ClientSKU-4141411.exe 2016-06-07 15:06 - 2016-06-07 15:06 - 00027095 _____ C:\Users\MrBreeze\Documents\Win 7.htm 2016-06-07 15:06 - 2016-06-07 15:06 - 00000000 ____D C:\Users\MrBreeze\Documents\img 2016-06-07 15:06 - 2016-06-07 14:42 - 00002640 _____ C:\Users\MrBreeze\Documents\WuaReports.css 2016-06-07 13:58 - 2016-06-12 16:16 - 00000000 ____D C:\Program Files\UnHackMe 2016-06-07 13:56 - 2016-06-13 14:04 - 00069840 _____ C:\Users\MrBreeze\AppData\Local\GDIPFONTCACHEV1.DAT 2016-06-07 13:48 - 2016-06-12 12:23 - 00293288 _____ C:\Windows\system32\FNTCACHE.DAT 2016-06-06 13:08 - 2016-06-06 13:16 - 00000680 _____ C:\Windows\system32\.crusader 2016-06-05 15:08 - 2016-06-05 15:10 - 01016592 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_15.08.26_log.txt 2016-06-05 15:05 - 2016-06-05 15:06 - 00172328 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_15.05.09_log.txt 2016-06-05 15:02 - 2016-06-05 15:03 - 00172162 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_15.02.26_log.txt 2016-06-05 13:59 - 2016-06-05 15:11 - 00000000 ____D C:\Program Files\HitmanPro 2016-06-05 13:59 - 2016-06-05 13:59 - 00001732 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2016-06-05 13:59 - 2016-06-05 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2016-06-05 13:58 - 2016-06-06 13:08 - 00000000 ____D C:\ProgramData\HitmanPro 2016-06-05 13:33 - 2016-06-12 16:18 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Enigma Software Group 2016-06-05 13:26 - 2016-06-05 13:26 - 00019984 _____ C:\Windows\system32\Drivers\EsgScanner.sys 2016-06-05 13:25 - 2016-06-05 13:25 - 03482800 _____ (Enigma Software Group USA, LLC.) C:\Users\MrBreeze\Downloads\SpyHunter-Installer (1).exe 2016-06-05 13:19 - 2016-06-11 14:21 - 01601536 _____ (SigmaTel, Inc.) C:\Windows\system32\stlang.dll 2016-06-05 13:19 - 1999-12-31 19:00 - 05398528 _____ (SigmaTel, Inc.) C:\Windows\system32\IDTSG.cpl 2016-06-05 13:07 - 2016-06-05 13:07 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Bluefive software 2016-06-05 12:35 - 2016-06-05 12:36 - 00347816 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\MicrosoftFixit.wu.MATSKB.Run (1).exe 2016-06-04 11:34 - 2016-06-04 11:37 - 48418520 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\Windows-KB890830-V5.36.exe 2016-06-04 11:34 - 2016-06-04 11:37 - 38808920 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\FileFormatConverters (1).exe 2016-06-04 11:28 - 2016-06-04 11:28 - 00146308 _____ C:\Users\MrBreeze\Downloads\WS08_Vista_SP2_RTM_KBList (1).xlsx 2016-06-03 14:13 - 2016-06-03 14:16 - 75137189 _____ C:\Users\MrBreeze\Downloads\Windows6.0-KB947821-v4-x86.msu 2016-06-02 22:16 - 2016-06-02 22:32 - 02340040 _____ C:\Users\MrBreeze\Downloads\msxml6_SDK (1).msi 2016-06-02 22:16 - 2016-06-02 22:32 - 02324272 _____ C:\Users\MrBreeze\Downloads\msxml6_x64 (1).msi 2016-06-02 22:16 - 2016-06-02 22:32 - 02267192 _____ C:\Users\MrBreeze\Downloads\msxml6_ia64 (1).msi 2016-06-02 22:16 - 2016-06-02 22:32 - 01528320 _____ C:\Users\MrBreeze\Downloads\msxml6 (1).msi 2016-06-02 21:29 - 2016-06-02 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-06-02 21:29 - 2016-06-02 21:27 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2016-06-02 15:38 - 2016-06-02 15:38 - 00000896 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk 2016-06-02 15:38 - 2016-06-02 15:38 - 00000896 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2016-06-02 15:30 - 2016-06-02 15:30 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2016-06-02 15:23 - 2016-06-02 15:23 - 00000000 ____D C:\Users\Scott\AppData\Roaming\AVAST Software 2016-06-02 15:22 - 2016-06-02 15:22 - 00001829 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2016-06-02 15:22 - 2016-06-02 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2016-06-02 15:21 - 2016-06-02 15:20 - 00815792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2016-06-02 15:21 - 2016-06-02 15:20 - 00449640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2016-06-02 15:21 - 2016-06-02 15:20 - 00221368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2016-06-02 15:21 - 2016-06-02 15:20 - 00187208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys 2016-06-02 15:21 - 2016-06-02 15:20 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2016-06-02 15:21 - 2016-06-02 15:20 - 00067216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2016-06-02 15:21 - 2016-06-02 15:20 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2016-06-02 15:21 - 2016-06-02 15:20 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2016-06-02 15:21 - 2016-06-02 15:20 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2016-06-02 15:20 - 2016-06-02 15:20 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2016-06-02 15:20 - 2016-06-02 15:20 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr 2016-06-02 15:20 - 2016-06-02 15:20 - 00000000 ____D C:\Program Files\Windows Sidebar 2016-06-02 15:17 - 2016-06-02 15:29 - 00000000 ____D C:\Program Files\AVAST Software 2016-06-02 15:11 - 2016-06-02 15:30 - 00000000 ____D C:\ProgramData\AVAST Software 2016-06-02 15:10 - 2016-06-02 15:11 - 05080352 _____ (AVAST Software) C:\Users\Scott\Downloads\avast_free_antivirus_setup_online.exe 2016-06-02 14:53 - 2016-06-02 14:53 - 00000391 _____ C:\Users\Scott\Downloads\Microsoft.Powershell.Host_56d66100-99a0-4ffc-a12d-eee9a6718aef_HelpInfo.xml 2016-06-02 14:35 - 2016-06-02 14:46 - 01756144 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\WindowsEmbeddedCompact2013.exe 2016-06-02 14:35 - 2016-06-02 14:35 - 01851544 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\WindowsEmbeddedCompact2013_Update22.exe 2016-06-02 14:35 - 2016-06-02 14:35 - 00112496 _____ C:\Users\Scott\Downloads\Windows Embedded Compact 2013_Update30.htm 2016-06-02 14:32 - 2016-06-02 14:32 - 00323688 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\WindowsServer2003-KB828028-x86-ENU.exe 2016-06-02 14:25 - 2016-06-02 14:25 - 00702840 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\Windows-KB943729-x86-ENU.exe 2016-06-02 14:22 - 2016-06-02 14:22 - 00000000 ____D C:\Program Files\LAPS 2016-06-02 14:19 - 2016-06-02 14:19 - 00954368 _____ C:\Users\Scott\Downloads\LAPS.x86.msi 2016-06-02 14:17 - 2016-06-02 14:17 - 00000238 _____ C:\Users\Scott\Documents\Fixit.txt 2016-06-02 14:04 - 2016-06-02 14:04 - 00347816 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\MicrosoftFixit.wu.Run.exe 2016-06-02 12:05 - 2016-06-02 12:05 - 00000000 ____D C:\Users\Scott\AppData\Roaming\ProductData 2016-06-01 21:18 - 2016-06-01 21:18 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2016-06-01 21:16 - 2016-06-01 21:18 - 21381936 _____ (Tweaking.com) C:\Users\MrBreeze\Downloads\tweaking.com_windows_repair_aio_setup.exe 2016-06-01 21:15 - 2016-06-01 21:15 - 00000286 _____ C:\Windows\Tasks\User_Feed_Synchronization-{40FE53E5-E223-4404-89E5-29209F69C377}.job 2016-06-01 19:35 - 2016-06-01 19:35 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} 2016-06-01 05:17 - 2016-06-01 19:50 - 32337920 _____ C:\Windows\system32\config\components.iobit 2016-06-01 05:17 - 2016-06-01 19:50 - 28155904 _____ C:\Windows\system32\config\software.iobit 2016-06-01 05:17 - 2016-06-01 19:50 - 01077248 _____ C:\Windows\system32\config\default.iobit 2016-06-01 05:17 - 2016-06-01 19:50 - 00090112 _____ C:\Windows\system32\config\sam.iobit 2016-06-01 05:17 - 2016-06-01 19:49 - 00028672 _____ C:\Windows\system32\config\security.iobit 2016-06-01 05:12 - 2016-06-01 05:12 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Apple Computer 2016-06-01 05:07 - 2016-06-01 16:51 - 00000000 ____D C:\ProgramData\ProductData 2016-06-01 05:03 - 2016-06-01 05:13 - 00000000 ____D C:\Users\MrBreeze\AppData\LocalLow\IObit 2016-06-01 05:03 - 2016-06-01 05:03 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled 2016-06-01 05:03 - 2016-06-01 05:03 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\ProductData 2016-06-01 05:02 - 2016-06-01 05:02 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} 2016-06-01 05:01 - 2016-06-01 16:49 - 00000000 ____D C:\Program Files\Common Files\IObit 2016-06-01 04:58 - 2016-06-01 20:25 - 00000000 ____D C:\Program Files\IObit 2016-06-01 04:58 - 2016-06-01 16:49 - 00000000 ____D C:\ProgramData\IObit 2016-06-01 04:44 - 2016-06-01 04:52 - 43891792 _____ (IObit ) C:\Users\MrBreeze\Downloads\advanced-systemcare-setup.exe 2016-05-31 14:25 - 2016-05-31 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 2016-05-31 10:47 - 2016-05-31 10:48 - 00231760 _____ C:\Users\MrBreeze\Downloads\CrucialScan.exe 2016-05-29 13:40 - 2016-06-05 15:11 - 00160840 _____ (SurfRight B.V.) C:\Windows\system32\LnkProtect.dll 2016-05-29 12:57 - 2016-05-29 12:57 - 00001933 _____ C:\Users\MrBreeze\Documents\EVIEW.txt 2016-05-29 12:50 - 2016-05-29 12:50 - 00001867 _____ C:\Users\MrBreeze\Documents\HITMAN EVENT VIEW.txt 2016-05-29 12:43 - 2016-05-29 12:44 - 00000534 _____ C:\Users\MrBreeze\Documents\admin event viewer.txt 2016-05-29 12:42 - 2016-05-29 12:42 - 00000615 _____ C:\Users\MrBreeze\Documents\eventviewerhitmanpro.txt 2016-05-26 19:11 - 2016-05-31 17:14 - 00000000 ____D C:\Windows\CryptoGuard 2016-05-26 15:51 - 2016-05-26 15:53 - 10451640 _____ (SurfRight B.V.) C:\Users\MrBreeze\Downloads\HitmanPro.exe 2016-05-25 19:51 - 2016-05-25 19:51 - 04614144 _____ C:\Users\Scott\Downloads\msxml6_SDK.msi 2016-05-25 19:51 - 2016-05-25 19:51 - 01528320 _____ C:\Users\Scott\Downloads\msxml6.msi 2016-05-25 18:56 - 2016-05-25 18:57 - 04614144 _____ C:\Users\MrBreeze\Downloads\msxml6_SDK.msi 2016-05-25 18:56 - 2016-05-25 18:57 - 03753472 _____ C:\Users\MrBreeze\Downloads\msxml6_ia64.msi 2016-05-25 18:56 - 2016-05-25 18:57 - 02721280 _____ C:\Users\MrBreeze\Downloads\msxml6_x64.msi 2016-05-25 18:56 - 2016-05-25 18:56 - 01528320 _____ C:\Users\MrBreeze\Downloads\msxml6.msi 2016-05-25 15:48 - 2016-05-25 15:48 - 00000000 ____D C:\Users\Default\AppData\Roaming\Sun 2016-05-25 15:48 - 2016-05-25 15:48 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Sun 2016-05-25 15:46 - 2016-05-25 15:46 - 00000000 ____D C:\ProgramData\Oracle 2016-05-25 14:51 - 2016-05-25 14:51 - 00000000 ____D C:\Users\MrBreeze\AppData\Local\Secunia PSI 2016-05-25 14:50 - 2016-05-25 14:50 - 00000000 ____D C:\Program Files\Secunia 2016-05-25 14:49 - 2016-05-25 14:50 - 05490752 _____ (Secunia) C:\Users\MrBreeze\Downloads\PSISetup.exe 2016-05-25 14:16 - 2016-05-25 14:19 - 00930472 _____ C:\TDSSKiller.3.1.0.9_25.05.2016_14.16.19_log.txt 2016-05-25 14:10 - 2016-05-25 14:12 - 00170114 _____ C:\TDSSKiller.3.1.0.9_25.05.2016_14.10.29_log.txt 2016-05-25 14:07 - 2016-05-25 14:08 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\MrBreeze\Downloads\tdsskiller.exe 2016-05-24 11:57 - 2016-05-24 11:57 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Bluefive software 2016-05-23 13:29 - 2016-05-23 13:29 - 00000844 _____ C:\Users\MrBreeze\Desktop\SnapShot.lnk 2016-05-23 13:29 - 2016-05-23 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SnapShot 2016-05-23 13:29 - 2016-05-23 13:29 - 00000000 ____D C:\Program Files\SnapShot 2016-05-23 13:29 - 2008-07-01 10:04 - 01064960 _____ (Chilkat Software, Inc.) C:\Windows\system32\ChilkatFtp2.dll 2016-05-23 13:29 - 2007-12-14 17:34 - 01388032 _____ (Chestysoft) C:\Windows\system32\csXImage.ocx 2016-05-23 13:29 - 2007-06-05 10:00 - 00311296 _____ (AdminSystem Software Limited) C:\Windows\system32\aosmtp.dll 2016-05-23 13:29 - 2004-03-08 23:00 - 00224016 _____ (Microsoft Corporation) C:\Windows\system32\tabctl32.ocx 2016-05-23 13:29 - 2002-02-10 20:28 - 00070144 _____ (Merrion Computing Ltd) C:\Windows\system32\MCLHotkey.ocx 2016-05-23 13:29 - 2001-08-23 13:00 - 01355776 _____ (Microsoft Corporation) C:\Windows\system32\msvbvm50.dll 2016-05-23 13:29 - 2000-07-09 18:15 - 00106496 _____ (Marco Bellinaso) C:\Windows\system32\mbprgbar.ocx 2016-05-23 13:29 - 2000-05-01 23:02 - 00110592 _____ (Common Controls Replacement Project (CCRP)) C:\Windows\system32\ccrpbds6.dll 2016-05-23 13:29 - 1998-06-24 00:00 - 00140096 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.ocx 2016-05-23 12:51 - 2016-05-23 12:51 - 00035114 _____ C:\Users\MrBreeze\Downloads\Extras.Txt 2016-05-23 12:49 - 2016-05-23 13:20 - 00119882 _____ C:\Users\MrBreeze\Downloads\OTL.Txt 2016-05-23 12:27 - 2016-05-23 12:27 - 00602112 _____ (OldTimer Tools) C:\Users\MrBreeze\Downloads\OTL.scr 2016-05-23 12:14 - 2016-05-23 12:14 - 00347816 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\MicrosoftFixit.wu.Run.exe 2016-05-23 10:31 - 2016-05-23 10:39 - 154546261 _____ C:\Users\MrBreeze\Downloads\Windows6.0-KB947821-v35-x86 (2).msu 2016-05-23 10:17 - 2016-05-23 10:17 - 00000000 ____D C:\Users\MrBreeze\Downloads\lspfix 2016-05-23 10:15 - 2016-05-23 10:16 - 00183158 _____ C:\Users\MrBreeze\Downloads\lspfix.zip 2016-05-23 10:05 - 2016-05-23 10:05 - 00000902 _____ C:\Users\Scott\Documents\Rolling Stone.txt 2016-05-22 12:43 - 2016-05-22 12:50 - 00000000 _____ C:\Windows\system32\procdump 2016-05-22 12:39 - 2016-05-22 12:39 - 00000000 ____D C:\Users\MrBreeze\Downloads\Procdump 2016-05-22 12:34 - 2016-05-22 12:34 - 00411028 _____ C:\Users\MrBreeze\Downloads\Procdump.zip 2016-05-21 14:36 - 2016-05-21 14:54 - 649877504 _____ C:\Users\Scott\Downloads\GRMWDK_EN_7600_1.ISO 2016-05-21 12:07 - 2016-05-21 12:07 - 00000000 _RSHD C:\comment.htt 2016-05-20 12:28 - 2016-05-20 12:28 - 00000000 ____D C:\Users\MrBreeze\Downloads\Autoruns 2016-05-20 11:35 - 2016-05-20 11:35 - 00001952 _____ C:\Users\Scott\Desktop\Tweaking.com - Windows Repair.lnk 2016-05-20 09:59 - 2016-05-20 09:59 - 00615478 _____ C:\Users\MrBreeze\Downloads\Autoruns.zip 2016-05-20 09:55 - 2016-05-20 09:56 - 21382440 _____ (Tweaking.com) C:\Users\MrBreeze\Downloads\tweaking.com_windows_repair_aio_setup (1).exe 2016-05-19 17:44 - 2016-05-19 17:44 - 00209432 _____ C:\Windows\RegBootClean.exe 2016-05-19 17:37 - 2016-05-19 17:44 - 00000000 ____D C:\ProgramData\AntiRansomware 2016-05-18 20:38 - 2016-05-18 20:38 - 00000000 ____D C:\e735d206fef05299b92e9a0a60a4a2df 2016-05-18 11:49 - 2016-05-18 11:49 - 00000000 ____D C:\ProgramData\Windows Genuine Advantage 2016-05-18 11:47 - 2016-05-18 11:48 - 00002628 _____ C:\Users\MrBreeze\Downloads\legitcheck.hta 2016-05-18 11:07 - 2016-05-18 11:07 - 00024576 _____ C:\Users\MrBreeze\Documents\EasyBCD Backup (2016-05-18).bcd 2016-05-18 11:07 - 2016-05-18 11:07 - 00000000 ____D C:\Users\MrBreeze\AppData\Local\NeoSmart_Technologies 2016-05-18 11:06 - 2016-05-18 20:38 - 00000000 ____D C:\Program Files\NeoSmart Technologies 2016-05-18 11:04 - 2016-05-18 11:04 - 01923704 _____ C:\Users\MrBreeze\Downloads\EasyBCD 2.3.exe 2016-05-18 10:56 - 2016-05-18 11:00 - 00021948 _____ C:\Windows\system32\sfcdetails.txt 2016-05-18 07:25 - 2016-05-23 13:58 - 00000562 _____ C:\Users\MrBreeze\Desktop\StartUp Failure.txt 2016-05-17 13:46 - 2016-05-18 12:40 - 00000000 ____D C:\ProgramData\BootRacer 2016-05-17 13:43 - 2016-05-18 12:39 - 00040960 _____ C:\Users\Public\Documents\bootracer.his 2016-05-17 13:40 - 2016-05-25 15:25 - 00000728 _____ C:\Users\Public\Documents\bootracer.ini 2016-05-17 13:00 - 2016-05-17 13:00 - 00000010 _____ C:\Users\Scott\Desktop\test.txt 2016-05-17 12:56 - 2016-05-17 12:56 - 00449569 _____ C:\Users\Scott\Desktop\regrunlog.txt 2016-05-17 12:18 - 2016-05-17 12:18 - 00000000 ____D C:\@RestoreQuarantine 2016-05-17 12:13 - 2016-06-07 14:05 - 00000000 ____D C:\Users\MrBreeze\Documents\RegRun2 2016-05-17 11:58 - 2016-06-12 14:00 - 00000370 _____ C:\Windows\system32\PARTIZAN.TXT 2016-05-17 11:39 - 2016-05-17 11:40 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Scott\Downloads\SpyHunter-Installer (1).exe 2016-05-17 11:37 - 2016-05-17 11:39 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Scott\Downloads\SpyHunter-Installer.exe 2016-05-17 11:18 - 2016-06-11 13:49 - 00000000 ____D C:\ProgramData\RegRun 2016-05-17 10:29 - 2016-06-11 13:49 - 00000000 ____D C:\Users\Public\Documents\regruninfo 2016-05-17 10:29 - 2016-06-07 13:58 - 00000002 RSHOT C:\Windows\winstart.bat 2016-05-17 10:29 - 2016-05-21 12:10 - 00000000 ____D C:\Users\Scott\Documents\RegRun2 2016-05-17 10:29 - 2016-04-05 15:17 - 00012808 _____ (Greatis Software, LLC.) C:\Windows\system32\Drivers\UnHackMeDrv.sys 2016-05-17 10:25 - 2016-05-17 10:25 - 00000000 ____D C:\Users\Scott\Downloads\unhackme 2016-05-17 10:23 - 2016-05-17 10:24 - 17475297 _____ C:\Users\Scott\Downloads\unhackme.zip 2016-05-17 10:23 - 2016-05-17 10:23 - 00000400 _____ C:\Users\Scott\Documents\100 cpu.txt 2016-05-16 11:19 - 2016-05-16 11:19 - 00000000 ____D C:\Users\MrBreeze\Downloads\!Safe_WinVista_Home_Basic_SP2_32_Start_v200 2016-05-16 11:09 - 2016-05-16 11:09 - 00146308 _____ C:\Users\MrBreeze\Downloads\WS08_Vista_SP2_RTM_KBList.xlsx 2016-05-16 10:54 - 2016-05-16 10:55 - 18005296 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\IE9-WindowsVista-x86-enu.exe 2016-05-16 10:49 - 2016-05-16 10:49 - 00347816 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\MicrosoftFixit.Performance.RNP.Run.exe 2016-05-16 09:03 - 2016-05-16 09:03 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Macromedia 2016-05-16 08:51 - 2016-05-16 08:51 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Adobe 2016-05-15 22:15 - 2016-05-15 22:15 - 00000000 ____D C:\MATS 2016-05-15 22:13 - 2016-05-15 22:13 - 00347816 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe 2016-05-15 20:28 - 2016-05-15 20:28 - 00000033 _____ C:\Users\MrBreeze\Documents\Knee.txt 2016-05-14 21:40 - 2016-05-14 21:40 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MRBREEZE-PC-Windows-Vista--Home-Basic-(32-bit).dat 2016-05-14 21:40 - 2016-05-14 21:40 - 00000000 ____D C:\RegBackup 2016-05-14 19:29 - 2016-06-01 21:18 - 00001952 _____ C:\Users\MrBreeze\Desktop\Tweaking.com - Windows Repair.lnk 2016-05-14 19:29 - 2016-06-01 21:18 - 00000550 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job 2016-05-14 19:29 - 2016-05-14 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2016-05-14 19:29 - 2016-05-14 19:29 - 00000000 ____D C:\Program Files\Tweaking.com 2016-05-14 16:47 - 2016-05-14 16:47 - 00984576 _____ C:\Users\MrBreeze\Downloads\MicrosoftFixit50906.msi 2016-05-14 14:14 - 2016-05-14 14:14 - 01768236 _____ C:\Users\MrBreeze\Downloads\Windows6.0-KB942288-v2-x86 (1).msu 2016-05-14 14:14 - 2016-05-14 14:14 - 00000000 ____D C:\014e2b9b0cb56244da54 2016-05-14 10:20 - 2016-05-14 10:20 - 00000040 _____ C:\Users\MrBreeze\Documents\net.txt ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-13 15:23 - 2016-04-29 19:44 - 00000000 ____D C:\Program Files\Google 2016-06-13 15:21 - 2016-05-04 22:26 - 00000000 ____D C:\Users\Scott\AppData\Local\Google 2016-06-13 15:16 - 2016-04-29 19:45 - 00000000 ____D C:\Users\MrBreeze\AppData\Local\Google 2016-06-13 15:06 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\inf 2016-06-13 15:06 - 2006-11-02 05:33 - 00796728 _____ C:\Windows\system32\PerfStringBackup.INI 2016-06-13 15:04 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\inetsrv 2016-06-13 15:02 - 2006-11-02 07:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-06-13 15:02 - 2006-11-02 07:45 - 00004800 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2016-06-13 15:02 - 2006-11-02 07:45 - 00004800 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2016-06-13 15:01 - 2006-11-02 07:58 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-06-13 14:55 - 2016-04-17 11:07 - 00001356 _____ C:\Users\MrBreeze\AppData\Local\d3d9caps.dat 2016-06-12 13:24 - 2016-04-21 13:49 - 00346512 _____ C:\Users\MrBreeze\AppData\Local\census.cache 2016-06-12 13:24 - 2016-04-21 13:49 - 00297382 _____ C:\Users\MrBreeze\AppData\Local\ars.cache 2016-06-12 13:21 - 2016-04-19 01:48 - 00000010 _____ C:\Users\MrBreeze\AppData\Local\sponge.last.runtime.cache 2016-06-11 14:32 - 2016-04-05 17:44 - 00000000 ____D C:\Users\MrBreeze 2016-06-11 14:24 - 2016-04-05 12:59 - 00121232 _____ C:\Windows\system32\IScrNBR.bmp 2016-06-11 14:24 - 2016-04-05 12:59 - 00121232 _____ C:\Windows\system32\IScrNB.bmp 2016-06-11 14:23 - 2016-04-05 12:59 - 00319456 _____ (Microsoft Corporation) C:\Windows\system32\difxapi.dll 2016-06-11 14:21 - 2016-04-05 12:58 - 00142848 _____ (SigmaTel, Inc.) C:\Windows\system32\staco.dll 2016-06-11 14:21 - 2007-03-29 11:17 - 00562688 _____ (SigmaTel, Inc.) C:\Windows\system32\stapo.dll 2016-06-11 14:21 - 2007-03-29 11:17 - 00323584 _____ (SigmaTel, Inc.) C:\Windows\system32\Drivers\stwrt.sys 2016-06-11 14:21 - 2007-03-29 11:17 - 00316928 _____ (SigmaTel, Inc.) C:\Windows\system32\stcplx.dll 2016-06-11 14:21 - 2007-03-29 11:17 - 00243712 _____ (SigmaTel, Inc.) C:\Windows\system32\stapi32.dll 2016-06-07 20:34 - 2016-05-10 21:58 - 00000000 ____D C:\AdwCleaner 2016-06-07 16:39 - 2016-04-08 22:01 - 00000000 ___SD C:\Users\MrBreeze\AppData\LocalLow\Temp 2016-06-07 13:58 - 2006-11-02 05:23 - 00002577 _____ C:\Windows\system32\config.nt 2016-06-07 13:58 - 2006-11-02 05:23 - 00001688 _____ C:\Windows\system32\autoexec.nt 2016-06-05 11:45 - 2016-04-21 18:49 - 00000000 ____D C:\Users\MrBreeze\Downloads\backups 2016-06-04 19:31 - 2006-11-02 05:24 - 136686448 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2016-06-03 15:52 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\registration 2016-06-02 21:16 - 2016-04-05 13:07 - 00000000 ____D C:\Program Files\Java 2016-06-02 16:31 - 2016-05-04 21:39 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-06-02 15:17 - 2016-04-13 01:50 - 00001945 _____ C:\Windows\epplauncher.mif 2016-06-02 12:04 - 2016-05-06 17:45 - 00069840 _____ C:\Users\Scott\AppData\Local\GDIPFONTCACHEV1.DAT 2016-06-02 11:54 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_249 2016-06-01 21:41 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_687 2016-06-01 14:34 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_555 2016-06-01 05:33 - 2016-04-29 22:30 - 00000000 ____D C:\Windows\Panther 2016-05-27 12:15 - 2016-04-10 13:32 - 00000000 ____D C:\Windows\Minidump 2016-05-25 19:28 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_428 2016-05-25 13:19 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_219 2016-05-23 11:53 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_626 2016-05-22 22:08 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_183 2016-05-20 12:04 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_408 2016-05-20 09:33 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_570 2016-05-18 11:49 - 2006-11-02 06:18 - 00000000 ___SD C:\Windows\Downloaded Program Files 2016-05-16 11:16 - 2016-04-29 22:51 - 00000000 ____D C:\Users\MrBreeze\AppData\Local\ElevatedDiagnostics 2016-05-16 10:56 - 2016-05-04 22:26 - 00000949 _____ C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-05-16 10:14 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_366 2016-05-15 23:19 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_286 2016-05-15 21:50 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_527 2016-05-15 16:25 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_19 2016-05-14 22:19 - 2016-04-19 18:39 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2016-05-14 22:19 - 2016-04-19 18:39 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2016-05-14 22:10 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_584 2016-05-14 18:09 - 2016-05-10 12:33 - 00000000 ____D C:\363c9100431405d757f164504b44b3 2016-05-14 18:07 - 2016-04-29 21:50 - 00000000 ____D C:\2de5ecb5eb1f30c5571f293ed367 2016-05-14 14:08 - 2006-11-02 05:22 - 32768000 _____ C:\Windows\system32\config\components.bak 2016-05-14 14:08 - 2006-11-02 05:22 - 30146560 _____ C:\Windows\system32\config\software.bak 2016-05-14 14:08 - 2006-11-02 05:22 - 23068672 _____ C:\Windows\system32\config\system.bak 2016-05-14 14:08 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\security.bak 2016-05-14 14:08 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\sam.bak 2016-05-14 14:08 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\default.bak ==================== Files in the root of some directories ======= 2016-04-21 13:49 - 2016-06-12 13:24 - 0297382 _____ () C:\Users\MrBreeze\AppData\Local\ars.cache 2016-04-21 13:49 - 2016-06-12 13:24 - 0346512 _____ () C:\Users\MrBreeze\AppData\Local\census.cache 2016-04-17 11:07 - 2016-06-13 14:55 - 0001356 _____ () C:\Users\MrBreeze\AppData\Local\d3d9caps.dat 2016-04-05 18:11 - 2016-04-26 13:28 - 0005120 _____ () C:\Users\MrBreeze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-04-19 01:19 - 2016-04-19 01:19 - 0000036 _____ () C:\Users\MrBreeze\AppData\Local\housecall.guid.cache 2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\MrBreeze\AppData\Local\setup.txt 2016-04-19 01:48 - 2016-06-12 13:21 - 0000010 _____ () C:\Users\MrBreeze\AppData\Local\sponge.last.runtime.cache ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-06-13 15:09 ==================== End of FRST.txt ============================ Quote
SPSpellman Posted June 13, 2016 Posted June 13, 2016 Standard User Account: Scott Additional scan result of Farbar Recovery Scan Tool (x86) Version:13-06-2016 Ran by MrBreeze (2016-06-13 15:36:09) Running from C:\Users\Scott\Downloads Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) (2016-04-05 20:52:52) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-67880207-1905697065-243471585-500 - Administrator - Disabled) Guest (S-1-5-21-67880207-1905697065-243471585-501 - Limited - Enabled) MrBreeze (S-1-5-21-67880207-1905697065-243471585-1000 - Administrator - Enabled) => C:\Users\MrBreeze Scott (S-1-5-21-67880207-1905697065-243471585-1005 - Limited - Enabled) => C:\Users\Scott ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ace Utilities (HKLM\...\Ace Utilities_is1) (Version: 6.1.0 - Acelogix Software) Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated) Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated) Application Compatibility Toolkit (Version: 8.100.26641 - Microsoft) Hidden Avast Free Antivirus (HKLM\...\Avast) (Version: 11.2.2262 - AVAST Software) CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform) eMachines Recovery Center Installer (HKLM\...\{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}) (Version: 1.01.009 - eMachines) Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.) Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.) Intel® Network Connections 15.3.68.0 (HKLM\...\PROSetDX) (Version: 15.3.68.0 - Intel) Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation) Kits Configuration Installer (Version: 8.100.25984 - Microsoft) Hidden Local Administrator Password Solution (HKLM\...\{3C5FA570-168B-47B2-A4C9-8B59FFC28459}) (Version: 6.0.1.0 - Microsoft Corporation) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft SharePoint 2010 Products OpsMgr 2007 MP en-us (HKLM\...\{7F52C251-8EB6-410D-9E84-45E8E4993A48}) (Version: 1.0.0.0 - Microsoft) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Registry Backup and Restore (HKLM\...\Registry Backup and Restore_is1) (Version: - Acelogix) SafeZone Stable 1.48.2066.101 (Version: 1.48.2066.101 - Avast Software) Hidden SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5205.0 - SigmaTel) SnapShot (HKLM\...\SnapShot_is1) (Version: 1.0.6 - Bluefive software) Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform) Toolkit Documentation (Version: 8.100.26866 - Microsoft) Hidden Trend Micro RUBotted 2.0 Beta (HKLM\...\{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1) (Version: 2.0.0.1034 - Trend Micro, Inc.) Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.9.1 - Tweaking.com) Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 7.1.0 - Shark007) Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation) Windows Assessment and Deployment Kit for Windows 8.1 (HKLM\...\{e9e06304-a604-434b-b35f-d9beb94dc06d}) (Version: 8.100.26866 - Microsoft Corporation) WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04C5732E-E4CC-4AE5-B8BF-8A56247766EC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-05-13] (Piriform Ltd) Task: {15A33922-2CF4-4FE9-B6AE-384EEC7578EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-06-13] (Google Inc.) Task: {256B542C-44C2-420A-BEF2-DFC720B9990A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-02] (AVAST Software) Task: {30D25F1F-0D94-4911-B53A-76B996003FE2} - \SlimCleaner Run -> No File <==== ATTENTION Task: {355BBC34-14C1-4E46-8C24-6BCC98BB416E} - System32\Tasks\AceUtilsSkipUAC => C:\Program Files\Ace Utilities\au.exe [2015-11-11] (Acelogix Software) Task: {84DF11BB-C896-4B4A-B1EB-665321A19DCD} - System32\Tasks\SafeZone scheduled Autoupdate 1464899852 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software) Task: {8673CFDB-7B4D-4D75-AFD9-0A3B2215628C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-06-13] (Google Inc.) Task: {97AD9CE5-9A4A-478B-B492-807826D83D71} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-14] (Adobe Systems Incorporated) Task: {ACE55B44-2D02-455E-977F-27AD60C7BBFD} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ab3ad222f4 => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-06-13] (Google Inc.) Task: {FE20FBFD-023A-4365-9632-BB2E6A821F53} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One)�Tweaking.com - Windows Repair)Created By Tweaking.com Task: C:\Windows\Tasks\User_Feed_Synchronization-{40FE53E5-E223-4404-89E5-29209F69C377}.job => C:\Windows\system32\msfeedssync.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-06-02 15:20 - 2016-06-02 15:20 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2016-06-02 15:20 - 2016-06-02 15:20 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-06-13 12:11 - 2016-06-13 12:11 - 02932736 _____ () C:\Program Files\AVAST Software\Avast\defs\16061300\algo.dll 2016-06-02 15:20 - 2016-06-02 15:20 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll 2016-06-13 15:03 - 2016-06-13 15:03 - 02932736 _____ () C:\Program Files\AVAST Software\Avast\defs\16061301\algo.dll 2016-06-02 15:20 - 2016-06-02 15:20 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-06-12 13:36 - 2010-08-24 19:06 - 00085840 _____ () C:\Program Files\Trend Micro\RUBotted\hc_help.dll 2016-06-02 15:20 - 2016-06-02 15:20 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:E965A533 [111] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\12527038.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\94872584.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\12527038.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\94872584.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\1001movie.com -> 1001movie.com IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\1001night.biz -> 1001night.biz IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\100gal.net -> 100gal.net IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\100***links.com -> 100***links.com There are 4788 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 05:23 - 2016-06-12 12:19 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-67880207-1905697065-243471585-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\eM1_Wide.bmp HKU\S-1-5-21-67880207-1905697065-243471585-1005\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80 FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80 FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80 FirewallRules: [{68C83C52-ED98-4037-BB19-F9CD8048B21C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: PCI Simple Communications Controller Description: PCI Simple Communications Controller Class Guid: Manufacturer: Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (06/13/2016 03:16:52 PM) (Source: Windows Search Service) (EventID: 3024) (User: ) Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again. Context: Application, SystemIndex Catalog Error: (06/13/2016 03:14:54 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point on volume (Process = C:\Program Files\HitmanPro\HitmanPro.exe Files\HitmanPro\HitmanPro.exe" ; Descripton = ȃȃȃȃဃဂဂဂ � ဂȂဃဂဂဂ�ဂĂဃĂ Ă ဂဂဂဂဂဂဂ��ȂဃȂ Ȃă䠃ဂဂဂဂဂဂဂဂဂሂဃဂ。ဂဂဂဂᐂᐂဂሂဃဂဂᐂሂဃဂဂဂဂĂăăăăăăăăăăăăăăăăăăăăăăဃ褂; Hr = 0x80070057). Error: (06/13/2016 03:00:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application hmpsched.exe, version 3.7.0.5, time stamp 0x5732f7ec, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000, process id 0x520, application start time 0xhmpsched.exe0. Error: (06/13/2016 02:23:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5, exception code 0xc0000005, fault offset 0x00034ca2, process id 0x874, application start time 0xExplorer.EXE0. Error: (06/12/2016 01:44:21 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point on volume (Process = C:\Program Files\HitmanPro\HitmanPro.exe Files\HitmanPro\HitmanPro.exe" /scan:boot /quiet /quick; Descripton = Checkpoint by HitmanPro; Hr = 0x8000ffff). Error: (06/12/2016 01:44:20 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154. Operation: Gathering Writer Data Executing Asynchronous Operation Context: Execution Context: Requestor Current State: GatherWriterMetadata Error: (06/12/2016 01:44:20 PM) (Source: VSS) (EventID: 34) (User: ) Description: Volume Shadow Copy Service error: The VSS event class is not registered. This will prevent any VSS writers from receiving events. This may be caused due to a setup failure or as a result of an application's installer or uninstaller. Operation: Gathering Writer Data Executing Asynchronous Operation Context: Execution Context: Requestor Current State: GatherWriterMetadata Error: (06/12/2016 12:20:45 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206. Error: (06/12/2016 12:20:45 PM) (Source: EventSystem) (EventID: 4609) (User: ) Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (06/12/2016 12:20:30 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206. System errors: ============= Error: (06/13/2016 03:02:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (06/13/2016 12:09:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (06/12/2016 04:35:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (06/12/2016 04:25:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (06/12/2016 04:20:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (06/12/2016 04:10:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (06/12/2016 01:58:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (06/12/2016 01:46:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (06/12/2016 01:39:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (06/12/2016 01:28:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it. CodeIntegrity: =================================== Date: 2016-06-12 13:18:44.176 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2016-06-12 13:18:44.020 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2016-06-12 13:18:43.833 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2016-06-12 13:18:43.630 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2016-06-12 13:13:44.297 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-06-12 13:13:44.017 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-06-12 13:13:43.751 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-06-12 13:13:43.611 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-06-02 16:49:51.471 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-06-02 16:49:51.346 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Celeron® D CPU 3.33GHz Percentage of memory in use: 36% Total physical RAM: 2037.32 MB Available physical RAM: 1293.96 MB Total Virtual: 5989.36 MB Available Virtual: 5197.12 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:103.29 GB) (Free:75.11 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (Recovery) (Fixed) (Total:8.5 GB) (Free:3.61 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: B1E04F8A) Partition 1: (Not Active) - (Size=8.5 GB) - (Type=07 NTFS) Partition 2: (Active) - (Size=103.3 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Quote
ExTS Admin Starbuck Posted June 14, 2016 Author ExTS Admin Posted June 14, 2016 Hi Scott, FRST only needs to be run on the main administrator account. No need to run it on a standard user account. Fixes won't work on a Standard account anyway as it will require Admin privledges to work. There's a lot of security programs coming on and off this system. This isn't always a good thing. Too much security is just as bad as too little. Recommendation. I recommend that you remove the following: Ace Utilities Anything that states that it will Optimize and fine tune your PC ... is something to steer clear of. Registry cleaners have been known to cause more problems than they cure. No staff member here will ever recommend this type of software. Hitman Pro Unless you have paid for this... it's only a 30 day trial, so once it's been run there's not really much point in keeping it around. It's only using resources. Trend Micro RUBotted Once it's been run, it's basically done it's job. It'll only alert you anyway... it won't remove anything. Any program that just alerts you and then requires you to install another program from Trend Micro to finish the job... isn't worth having in my book. Step 1 AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} Avast should have disabled this.... the 2 will conflict. Click Start >> Control Panel >> Windows Defender or launch from the system tray icon. Click on Tools & Settings >> Options. Under Real-time protection options, uncheck the "Real-time protection" check box. Click Save. Step 2 Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\MrBreeze\Downloads . NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait. http://img.photobucket.com/albums/v708/starbuck50/frstfix_zps7db0c905.png The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply. Step 3 Can you please add these reports in your next reply as well. C:\Users\MrBreeze\Downloads\Extras.Txt C:\Users\MrBreeze\Downloads\OTL.Txt In your next reply, please submit: Fixlog.txt Extras.txt Otl.txt Thanks.fixlist.txt Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.