SPSpellman Posted June 16, 2016 Posted June 16, 2016 (edited) Fix result of Farbar Recovery Scan Tool (x86) Version:15-06-2016 Ran by MrBreeze (2016-06-15 20:01:02) Run:1 Running from C:\Users\MrBreeze\Downloads Loaded Profiles: MrBreeze (Available Profiles: MrBreeze & Scott & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-67880207-1905697065-243471585-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1000 -> {47B50246-2234-4B64-AAB2-296D71F49BDE} URL = FF user.js: detected! => C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\ Profiles\8t3xh1at.default-1461110741824\user.js [2016-06-07] CHR Extension: (Entanglement Web App) - C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchp hgkefd [2016-06-13] CHR Extension: (Poppit!) - C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopgl ifcfmi [2016-06-13] U3 DFSR; no ImagePath S3 ialm; system32\DRIVERS\igdkmd32.sys [X] S3 igfx; system32\DRIVERS\igdkmd32.sys [X] U0 Partizan; system32\drivers\Partizan.sys [X] U4 UmRdpService; no ImagePath Task: {30D25F1F-0D94-4911-B53A-76B996003FE2} - \SlimCleaner Run -> No File <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:E965A533 [111] CMD: ipconfig /flushdns EmptyTemp: Hosts: ***************** "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully. "HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully. "HKU\S-1-5-21-67880207-1905697065-243471585-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully HKU\S-1-5-21-67880207-1905697065-243471585-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully. "HKU\S-1-5-21-67880207-1905697065-243471585-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{47B50246-2234-4B64-AAB2-296D71F49BDE}" => key removed successfully. HKCR\CLSID\{47B50246-2234-4B64-AAB2-296D71F49BDE} => key not found. C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\ Profiles\8t3xh1at.default-1461110741824\user.js => not found. C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchp hgkefd => not found. C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopgl ifcfmi => not found. DFSR => service removed successfully. ialm => service removed successfully. igfx => service removed successfully. Partizan => service removed successfully. UmRdpService => service removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{30D25F1F-0D94-4911-B53A-76B996003FE2}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30D25F1F-0D94-4911-B53A-76B996003FE2}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SlimCleaner Run" => key removed successfully. C:\ProgramData\TEMP => ":E965A533" ADS removed successfully.. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. EmptyTemp: => 298.7 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 20:02:06 ==== Edited June 16, 2016 by SPSpellman Quote
SPSpellman Posted June 16, 2016 Author Posted June 16, 2016 OTL Extras logfile created on: 5/23/2016 12:29:00 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MrBreeze\Downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 47.68% Memory free 4.92 Gb Paging File | 3.92 Gb Available in Paging File | 79.77% Paging File free Paging file location(s): c:\pagefile.sys 3055 6000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 103.29 Gb Total Space | 63.34 Gb Free Space | 61.33% Space Free | Partition Type: NTFS Drive D: | 8.50 Gb Total Space | 3.61 Gb Free Space | 42.43% Space Free | Partition Type: NTFS Computer Name: MRBREEZE-PC | User Name: MrBreeze | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-67880207-1905697065-243471585-1000] "EnableNotificationsRef" = 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-67880207-1905697065-243471585-500] "EnableNotificationsRef" = 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{048EC4B1-7B9B-437D-ACD9-6F0C3128D682}" = rport=138 | protocol=17 | dir=out | app=system | "{04B4CE29-6F34-437B-BCB6-CD03D49519D0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{11B2B4C9-0E5F-47E3-ADD3-F289FA5B6F1B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{21B9ADE3-4648-4ED2-9EFF-E978946EE5E5}" = lport=445 | protocol=6 | dir=in | app=system | "{2228BA1B-DC28-41B5-A303-5955A489338A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{2B213D14-A65C-46B6-B066-6C1B7843C635}" = lport=138 | protocol=17 | dir=in | app=system | "{2D85C8C2-D4C6-435D-85EE-43FDE5FDEFBF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2E02E9DA-D954-4502-8331-E95B17684843}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{31918ADD-AAD9-4C9E-BA1E-4FAD6A31889D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3716BDE2-3772-4DDF-9F59-7FDF8A24D270}" = rport=445 | protocol=6 | dir=out | app=system | "{3B50AA39-79FD-4EE9-8350-AE9B36A14AFD}" = rport=137 | protocol=17 | dir=out | app=system | "{44546349-B5BE-4FB1-9659-EEDE1353F564}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{496CF423-FB8D-46B0-A63C-7B49312EC362}" = lport=137 | protocol=17 | dir=in | app=system | "{4AC18FB3-D013-4C32-9BA4-33888C288953}" = lport=137 | protocol=17 | dir=in | app=system | "{5E50EFA7-2126-4B02-A8BE-AEB32B4C9A26}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{69FA9359-4FD6-4D79-94A4-4114EDA3DB7D}" = lport=139 | protocol=6 | dir=in | app=system | "{70CF4561-E1B3-4FBA-B14C-90523A30E461}" = rport=445 | protocol=6 | dir=out | app=system | "{7157E791-D2D5-46F2-AEF6-482C71BA8D82}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7BABDA40-A383-48B7-BF56-596E14C603C3}" = lport=138 | protocol=17 | dir=in | app=system | "{A4FF04BD-EC04-4A92-984A-AF0040E18D17}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AE1EBFCD-3117-4EB4-BDCE-313F967BFDDE}" = rport=137 | protocol=17 | dir=out | app=system | "{B0E1EA8B-4AC6-4DD7-B94E-633D2A096A43}" = lport=139 | protocol=6 | dir=in | app=system | "{B1E77BC3-4610-4EE0-B291-234886F38CD4}" = rport=138 | protocol=17 | dir=out | app=system | "{BDF430FD-B21A-4D1C-885C-5555463D2AED}" = lport=445 | protocol=6 | dir=in | app=system | "{DA546AB9-3098-4805-A138-E77E85AD1612}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{EF2CDB9F-F351-48B6-ADE6-CEF0ED371675}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{EF865607-324A-4F83-A40E-B1FA6DB570CE}" = rport=139 | protocol=6 | dir=out | app=system | "{EFF15936-2220-43DC-A394-697CDF5220B4}" = rport=139 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{13352222-CB9A-4F74-B0B2-1ED6BD48139B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{2068C167-0F7E-42BD-8E44-47E7952E235E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{24083A9D-BBD1-4321-86E6-70A3A21B1321}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{3630F630-F441-4B0F-9681-DDED8206C5A5}" = protocol=6 | dir=in | app=c:\program files\microsoft security client\msseces.exe | "{3AE8C1B3-0C8F-41ED-803B-BA6E28750369}" = protocol=17 | dir=in | app=c:\program files\microsoft security client\msseces.exe | "{5317BAC5-3518-4F66-9005-4446D8472540}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{6FFD73E5-A029-4EC2-AD3C-B7A38BF62F27}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{84A6B385-7143-42FC-8CE0-893372F40F71}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{D5D2C593-7C37-4852-8635-C9460666493D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{E7A9950D-0CBD-4E26-9668-19C3C673AFEF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{F92BF169-FF04-4832-8F42-9BB163F12E83}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{046775C7-701F-4386-BCF4-5ADA66E41F51}" = BootRacer "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{3AEFF4E0-C0F2-ECCC-6420-A2A008D52DF2}" = Application Compatibility Toolkit "{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper "{6C870B12-6FF2-68FC-8C3B-DD177BBF3F92}" = Toolkit Documentation "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{74d0e5db-b326-4dae-a6b2-445b9de1836e}" = Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 "{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = eMachines Recovery Center Installer "{7F52C251-8EB6-410D-9E84-45E8E4993A48}" = Microsoft SharePoint 2010 Products OpsMgr 2007 MP en-us "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5 "{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23026 "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.16) "{B74E65FD-CC47-41C5-4B89-791A3F61942D}" = Kits Configuration Installer "{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23026 "{BF455BD4-60BB-4E6E-867A-B4F57BC1164B}" = Microsoft Security Client "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D5558268-0050-4B95-AD5E-426960E1EFE1}" = Intel® Network Connections 15.3.68.0 "{e9e06304-a604-434b-b35f-d9beb94dc06d}" = Windows Assessment and Deployment Kit for Windows 8.1 "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package "Adobe Flash Player ActiveX" = Adobe Flash Player 21 ActiveX "Adobe Flash Player NPAPI" = Adobe Flash Player 21 NPAPI "CCleaner" = CCleaner "Google Chrome" = Google Chrome "HDMI" = Intel® Graphics Media Accelerator Driver "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.2.1.1043 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Firefox 45.0.2 (x86 en-US)" = Mozilla Firefox 45.0.2 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "PROSetDX" = Intel® Network Connections 15.3.68.0 "Speccy" = Speccy "Tweaking.com - Windows Repair" = Tweaking.com - Windows Repair "UnHackMe_is1" = UnHackMe 8.00 "WinPcapInst" = WinPcap 4.1.3 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 5/23/2016 12:54:53 PM | Computer Name = MrBreeze-PC | Source = EventSystem | ID = 4609 Description = Error - 5/23/2016 12:54:53 PM | Computer Name = MrBreeze-PC | Source = VSS | ID = 8193 Description = Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206. Error - 5/23/2016 12:55:07 PM | Computer Name = MrBreeze-PC | Source = EventSystem | ID = 4609 Description = Error - 5/23/2016 12:55:07 PM | Computer Name = MrBreeze-PC | Source = VSS | ID = 8193 Description = Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206. Error - 5/23/2016 1:06:14 PM | Computer Name = MrBreeze-PC | Source = VSS | ID = 34 Description = Volume Shadow Copy Service error: The VSS event class is not registered. This will prevent any VSS writers from receiving events. This may be caused due to a setup failure or as a result of an application's installer or uninstaller. Operation: Gathering Writer Data Executing Asynchronous Operation Context: Execution Context: Requestor Current State: GatherWriterMetadata Error - 5/23/2016 1:06:14 PM | Computer Name = MrBreeze-PC | Source = VSS | ID = 8193 Description = Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154. Operation: Gathering Writer Data Executing Asynchronous Operation Context: Execution Context: Requestor Current State: GatherWriterMetadata Error - 5/23/2016 1:06:15 PM | Computer Name = MrBreeze-PC | Source = System Restore | ID = 8193 Description = Failed to create restore point on volume (Process = C:\Windows\system32\svchost.exe -k netsvcs; Descripton = Windows Update; Hr = 0x8000ffff). Error - 5/23/2016 1:31:09 PM | Computer Name = MrBreeze-PC | Source = VSS | ID = 34 Description = Volume Shadow Copy Service error: The VSS event class is not registered. This will prevent any VSS writers from receiving events. This may be caused due to a setup failure or as a result of an application's installer or uninstaller. Operation: Gathering Writer Data Executing Asynchronous Operation Context: Execution Context: Requestor Current State: GatherWriterMetadata Error - 5/23/2016 1:31:09 PM | Computer Name = MrBreeze-PC | Source = VSS | ID = 8193 Description = Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154. Operation: Gathering Writer Data Executing Asynchronous Operation Context: Execution Context: Requestor Current State: GatherWriterMetadata Error - 5/23/2016 1:31:09 PM | Computer Name = MrBreeze-PC | Source = System Restore | ID = 8193 Description = Failed to create restore point on volume (Process = C:\WINDOWS\System32\wbem\WmiPrvSE.exe; Descripton = OTL Restore Point - 5/23/2016 12:31:08 PM; Hr = 0x8000ffff). [ System Events ] Error - 5/23/2016 12:33:51 PM | Computer Name = MrBreeze-PC | Source = DCOM | ID = 10005 Description = Error - 5/23/2016 12:34:01 PM | Computer Name = MrBreeze-PC | Source = DCOM | ID = 10005 Description = Error - 5/23/2016 12:34:04 PM | Computer Name = MrBreeze-PC | Source = DCOM | ID = 10005 Description = Error - 5/23/2016 12:34:48 PM | Computer Name = MrBreeze-PC | Source = Service Control Manager | ID = 7001 Description = Error - 5/23/2016 12:34:48 PM | Computer Name = MrBreeze-PC | Source = Service Control Manager | ID = 7001 Description = Error - 5/23/2016 12:34:48 PM | Computer Name = MrBreeze-PC | Source = Service Control Manager | ID = 7001 Description = Error - 5/23/2016 12:34:48 PM | Computer Name = MrBreeze-PC | Source = Service Control Manager | ID = 7026 Description = Error - 5/23/2016 12:50:07 PM | Computer Name = MrBreeze-PC | Source = DCOM | ID = 10005 Description = Error - 5/23/2016 12:53:55 PM | Computer Name = MrBreeze-PC | Source = DCOM | ID = 10005 Description = Error - 5/23/2016 1:00:10 PM | Computer Name = MrBreeze-PC | Source = Service Control Manager | ID = 7001 Description = < End of report > Quote
SPSpellman Posted June 16, 2016 Author Posted June 16, 2016 OTL logfile created on: 5/23/2016 12:29:00 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MrBreeze\Downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 47.68% Memory free 4.92 Gb Paging File | 3.92 Gb Available in Paging File | 79.77% Paging File free Paging file location(s): c:\pagefile.sys 3055 6000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 103.29 Gb Total Space | 63.34 Gb Free Space | 61.33% Space Free | Partition Type: NTFS Drive D: | 8.50 Gb Total Space | 3.61 Gb Free Space | 42.43% Space Free | Partition Type: NTFS Computer Name: MRBREEZE-PC | User Name: MrBreeze | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2016/05/23 12:27:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MrBreeze\Downloads\OTL.scr PRC - [2016/04/15 14:05:24 | 006,675,672 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe PRC - [2016/04/06 05:05:03 | 000,874,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2016/04/05 15:16:58 | 000,604,952 | ---- | M] (Greatis Software) -- C:\Program Files\UnHackMe\hackmon.exe PRC - [2016/01/29 18:44:58 | 000,292,816 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe PRC - [2016/01/29 18:44:56 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2016/01/29 17:56:10 | 000,986,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2015/09/24 10:40:30 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2015/07/30 13:38:28 | 000,100,864 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\AntiRansomware2.0\****rvice.exe PRC - [2009/04/11 01:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/01/19 01:33:14 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe ========== Modules (No Company Name) ========== MOD - [2006/12/12 12:04:00 | 000,061,440 | ---- | M] () -- C:\WINDOWS\System32\igfxTMM.dll MOD - [2006/12/12 12:01:48 | 000,077,824 | ---- | M] () -- C:\WINDOWS\System32\hccutils.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (STacSV) SRV - [2016/05/14 22:19:03 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2016/04/19 02:09:52 | 000,146,888 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2016/01/29 18:44:58 | 000,292,816 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2016/01/29 18:44:56 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2015/12/07 15:24:12 | 000,065,296 | ---- | M] (Greatis Software, LLC) [Disabled | Stopped] -- C:\Program Files\BootRacer\BootRacerServ.exe -- (BootRacerServ) SRV - [2015/09/24 10:40:30 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2015/07/30 13:38:28 | 000,100,864 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\AntiRansomware2.0\****rvice.exe -- (AntiRansomwareService) SRV - [2009/04/11 01:28:22 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\inetsrv\iisw3adm.dll -- (WAS) SRV - [2009/04/11 01:28:22 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2009/04/11 01:28:18 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2008/01/19 01:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/01/19 01:33:14 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (IISADMIN) ========== Driver Services (SafeList) ========== DRV - [2016/05/17 10:29:35 | 000,040,304 | ---- | M] (Greatis Software) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\System32\drivers\Partizan.sys -- (Partizan) DRV - [2015/11/13 08:50:26 | 000,104,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2014/08/18 22:07:06 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\npf.sys -- (npf) DRV - [2013/06/08 17:28:41 | 000,015,776 | R--- | M] (<company name here>) [Kernel | System | Running] -- C:\Program Files\AntiRansomware2.0\HookDriver32.sys -- (KbHook) DRV - [2009/04/10 23:45:26 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rmcast.sys -- (RMCAST) DRV - [2008/01/19 00:08:50 | 000,126,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mqac.sys -- (MQAC) DRV - [2006/11/02 02:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw2v32.sys -- (NETw2v32) DRV - [1999/12/31 19:00:00 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\stwrt.sys -- (STHDA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{47B50246-2234-4B64-AAB2-296D71F49BDE}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage} IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{6A8CE798-58AC-47A5-A718-6335B9D1F4D8}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.countryCode: "US" FF - prefs.js..browser.search.defaultenginename.US: "Google" FF - prefs.js..browser.search.region: "US" FF - prefs.js..extensions.enabledAddons: firefoxaddon%40youtubeenhancer.com:4.1.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:46.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.79.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.79.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2016/04/06 16:08:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MrBreeze\AppData\Roaming\Mozilla\Extensions [2016/05/15 17:06:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\Profiles\8t3xh1at.default-1461110741824\extensions [2016/05/01 14:19:24 | 000,658,177 | ---- | M] () (No name found) -- C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\Profiles\8t3xh1at.default-1461110741824\extensions\firefoxaddon@youtubeenhancer.com.xpi [2016/05/15 17:06:23 | 001,656,045 | ---- | M] () (No name found) -- C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\Profiles\8t3xh1at.default-1461110741824\features\{4582f8fc-c01e-413d-8374-972442400fd3}\loop@mozilla.org.xpi [2016/04/30 17:03:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions ========== Chrome ========== CHR - Extension: No name found = C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\ CHR - Extension: No name found = C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\ CHR - Extension: No name found = C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\ CHR - Extension: No name found = C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\ CHR - Extension: No name found = C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\ CHR - Extension: No name found = C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\ CHR - Extension: No name found = C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\ CHR - Extension: No name found = C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\ O1 HOSTS File: ([2016/05/23 11:53:34 | 000,000,855 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BootRacer = "C:\Program Files\BootRacer\Bootrace.exe" /2 (Greatis Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253 O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5304D28-2BFF-47C8-89B2-44ED34F77672}: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\System32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\em1_wide.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\em1_wide.bmp O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2016/05/21 12:07:05 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2016/05/21 12:07:05 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (Partizan) O34 - HKLM BootExecute: (ootExecute settings...) O34 - HKLM BootExecute: (on\E) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: CCleaner Monitoring - hkey= - key= - C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd) MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - State: "startup" - 0 MsConfig - State: "services" - 0 MsConfig - State: "bootini" - 0 CREATERESTOREPOINT System Restore Service not available. ========== Files/Folders - Created Within 30 Days ========== [2016/05/23 12:18:04 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2016/05/23 12:02:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2 [2016/05/21 12:07:05 | 000,000,000 | RHSD | C] -- C:\comment.htt [2016/05/21 12:07:05 | 000,000,000 | RHSD | C] -- C:\autorun.inf [2016/05/19 17:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AntiRansomware [2016/05/19 17:37:06 | 000,000,000 | ---D | C] -- C:\Program Files\AntiRansomware2.0 [2016/05/18 20:38:49 | 000,000,000 | ---D | C] -- C:\e735d206fef05299b92e9a0a60a4a2df [2016/05/18 11:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage [2016/05/18 11:07:24 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\AppData\Local\NeoSmart_Technologies [2016/05/18 11:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\NeoSmart Technologies [2016/05/17 13:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\BootRacer [2016/05/17 13:40:14 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BootRacer [2016/05/17 13:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\BootRacer [2016/05/17 12:18:01 | 000,000,000 | ---D | C] -- C:\@RestoreQuarantine [2016/05/17 12:13:35 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\Documents\RegRun2 [2016/05/17 11:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun [2016/05/17 10:29:35 | 000,040,304 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys [2016/05/17 10:29:13 | 000,049,968 | ---- | C] (Greatis Software) -- C:\Windows\System32\partizan.exe [2016/05/17 10:29:13 | 000,012,808 | ---- | C] (Greatis Software, LLC.) -- C:\Windows\System32\drivers\UnHackMeDrv.sys [2016/05/17 10:29:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe [2016/05/17 10:29:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo [2016/05/17 10:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe [2016/05/15 22:15:53 | 000,000,000 | ---D | C] -- C:\MATS [2016/05/14 21:40:12 | 000,000,000 | ---D | C] -- C:\RegBackup [2016/05/14 19:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com [2016/05/14 19:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com [2016/05/14 14:14:35 | 000,000,000 | ---D | C] -- C:\014e2b9b0cb56244da54 [2016/05/13 22:31:35 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\AppData\Roaming\Free Windows Cleanup Tool [2016/05/13 22:17:50 | 000,000,000 | ---D | C] -- C:\Program Files\Free Windows Cleanup Tool [2016/05/11 12:59:19 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\AppData\Local\Microsoft Corporation [2016/05/11 12:57:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor [2016/05/11 00:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits [2016/05/11 00:48:03 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Kits [2016/05/11 00:27:59 | 000,000,000 | ---D | C] -- C:\45c1271dcf3c91039f5075bf13b8 [2016/05/11 00:16:14 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-eventing-provider-l1-1-0.dll [2016/05/11 00:16:13 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-string-l1-1-0.dll [2016/05/11 00:16:13 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-runtime-l1-1-0.dll [2016/05/11 00:16:13 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-process-l1-1-0.dll [2016/05/11 00:16:13 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2016/05/11 00:16:13 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-utility-l1-1-0.dll [2016/05/11 00:16:13 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-2-0.dll [2016/05/11 00:16:13 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2016/05/11 00:16:13 | 000,011,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2016/05/11 00:16:12 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2016/05/11 00:16:12 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2016/05/11 00:16:12 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-locale-l1-1-0.dll [2016/05/11 00:16:12 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-timezone-l1-1-0.dll [2016/05/11 00:16:12 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l2-1-0.dll [2016/05/11 00:16:11 | 000,022,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-math-l1-1-0.dll [2016/05/11 00:16:11 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-stdio-l1-1-0.dll [2016/05/11 00:16:11 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-time-l1-1-0.dll [2016/05/11 00:16:11 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2016/05/11 00:16:11 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l2-1-0.dll [2016/05/11 00:16:11 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2016/05/11 00:16:10 | 000,015,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2016/05/11 00:16:10 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-2-0.dll [2016/05/11 00:16:10 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-conio-l1-1-0.dll [2016/05/11 00:16:10 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2016/05/11 00:16:10 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2016/05/11 00:16:10 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-2-0.dll [2016/05/11 00:16:10 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2016/05/11 00:16:10 | 000,011,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2016/05/11 00:16:09 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-filesystem-l1-1-0.dll [2016/05/11 00:16:09 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2016/05/11 00:16:09 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-1.dll [2016/05/11 00:16:09 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2016/05/11 00:16:09 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2016/05/11 00:16:09 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2016/05/11 00:16:09 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2016/05/11 00:16:09 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2016/05/11 00:16:08 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ucrtbase.dll [2016/05/11 00:16:08 | 000,064,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-private-l1-1-0.dll [2016/05/11 00:16:08 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-multibyte-l1-1-0.dll [2016/05/11 00:16:08 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-convert-l1-1-0.dll [2016/05/11 00:16:08 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2016/05/11 00:16:07 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-heap-l1-1-0.dll [2016/05/11 00:16:07 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-environment-l1-1-0.dll [2016/05/10 23:49:45 | 000,000,000 | ---D | C] -- C:\f8756be26704d6375b [2016/05/10 21:58:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2016/05/10 21:30:40 | 000,000,000 | ---D | C] -- C:\3f4e9cf4d9e08247aa4cee1f5530aae2 [2016/05/10 19:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Linksys [2016/05/10 15:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2016/05/10 15:10:15 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2016/05/10 14:17:06 | 000,000,000 | ---D | C] -- C:\5301576e678fd2fa2e2aa69a [2016/05/10 12:33:56 | 000,000,000 | ---D | C] -- C:\363c9100431405d757f164504b44b3 [2016/05/09 20:27:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2016/05/09 18:50:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2016/05/09 18:50:10 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2016/05/09 18:50:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2016/05/09 18:50:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2016/05/09 18:50:10 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2016/05/09 18:50:08 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2016/05/09 18:50:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2016/05/09 18:50:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2016/05/09 15:55:22 | 000,000,000 | ---D | C] -- C:\0a1001c89f3b239d3475be [2016/05/09 15:54:25 | 000,000,000 | ---D | C] -- C:\2864a3bde3417dce53 [2016/05/09 15:34:07 | 000,000,000 | ---D | C] -- C:\2e8b7eb3789d47c85dbc6550f7bfdd [2016/05/09 15:24:54 | 000,000,000 | ---D | C] -- C:\85657cc307c2c2950456e2a53dd9 [2016/05/09 15:14:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2016/05/09 15:13:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2016/05/09 15:13:07 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2016/05/09 15:13:07 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2016/05/09 15:13:07 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2016/05/09 15:13:07 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2016/05/09 15:13:06 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2016/05/09 15:13:06 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2016/05/09 15:13:06 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2016/05/09 15:13:06 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2016/05/09 15:13:05 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2016/05/09 15:13:05 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2016/05/09 15:13:00 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2016/05/09 15:13:00 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2016/05/09 15:13:00 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2016/05/09 15:13:00 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2016/05/09 15:13:00 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2016/05/09 14:57:45 | 000,000,000 | ---D | C] -- C:\8982676cb56719e6fe2d [2016/05/09 14:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\System Center Management Packs [2016/05/09 14:39:03 | 000,000,000 | ---D | C] -- C:\1caa2eb2aa29805efa71a692d6 [2016/05/09 14:25:12 | 000,000,000 | ---D | C] -- C:\67992b0c538fc68d8ce033b42355f22d [2016/05/09 14:16:52 | 000,000,000 | ---D | C] -- C:\cdd8b0bbb85dd7b28587f21374e4 [2016/05/09 14:11:18 | 000,000,000 | ---D | C] -- C:\57f000e9cab0ddf471524202b20ced86 [2016/05/09 12:37:59 | 000,000,000 | ---D | C] -- C:\d35e88c072bf443f21aefbfe [2016/05/09 09:46:49 | 000,000,000 | ---D | C] -- C:\315da4eee26b07004c10 [2016/05/09 09:41:31 | 000,000,000 | ---D | C] -- C:\e5d31c9f4f5127f6ab293f74c1a8 [2016/05/09 09:33:10 | 000,000,000 | ---D | C] -- C:\extensions [2016/05/07 21:38:59 | 000,000,000 | ---D | C] -- C:\Windows\temp [2016/05/07 21:38:59 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\AppData\Local\temp [2016/05/06 18:17:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2016/05/06 18:17:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2016/05/06 18:17:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2016/05/06 17:36:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2016/05/06 16:36:20 | 000,000,000 | ---D | C] -- C:\e5820a70fa4055a3b15ef6ca0a2d [2016/05/05 00:38:43 | 000,305,928 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys [2016/05/05 00:38:09 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 1.0 [2016/05/05 00:07:04 | 000,000,000 | ---D | C] -- C:\2027ee003d019dc954 [2016/05/04 21:39:47 | 000,170,200 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [2016/05/04 21:39:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [2016/05/04 21:38:53 | 000,126,336 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbamchameleon.sys [2016/05/04 21:38:53 | 000,053,120 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys [2016/05/04 21:38:53 | 000,024,448 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbam.sys [2016/05/04 21:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware [2016/05/04 21:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2016/05/04 21:18:47 | 000,000,000 | ---D | C] -- C:\c8232c9ebdb6f23555 [2016/05/04 17:47:49 | 000,000,000 | ---D | C] -- C:\a58f5c84d86ff96704d573e276ad [2016/05/04 15:31:23 | 000,000,000 | ---D | C] -- C:\28773a4392015d3dc5 [2016/05/04 14:51:48 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur [2016/05/04 14:12:42 | 000,000,000 | ---D | C] -- C:\c93aa2887dfda75c3b6b [2016/05/04 14:07:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\msmq [2016/05/03 14:38:54 | 000,050,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-SQLAgent$MICROSOFTSCM-sqlagtctr10.0.1600.22.dll [2016/05/03 14:31:34 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2016/05/03 14:30:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server [2016/05/01 18:53:50 | 000,000,000 | ---D | C] -- C:\eca9077219a1b39d66300fc0df [2016/05/01 18:44:59 | 000,000,000 | ---D | C] -- C:\0c2d5e12c4552d7d058d46843e [2016/05/01 17:51:49 | 000,000,000 | ---D | C] -- C:\93e6572aa4830c19a53d6bdb [2016/04/30 16:22:07 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\AppData\Roaming\AVAST Software [2016/04/29 22:51:04 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\AppData\Local\ElevatedDiagnostics [2016/04/29 22:39:52 | 000,000,000 | ---D | C] -- C:\01aaf2a69cb5d2beca40 [2016/04/29 22:30:03 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2016/04/29 22:25:27 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2016/04/29 22:25:26 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2016/04/29 22:25:26 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2016/04/29 22:25:26 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2016/04/29 22:25:25 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2016/04/29 22:25:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2016/04/29 22:25:24 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2016/04/29 22:25:24 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2016/04/29 22:25:24 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2016/04/29 22:25:24 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2016/04/29 22:25:24 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2016/04/29 22:25:23 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2016/04/29 22:25:23 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2016/04/29 22:25:23 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2016/04/29 22:25:23 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2016/04/29 22:25:23 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2016/04/29 22:25:22 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2016/04/29 22:25:22 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2016/04/29 22:25:22 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2016/04/29 22:25:20 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2016/04/29 22:25:20 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2016/04/29 22:25:20 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admp****.dll [2016/04/29 22:25:20 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2016/04/29 22:25:19 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2016/04/29 22:25:19 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2016/04/29 22:25:18 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2016/04/29 22:25:18 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2016/04/29 22:25:18 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2016/04/29 22:25:18 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2016/04/29 21:50:53 | 000,000,000 | ---D | C] -- C:\2de5ecb5eb1f30c5571f293ed367 [2016/04/29 19:48:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy [2016/04/29 19:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy [2016/04/29 19:45:01 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\AppData\Local\Google [2016/04/29 19:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2016/04/24 16:49:10 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\AppData\Local\Bazwise [2016/04/24 16:49:09 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\AppData\Roaming\Bazwise [2016/04/24 15:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2016/05/23 12:03:50 | 000,659,212 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2016/05/23 12:03:50 | 000,123,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2016/05/23 12:01:48 | 000,000,728 | ---- | M] () -- C:\Users\Public\Documents\bootracer.ini [2016/05/23 11:59:22 | 000,004,800 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2016/05/23 11:59:21 | 000,004,800 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2016/05/23 11:58:39 | 000,293,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2016/05/23 11:58:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2016/05/23 11:53:34 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2016/05/22 22:08:18 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_183 [2016/05/22 12:50:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\procdump [2016/05/20 12:27:35 | 000,001,952 | ---- | M] () -- C:\Users\MrBreeze\Desktop\Tweaking.com - Windows Repair.lnk [2016/05/20 12:04:58 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_408 [2016/05/20 11:35:05 | 000,000,550 | ---- | M] () -- C:\Windows\tasks\Tweaking.com - Windows Repair Tray Icon.job [2016/05/20 09:33:16 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_570 [2016/05/19 17:44:04 | 000,209,432 | ---- | M] () -- C:\Windows\RegBootClean.exe [2016/05/18 12:39:33 | 000,040,960 | ---- | M] () -- C:\Users\Public\Documents\bootracer.his [2016/05/18 11:07:50 | 000,024,576 | ---- | M] () -- C:\Users\MrBreeze\Documents\EasyBCD Backup (2016-05-18).bcd [2016/05/17 13:15:53 | 000,000,804 | ---- | M] () -- C:\Users\MrBreeze\Desktop\UnHackMe.lnk [2016/05/17 10:29:35 | 000,040,304 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys [2016/05/17 10:29:32 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2016/05/17 10:29:32 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt [2016/05/17 10:29:32 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat [2016/05/16 10:14:05 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_366 [2016/05/15 23:35:42 | 000,170,200 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [2016/05/15 23:19:24 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_286 [2016/05/15 21:50:10 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_527 [2016/05/15 16:25:04 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_19 [2016/05/14 22:19:03 | 000,797,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2016/05/14 22:19:03 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2016/05/14 22:10:22 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_584 [2016/05/14 21:40:16 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-MRBREEZE-PC-Windows-Vista--Home-Basic-(32-bit).dat [2016/05/14 19:33:12 | 000,001,952 | ---- | M] () -- C:\Users\MrBreeze\Application Data\Microsoft\Internet Explorer\Quick Launch\Tweaking.com - Windows Repair.lnk [2016/05/12 21:46:57 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif [2016/05/12 16:28:35 | 000,000,680 | ---- | M] () -- C:\Users\MrBreeze\AppData\Local\d3d9caps.dat [2016/05/11 12:57:35 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk [2016/05/10 19:08:29 | 008,697,832 | ---- | M] () -- C:\Users\MrBreeze\Documents\E_Series_UG_E900Rev_3425-01486_Web.pdf [2016/05/09 15:41:03 | 000,000,794 | ---- | M] () -- C:\Users\MrBreeze\Desktop\D2D5DEM1 - Shortcut.lnk [2016/05/09 14:57:34 | 002,162,688 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl [2016/05/09 14:57:33 | 000,114,688 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf [2016/05/09 14:57:33 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx [2016/05/09 09:44:41 | 000,065,536 | ---- | M] () -- C:\Windows\SPInstall.etl [2016/05/07 21:32:07 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_338 [2016/05/05 01:30:03 | 000,000,010 | ---- | M] () -- C:\Users\MrBreeze\AppData\Local\sponge.last.runtime.cache [2016/05/05 01:17:46 | 000,293,082 | ---- | M] () -- C:\Users\MrBreeze\AppData\Local\census.cache [2016/05/05 01:17:37 | 000,297,382 | ---- | M] () -- C:\Users\MrBreeze\AppData\Local\ars.cache [2016/04/29 22:30:28 | 000,000,943 | ---- | M] () -- C:\Users\MrBreeze\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2016/04/29 22:26:07 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2016/04/29 22:26:07 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2016/04/29 22:25:27 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2016/04/29 22:25:26 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2016/04/29 22:25:26 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2016/04/29 22:25:26 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2016/04/29 22:25:25 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2016/04/29 22:25:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2016/04/29 22:25:24 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2016/04/29 22:25:24 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2016/04/29 22:25:24 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2016/04/29 22:25:24 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2016/04/29 22:25:24 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2016/04/29 22:25:23 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2016/04/29 22:25:23 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2016/04/29 22:25:23 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2016/04/29 22:25:23 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2016/04/29 22:25:23 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2016/04/29 22:25:23 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2016/04/29 22:25:22 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2016/04/29 22:25:22 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2016/04/29 22:25:22 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2016/04/29 22:25:20 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2016/04/29 22:25:20 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2016/04/29 22:25:20 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admp****.dll [2016/04/29 22:25:20 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2016/04/29 22:25:19 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2016/04/29 22:25:19 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2016/04/29 22:25:18 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2016/04/29 22:25:18 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2016/04/29 22:25:18 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2016/04/29 22:25:18 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2016/04/29 19:52:09 | 000,001,995 | ---- | M] () -- C:\Users\MrBreeze\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2016/04/29 19:48:11 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2016/04/26 13:28:57 | 000,005,120 | ---- | M] () -- C:\Users\MrBreeze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2016/04/24 15:08:05 | 013,332,480 | ---- | M] () -- C:\Users\MrBreeze\Documents\libva-intel-driver-1.7.0.tar [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files Created - No Company Name ========== [2016/05/22 12:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\procdump [2016/05/20 11:32:24 | 000,293,288 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2016/05/19 17:44:03 | 000,209,432 | ---- | C] () -- C:\Windows\RegBootClean.exe [2016/05/18 11:07:49 | 000,024,576 | ---- | C] () -- C:\Users\MrBreeze\Documents\EasyBCD Backup (2016-05-18).bcd [2016/05/17 13:43:42 | 000,040,960 | ---- | C] () -- C:\Users\Public\Documents\bootracer.his [2016/05/17 13:40:19 | 000,000,728 | ---- | C] () -- C:\Users\Public\Documents\bootracer.ini [2016/05/17 13:15:53 | 000,000,804 | ---- | C] () -- C:\Users\MrBreeze\Desktop\UnHackMe.lnk [2016/05/17 10:29:32 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat [2016/05/14 21:40:16 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-MRBREEZE-PC-Windows-Vista--Home-Basic-(32-bit).dat [2016/05/14 19:33:12 | 000,001,952 | ---- | C] () -- C:\Users\MrBreeze\Application Data\Microsoft\Internet Explorer\Quick Launch\Tweaking.com - Windows Repair.lnk [2016/05/14 19:29:49 | 000,001,952 | ---- | C] () -- C:\Users\MrBreeze\Desktop\Tweaking.com - Windows Repair.lnk [2016/05/14 19:29:49 | 000,000,550 | ---- | C] () -- C:\Windows\tasks\Tweaking.com - Windows Repair Tray Icon.job [2016/05/11 12:57:35 | 000,001,996 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk [2016/05/11 12:57:35 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk [2016/05/10 19:08:27 | 008,697,832 | ---- | C] () -- C:\Users\MrBreeze\Documents\E_Series_UG_E900Rev_3425-01486_Web.pdf [2016/05/10 15:11:32 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2016/05/09 15:41:03 | 000,000,794 | ---- | C] () -- C:\Users\MrBreeze\Desktop\D2D5DEM1 - Shortcut.lnk [2016/05/09 15:13:02 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2016/05/09 15:13:02 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2016/05/09 15:13:02 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2016/05/09 09:30:46 | 000,457,799 | ---- | C] () -- C:\Users\MrBreeze\Desktop\Windows6.0-KB2889748-x86.msu [2016/05/09 09:30:25 | 000,457,799 | ---- | C] () -- C:\Windows6.0-KB2889748-x86.msu [2016/05/06 18:17:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2016/05/06 18:17:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2016/05/06 18:17:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2016/05/06 18:17:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2016/05/06 18:17:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2016/05/01 17:50:16 | 000,230,241 | ---- | C] () -- C:\Users\MrBreeze\Documents\Windows6.0-KB2743187-v2-x86.msu [2016/04/29 22:25:23 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2016/04/29 19:48:11 | 000,001,995 | ---- | C] () -- C:\Users\MrBreeze\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2016/04/29 19:48:11 | 000,001,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [2016/04/29 19:48:11 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2016/04/24 16:51:12 | 013,332,480 | ---- | C] () -- C:\Users\MrBreeze\Documents\libva-intel-driver-1.7.0.tar [2016/04/22 16:16:36 | 000,633,199 | ---- | C] () -- C:\Users\MrBreeze\Windows6.0-KB2889748-x64.msu [2016/04/22 16:16:22 | 000,457,799 | ---- | C] () -- C:\Users\MrBreeze\Windows6.0-KB2889748-x86.msu [2016/04/21 13:49:44 | 000,293,082 | ---- | C] () -- C:\Users\MrBreeze\AppData\Local\census.cache [2016/04/21 13:49:27 | 000,297,382 | ---- | C] () -- C:\Users\MrBreeze\AppData\Local\ars.cache [2016/04/19 01:48:29 | 000,000,010 | ---- | C] () -- C:\Users\MrBreeze\AppData\Local\sponge.last.runtime.cache [2016/04/19 01:19:51 | 000,000,036 | ---- | C] () -- C:\Users\MrBreeze\AppData\Local\housecall.guid.cache [2016/04/17 11:07:12 | 000,000,680 | ---- | C] () -- C:\Users\MrBreeze\AppData\Local\d3d9caps.dat [2016/04/09 16:05:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2016/04/09 16:04:15 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2016/04/09 16:04:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2016/04/05 18:11:22 | 000,005,120 | ---- | C] () -- C:\Users\MrBreeze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2016/04/05 13:06:59 | 000,000,004 | ---- | C] () -- C:\Windows\Pix11.dat [2014/08/18 22:07:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll ========== ZeroAccess Check ========== [2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009/04/11 01:28:26 | 011,584,000 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = c:\windows\system32\wbem\fastprox.dll -- [2009/04/11 01:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = c:\windows\system32\wbem\wbemess.dll -- [2009/04/11 01:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009/04/11 01:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2006/11/17 01:04:53 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2016/05/23 11:58:23 | 3203,399,680 | -HS- | M] () -- C:\pagefile.sys [2016/04/05 13:05:56 | 000,000,163 | ---- | M] () -- C:\power2go.log [2016/04/05 12:55:54 | 000,000,002 | RHS- | M] () -- C:\USER [2014/04/10 13:05:18 | 000,457,799 | ---- | M] () -- C:\Windows6.0-KB2889748-x86.msu < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > [2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %PROGRAMFILES%\* > [2016/04/09 15:50:18 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2016/04/19 02:09:35 | 000,887,152 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2016/04/19 02:09:35 | 000,887,152 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2016/04/19 02:09:35 | 000,887,152 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2016/04/19 02:10:02 | 000,392,136 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2016/04/19 02:10:02 | 000,392,136 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2016/04/19 02:10:02 | 000,392,136 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2016/04/06 05:05:03 | 000,874,648 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2016/04/06 05:05:03 | 000,874,648 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2016/04/06 05:05:03 | 000,874,648 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2016/04/06 05:05:03 | 000,874,648 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2016/04/29 22:25:23 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2016/04/29 22:25:23 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2016/04/29 22:25:23 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/10/13 05:49:16 | 000,757,488 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2013/10/13 05:49:16 | 000,757,488 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2016/04/19 02:09:35 | 000,887,152 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2016/04/19 02:09:35 | 000,887,152 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2016/04/19 02:09:35 | 000,887,152 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2016/04/19 02:10:02 | 000,392,136 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2016/04/19 02:10:02 | 000,392,136 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2016/04/19 02:10:02 | 000,392,136 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2016/04/06 05:05:03 | 000,874,648 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2016/04/06 05:05:03 | 000,874,648 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2016/04/06 05:05:03 | 000,874,648 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2016/04/06 05:05:03 | 000,874,648 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2016/04/29 22:25:23 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2016/04/29 22:25:23 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2016/04/29 22:25:23 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/10/13 05:49:16 | 000,757,488 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2013/10/13 05:49:16 | 000,757,488 | ---- | M] (Microsoft Corporation) < End of report > Quote
SPSpellman Posted June 16, 2016 Author Posted June 16, 2016 [ATTACH=CONFIG]1497.vB5-legacyid=2585[/ATTACH] Quote
ExTS Admin Starbuck Posted June 16, 2016 ExTS Admin Posted June 16, 2016 Hi Scott, I've sorted out why you couldn't reply to the previous moved thread....... Normal members can only reply to their own thread in the Malware Removal forum, they can't reply to another members thread. When I split the posts away from the original thread I forgot that one of my posts was the first one..... this made me the original poster of the thread. I should have made one of your posts the first one. You should be able to reply to this thread without a problem now. The FRST fix ran ok. Otl searches for slightly different things, that's why I wanted to see the reports. There's nothing there that we didn't already know. Thanks any way. Can you give me an update on how the system is running now. Sorry about that. Quote Member of:UNITE
SPSpellman Posted June 16, 2016 Author Posted June 16, 2016 "Windows Could Not Search for Updates" still getting this. Otherwise Starting the PC has been hit and miss.I think the RAM modules may be compatible the PC starts every morning.I'm afraid to use F10 to boot into safe mode the last few time it wouldn't let me.I can use F8 and get in that way.I was looking at the BIOS to attempt to understand.After using Speccy to locate the correct version and motherboard I went to Intel ,found the board BIOS for my motherboard/Chip set it is now dated 2006 the updated BIOS is dated 2007 I downloaded and ran it and it said it was not for my machine.After deleting the the suggested programs the PC is quieter and seems a lot better.I ran ADWare and found zero problems ran Malwarebytes and zero problems.What is your opinion on CCleaner? after running the cleaner I ran the Registry cleaner and did not delete all the files it found.The majority of which were described as invalid firewall rules:[ATTACH=CONFIG]1498.vB5-legacyid=2590[/ATTACH] Scott Quote
ExTS Admin Starbuck Posted June 16, 2016 ExTS Admin Posted June 16, 2016 Hi Scott, I'm afraid to use F10 to boot into safe mode the last few time it wouldn't let me.I can use F8 and get in that way. Using the F8 key is a recognized way of entering Safe Mode. So F8 is fine. After using Speccy to locate the correct version and motherboard I went to Intel ,found the board BIOS for my motherboard/Chip set it is now dated 2006 the updated BIOS is dated 2007 I downloaded and ran it and it said it was not for my machine Running a bios upgrade is fraught with danger. It's so easy to mess up the bios doing this and unless you are experienced, it's not recommended. After deleting the the suggested programs the PC is quieter and seems a lot better. That's something then. I ran ADWare and found zero problems ran Malwarebytes and zero problems That's good. I don't see that the problems you are experiencing are malware related. The problems are either a conflict with software or file corruption. What is your opinion on CCleaner? after running the cleaner I ran the Registry cleaner and did not delete all the files it found CCleaner does have its uses, but I recommend staying away from the Registry section. Although you may be told that the entries are invalid.... I'd take that with a pinch of salt. Look on the registry as the 'Heart' of your system. If you mess that up, you could kill your system. The registry is quite robust and a few invalid entries won't make any difference. I see that you have 'Windows Repair' (Tweaking.com) installed. What options have you run with this program? Have you run any repairs from the 'Repair' section? It is a good program and one that we can use...... but I don't want to duplicate anything that you have already run. Quote Member of:UNITE
SPSpellman Posted June 17, 2016 Author Posted June 17, 2016 Man alive..ridiculous problems abound ,now. This AM cold start refused to start. ran Repair (1) root cause. Started up. Avast no longer runs and when I try to set it to Start Automatically or ANY other settings in Services it says Access Denied.#2 Second, I have No Restore points .I cannot use System Restore at all. I eventually get " Catastrophic Failure" 0x8000FFFF IN Safe Mode Command Prompt Run As Administrator sfc /scannow I get " Windows Resource Protection Could bot perform the requested operation". I read on line that with Command Prompt I should activate the Administrator so I did that yesterday with command prompt ...Now I have three user accounts when it starts..Administrator, MrBreeze and Scott.A Tech sales guy said he would send 5300 unbufferd RAM modules that was the suggested modules from the "Crucial scan" The date that Avast was Stopped was today at 1:05 PM..Im lost. Feels like I have zero control over this PC. Im thinking about re running Tweaking.coms latest version I donated $5.00 bucks yes I first ran it from disconnected power up into Safe Mode with Networking ran all the Repairs unchecked the Windows 8 10 boxes..I am overwhelmed. I have run Windows Repair two times in about 3 weeks but that was before I used the command prompt and opened up an Administrator user . Windows Repair was set to run on my Recovery partition disk D I pray that that was not infected or messed up.:confused2: Quote
ExTS Admin Starbuck Posted June 18, 2016 ExTS Admin Posted June 18, 2016 Hi Scott, To be honest, with all the problems you are encountering.... now would be the time to consider a re-install of the OS. Quote Member of:UNITE
SPSpellman Posted June 18, 2016 Author Posted June 18, 2016 [ATTACH=CONFIG]1499.vB5-legacyid=2591[/ATTACH]Hi Scott, To be honest, with all the problems you are encountering.... now would be the time to consider a re-install of the OS. Only this morning I had no problem starting it .It booted right up without a hitch. I am concerned about Windows Update showing no updates when I used recovery drive D the updates ran constantly. Can I be confident drive D has not been negatively effected by Tweaking.com All In One Repairs ? I do not have a or even understand how to create a recovery disk. Because this AM it booted and started without any problems showing is it safe "yet" to assume the RAM modules are the correct ones after one good start up ? Again, I can get the Crucial type modules as described in the scan. We will have to wait for them to come in the mail usually 3 business days. Thank you so much,Scott[ATTACH=CONFIG]1495.vB5-legacyid=2592[/ATTACH] Quote
ExTS Admin Starbuck Posted June 18, 2016 ExTS Admin Posted June 18, 2016 Hi Scott, is it safe "yet" to assume the RAM modules are the correct ones after one good start up ? Incorrect Ram can cause all sorts of problems.... but I'd have thought that these problems would have been on going... not intermittent. By all means wait for the correct Ram ( not sure why they didn't send the correct Ram to start with ) I am concerned about Windows Update showing no updates when I used recovery drive D the updates ran constantly. Can I be confident drive D has not been negatively effected by Tweaking.com All In One Repairs ? So what exactly do you store on Drive D? Quote Member of:UNITE
SPSpellman Posted June 20, 2016 Author Posted June 20, 2016 D has Vista Home Basic restore 2006 , an old version of everything ,IE, and other outdated software I removed when my Dell 4600 hard drive crashed. Quote
ExTS Admin Starbuck Posted June 21, 2016 ExTS Admin Posted June 21, 2016 So if the problem isn't related to the Ram, you could run a reinstall from the restore... if needed? Quote Member of:UNITE
SPSpellman Posted June 25, 2016 Author Posted June 25, 2016 [ATTACH=CONFIG]1500.vB5-legacyid=2593[/ATTACH]So if the problem isn't related to the Ram, you could run [ATTACH=CONFIG]1501.vB5-legacyid=2594[/ATTACH] a reinstall from the restore... if needed? Quote
KenB Posted June 26, 2016 Posted June 26, 2016 Starbuck is on holiday for a while - I am sure he will pick this up on his return :) Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
SPSpellman Posted June 28, 2016 Author Posted June 28, 2016 Thanks. I'd like to add, the Network settings and all that implies and includes are of great concern to me not having set them correctly. Quote
ExTS Admin Starbuck Posted July 4, 2016 ExTS Admin Posted July 4, 2016 Hi Scott, Sorry for the delay. The error code 80073712 may occur if the Component-Based Servicing (CBS) manifest is corrupted. Try running the System Update Readiness tool and see if that corrects the issue. Quote Member of:UNITE
SPSpellman Posted July 7, 2016 Author Posted July 7, 2016 Installed it. Not sure it ran. I don't know how to run it manually. Nevertheless Windows Update fails. I do however have the correct RAM and there are no startup problems whatsoever and THANK YOU for resolving that issue. Maybe because I have Vista SP2 that all the available updates are installed ? Upgrading to Windows 7 Premium is what I would like to do being certain that would install without issues. Also, I would like to at some point address the network settings everywhere I have access and control that effects me. Quote
ExTS Admin Starbuck Posted July 7, 2016 ExTS Admin Posted July 7, 2016 (edited) Hi Scott, Maybe because I have Vista SP2 that all the available updates are installed ? Mainstream support for Vista finished on April 10, 2012. The extended life support finishes next year....April 11th 2017 This means that there are no normal updates for Vista, only security fixes until end of life support. After April next year M$ will no longer support Vista at all. I would like to at some point address the network settings everywhere I have access and control that effects me. I'm not sure that I understand..... what exactly do you mean? Edited July 8, 2016 by Starbuck Quote Member of:UNITE
SPSpellman Posted July 8, 2016 Author Posted July 8, 2016 "Local Area Connection Properties" starts with "Client for Microsoft" I have photos I would love to upload but no matter how I resize them they won't upload that show the settings. Quote
ExTS Admin Starbuck Posted July 8, 2016 ExTS Admin Posted July 8, 2016 "Local Area Connection Properties" starts with "Client for Microsoft" You mean something like this.......... http://img.photobucket.com/albums/v708/starbuck50/c01902075_zpsvo0lorxr.jpg That's normal. The Client for Microsoft Networks is an essential networking software component for the Microsoft Windows family of operating systems. A Windows computer must run the Client for Microsoft Networks to remotely access files, printers and other shared network resources. I have photos I would love to upload but no matter how I resize them they won't upload that show the settings. Where are you trying to upload them to? What settings do you want to show? I'm sorry I don't understand what you are trying to do. Quote Member of:UNITE
SPSpellman Posted July 9, 2016 Author Posted July 9, 2016 YES those are exactly the ones I want to feel good about. Every one of those settings shown are checked.Although I have twice as many settings in that box and they, too are checked.Can't upload photos of them in this reply. My concern is maybe they have something to do with the dad blame Windows Updates continued error and failing to update or even run. Quote
ExTS Admin Starbuck Posted July 9, 2016 ExTS Admin Posted July 9, 2016 Hi Scott Can't upload photos of them in this reply. How are you trying to upload the pics? ..... there are a couple of ways of doing this. Are you trying to add them as attachments or are you using the IMG code from an online storage site? ( like Photobucket ) More often than not I use the IMG code method. Quote Member of:UNITE
SPSpellman Posted July 11, 2016 Author Posted July 11, 2016 (edited) Inside the Reply box theres an icon that says insert image.Thats the only way I know how to upload photos. http://i10.photobucket.com/albums/a135/MrBreeze1200/1_600x480_750x600.jpg http://i10.photobucket.com/albums/a135/MrBreeze1200/2_600x480_600x480.jpg Edited July 12, 2016 by Starbuck Quote
SPSpellman Posted July 11, 2016 Author Posted July 11, 2016 I did it..lol OK now can we address the ONLY two remaining issues.1. Windows Update failing 2.CPU runs at 100 % Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.