Jump to content

Recommended Posts

Posted (edited)

Fix result of Farbar Recovery Scan Tool (x86) Version:15-06-2016

Ran by MrBreeze (2016-06-15 20:01:02) Run:1

Running from C:\Users\MrBreeze\Downloads

Loaded Profiles: MrBreeze (Available Profiles: MrBreeze & Scott & Administrator)

Boot Mode: Normal

 

 

==============================================

 

 

fixlist content:

*****************

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-67880207-1905697065-243471585-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1000 -> {47B50246-2234-4B64-AAB2-296D71F49BDE} URL =

FF user.js: detected! => C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\ Profiles\8t3xh1at.default-1461110741824\user.js [2016-06-07]

CHR Extension: (Entanglement Web App) - C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchp hgkefd [2016-06-13]

CHR Extension: (Poppit!) - C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopgl ifcfmi [2016-06-13]

U3 DFSR; no ImagePath

S3 ialm; system32\DRIVERS\igdkmd32.sys [X]

S3 igfx; system32\DRIVERS\igdkmd32.sys [X]

U0 Partizan; system32\drivers\Partizan.sys [X]

U4 UmRdpService; no ImagePath

Task: {30D25F1F-0D94-4911-B53A-76B996003FE2} - \SlimCleaner Run -> No File <==== ATTENTION

AlternateDataStreams: C:\ProgramData\TEMP:E965A533 [111]

CMD: ipconfig /flushdns

EmptyTemp:

Hosts:

 

 

 

 

 

 

 

 

 

 

*****************

 

 

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.

"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.

"HKU\S-1-5-21-67880207-1905697065-243471585-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully

HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully

HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully

HKU\S-1-5-21-67880207-1905697065-243471585-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.

"HKU\S-1-5-21-67880207-1905697065-243471585-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{47B50246-2234-4B64-AAB2-296D71F49BDE}" => key removed successfully.

HKCR\CLSID\{47B50246-2234-4B64-AAB2-296D71F49BDE} => key not found.

C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\ Profiles\8t3xh1at.default-1461110741824\user.js => not found.

C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchp hgkefd => not found.

C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopgl ifcfmi => not found.

DFSR => service removed successfully.

ialm => service removed successfully.

igfx => service removed successfully.

Partizan => service removed successfully.

UmRdpService => service removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{30D25F1F-0D94-4911-B53A-76B996003FE2}" => key removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30D25F1F-0D94-4911-B53A-76B996003FE2}" => key removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SlimCleaner Run" => key removed successfully.

C:\ProgramData\TEMP => ":E965A533" ADS removed successfully..

 

 

========= ipconfig /flushdns =========

 

 

 

 

Windows IP Configuration

 

 

Successfully flushed the DNS Resolver Cache.

 

 

========= End of CMD: =========

 

 

C:\Windows\System32\Drivers\etc\hosts => moved successfully

Hosts restored successfully.

EmptyTemp: => 298.7 MB temporary data Removed.

 

 

 

 

The system needed a reboot.

 

 

==== End of Fixlog 20:02:06 ====

Edited by SPSpellman
  • Replies 37
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

Posted

OTL Extras logfile created on: 5/23/2016 12:29:00 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MrBreeze\Downloads

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1.99 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 47.68% Memory free

4.92 Gb Paging File | 3.92 Gb Available in Paging File | 79.77% Paging File free

Paging file location(s): c:\pagefile.sys 3055 6000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 103.29 Gb Total Space | 63.34 Gb Free Space | 61.33% Space Free | Partition Type: NTFS

Drive D: | 8.50 Gb Total Space | 3.61 Gb Free Space | 42.43% Space Free | Partition Type: NTFS

 

Computer Name: MRBREEZE-PC | User Name: MrBreeze | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-67880207-1905697065-243471585-1000]

"EnableNotificationsRef" = 2

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-67880207-1905697065-243471585-500]

"EnableNotificationsRef" = 2

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{048EC4B1-7B9B-437D-ACD9-6F0C3128D682}" = rport=138 | protocol=17 | dir=out | app=system |

"{04B4CE29-6F34-437B-BCB6-CD03D49519D0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{11B2B4C9-0E5F-47E3-ADD3-F289FA5B6F1B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{21B9ADE3-4648-4ED2-9EFF-E978946EE5E5}" = lport=445 | protocol=6 | dir=in | app=system |

"{2228BA1B-DC28-41B5-A303-5955A489338A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{2B213D14-A65C-46B6-B066-6C1B7843C635}" = lport=138 | protocol=17 | dir=in | app=system |

"{2D85C8C2-D4C6-435D-85EE-43FDE5FDEFBF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{2E02E9DA-D954-4502-8331-E95B17684843}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{31918ADD-AAD9-4C9E-BA1E-4FAD6A31889D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{3716BDE2-3772-4DDF-9F59-7FDF8A24D270}" = rport=445 | protocol=6 | dir=out | app=system |

"{3B50AA39-79FD-4EE9-8350-AE9B36A14AFD}" = rport=137 | protocol=17 | dir=out | app=system |

"{44546349-B5BE-4FB1-9659-EEDE1353F564}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{496CF423-FB8D-46B0-A63C-7B49312EC362}" = lport=137 | protocol=17 | dir=in | app=system |

"{4AC18FB3-D013-4C32-9BA4-33888C288953}" = lport=137 | protocol=17 | dir=in | app=system |

"{5E50EFA7-2126-4B02-A8BE-AEB32B4C9A26}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{69FA9359-4FD6-4D79-94A4-4114EDA3DB7D}" = lport=139 | protocol=6 | dir=in | app=system |

"{70CF4561-E1B3-4FBA-B14C-90523A30E461}" = rport=445 | protocol=6 | dir=out | app=system |

"{7157E791-D2D5-46F2-AEF6-482C71BA8D82}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{7BABDA40-A383-48B7-BF56-596E14C603C3}" = lport=138 | protocol=17 | dir=in | app=system |

"{A4FF04BD-EC04-4A92-984A-AF0040E18D17}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{AE1EBFCD-3117-4EB4-BDCE-313F967BFDDE}" = rport=137 | protocol=17 | dir=out | app=system |

"{B0E1EA8B-4AC6-4DD7-B94E-633D2A096A43}" = lport=139 | protocol=6 | dir=in | app=system |

"{B1E77BC3-4610-4EE0-B291-234886F38CD4}" = rport=138 | protocol=17 | dir=out | app=system |

"{BDF430FD-B21A-4D1C-885C-5555463D2AED}" = lport=445 | protocol=6 | dir=in | app=system |

"{DA546AB9-3098-4805-A138-E77E85AD1612}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{EF2CDB9F-F351-48B6-ADE6-CEF0ED371675}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{EF865607-324A-4F83-A40E-B1FA6DB570CE}" = rport=139 | protocol=6 | dir=out | app=system |

"{EFF15936-2220-43DC-A394-697CDF5220B4}" = rport=139 | protocol=6 | dir=out | app=system |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{13352222-CB9A-4F74-B0B2-1ED6BD48139B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{2068C167-0F7E-42BD-8E44-47E7952E235E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{24083A9D-BBD1-4321-86E6-70A3A21B1321}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{3630F630-F441-4B0F-9681-DDED8206C5A5}" = protocol=6 | dir=in | app=c:\program files\microsoft security client\msseces.exe |

"{3AE8C1B3-0C8F-41ED-803B-BA6E28750369}" = protocol=17 | dir=in | app=c:\program files\microsoft security client\msseces.exe |

"{5317BAC5-3518-4F66-9005-4446D8472540}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{6FFD73E5-A029-4EC2-AD3C-B7A38BF62F27}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{84A6B385-7143-42FC-8CE0-893372F40F71}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{D5D2C593-7C37-4852-8635-C9460666493D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{E7A9950D-0CBD-4E26-9668-19C3C673AFEF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{F92BF169-FF04-4832-8F42-9BB163F12E83}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{046775C7-701F-4386-BCF4-5ADA66E41F51}" = BootRacer

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{3AEFF4E0-C0F2-ECCC-6420-A2A008D52DF2}" = Application Compatibility Toolkit

"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper

"{6C870B12-6FF2-68FC-8C3B-DD177BBF3F92}" = Toolkit Documentation

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{74d0e5db-b326-4dae-a6b2-445b9de1836e}" = Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026

"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = eMachines Recovery Center Installer

"{7F52C251-8EB6-410D-9E84-45E8E4993A48}" = Microsoft SharePoint 2010 Products OpsMgr 2007 MP en-us

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer

"{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5

"{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23026

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.16)

"{B74E65FD-CC47-41C5-4B89-791A3F61942D}" = Kits Configuration Installer

"{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23026

"{BF455BD4-60BB-4E6E-867A-B4F57BC1164B}" = Microsoft Security Client

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D5558268-0050-4B95-AD5E-426960E1EFE1}" = Intel® Network Connections 15.3.68.0

"{e9e06304-a604-434b-b35f-d9beb94dc06d}" = Windows Assessment and Deployment Kit for Windows 8.1

"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package

"Adobe Flash Player ActiveX" = Adobe Flash Player 21 ActiveX

"Adobe Flash Player NPAPI" = Adobe Flash Player 21 NPAPI

"CCleaner" = CCleaner

"Google Chrome" = Google Chrome

"HDMI" = Intel® Graphics Media Accelerator Driver

"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.2.1.1043

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Security Client" = Microsoft Security Essentials

"Mozilla Firefox 45.0.2 (x86 en-US)" = Mozilla Firefox 45.0.2 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"PROSetDX" = Intel® Network Connections 15.3.68.0

"Speccy" = Speccy

"Tweaking.com - Windows Repair" = Tweaking.com - Windows Repair

"UnHackMe_is1" = UnHackMe 8.00

"WinPcapInst" = WinPcap 4.1.3

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 5/23/2016 12:54:53 PM | Computer Name = MrBreeze-PC | Source = EventSystem | ID = 4609

Description =

 

Error - 5/23/2016 12:54:53 PM | Computer Name = MrBreeze-PC | Source = VSS | ID = 8193

Description = Volume Shadow Copy Service error: Unexpected error calling routine

CoCreateInstance. hr = 0x80040206.

 

Error - 5/23/2016 12:55:07 PM | Computer Name = MrBreeze-PC | Source = EventSystem | ID = 4609

Description =

 

Error - 5/23/2016 12:55:07 PM | Computer Name = MrBreeze-PC | Source = VSS | ID = 8193

Description = Volume Shadow Copy Service error: Unexpected error calling routine

CoCreateInstance. hr = 0x80040206.

 

Error - 5/23/2016 1:06:14 PM | Computer Name = MrBreeze-PC | Source = VSS | ID = 34

Description = Volume Shadow Copy Service error: The VSS event class is not registered.

This will prevent any VSS writers from receiving events. This may be caused due

to a setup failure or as a result of an application's installer or uninstaller.

 

 

 

 

Operation:

 

 

Gathering Writer Data Executing Asynchronous Operation Context: Execution

Context: Requestor Current State: GatherWriterMetadata

 

Error - 5/23/2016 1:06:14 PM | Computer Name = MrBreeze-PC | Source = VSS | ID = 8193

Description = Volume Shadow Copy Service error: Unexpected error calling routine

CoCreateInstance. hr = 0x80040154. Operation: Gathering Writer Data Executing

Asynchronous Operation Context: Execution Context: Requestor Current State:

GatherWriterMetadata

 

Error - 5/23/2016 1:06:15 PM | Computer Name = MrBreeze-PC | Source = System Restore | ID = 8193

Description = Failed to create restore point on volume (Process = C:\Windows\system32\svchost.exe

-k netsvcs; Descripton = Windows Update; Hr = 0x8000ffff).

 

Error - 5/23/2016 1:31:09 PM | Computer Name = MrBreeze-PC | Source = VSS | ID = 34

Description = Volume Shadow Copy Service error: The VSS event class is not registered.

This will prevent any VSS writers from receiving events. This may be caused due

to a setup failure or as a result of an application's installer or uninstaller.

 

 

 

 

Operation:

 

 

Gathering Writer Data Executing Asynchronous Operation Context: Execution

Context: Requestor Current State: GatherWriterMetadata

 

Error - 5/23/2016 1:31:09 PM | Computer Name = MrBreeze-PC | Source = VSS | ID = 8193

Description = Volume Shadow Copy Service error: Unexpected error calling routine

CoCreateInstance. hr = 0x80040154. Operation: Gathering Writer Data Executing

Asynchronous Operation Context: Execution Context: Requestor Current State:

GatherWriterMetadata

 

Error - 5/23/2016 1:31:09 PM | Computer Name = MrBreeze-PC | Source = System Restore | ID = 8193

Description = Failed to create restore point on volume (Process = C:\WINDOWS\System32\wbem\WmiPrvSE.exe;

Descripton = OTL Restore Point - 5/23/2016 12:31:08 PM; Hr = 0x8000ffff).

 

[ System Events ]

Error - 5/23/2016 12:33:51 PM | Computer Name = MrBreeze-PC | Source = DCOM | ID = 10005

Description =

 

Error - 5/23/2016 12:34:01 PM | Computer Name = MrBreeze-PC | Source = DCOM | ID = 10005

Description =

 

Error - 5/23/2016 12:34:04 PM | Computer Name = MrBreeze-PC | Source = DCOM | ID = 10005

Description =

 

Error - 5/23/2016 12:34:48 PM | Computer Name = MrBreeze-PC | Source = Service Control Manager | ID = 7001

Description =

 

Error - 5/23/2016 12:34:48 PM | Computer Name = MrBreeze-PC | Source = Service Control Manager | ID = 7001

Description =

 

Error - 5/23/2016 12:34:48 PM | Computer Name = MrBreeze-PC | Source = Service Control Manager | ID = 7001

Description =

 

Error - 5/23/2016 12:34:48 PM | Computer Name = MrBreeze-PC | Source = Service Control Manager | ID = 7026

Description =

 

Error - 5/23/2016 12:50:07 PM | Computer Name = MrBreeze-PC | Source = DCOM | ID = 10005

Description =

 

Error - 5/23/2016 12:53:55 PM | Computer Name = MrBreeze-PC | Source = DCOM | ID = 10005

Description =

 

Error - 5/23/2016 1:00:10 PM | Computer Name = MrBreeze-PC | Source = Service Control Manager | ID = 7001

Description =

 

 

< End of report >

Posted

OTL logfile created on: 5/23/2016 12:29:00 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MrBreeze\Downloads

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1.99 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 47.68% Memory free

4.92 Gb Paging File | 3.92 Gb Available in Paging File | 79.77% Paging File free

Paging file location(s): c:\pagefile.sys 3055 6000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 103.29 Gb Total Space | 63.34 Gb Free Space | 61.33% Space Free | Partition Type: NTFS

Drive D: | 8.50 Gb Total Space | 3.61 Gb Free Space | 42.43% Space Free | Partition Type: NTFS

 

Computer Name: MRBREEZE-PC | User Name: MrBreeze | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2016/05/23 12:27:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MrBreeze\Downloads\OTL.scr

PRC - [2016/04/15 14:05:24 | 006,675,672 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe

PRC - [2016/04/06 05:05:03 | 000,874,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

PRC - [2016/04/05 15:16:58 | 000,604,952 | ---- | M] (Greatis Software) -- C:\Program Files\UnHackMe\hackmon.exe

PRC - [2016/01/29 18:44:58 | 000,292,816 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe

PRC - [2016/01/29 18:44:56 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2016/01/29 17:56:10 | 000,986,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2015/09/24 10:40:30 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2015/07/30 13:38:28 | 000,100,864 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\AntiRansomware2.0\****rvice.exe

PRC - [2009/04/11 01:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/01/19 01:33:14 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2006/12/12 12:04:00 | 000,061,440 | ---- | M] () -- C:\WINDOWS\System32\igfxTMM.dll

MOD - [2006/12/12 12:01:48 | 000,077,824 | ---- | M] () -- C:\WINDOWS\System32\hccutils.dll

 

 

========== Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- -- (STacSV)

SRV - [2016/05/14 22:19:03 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2016/04/19 02:09:52 | 000,146,888 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2016/01/29 18:44:58 | 000,292,816 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2016/01/29 18:44:56 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2015/12/07 15:24:12 | 000,065,296 | ---- | M] (Greatis Software, LLC) [Disabled | Stopped] -- C:\Program Files\BootRacer\BootRacerServ.exe -- (BootRacerServ)

SRV - [2015/09/24 10:40:30 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2015/07/30 13:38:28 | 000,100,864 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\AntiRansomware2.0\****rvice.exe -- (AntiRansomwareService)

SRV - [2009/04/11 01:28:22 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\inetsrv\iisw3adm.dll -- (WAS)

SRV - [2009/04/11 01:28:22 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\inetsrv\iisw3adm.dll -- (W3SVC)

SRV - [2009/04/11 01:28:18 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)

SRV - [2008/01/19 01:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008/01/19 01:33:14 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (IISADMIN)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2016/05/17 10:29:35 | 000,040,304 | ---- | M] (Greatis Software) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\System32\drivers\Partizan.sys -- (Partizan)

DRV - [2015/11/13 08:50:26 | 000,104,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2014/08/18 22:07:06 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\npf.sys -- (npf)

DRV - [2013/06/08 17:28:41 | 000,015,776 | R--- | M] (<company name here>) [Kernel | System | Running] -- C:\Program Files\AntiRansomware2.0\HookDriver32.sys -- (KbHook)

DRV - [2009/04/10 23:45:26 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rmcast.sys -- (RMCAST)

DRV - [2008/01/19 00:08:50 | 000,126,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mqac.sys -- (MQAC)

DRV - [2006/11/02 02:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw2v32.sys -- (NETw2v32)

DRV - [1999/12/31 19:00:00 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\stwrt.sys -- (STHDA)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{47B50246-2234-4B64-AAB2-296D71F49BDE}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox

IE - HKCU\..\SearchScopes\{6A8CE798-58AC-47A5-A718-6335B9D1F4D8}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.countryCode: "US"

FF - prefs.js..browser.search.defaultenginename.US: "Google"

FF - prefs.js..browser.search.region: "US"

FF - prefs.js..extensions.enabledAddons: firefoxaddon%40youtubeenhancer.com:4.1.1

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:46.0

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.79.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.79.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

 

[2016/04/06 16:08:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MrBreeze\AppData\Roaming\Mozilla\Extensions

[2016/05/15 17:06:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\Profiles\8t3xh1at.default-1461110741824\extensions

[2016/05/01 14:19:24 | 000,658,177 | ---- | M] () (No name found) -- C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\Profiles\8t3xh1at.default-1461110741824\extensions\firefoxaddon@youtubeenhancer.com.xpi

[2016/05/15 17:06:23 | 001,656,045 | ---- | M] () (No name found) -- C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\Profiles\8t3xh1at.default-1461110741824\features\{4582f8fc-c01e-413d-8374-972442400fd3}\loop@mozilla.org.xpi

[2016/04/30 17:03:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions

 

========== Chrome ==========

 

CHR - Extension: No name found = C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\

CHR - Extension: No name found = C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\

CHR - Extension: No name found = C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\

CHR - Extension: No name found = C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\

CHR - Extension: No name found = C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\

CHR - Extension: No name found = C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\

CHR - Extension: No name found = C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\

CHR - Extension: No name found = C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

 

O1 HOSTS File: ([2016/05/23 11:53:34 | 000,000,855 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BootRacer = "C:\Program Files\BootRacer\Bootrace.exe" /2 (Greatis Software)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5304D28-2BFF-47C8-89B2-44ED34F77672}: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\System32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\em1_wide.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\em1_wide.bmp

O32 - HKLM CDRom: AutoRun - 0

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2016/05/21 12:07:05 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2016/05/21 12:07:05 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (Partizan)

O34 - HKLM BootExecute: (ootExecute settings...)

O34 - HKLM BootExecute: (on\E)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

MsConfig - StartUpReg: CCleaner Monitoring - hkey= - key= - C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)

MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found

MsConfig - State: "startup" - 0

MsConfig - State: "services" - 0

MsConfig - State: "bootini" - 0

 

CREATERESTOREPOINT

System Restore Service not available.

 

========== Files/Folders - Created Within 30 Days ==========

 

[2016/05/23 12:18:04 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2016/05/23 12:02:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2

[2016/05/21 12:07:05 | 000,000,000 | RHSD | C] -- C:\comment.htt

[2016/05/21 12:07:05 | 000,000,000 | RHSD | C] -- C:\autorun.inf

[2016/05/19 17:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AntiRansomware

[2016/05/19 17:37:06 | 000,000,000 | ---D | C] -- C:\Program Files\AntiRansomware2.0

[2016/05/18 20:38:49 | 000,000,000 | ---D | C] -- C:\e735d206fef05299b92e9a0a60a4a2df

[2016/05/18 11:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage

[2016/05/18 11:07:24 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\AppData\Local\NeoSmart_Technologies

[2016/05/18 11:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\NeoSmart Technologies

[2016/05/17 13:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\BootRacer

[2016/05/17 13:40:14 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BootRacer

[2016/05/17 13:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\BootRacer

[2016/05/17 12:18:01 | 000,000,000 | ---D | C] -- C:\@RestoreQuarantine

[2016/05/17 12:13:35 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\Documents\RegRun2

[2016/05/17 11:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun

[2016/05/17 10:29:35 | 000,040,304 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys

[2016/05/17 10:29:13 | 000,049,968 | ---- | C] (Greatis Software) -- C:\Windows\System32\partizan.exe

[2016/05/17 10:29:13 | 000,012,808 | ---- | C] (Greatis Software, LLC.) -- C:\Windows\System32\drivers\UnHackMeDrv.sys

[2016/05/17 10:29:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe

[2016/05/17 10:29:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo

[2016/05/17 10:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe

[2016/05/15 22:15:53 | 000,000,000 | ---D | C] -- C:\MATS

[2016/05/14 21:40:12 | 000,000,000 | ---D | C] -- C:\RegBackup

[2016/05/14 19:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com

[2016/05/14 19:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com

[2016/05/14 14:14:35 | 000,000,000 | ---D | C] -- C:\014e2b9b0cb56244da54

[2016/05/13 22:31:35 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\AppData\Roaming\Free Windows Cleanup Tool

[2016/05/13 22:17:50 | 000,000,000 | ---D | C] -- C:\Program Files\Free Windows Cleanup Tool

[2016/05/11 12:59:19 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\AppData\Local\Microsoft Corporation

[2016/05/11 12:57:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor

[2016/05/11 00:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits

[2016/05/11 00:48:03 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Kits

[2016/05/11 00:27:59 | 000,000,000 | ---D | C] -- C:\45c1271dcf3c91039f5075bf13b8

[2016/05/11 00:16:14 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-eventing-provider-l1-1-0.dll

[2016/05/11 00:16:13 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-string-l1-1-0.dll

[2016/05/11 00:16:13 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-runtime-l1-1-0.dll

[2016/05/11 00:16:13 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-process-l1-1-0.dll

[2016/05/11 00:16:13 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

[2016/05/11 00:16:13 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-utility-l1-1-0.dll

[2016/05/11 00:16:13 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-2-0.dll

[2016/05/11 00:16:13 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

[2016/05/11 00:16:13 | 000,011,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

[2016/05/11 00:16:12 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

[2016/05/11 00:16:12 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

[2016/05/11 00:16:12 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-locale-l1-1-0.dll

[2016/05/11 00:16:12 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-timezone-l1-1-0.dll

[2016/05/11 00:16:12 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l2-1-0.dll

[2016/05/11 00:16:11 | 000,022,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-math-l1-1-0.dll

[2016/05/11 00:16:11 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-stdio-l1-1-0.dll

[2016/05/11 00:16:11 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-time-l1-1-0.dll

[2016/05/11 00:16:11 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

[2016/05/11 00:16:11 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l2-1-0.dll

[2016/05/11 00:16:11 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

[2016/05/11 00:16:10 | 000,015,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

[2016/05/11 00:16:10 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-2-0.dll

[2016/05/11 00:16:10 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-conio-l1-1-0.dll

[2016/05/11 00:16:10 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

[2016/05/11 00:16:10 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

[2016/05/11 00:16:10 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-2-0.dll

[2016/05/11 00:16:10 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

[2016/05/11 00:16:10 | 000,011,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

[2016/05/11 00:16:09 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-filesystem-l1-1-0.dll

[2016/05/11 00:16:09 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

[2016/05/11 00:16:09 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-1.dll

[2016/05/11 00:16:09 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

[2016/05/11 00:16:09 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

[2016/05/11 00:16:09 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

[2016/05/11 00:16:09 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

[2016/05/11 00:16:09 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

[2016/05/11 00:16:08 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ucrtbase.dll

[2016/05/11 00:16:08 | 000,064,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-private-l1-1-0.dll

[2016/05/11 00:16:08 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-multibyte-l1-1-0.dll

[2016/05/11 00:16:08 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-convert-l1-1-0.dll

[2016/05/11 00:16:08 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

[2016/05/11 00:16:07 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-heap-l1-1-0.dll

[2016/05/11 00:16:07 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-environment-l1-1-0.dll

[2016/05/10 23:49:45 | 000,000,000 | ---D | C] -- C:\f8756be26704d6375b

[2016/05/10 21:58:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2016/05/10 21:30:40 | 000,000,000 | ---D | C] -- C:\3f4e9cf4d9e08247aa4cee1f5530aae2

[2016/05/10 19:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Linksys

[2016/05/10 15:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2016/05/10 15:10:15 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys

[2016/05/10 14:17:06 | 000,000,000 | ---D | C] -- C:\5301576e678fd2fa2e2aa69a

[2016/05/10 12:33:56 | 000,000,000 | ---D | C] -- C:\363c9100431405d757f164504b44b3

[2016/05/09 20:27:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2016/05/09 18:50:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2016/05/09 18:50:10 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2016/05/09 18:50:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2016/05/09 18:50:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2016/05/09 18:50:10 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2016/05/09 18:50:08 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2016/05/09 18:50:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2016/05/09 18:50:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2016/05/09 15:55:22 | 000,000,000 | ---D | C] -- C:\0a1001c89f3b239d3475be

[2016/05/09 15:54:25 | 000,000,000 | ---D | C] -- C:\2864a3bde3417dce53

[2016/05/09 15:34:07 | 000,000,000 | ---D | C] -- C:\2e8b7eb3789d47c85dbc6550f7bfdd

[2016/05/09 15:24:54 | 000,000,000 | ---D | C] -- C:\85657cc307c2c2950456e2a53dd9

[2016/05/09 15:14:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell

[2016/05/09 15:13:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll

[2016/05/09 15:13:07 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe

[2016/05/09 15:13:07 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe

[2016/05/09 15:13:07 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe

[2016/05/09 15:13:07 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll

[2016/05/09 15:13:06 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll

[2016/05/09 15:13:06 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe

[2016/05/09 15:13:06 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll

[2016/05/09 15:13:06 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll

[2016/05/09 15:13:05 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll

[2016/05/09 15:13:05 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll

[2016/05/09 15:13:00 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll

[2016/05/09 15:13:00 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe

[2016/05/09 15:13:00 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll

[2016/05/09 15:13:00 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll

[2016/05/09 15:13:00 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll

[2016/05/09 14:57:45 | 000,000,000 | ---D | C] -- C:\8982676cb56719e6fe2d

[2016/05/09 14:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\System Center Management Packs

[2016/05/09 14:39:03 | 000,000,000 | ---D | C] -- C:\1caa2eb2aa29805efa71a692d6

[2016/05/09 14:25:12 | 000,000,000 | ---D | C] -- C:\67992b0c538fc68d8ce033b42355f22d

[2016/05/09 14:16:52 | 000,000,000 | ---D | C] -- C:\cdd8b0bbb85dd7b28587f21374e4

[2016/05/09 14:11:18 | 000,000,000 | ---D | C] -- C:\57f000e9cab0ddf471524202b20ced86

[2016/05/09 12:37:59 | 000,000,000 | ---D | C] -- C:\d35e88c072bf443f21aefbfe

[2016/05/09 09:46:49 | 000,000,000 | ---D | C] -- C:\315da4eee26b07004c10

[2016/05/09 09:41:31 | 000,000,000 | ---D | C] -- C:\e5d31c9f4f5127f6ab293f74c1a8

[2016/05/09 09:33:10 | 000,000,000 | ---D | C] -- C:\extensions

[2016/05/07 21:38:59 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2016/05/07 21:38:59 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\AppData\Local\temp

[2016/05/06 18:17:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2016/05/06 18:17:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2016/05/06 18:17:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2016/05/06 17:36:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2016/05/06 16:36:20 | 000,000,000 | ---D | C] -- C:\e5820a70fa4055a3b15ef6ca0a2d

[2016/05/05 00:38:43 | 000,305,928 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys

[2016/05/05 00:38:09 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 1.0

[2016/05/05 00:07:04 | 000,000,000 | ---D | C] -- C:\2027ee003d019dc954

[2016/05/04 21:39:47 | 000,170,200 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys

[2016/05/04 21:39:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

[2016/05/04 21:38:53 | 000,126,336 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbamchameleon.sys

[2016/05/04 21:38:53 | 000,053,120 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys

[2016/05/04 21:38:53 | 000,024,448 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbam.sys

[2016/05/04 21:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware

[2016/05/04 21:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2016/05/04 21:18:47 | 000,000,000 | ---D | C] -- C:\c8232c9ebdb6f23555

[2016/05/04 17:47:49 | 000,000,000 | ---D | C] -- C:\a58f5c84d86ff96704d573e276ad

[2016/05/04 15:31:23 | 000,000,000 | ---D | C] -- C:\28773a4392015d3dc5

[2016/05/04 14:51:48 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur

[2016/05/04 14:12:42 | 000,000,000 | ---D | C] -- C:\c93aa2887dfda75c3b6b

[2016/05/04 14:07:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\msmq

[2016/05/03 14:38:54 | 000,050,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-SQLAgent$MICROSOFTSCM-sqlagtctr10.0.1600.22.dll

[2016/05/03 14:31:34 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2016/05/03 14:30:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server

[2016/05/01 18:53:50 | 000,000,000 | ---D | C] -- C:\eca9077219a1b39d66300fc0df

[2016/05/01 18:44:59 | 000,000,000 | ---D | C] -- C:\0c2d5e12c4552d7d058d46843e

[2016/05/01 17:51:49 | 000,000,000 | ---D | C] -- C:\93e6572aa4830c19a53d6bdb

[2016/04/30 16:22:07 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\AppData\Roaming\AVAST Software

[2016/04/29 22:51:04 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\AppData\Local\ElevatedDiagnostics

[2016/04/29 22:39:52 | 000,000,000 | ---D | C] -- C:\01aaf2a69cb5d2beca40

[2016/04/29 22:30:03 | 000,000,000 | ---D | C] -- C:\Windows\Panther

[2016/04/29 22:25:27 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2016/04/29 22:25:26 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2016/04/29 22:25:26 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2016/04/29 22:25:26 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2016/04/29 22:25:25 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2016/04/29 22:25:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2016/04/29 22:25:24 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2016/04/29 22:25:24 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2016/04/29 22:25:24 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2016/04/29 22:25:24 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2016/04/29 22:25:24 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2016/04/29 22:25:23 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2016/04/29 22:25:23 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2016/04/29 22:25:23 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2016/04/29 22:25:23 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2016/04/29 22:25:23 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2016/04/29 22:25:22 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2016/04/29 22:25:22 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2016/04/29 22:25:22 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2016/04/29 22:25:20 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll

[2016/04/29 22:25:20 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll

[2016/04/29 22:25:20 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admp****.dll

[2016/04/29 22:25:20 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2016/04/29 22:25:19 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2016/04/29 22:25:19 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2016/04/29 22:25:18 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll

[2016/04/29 22:25:18 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2016/04/29 22:25:18 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2016/04/29 22:25:18 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2016/04/29 21:50:53 | 000,000,000 | ---D | C] -- C:\2de5ecb5eb1f30c5571f293ed367

[2016/04/29 19:48:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy

[2016/04/29 19:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy

[2016/04/29 19:45:01 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\AppData\Local\Google

[2016/04/29 19:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2016/04/24 16:49:10 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\AppData\Local\Bazwise

[2016/04/24 16:49:09 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\AppData\Roaming\Bazwise

[2016/04/24 15:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2016/05/23 12:03:50 | 000,659,212 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2016/05/23 12:03:50 | 000,123,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2016/05/23 12:01:48 | 000,000,728 | ---- | M] () -- C:\Users\Public\Documents\bootracer.ini

[2016/05/23 11:59:22 | 000,004,800 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2016/05/23 11:59:21 | 000,004,800 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2016/05/23 11:58:39 | 000,293,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2016/05/23 11:58:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2016/05/23 11:53:34 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2016/05/22 22:08:18 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_183

[2016/05/22 12:50:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\procdump

[2016/05/20 12:27:35 | 000,001,952 | ---- | M] () -- C:\Users\MrBreeze\Desktop\Tweaking.com - Windows Repair.lnk

[2016/05/20 12:04:58 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_408

[2016/05/20 11:35:05 | 000,000,550 | ---- | M] () -- C:\Windows\tasks\Tweaking.com - Windows Repair Tray Icon.job

[2016/05/20 09:33:16 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_570

[2016/05/19 17:44:04 | 000,209,432 | ---- | M] () -- C:\Windows\RegBootClean.exe

[2016/05/18 12:39:33 | 000,040,960 | ---- | M] () -- C:\Users\Public\Documents\bootracer.his

[2016/05/18 11:07:50 | 000,024,576 | ---- | M] () -- C:\Users\MrBreeze\Documents\EasyBCD Backup (2016-05-18).bcd

[2016/05/17 13:15:53 | 000,000,804 | ---- | M] () -- C:\Users\MrBreeze\Desktop\UnHackMe.lnk

[2016/05/17 10:29:35 | 000,040,304 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys

[2016/05/17 10:29:32 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2016/05/17 10:29:32 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt

[2016/05/17 10:29:32 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat

[2016/05/16 10:14:05 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_366

[2016/05/15 23:35:42 | 000,170,200 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys

[2016/05/15 23:19:24 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_286

[2016/05/15 21:50:10 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_527

[2016/05/15 16:25:04 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_19

[2016/05/14 22:19:03 | 000,797,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2016/05/14 22:19:03 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2016/05/14 22:10:22 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_584

[2016/05/14 21:40:16 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-MRBREEZE-PC-Windows-Vista--Home-Basic-(32-bit).dat

[2016/05/14 19:33:12 | 000,001,952 | ---- | M] () -- C:\Users\MrBreeze\Application Data\Microsoft\Internet Explorer\Quick Launch\Tweaking.com - Windows Repair.lnk

[2016/05/12 21:46:57 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif

[2016/05/12 16:28:35 | 000,000,680 | ---- | M] () -- C:\Users\MrBreeze\AppData\Local\d3d9caps.dat

[2016/05/11 12:57:35 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk

[2016/05/10 19:08:29 | 008,697,832 | ---- | M] () -- C:\Users\MrBreeze\Documents\E_Series_UG_E900Rev_3425-01486_Web.pdf

[2016/05/09 15:41:03 | 000,000,794 | ---- | M] () -- C:\Users\MrBreeze\Desktop\D2D5DEM1 - Shortcut.lnk

[2016/05/09 14:57:34 | 002,162,688 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl

[2016/05/09 14:57:33 | 000,114,688 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf

[2016/05/09 14:57:33 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx

[2016/05/09 09:44:41 | 000,065,536 | ---- | M] () -- C:\Windows\SPInstall.etl

[2016/05/07 21:32:07 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_338

[2016/05/05 01:30:03 | 000,000,010 | ---- | M] () -- C:\Users\MrBreeze\AppData\Local\sponge.last.runtime.cache

[2016/05/05 01:17:46 | 000,293,082 | ---- | M] () -- C:\Users\MrBreeze\AppData\Local\census.cache

[2016/05/05 01:17:37 | 000,297,382 | ---- | M] () -- C:\Users\MrBreeze\AppData\Local\ars.cache

[2016/04/29 22:30:28 | 000,000,943 | ---- | M] () -- C:\Users\MrBreeze\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2016/04/29 22:26:07 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat

[2016/04/29 22:26:07 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat

[2016/04/29 22:25:27 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2016/04/29 22:25:26 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2016/04/29 22:25:26 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2016/04/29 22:25:26 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2016/04/29 22:25:25 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2016/04/29 22:25:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2016/04/29 22:25:24 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2016/04/29 22:25:24 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2016/04/29 22:25:24 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2016/04/29 22:25:24 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2016/04/29 22:25:24 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2016/04/29 22:25:23 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2016/04/29 22:25:23 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2016/04/29 22:25:23 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2016/04/29 22:25:23 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

[2016/04/29 22:25:23 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2016/04/29 22:25:23 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2016/04/29 22:25:22 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2016/04/29 22:25:22 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2016/04/29 22:25:22 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2016/04/29 22:25:20 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll

[2016/04/29 22:25:20 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll

[2016/04/29 22:25:20 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admp****.dll

[2016/04/29 22:25:20 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2016/04/29 22:25:19 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2016/04/29 22:25:19 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2016/04/29 22:25:18 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll

[2016/04/29 22:25:18 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2016/04/29 22:25:18 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2016/04/29 22:25:18 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2016/04/29 19:52:09 | 000,001,995 | ---- | M] () -- C:\Users\MrBreeze\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2016/04/29 19:48:11 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2016/04/26 13:28:57 | 000,005,120 | ---- | M] () -- C:\Users\MrBreeze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2016/04/24 15:08:05 | 013,332,480 | ---- | M] () -- C:\Users\MrBreeze\Documents\libva-intel-driver-1.7.0.tar

[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2016/05/22 12:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\procdump

[2016/05/20 11:32:24 | 000,293,288 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2016/05/19 17:44:03 | 000,209,432 | ---- | C] () -- C:\Windows\RegBootClean.exe

[2016/05/18 11:07:49 | 000,024,576 | ---- | C] () -- C:\Users\MrBreeze\Documents\EasyBCD Backup (2016-05-18).bcd

[2016/05/17 13:43:42 | 000,040,960 | ---- | C] () -- C:\Users\Public\Documents\bootracer.his

[2016/05/17 13:40:19 | 000,000,728 | ---- | C] () -- C:\Users\Public\Documents\bootracer.ini

[2016/05/17 13:15:53 | 000,000,804 | ---- | C] () -- C:\Users\MrBreeze\Desktop\UnHackMe.lnk

[2016/05/17 10:29:32 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat

[2016/05/14 21:40:16 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-MRBREEZE-PC-Windows-Vista--Home-Basic-(32-bit).dat

[2016/05/14 19:33:12 | 000,001,952 | ---- | C] () -- C:\Users\MrBreeze\Application Data\Microsoft\Internet Explorer\Quick Launch\Tweaking.com - Windows Repair.lnk

[2016/05/14 19:29:49 | 000,001,952 | ---- | C] () -- C:\Users\MrBreeze\Desktop\Tweaking.com - Windows Repair.lnk

[2016/05/14 19:29:49 | 000,000,550 | ---- | C] () -- C:\Windows\tasks\Tweaking.com - Windows Repair Tray Icon.job

[2016/05/11 12:57:35 | 000,001,996 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk

[2016/05/11 12:57:35 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk

[2016/05/10 19:08:27 | 008,697,832 | ---- | C] () -- C:\Users\MrBreeze\Documents\E_Series_UG_E900Rev_3425-01486_Web.pdf

[2016/05/10 15:11:32 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2016/05/09 15:41:03 | 000,000,794 | ---- | C] () -- C:\Users\MrBreeze\Desktop\D2D5DEM1 - Shortcut.lnk

[2016/05/09 15:13:02 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs

[2016/05/09 15:13:02 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml

[2016/05/09 15:13:02 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl

[2016/05/09 09:30:46 | 000,457,799 | ---- | C] () -- C:\Users\MrBreeze\Desktop\Windows6.0-KB2889748-x86.msu

[2016/05/09 09:30:25 | 000,457,799 | ---- | C] () -- C:\Windows6.0-KB2889748-x86.msu

[2016/05/06 18:17:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2016/05/06 18:17:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2016/05/06 18:17:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2016/05/06 18:17:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2016/05/06 18:17:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2016/05/01 17:50:16 | 000,230,241 | ---- | C] () -- C:\Users\MrBreeze\Documents\Windows6.0-KB2743187-v2-x86.msu

[2016/04/29 22:25:23 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2016/04/29 19:48:11 | 000,001,995 | ---- | C] () -- C:\Users\MrBreeze\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2016/04/29 19:48:11 | 000,001,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

[2016/04/29 19:48:11 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2016/04/24 16:51:12 | 013,332,480 | ---- | C] () -- C:\Users\MrBreeze\Documents\libva-intel-driver-1.7.0.tar

[2016/04/22 16:16:36 | 000,633,199 | ---- | C] () -- C:\Users\MrBreeze\Windows6.0-KB2889748-x64.msu

[2016/04/22 16:16:22 | 000,457,799 | ---- | C] () -- C:\Users\MrBreeze\Windows6.0-KB2889748-x86.msu

[2016/04/21 13:49:44 | 000,293,082 | ---- | C] () -- C:\Users\MrBreeze\AppData\Local\census.cache

[2016/04/21 13:49:27 | 000,297,382 | ---- | C] () -- C:\Users\MrBreeze\AppData\Local\ars.cache

[2016/04/19 01:48:29 | 000,000,010 | ---- | C] () -- C:\Users\MrBreeze\AppData\Local\sponge.last.runtime.cache

[2016/04/19 01:19:51 | 000,000,036 | ---- | C] () -- C:\Users\MrBreeze\AppData\Local\housecall.guid.cache

[2016/04/17 11:07:12 | 000,000,680 | ---- | C] () -- C:\Users\MrBreeze\AppData\Local\d3d9caps.dat

[2016/04/09 16:05:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2016/04/09 16:04:15 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2016/04/09 16:04:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2016/04/05 18:11:22 | 000,005,120 | ---- | C] () -- C:\Users\MrBreeze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2016/04/05 13:06:59 | 000,000,004 | ---- | C] () -- C:\Windows\Pix11.dat

[2014/08/18 22:07:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll

 

========== ZeroAccess Check ==========

 

[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2009/04/11 01:28:26 | 011,584,000 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = c:\windows\system32\wbem\fastprox.dll -- [2009/04/11 01:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = c:\windows\system32\wbem\wbemess.dll -- [2009/04/11 01:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== Custom Scans ==========

 

< %SYSTEMDRIVE%\*.* >

[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009/04/11 01:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2006/11/17 01:04:53 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2016/05/23 11:58:23 | 3203,399,680 | -HS- | M] () -- C:\pagefile.sys

[2016/04/05 13:05:56 | 000,000,163 | ---- | M] () -- C:\power2go.log

[2016/04/05 12:55:54 | 000,000,002 | RHS- | M] () -- C:\USER

[2014/04/10 13:05:18 | 000,457,799 | ---- | M] () -- C:\Windows6.0-KB2889748-x86.msu

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\msonpppr.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %systemroot%\system32\*.exe /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 

< %PROGRAMFILES%\* >

[2016/04/09 15:50:18 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

 

< %USERPROFILE%\..|smtmp;true;true;true /FP >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

 

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2016/04/19 02:09:35 | 000,887,152 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2016/04/19 02:09:35 | 000,887,152 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2016/04/19 02:09:35 | 000,887,152 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2016/04/19 02:10:02 | 000,392,136 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2016/04/19 02:10:02 | 000,392,136 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2016/04/19 02:10:02 | 000,392,136 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2016/04/06 05:05:03 | 000,874,648 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2016/04/06 05:05:03 | 000,874,648 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2016/04/06 05:05:03 | 000,874,648 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2016/04/06 05:05:03 | 000,874,648 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2016/04/29 22:25:23 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2016/04/29 22:25:23 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2016/04/29 22:25:23 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/10/13 05:49:16 | 000,757,488 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2013/10/13 05:49:16 | 000,757,488 | ---- | M] (Microsoft Corporation)

 

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2016/04/19 02:09:35 | 000,887,152 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2016/04/19 02:09:35 | 000,887,152 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2016/04/19 02:09:35 | 000,887,152 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2016/04/19 02:10:02 | 000,392,136 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2016/04/19 02:10:02 | 000,392,136 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2016/04/19 02:10:02 | 000,392,136 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2016/04/06 05:05:03 | 000,874,648 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2016/04/06 05:05:03 | 000,874,648 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2016/04/06 05:05:03 | 000,874,648 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2016/04/06 05:05:03 | 000,874,648 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2016/04/29 22:25:23 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2016/04/29 22:25:23 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2016/04/29 22:25:23 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/10/13 05:49:16 | 000,757,488 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2013/10/13 05:49:16 | 000,757,488 | ---- | M] (Microsoft Corporation)

 

 

< End of report >

Posted

Hi Scott,

 

I've sorted out why you couldn't reply to the previous moved thread.......

Normal members can only reply to their own thread in the Malware Removal forum, they can't reply to another members thread.

When I split the posts away from the original thread I forgot that one of my posts was the first one..... this made me the original poster of the thread.

I should have made one of your posts the first one.

 

You should be able to reply to this thread without a problem now.

 

The FRST fix ran ok.

Otl searches for slightly different things, that's why I wanted to see the reports.

There's nothing there that we didn't already know.

Thanks any way.

 

Can you give me an update on how the system is running now.

Sorry about that.

Member of:

UNITE

Posted
"Windows Could Not Search for Updates" still getting this. Otherwise Starting the PC has been hit and miss.I think the RAM modules may be compatible the PC starts every morning.I'm afraid to use F10 to boot into safe mode the last few time it wouldn't let me.I can use F8 and get in that way.I was looking at the BIOS to attempt to understand.After using Speccy to locate the correct version and motherboard I went to Intel ,found the board BIOS for my motherboard/Chip set it is now dated 2006 the updated BIOS is dated 2007 I downloaded and ran it and it said it was not for my machine.After deleting the the suggested programs the PC is quieter and seems a lot better.I ran ADWare and found zero problems ran Malwarebytes and zero problems.What is your opinion on CCleaner? after running the cleaner I ran the Registry cleaner and did not delete all the files it found.The majority of which were described as invalid firewall rules:[ATTACH=CONFIG]1498.vB5-legacyid=2590[/ATTACH] Scott

SnapShot_160616_161305.jpg.f2cf1bbbb53a7bde44740987a16ca68d.jpg

Posted

Hi Scott,

 

I'm afraid to use F10 to boot into safe mode the last few time it wouldn't let me.I can use F8 and get in that way.

Using the F8 key is a recognized way of entering Safe Mode.

So F8 is fine.

 

After using Speccy to locate the correct version and motherboard I went to Intel ,found the board BIOS for my motherboard/Chip set it is now dated 2006 the updated BIOS is dated 2007 I downloaded and ran it and it said it was not for my machine

Running a bios upgrade is fraught with danger.

It's so easy to mess up the bios doing this and unless you are experienced, it's not recommended.

 

After deleting the the suggested programs the PC is quieter and seems a lot better.

That's something then.

 

I ran ADWare and found zero problems ran Malwarebytes and zero problems

That's good.

I don't see that the problems you are experiencing are malware related.

The problems are either a conflict with software or file corruption.

 

What is your opinion on CCleaner? after running the cleaner I ran the Registry cleaner and did not delete all the files it found

CCleaner does have its uses, but I recommend staying away from the Registry section.

Although you may be told that the entries are invalid.... I'd take that with a pinch of salt.

Look on the registry as the 'Heart' of your system.

If you mess that up, you could kill your system.

The registry is quite robust and a few invalid entries won't make any difference.

 

I see that you have 'Windows Repair' (Tweaking.com) installed.

What options have you run with this program?

Have you run any repairs from the 'Repair' section?

It is a good program and one that we can use...... but I don't want to duplicate anything that you have already run.

Member of:

UNITE

Posted
Man alive..ridiculous problems abound ,now. This AM cold start refused to start. ran Repair (1) root cause. Started up. Avast no longer runs and when I try to set it to Start Automatically or ANY other settings in Services it says Access Denied.#2 Second, I have No Restore points .I cannot use System Restore at all. I eventually get " Catastrophic Failure" 0x8000FFFF IN Safe Mode Command Prompt Run As Administrator sfc /scannow I get " Windows Resource Protection Could bot perform the requested operation". I read on line that with Command Prompt I should activate the Administrator so I did that yesterday with command prompt ...Now I have three user accounts when it starts..Administrator, MrBreeze and Scott.A Tech sales guy said he would send 5300 unbufferd RAM modules that was the suggested modules from the "Crucial scan" The date that Avast was Stopped was today at 1:05 PM..Im lost. Feels like I have zero control over this PC. Im thinking about re running Tweaking.coms latest version I donated $5.00 bucks yes I first ran it from disconnected power up into Safe Mode with Networking ran all the Repairs unchecked the Windows 8 10 boxes..I am overwhelmed. I have run Windows Repair two times in about 3 weeks but that was before I used the command prompt and opened up an Administrator user . Windows Repair was set to run on my Recovery partition disk D I pray that that was not infected or messed up.:confused2:
Posted

[ATTACH=CONFIG]1499.vB5-legacyid=2591[/ATTACH]

Hi Scott,

 

To be honest, with all the problems you are encountering.... now would be the time to consider a re-install of the OS.

Only this morning I had no problem starting it .It booted right up without a hitch. I am concerned about Windows Update showing no updates when I used recovery drive D the updates ran constantly. Can I be confident drive D has not been negatively effected by Tweaking.com All In One Repairs ? I do not have a or even understand how to create a recovery disk. Because this AM it booted and started without any problems showing is it safe "yet" to assume the RAM modules are the correct ones after one good start up ? Again, I can get the Crucial type modules as described in the scan. We will have to wait for them to come in the mail usually 3 business days. Thank you so much,Scott[ATTACH=CONFIG]1495.vB5-legacyid=2592[/ATTACH]

SnapShot_160613_144945.jpg.aa11e3e1d42c5e813ef26932fce670de.jpg

SnapShot_160618_135445.jpg.2eebb012590c1b4631dbfafd441a3400.jpg

Posted

Hi Scott,

 

is it safe "yet" to assume the RAM modules are the correct ones after one good start up ?

Incorrect Ram can cause all sorts of problems.... but I'd have thought that these problems would have been on going... not intermittent.

By all means wait for the correct Ram ( not sure why they didn't send the correct Ram to start with )

 

I am concerned about Windows Update showing no updates when I used recovery drive D the updates ran constantly. Can I be confident drive D has not been negatively effected by Tweaking.com All In One Repairs ?

So what exactly do you store on Drive D?

Member of:

UNITE

Posted
D has Vista Home Basic restore 2006 , an old version of everything ,IE, and other outdated software I removed when my Dell 4600 hard drive crashed.
Posted
[ATTACH=CONFIG]1500.vB5-legacyid=2593[/ATTACH]
So if the problem isn't related to the Ram, you could run [ATTACH=CONFIG]1501.vB5-legacyid=2594[/ATTACH] a reinstall from the restore... if needed?

SnapShot_160625_134422.jpg.0699d306d80309937d4fa4098b829841.jpg

SnapShot_160625_125941.jpg.b596a2dabc336dd048331f6ee4db2179.jpg

Posted
Thanks. I'd like to add, the Network settings and all that implies and includes are of great concern to me not having set them correctly.
Posted
Installed it. Not sure it ran. I don't know how to run it manually. Nevertheless Windows Update fails. I do however have the correct RAM and there are no startup problems whatsoever and THANK YOU for resolving that issue. Maybe because I have Vista SP2 that all the available updates are installed ? Upgrading to Windows 7 Premium is what I would like to do being certain that would install without issues. Also, I would like to at some point address the network settings everywhere I have access and control that effects me.
Posted (edited)

Hi Scott,

 

Maybe because I have Vista SP2 that all the available updates are installed ?

Mainstream support for Vista finished on April 10, 2012.

The extended life support finishes next year....April 11th 2017

This means that there are no normal updates for Vista, only security fixes until end of life support.

After April next year M$ will no longer support Vista at all.

 

I would like to at some point address the network settings everywhere I have access and control that effects me.

I'm not sure that I understand..... what exactly do you mean?

Edited by Starbuck

Member of:

UNITE

Posted
"Local Area Connection Properties" starts with "Client for Microsoft" I have photos I would love to upload but no matter how I resize them they won't upload that show the settings.
Posted
"Local Area Connection Properties" starts with "Client for Microsoft"

You mean something like this..........

 

http://img.photobucket.com/albums/v708/starbuck50/c01902075_zpsvo0lorxr.jpg

 

That's normal.

The Client for Microsoft Networks is an essential networking software component for the Microsoft Windows family of operating systems.

A Windows computer must run the Client for Microsoft Networks to remotely access files, printers and other shared network resources.

 

I have photos I would love to upload but no matter how I resize them they won't upload that show the settings.

Where are you trying to upload them to?

 

What settings do you want to show?

I'm sorry I don't understand what you are trying to do.

Member of:

UNITE

Posted
YES those are exactly the ones I want to feel good about. Every one of those settings shown are checked.Although I have twice as many settings in that box and they, too are checked.Can't upload photos of them in this reply. My concern is maybe they have something to do with the dad blame Windows Updates continued error and failing to update or even run.
Posted

Hi Scott

 

Can't upload photos of them in this reply.

How are you trying to upload the pics? ..... there are a couple of ways of doing this.

Are you trying to add them as attachments or are you using the IMG code from an online storage site? ( like Photobucket )

More often than not I use the IMG code method.

Member of:

UNITE

Posted (edited)

Inside the Reply box theres an icon that says insert image.Thats the only way I know how to upload photos.

 

http://i10.photobucket.com/albums/a135/MrBreeze1200/1_600x480_750x600.jpg

 

http://i10.photobucket.com/albums/a135/MrBreeze1200/2_600x480_600x480.jpg

Edited by Starbuck

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...