Problems with Vista2

[SPSpellman]

Fix result of Farbar Recovery Scan Tool (x86) Version:15-06-2016
Ran by MrBreeze (2016-06-15 20:01:02) Run:1
Running from C:\Users\MrBreeze\Downloads
Loaded Profiles: MrBreeze (Available Profiles: MrBreeze & Scott & Administrator)
Boot Mode: Normal


==============================================


fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-67880207-1905697065-243471585-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1000 -> {47B50246-2234-4B64-AAB2-296D71F49BDE} URL =
FF user.js: detected! => C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\ Profiles\8t3xh1at.default-1461110741824\user.js [2016-06-07]
CHR Extension: (Entanglement Web App) - C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchp hgkefd [2016-06-13]
CHR Extension: (Poppit!) - C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopgl ifcfmi [2016-06-13]
U3 DFSR; no ImagePath
S3 ialm; system32\DRIVERS\igdkmd32.sys [X]
S3 igfx; system32\DRIVERS\igdkmd32.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
U4 UmRdpService; no ImagePath
Task: {30D25F1F-0D94-4911-B53A-76B996003FE2} - \SlimCleaner Run -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:E965A533 [111]
CMD: ipconfig /flushdns
EmptyTemp:
Hosts:










*****************


"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-67880207-1905697065-243471585-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-67880207-1905697065-243471585-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-67880207-1905697065-243471585-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{47B50246-2234-4B64-AAB2-296D71F49BDE}" => key removed successfully.
HKCR\CLSID\{47B50246-2234-4B64-AAB2-296D71F49BDE} => key not found.
C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\ Profiles\8t3xh1at.default-1461110741824\user.js => not found.
C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchp hgkefd => not found.
C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopgl ifcfmi => not found.
DFSR => service removed successfully.
ialm => service removed successfully.
igfx => service removed successfully.
Partizan => service removed successfully.
UmRdpService => service removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{30D25F1F-0D94-4911-B53A-76B996003FE2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30D25F1F-0D94-4911-B53A-76B996003FE2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SlimCleaner Run" => key removed successfully.
C:\ProgramData\TEMP => ":E965A533" ADS removed successfully..


========= ipconfig /flushdns =========




Windows IP Configuration


Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 298.7 MB temporary data Removed.




The system needed a reboot.


==== End of Fixlog 20:02:06 ====

 

[SPSpellman]

OTL Extras logfile created on: 5/23/2016 12:29:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MrBreeze\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 47.68% Memory free
4.92 Gb Paging File | 3.92 Gb Available in Paging File | 79.77% Paging File free
Paging file location(s): c:\pagefile.sys 3055 6000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.29 Gb Total Space | 63.34 Gb Free Space | 61.33% Space Free | Partition Type: NTFS
Drive D: | 8.50 Gb Total Space | 3.61 Gb Free Space | 42.43% Space Free | Partition Type: NTFS

Computer Name: MRBREEZE-PC | User Name: MrBreeze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-67880207-1905697065-243471585-1000]
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-67880207-1905697065-243471585-500]
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{048EC4B1-7B9B-437D-ACD9-6F0C3128D682}" = rport=138 | protocol=17 | dir=out | app=system |
"{04B4CE29-6F34-437B-BCB6-CD03D49519D0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{11B2B4C9-0E5F-47E3-ADD3-F289FA5B6F1B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{21B9ADE3-4648-4ED2-9EFF-E978946EE5E5}" = lport=445 | protocol=6 | dir=in | app=system |
"{2228BA1B-DC28-41B5-A303-5955A489338A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2B213D14-A65C-46B6-B066-6C1B7843C635}" = lport=138 | protocol=17 | dir=in | app=system |
"{2D85C8C2-D4C6-435D-85EE-43FDE5FDEFBF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2E02E9DA-D954-4502-8331-E95B17684843}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{31918ADD-AAD9-4C9E-BA1E-4FAD6A31889D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3716BDE2-3772-4DDF-9F59-7FDF8A24D270}" = rport=445 | protocol=6 | dir=out | app=system |
"{3B50AA39-79FD-4EE9-8350-AE9B36A14AFD}" = rport=137 | protocol=17 | dir=out | app=system |
"{44546349-B5BE-4FB1-9659-EEDE1353F564}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{496CF423-FB8D-46B0-A63C-7B49312EC362}" = lport=137 | protocol=17 | dir=in | app=system |
"{4AC18FB3-D013-4C32-9BA4-33888C288953}" = lport=137 | protocol=17 | dir=in | app=system |
"{5E50EFA7-2126-4B02-A8BE-AEB32B4C9A26}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{69FA9359-4FD6-4D79-94A4-4114EDA3DB7D}" = lport=139 | protocol=6 | dir=in | app=system |
"{70CF4561-E1B3-4FBA-B14C-90523A30E461}" = rport=445 | protocol=6 | dir=out | app=system |
"{7157E791-D2D5-46F2-AEF6-482C71BA8D82}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7BABDA40-A383-48B7-BF56-596E14C603C3}" = lport=138 | protocol=17 | dir=in | app=system |
"{A4FF04BD-EC04-4A92-984A-AF0040E18D17}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AE1EBFCD-3117-4EB4-BDCE-313F967BFDDE}" = rport=137 | protocol=17 | dir=out | app=system |
"{B0E1EA8B-4AC6-4DD7-B94E-633D2A096A43}" = lport=139 | protocol=6 | dir=in | app=system |
"{B1E77BC3-4610-4EE0-B291-234886F38CD4}" = rport=138 | protocol=17 | dir=out | app=system |
"{BDF430FD-B21A-4D1C-885C-5555463D2AED}" = lport=445 | protocol=6 | dir=in | app=system |
"{DA546AB9-3098-4805-A138-E77E85AD1612}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EF2CDB9F-F351-48B6-ADE6-CEF0ED371675}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EF865607-324A-4F83-A40E-B1FA6DB570CE}" = rport=139 | protocol=6 | dir=out | app=system |
"{EFF15936-2220-43DC-A394-697CDF5220B4}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13352222-CB9A-4F74-B0B2-1ED6BD48139B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2068C167-0F7E-42BD-8E44-47E7952E235E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{24083A9D-BBD1-4321-86E6-70A3A21B1321}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3630F630-F441-4B0F-9681-DDED8206C5A5}" = protocol=6 | dir=in | app=c:\program files\microsoft security client\msseces.exe |
"{3AE8C1B3-0C8F-41ED-803B-BA6E28750369}" = protocol=17 | dir=in | app=c:\program files\microsoft security client\msseces.exe |
"{5317BAC5-3518-4F66-9005-4446D8472540}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6FFD73E5-A029-4EC2-AD3C-B7A38BF62F27}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{84A6B385-7143-42FC-8CE0-893372F40F71}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D5D2C593-7C37-4852-8635-C9460666493D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E7A9950D-0CBD-4E26-9668-19C3C673AFEF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F92BF169-FF04-4832-8F42-9BB163F12E83}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{046775C7-701F-4386-BCF4-5ADA66E41F51}" = BootRacer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{3AEFF4E0-C0F2-ECCC-6420-A2A008D52DF2}" = Application Compatibility Toolkit
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{6C870B12-6FF2-68FC-8C3B-DD177BBF3F92}" = Toolkit Documentation
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{74d0e5db-b326-4dae-a6b2-445b9de1836e}" = Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = eMachines Recovery Center Installer
"{7F52C251-8EB6-410D-9E84-45E8E4993A48}" = Microsoft SharePoint 2010 Products OpsMgr 2007 MP en-us
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5
"{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23026
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.16)
"{B74E65FD-CC47-41C5-4B89-791A3F61942D}" = Kits Configuration Installer
"{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23026
"{BF455BD4-60BB-4E6E-867A-B4F57BC1164B}" = Microsoft Security Client
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5558268-0050-4B95-AD5E-426960E1EFE1}" = Intel(R) Network Connections 15.3.68.0
"{e9e06304-a604-434b-b35f-d9beb94dc06d}" = Windows Assessment and Deployment Kit for Windows 8.1
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 21 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 21 NPAPI
"CCleaner" = CCleaner
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.2.1.1043
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 45.0.2 (x86 en-US)" = Mozilla Firefox 45.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PROSetDX" = Intel(R) Network Connections 15.3.68.0
"Speccy" = Speccy
"Tweaking.com - Windows Repair" = Tweaking.com - Windows Repair
"UnHackMe_is1" = UnHackMe 8.00
"WinPcapInst" = WinPcap 4.1.3

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/23/2016 12:54:53 PM | Computer Name = MrBreeze-PC | Source = EventSystem | ID = 4609
Description =

Error - 5/23/2016 12:54:53 PM | Computer Name = MrBreeze-PC | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 5/23/2016 12:55:07 PM | Computer Name = MrBreeze-PC | Source = EventSystem | ID = 4609
Description =

Error - 5/23/2016 12:55:07 PM | Computer Name = MrBreeze-PC | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 5/23/2016 1:06:14 PM | Computer Name = MrBreeze-PC | Source = VSS | ID = 34
Description = Volume Shadow Copy Service error: The VSS event class is not registered.
This will prevent any VSS writers from receiving events. This may be caused due
to a setup failure or as a result of an application's installer or uninstaller.




Operation:


Gathering Writer Data Executing Asynchronous Operation Context: Execution
Context: Requestor Current State: GatherWriterMetadata

Error - 5/23/2016 1:06:14 PM | Computer Name = MrBreeze-PC | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040154. Operation: Gathering Writer Data Executing
Asynchronous Operation Context: Execution Context: Requestor Current State:
GatherWriterMetadata

Error - 5/23/2016 1:06:15 PM | Computer Name = MrBreeze-PC | Source = System Restore | ID = 8193
Description = Failed to create restore point on volume (Process = C:\Windows\system32\svchost.exe
-k netsvcs; Descripton = Windows Update; Hr = 0x8000ffff).

Error - 5/23/2016 1:31:09 PM | Computer Name = MrBreeze-PC | Source = VSS | ID = 34
Description = Volume Shadow Copy Service error: The VSS event class is not registered.
This will prevent any VSS writers from receiving events. This may be caused due
to a setup failure or as a result of an application's installer or uninstaller.




Operation:


Gathering Writer Data Executing Asynchronous Operation Context: Execution
Context: Requestor Current State: GatherWriterMetadata

Error - 5/23/2016 1:31:09 PM | Computer Name = MrBreeze-PC | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040154. Operation: Gathering Writer Data Executing
Asynchronous Operation Context: Execution Context: Requestor Current State:
GatherWriterMetadata

Error - 5/23/2016 1:31:09 PM | Computer Name = MrBreeze-PC | Source = System Restore | ID = 8193
Description = Failed to create restore point on volume (Process = C:\WINDOWS\System32\wbem\WmiPrvSE.exe;
Descripton = OTL Restore Point - 5/23/2016 12:31:08 PM; Hr = 0x8000ffff).

[ System Events ]
Error - 5/23/2016 12:33:51 PM | Computer Name = MrBreeze-PC | Source = DCOM | ID = 10005
Description =

Error - 5/23/2016 12:34:01 PM | Computer Name = MrBreeze-PC | Source = DCOM | ID = 10005
Description =

Error - 5/23/2016 12:34:04 PM | Computer Name = MrBreeze-PC | Source = DCOM | ID = 10005
Description =

Error - 5/23/2016 12:34:48 PM | Computer Name = MrBreeze-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 5/23/2016 12:34:48 PM | Computer Name = MrBreeze-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 5/23/2016 12:34:48 PM | Computer Name = MrBreeze-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 5/23/2016 12:34:48 PM | Computer Name = MrBreeze-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 5/23/2016 12:50:07 PM | Computer Name = MrBreeze-PC | Source = DCOM | ID = 10005
Description =

Error - 5/23/2016 12:53:55 PM | Computer Name = MrBreeze-PC | Source = DCOM | ID = 10005
Description =

Error - 5/23/2016 1:00:10 PM | Computer Name = MrBreeze-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >

 

[SPSpellman]

OTL logfile created on: 5/23/2016 12:29:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MrBreeze\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 47.68% Memory free
4.92 Gb Paging File | 3.92 Gb Available in Paging File | 79.77% Paging File free
Paging file location(s): c:\pagefile.sys 3055 6000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.29 Gb Total Space | 63.34 Gb Free Space | 61.33% Space Free | Partition Type: NTFS
Drive D: | 8.50 Gb Total Space | 3.61 Gb Free Space | 42.43% Space Free | Partition Type: NTFS

Computer Name: MRBREEZE-PC | User Name: MrBreeze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2016/05/23 12:27:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MrBreeze\Downloads\OTL.scr
PRC - [2016/04/15 14:05:24 | 006,675,672 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2016/04/06 05:05:03 | 000,874,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2016/04/05 15:16:58 | 000,604,952 | ---- | M] (Greatis Software) -- C:\Program Files\UnHackMe\hackmon.exe
PRC - [2016/01/29 18:44:58 | 000,292,816 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2016/01/29 18:44:56 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2016/01/29 17:56:10 | 000,986,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2015/09/24 10:40:30 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/07/30 13:38:28 | 000,100,864 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\AntiRansomware2.0\****rvice.exe
PRC - [2009/04/11 01:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/19 01:33:14 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe


========== Modules (No Company Name) ==========

MOD - [2006/12/12 12:04:00 | 000,061,440 | ---- | M] () -- C:\WINDOWS\System32\igfxTMM.dll
MOD - [2006/12/12 12:01:48 | 000,077,824 | ---- | M] () -- C:\WINDOWS\System32\hccutils.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (STacSV)
SRV - [2016/05/14 22:19:03 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/04/19 02:09:52 | 000,146,888 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/01/29 18:44:58 | 000,292,816 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2016/01/29 18:44:56 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2015/12/07 15:24:12 | 000,065,296 | ---- | M] (Greatis Software, LLC) [Disabled | Stopped] -- C:\Program Files\BootRacer\BootRacerServ.exe -- (BootRacerServ)
SRV - [2015/09/24 10:40:30 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/07/30 13:38:28 | 000,100,864 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\AntiRansomware2.0\****rvice.exe -- (AntiRansomwareService)
SRV - [2009/04/11 01:28:22 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/04/11 01:28:22 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/04/11 01:28:18 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/01/19 01:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 01:33:14 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (IISADMIN)


========== Driver Services (SafeList) ==========

DRV - [2016/05/17 10:29:35 | 000,040,304 | ---- | M] (Greatis Software) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\System32\drivers\Partizan.sys -- (Partizan)
DRV - [2015/11/13 08:50:26 | 000,104,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2014/08/18 22:07:06 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\npf.sys -- (npf)
DRV - [2013/06/08 17:28:41 | 000,015,776 | R--- | M] (<company name here>) [Kernel | System | Running] -- C:\Program Files\AntiRansomware2.0\HookDriver32.sys -- (KbHook)
DRV - [2009/04/10 23:45:26 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/01/19 00:08:50 | 000,126,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mqac.sys -- (MQAC)
DRV - [2006/11/02 02:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw2v32.sys -- (NETw2v32)
DRV - [1999/12/31 19:00:00 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\stwrt.sys -- (STHDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{47B50246-2234-4B64-AAB2-296D71F49BDE}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A8CE798-58AC-47A5-A718-6335B9D1F4D8}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename.US: "Google"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..extensions.enabledAddons: firefoxaddon%40youtubeenhancer.com:4.1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:46.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.79.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.79.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2016/04/06 16:08:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MrBreeze\AppData\Roaming\Mozilla\Extensions
[2016/05/15 17:06:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\Profiles\8t3xh1at.default-1461110741824\extensions
[2016/05/01 14:19:24 | 000,658,177 | ---- | M] () (No name found) -- C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\Profiles\8t3xh1at.default-1461110741824\extensions\firefoxaddon@youtubeenhancer.com.xpi
[2016/05/15 17:06:23 | 001,656,045 | ---- | M] () (No name found) -- C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\Profiles\8t3xh1at.default-1461110741824\features\{4582f8fc-c01e-413d-8374-972442400fd3}\loop@mozilla.org.xpi
[2016/04/30 17:03:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions

========== Chrome ==========

CHR - Extension: No name found = C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\
CHR - Extension: No name found = C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2016/05/23 11:53:34 | 000,000,855 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BootRacer = "C:\Program Files\BootRacer\Bootrace.exe" /2 (Greatis Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5304D28-2BFF-47C8-89B2-44ED34F77672}: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\System32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\em1_wide.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\em1_wide.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2016/05/21 12:07:05 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2016/05/21 12:07:05 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (Partizan)
O34 - HKLM BootExecute: (ootExecute settings...)
O34 - HKLM BootExecute: (on\E)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: CCleaner Monitoring - hkey= - key= - C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found
MsConfig - State: "startup" - 0
MsConfig - State: "services" - 0
MsConfig - State: "bootini" - 0

CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2016/05/23 12:18:04 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2016/05/23 12:02:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2016/05/21 12:07:05 | 000,000,000 | RHSD | C] -- C:\comment.htt
[2016/05/21 12:07:05 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2016/05/19 17:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AntiRansomware
[2016/05/19 17:37:06 | 000,000,000 | ---D | C] -- C:\Program Files\AntiRansomware2.0
[2016/05/18 20:38:49 | 000,000,000 | ---D | C] -- C:\e735d206fef05299b92e9a0a60a4a2df
[2016/05/18 11:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2016/05/18 11:07:24 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\AppData\Local\NeoSmart_Technologies
[2016/05/18 11:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\NeoSmart Technologies
[2016/05/17 13:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\BootRacer
[2016/05/17 13:40:14 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BootRacer
[2016/05/17 13:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\BootRacer
[2016/05/17 12:18:01 | 000,000,000 | ---D | C] -- C:\@RestoreQuarantine
[2016/05/17 12:13:35 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\Documents\RegRun2
[2016/05/17 11:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2016/05/17 10:29:35 | 000,040,304 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
[2016/05/17 10:29:13 | 000,049,968 | ---- | C] (Greatis Software) -- C:\Windows\System32\partizan.exe
[2016/05/17 10:29:13 | 000,012,808 | ---- | C] (Greatis Software, LLC.) -- C:\Windows\System32\drivers\UnHackMeDrv.sys
[2016/05/17 10:29:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
[2016/05/17 10:29:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2016/05/17 10:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2016/05/15 22:15:53 | 000,000,000 | ---D | C] -- C:\MATS
[2016/05/14 21:40:12 | 000,000,000 | ---D | C] -- C:\RegBackup
[2016/05/14 19:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2016/05/14 19:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2016/05/14 14:14:35 | 000,000,000 | ---D | C] -- C:\014e2b9b0cb56244da54
[2016/05/13 22:31:35 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\AppData\Roaming\Free Windows Cleanup Tool
[2016/05/13 22:17:50 | 000,000,000 | ---D | C] -- C:\Program Files\Free Windows Cleanup Tool
[2016/05/11 12:59:19 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\AppData\Local\Microsoft Corporation
[2016/05/11 12:57:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2016/05/11 00:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
[2016/05/11 00:48:03 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Kits
[2016/05/11 00:27:59 | 000,000,000 | ---D | C] -- C:\45c1271dcf3c91039f5075bf13b8
[2016/05/11 00:16:14 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-eventing-provider-l1-1-0.dll
[2016/05/11 00:16:13 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-string-l1-1-0.dll
[2016/05/11 00:16:13 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-runtime-l1-1-0.dll
[2016/05/11 00:16:13 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-process-l1-1-0.dll
[2016/05/11 00:16:13 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2016/05/11 00:16:13 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-utility-l1-1-0.dll
[2016/05/11 00:16:13 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
[2016/05/11 00:16:13 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/05/11 00:16:13 | 000,011,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2016/05/11 00:16:12 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2016/05/11 00:16:12 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2016/05/11 00:16:12 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-locale-l1-1-0.dll
[2016/05/11 00:16:12 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-timezone-l1-1-0.dll
[2016/05/11 00:16:12 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l2-1-0.dll
[2016/05/11 00:16:11 | 000,022,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-math-l1-1-0.dll
[2016/05/11 00:16:11 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-stdio-l1-1-0.dll
[2016/05/11 00:16:11 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-time-l1-1-0.dll
[2016/05/11 00:16:11 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2016/05/11 00:16:11 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l2-1-0.dll
[2016/05/11 00:16:11 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2016/05/11 00:16:10 | 000,015,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2016/05/11 00:16:10 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-2-0.dll
[2016/05/11 00:16:10 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-conio-l1-1-0.dll
[2016/05/11 00:16:10 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2016/05/11 00:16:10 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2016/05/11 00:16:10 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-2-0.dll
[2016/05/11 00:16:10 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2016/05/11 00:16:10 | 000,011,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2016/05/11 00:16:09 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-filesystem-l1-1-0.dll
[2016/05/11 00:16:09 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2016/05/11 00:16:09 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-1.dll
[2016/05/11 00:16:09 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2016/05/11 00:16:09 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2016/05/11 00:16:09 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2016/05/11 00:16:09 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2016/05/11 00:16:09 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2016/05/11 00:16:08 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ucrtbase.dll
[2016/05/11 00:16:08 | 000,064,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-private-l1-1-0.dll
[2016/05/11 00:16:08 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-multibyte-l1-1-0.dll
[2016/05/11 00:16:08 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-convert-l1-1-0.dll
[2016/05/11 00:16:08 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2016/05/11 00:16:07 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-heap-l1-1-0.dll
[2016/05/11 00:16:07 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-environment-l1-1-0.dll
[2016/05/10 23:49:45 | 000,000,000 | ---D | C] -- C:\f8756be26704d6375b
[2016/05/10 21:58:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2016/05/10 21:30:40 | 000,000,000 | ---D | C] -- C:\3f4e9cf4d9e08247aa4cee1f5530aae2
[2016/05/10 19:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Linksys
[2016/05/10 15:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2016/05/10 15:10:15 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2016/05/10 14:17:06 | 000,000,000 | ---D | C] -- C:\5301576e678fd2fa2e2aa69a
[2016/05/10 12:33:56 | 000,000,000 | ---D | C] -- C:\363c9100431405d757f164504b44b3
[2016/05/09 20:27:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2016/05/09 18:50:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2016/05/09 18:50:10 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2016/05/09 18:50:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2016/05/09 18:50:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2016/05/09 18:50:10 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2016/05/09 18:50:08 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2016/05/09 18:50:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2016/05/09 18:50:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2016/05/09 15:55:22 | 000,000,000 | ---D | C] -- C:\0a1001c89f3b239d3475be
[2016/05/09 15:54:25 | 000,000,000 | ---D | C] -- C:\2864a3bde3417dce53
[2016/05/09 15:34:07 | 000,000,000 | ---D | C] -- C:\2e8b7eb3789d47c85dbc6550f7bfdd
[2016/05/09 15:24:54 | 000,000,000 | ---D | C] -- C:\85657cc307c2c2950456e2a53dd9
[2016/05/09 15:14:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2016/05/09 15:13:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2016/05/09 15:13:07 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2016/05/09 15:13:07 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2016/05/09 15:13:07 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2016/05/09 15:13:07 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2016/05/09 15:13:06 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2016/05/09 15:13:06 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2016/05/09 15:13:06 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2016/05/09 15:13:06 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2016/05/09 15:13:05 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2016/05/09 15:13:05 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2016/05/09 15:13:00 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2016/05/09 15:13:00 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2016/05/09 15:13:00 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2016/05/09 15:13:00 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2016/05/09 15:13:00 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2016/05/09 14:57:45 | 000,000,000 | ---D | C] -- C:\8982676cb56719e6fe2d
[2016/05/09 14:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\System Center Management Packs
[2016/05/09 14:39:03 | 000,000,000 | ---D | C] -- C:\1caa2eb2aa29805efa71a692d6
[2016/05/09 14:25:12 | 000,000,000 | ---D | C] -- C:\67992b0c538fc68d8ce033b42355f22d
[2016/05/09 14:16:52 | 000,000,000 | ---D | C] -- C:\cdd8b0bbb85dd7b28587f21374e4
[2016/05/09 14:11:18 | 000,000,000 | ---D | C] -- C:\57f000e9cab0ddf471524202b20ced86
[2016/05/09 12:37:59 | 000,000,000 | ---D | C] -- C:\d35e88c072bf443f21aefbfe
[2016/05/09 09:46:49 | 000,000,000 | ---D | C] -- C:\315da4eee26b07004c10
[2016/05/09 09:41:31 | 000,000,000 | ---D | C] -- C:\e5d31c9f4f5127f6ab293f74c1a8
[2016/05/09 09:33:10 | 000,000,000 | ---D | C] -- C:\extensions
[2016/05/07 21:38:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2016/05/07 21:38:59 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\AppData\Local\temp
[2016/05/06 18:17:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2016/05/06 18:17:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2016/05/06 18:17:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2016/05/06 17:36:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2016/05/06 16:36:20 | 000,000,000 | ---D | C] -- C:\e5820a70fa4055a3b15ef6ca0a2d
[2016/05/05 00:38:43 | 000,305,928 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2016/05/05 00:38:09 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 1.0
[2016/05/05 00:07:04 | 000,000,000 | ---D | C] -- C:\2027ee003d019dc954
[2016/05/04 21:39:47 | 000,170,200 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2016/05/04 21:39:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2016/05/04 21:38:53 | 000,126,336 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2016/05/04 21:38:53 | 000,053,120 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2016/05/04 21:38:53 | 000,024,448 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbam.sys
[2016/05/04 21:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2016/05/04 21:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2016/05/04 21:18:47 | 000,000,000 | ---D | C] -- C:\c8232c9ebdb6f23555
[2016/05/04 17:47:49 | 000,000,000 | ---D | C] -- C:\a58f5c84d86ff96704d573e276ad
[2016/05/04 15:31:23 | 000,000,000 | ---D | C] -- C:\28773a4392015d3dc5
[2016/05/04 14:51:48 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2016/05/04 14:12:42 | 000,000,000 | ---D | C] -- C:\c93aa2887dfda75c3b6b
[2016/05/04 14:07:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\msmq
[2016/05/03 14:38:54 | 000,050,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-SQLAgent$MICROSOFTSCM-sqlagtctr10.0.1600.22.dll
[2016/05/03 14:31:34 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2016/05/03 14:30:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2016/05/01 18:53:50 | 000,000,000 | ---D | C] -- C:\eca9077219a1b39d66300fc0df
[2016/05/01 18:44:59 | 000,000,000 | ---D | C] -- C:\0c2d5e12c4552d7d058d46843e
[2016/05/01 17:51:49 | 000,000,000 | ---D | C] -- C:\93e6572aa4830c19a53d6bdb
[2016/04/30 16:22:07 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\AppData\Roaming\AVAST Software
[2016/04/29 22:51:04 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\AppData\Local\ElevatedDiagnostics
[2016/04/29 22:39:52 | 000,000,000 | ---D | C] -- C:\01aaf2a69cb5d2beca40
[2016/04/29 22:30:03 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2016/04/29 22:25:27 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2016/04/29 22:25:26 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2016/04/29 22:25:26 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2016/04/29 22:25:26 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2016/04/29 22:25:25 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2016/04/29 22:25:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2016/04/29 22:25:24 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2016/04/29 22:25:24 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2016/04/29 22:25:24 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2016/04/29 22:25:24 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2016/04/29 22:25:24 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2016/04/29 22:25:23 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2016/04/29 22:25:23 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2016/04/29 22:25:23 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2016/04/29 22:25:23 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2016/04/29 22:25:23 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2016/04/29 22:25:22 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2016/04/29 22:25:22 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2016/04/29 22:25:22 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2016/04/29 22:25:20 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2016/04/29 22:25:20 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2016/04/29 22:25:20 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admp****.dll
[2016/04/29 22:25:20 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2016/04/29 22:25:19 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2016/04/29 22:25:19 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2016/04/29 22:25:18 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2016/04/29 22:25:18 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2016/04/29 22:25:18 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2016/04/29 22:25:18 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2016/04/29 21:50:53 | 000,000,000 | ---D | C] -- C:\2de5ecb5eb1f30c5571f293ed367
[2016/04/29 19:48:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2016/04/29 19:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2016/04/29 19:45:01 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\AppData\Local\Google
[2016/04/29 19:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2016/04/24 16:49:10 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\AppData\Local\Bazwise
[2016/04/24 16:49:09 | 000,000,000 | ---D | C] -- C:\Users\MrBreeze\AppData\Roaming\Bazwise
[2016/04/24 15:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2016/05/23 12:03:50 | 000,659,212 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2016/05/23 12:03:50 | 000,123,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2016/05/23 12:01:48 | 000,000,728 | ---- | M] () -- C:\Users\Public\Documents\bootracer.ini
[2016/05/23 11:59:22 | 000,004,800 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2016/05/23 11:59:21 | 000,004,800 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2016/05/23 11:58:39 | 000,293,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2016/05/23 11:58:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/05/23 11:53:34 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2016/05/22 22:08:18 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_183
[2016/05/22 12:50:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\procdump
[2016/05/20 12:27:35 | 000,001,952 | ---- | M] () -- C:\Users\MrBreeze\Desktop\Tweaking.com - Windows Repair.lnk
[2016/05/20 12:04:58 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_408
[2016/05/20 11:35:05 | 000,000,550 | ---- | M] () -- C:\Windows\tasks\Tweaking.com - Windows Repair Tray Icon.job
[2016/05/20 09:33:16 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_570
[2016/05/19 17:44:04 | 000,209,432 | ---- | M] () -- C:\Windows\RegBootClean.exe
[2016/05/18 12:39:33 | 000,040,960 | ---- | M] () -- C:\Users\Public\Documents\bootracer.his
[2016/05/18 11:07:50 | 000,024,576 | ---- | M] () -- C:\Users\MrBreeze\Documents\EasyBCD Backup (2016-05-18).bcd
[2016/05/17 13:15:53 | 000,000,804 | ---- | M] () -- C:\Users\MrBreeze\Desktop\UnHackMe.lnk
[2016/05/17 10:29:35 | 000,040,304 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
[2016/05/17 10:29:32 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2016/05/17 10:29:32 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2016/05/17 10:29:32 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2016/05/16 10:14:05 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_366
[2016/05/15 23:35:42 | 000,170,200 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2016/05/15 23:19:24 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_286
[2016/05/15 21:50:10 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_527
[2016/05/15 16:25:04 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_19
[2016/05/14 22:19:03 | 000,797,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2016/05/14 22:19:03 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2016/05/14 22:10:22 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_584
[2016/05/14 21:40:16 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-MRBREEZE-PC-Windows-Vista-(TM)-Home-Basic-(32-bit).dat
[2016/05/14 19:33:12 | 000,001,952 | ---- | M] () -- C:\Users\MrBreeze\Application Data\Microsoft\Internet Explorer\Quick Launch\Tweaking.com - Windows Repair.lnk
[2016/05/12 21:46:57 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2016/05/12 16:28:35 | 000,000,680 | ---- | M] () -- C:\Users\MrBreeze\AppData\Local\d3d9caps.dat
[2016/05/11 12:57:35 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2016/05/10 19:08:29 | 008,697,832 | ---- | M] () -- C:\Users\MrBreeze\Documents\E_Series_UG_E900Rev_3425-01486_Web.pdf
[2016/05/09 15:41:03 | 000,000,794 | ---- | M] () -- C:\Users\MrBreeze\Desktop\D2D5DEM1 - Shortcut.lnk
[2016/05/09 14:57:34 | 002,162,688 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2016/05/09 14:57:33 | 000,114,688 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2016/05/09 14:57:33 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2016/05/09 09:44:41 | 000,065,536 | ---- | M] () -- C:\Windows\SPInstall.etl
[2016/05/07 21:32:07 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_338
[2016/05/05 01:30:03 | 000,000,010 | ---- | M] () -- C:\Users\MrBreeze\AppData\Local\sponge.last.runtime.cache
[2016/05/05 01:17:46 | 000,293,082 | ---- | M] () -- C:\Users\MrBreeze\AppData\Local\census.cache
[2016/05/05 01:17:37 | 000,297,382 | ---- | M] () -- C:\Users\MrBreeze\AppData\Local\ars.cache
[2016/04/29 22:30:28 | 000,000,943 | ---- | M] () -- C:\Users\MrBreeze\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2016/04/29 22:26:07 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2016/04/29 22:26:07 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2016/04/29 22:25:27 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2016/04/29 22:25:26 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2016/04/29 22:25:26 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2016/04/29 22:25:26 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2016/04/29 22:25:25 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2016/04/29 22:25:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2016/04/29 22:25:24 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2016/04/29 22:25:24 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2016/04/29 22:25:24 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2016/04/29 22:25:24 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2016/04/29 22:25:24 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2016/04/29 22:25:23 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2016/04/29 22:25:23 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2016/04/29 22:25:23 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2016/04/29 22:25:23 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2016/04/29 22:25:23 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2016/04/29 22:25:23 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2016/04/29 22:25:22 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2016/04/29 22:25:22 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2016/04/29 22:25:22 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2016/04/29 22:25:20 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2016/04/29 22:25:20 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2016/04/29 22:25:20 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admp****.dll
[2016/04/29 22:25:20 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2016/04/29 22:25:19 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2016/04/29 22:25:19 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2016/04/29 22:25:18 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2016/04/29 22:25:18 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2016/04/29 22:25:18 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2016/04/29 22:25:18 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2016/04/29 19:52:09 | 000,001,995 | ---- | M] () -- C:\Users\MrBreeze\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2016/04/29 19:48:11 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2016/04/26 13:28:57 | 000,005,120 | ---- | M] () -- C:\Users\MrBreeze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2016/04/24 15:08:05 | 013,332,480 | ---- | M] () -- C:\Users\MrBreeze\Documents\libva-intel-driver-1.7.0.tar
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2016/05/22 12:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\procdump
[2016/05/20 11:32:24 | 000,293,288 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2016/05/19 17:44:03 | 000,209,432 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2016/05/18 11:07:49 | 000,024,576 | ---- | C] () -- C:\Users\MrBreeze\Documents\EasyBCD Backup (2016-05-18).bcd
[2016/05/17 13:43:42 | 000,040,960 | ---- | C] () -- C:\Users\Public\Documents\bootracer.his
[2016/05/17 13:40:19 | 000,000,728 | ---- | C] () -- C:\Users\Public\Documents\bootracer.ini
[2016/05/17 13:15:53 | 000,000,804 | ---- | C] () -- C:\Users\MrBreeze\Desktop\UnHackMe.lnk
[2016/05/17 10:29:32 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2016/05/14 21:40:16 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-MRBREEZE-PC-Windows-Vista-(TM)-Home-Basic-(32-bit).dat
[2016/05/14 19:33:12 | 000,001,952 | ---- | C] () -- C:\Users\MrBreeze\Application Data\Microsoft\Internet Explorer\Quick Launch\Tweaking.com - Windows Repair.lnk
[2016/05/14 19:29:49 | 000,001,952 | ---- | C] () -- C:\Users\MrBreeze\Desktop\Tweaking.com - Windows Repair.lnk
[2016/05/14 19:29:49 | 000,000,550 | ---- | C] () -- C:\Windows\tasks\Tweaking.com - Windows Repair Tray Icon.job
[2016/05/11 12:57:35 | 000,001,996 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2016/05/11 12:57:35 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2016/05/10 19:08:27 | 008,697,832 | ---- | C] () -- C:\Users\MrBreeze\Documents\E_Series_UG_E900Rev_3425-01486_Web.pdf
[2016/05/10 15:11:32 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2016/05/09 15:41:03 | 000,000,794 | ---- | C] () -- C:\Users\MrBreeze\Desktop\D2D5DEM1 - Shortcut.lnk
[2016/05/09 15:13:02 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2016/05/09 15:13:02 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2016/05/09 15:13:02 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2016/05/09 09:30:46 | 000,457,799 | ---- | C] () -- C:\Users\MrBreeze\Desktop\Windows6.0-KB2889748-x86.msu
[2016/05/09 09:30:25 | 000,457,799 | ---- | C] () -- C:\Windows6.0-KB2889748-x86.msu
[2016/05/06 18:17:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2016/05/06 18:17:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2016/05/06 18:17:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2016/05/06 18:17:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2016/05/06 18:17:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2016/05/01 17:50:16 | 000,230,241 | ---- | C] () -- C:\Users\MrBreeze\Documents\Windows6.0-KB2743187-v2-x86.msu
[2016/04/29 22:25:23 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2016/04/29 19:48:11 | 000,001,995 | ---- | C] () -- C:\Users\MrBreeze\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2016/04/29 19:48:11 | 000,001,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[2016/04/29 19:48:11 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2016/04/24 16:51:12 | 013,332,480 | ---- | C] () -- C:\Users\MrBreeze\Documents\libva-intel-driver-1.7.0.tar
[2016/04/22 16:16:36 | 000,633,199 | ---- | C] () -- C:\Users\MrBreeze\Windows6.0-KB2889748-x64.msu
[2016/04/22 16:16:22 | 000,457,799 | ---- | C] () -- C:\Users\MrBreeze\Windows6.0-KB2889748-x86.msu
[2016/04/21 13:49:44 | 000,293,082 | ---- | C] () -- C:\Users\MrBreeze\AppData\Local\census.cache
[2016/04/21 13:49:27 | 000,297,382 | ---- | C] () -- C:\Users\MrBreeze\AppData\Local\ars.cache
[2016/04/19 01:48:29 | 000,000,010 | ---- | C] () -- C:\Users\MrBreeze\AppData\Local\sponge.last.runtime.cache
[2016/04/19 01:19:51 | 000,000,036 | ---- | C] () -- C:\Users\MrBreeze\AppData\Local\housecall.guid.cache
[2016/04/17 11:07:12 | 000,000,680 | ---- | C] () -- C:\Users\MrBreeze\AppData\Local\d3d9caps.dat
[2016/04/09 16:05:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2016/04/09 16:04:15 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2016/04/09 16:04:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2016/04/05 18:11:22 | 000,005,120 | ---- | C] () -- C:\Users\MrBreeze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2016/04/05 13:06:59 | 000,000,004 | ---- | C] () -- C:\Windows\Pix11.dat
[2014/08/18 22:07:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll

========== ZeroAccess Check ==========

[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/04/11 01:28:26 | 011,584,000 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\system32\wbem\fastprox.dll -- [2009/04/11 01:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = c:\windows\system32\wbem\wbemess.dll -- [2009/04/11 01:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/11/17 01:04:53 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2016/05/23 11:58:23 | 3203,399,680 | -HS- | M] () -- C:\pagefile.sys
[2016/04/05 13:05:56 | 000,000,163 | ---- | M] () -- C:\power2go.log
[2016/04/05 12:55:54 | 000,000,002 | RHS- | M] () -- C:\USER
[2014/04/10 13:05:18 | 000,457,799 | ---- | M] () -- C:\Windows6.0-KB2889748-x86.msu

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\* >
[2016/04/09 15:50:18 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2016/04/19 02:09:35 | 000,887,152 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2016/04/19 02:09:35 | 000,887,152 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2016/04/19 02:09:35 | 000,887,152 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2016/04/19 02:10:02 | 000,392,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2016/04/19 02:10:02 | 000,392,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2016/04/19 02:10:02 | 000,392,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2016/04/06 05:05:03 | 000,874,648 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2016/04/06 05:05:03 | 000,874,648 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2016/04/06 05:05:03 | 000,874,648 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2016/04/06 05:05:03 | 000,874,648 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2016/04/29 22:25:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2016/04/29 22:25:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2016/04/29 22:25:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/10/13 05:49:16 | 000,757,488 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2013/10/13 05:49:16 | 000,757,488 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2016/04/19 02:09:35 | 000,887,152 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2016/04/19 02:09:35 | 000,887,152 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2016/04/19 02:09:35 | 000,887,152 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2016/04/19 02:10:02 | 000,392,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2016/04/19 02:10:02 | 000,392,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2016/04/19 02:10:02 | 000,392,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2016/04/06 05:05:03 | 000,874,648 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2016/04/06 05:05:03 | 000,874,648 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2016/04/06 05:05:03 | 000,874,648 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2016/04/06 05:05:03 | 000,874,648 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2016/04/29 22:25:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2016/04/29 22:25:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2016/04/29 22:25:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/10/13 05:49:16 | 000,757,488 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2013/10/13 05:49:16 | 000,757,488 | ---- | M] (Microsoft Corporation)


< End of report >

 

[SPSpellman]

 

[Starbuck]

Hi Scott,

I've sorted out why you couldn't reply to the previous moved thread.......
Normal members can only reply to their own thread in the Malware Removal forum, they can't reply to another members thread.
When I split the posts away from the original thread I forgot that one of my posts was the first one..... this made me the original poster of the thread.
I should have made one of your posts the first one.

You should be able to reply to this thread without a problem now.

The FRST fix ran ok.
Otl searches for slightly different things, that's why I wanted to see the reports.
There's nothing there that we didn't already know.
Thanks any way.

Can you give me an update on how the system is running now.
Sorry about that.

 

[SPSpellman]

"Windows Could Not Search for Updates" still getting this. Otherwise Starting the PC has been hit and miss.I think the RAM modules may be compatible the PC starts every morning.I'm afraid to use F10 to boot into safe mode the last few time it wouldn't let me.I can use F8 and get in that way.I was looking at the BIOS to attempt to understand.After using Speccy to locate the correct version and motherboard I went to Intel ,found the board BIOS for my motherboard/Chip set it is now dated 2006 the updated BIOS is dated 2007 I downloaded and ran it and it said it was not for my machine.After deleting the the suggested programs the PC is quieter and seems a lot better.I ran ADWare and found zero problems ran Malwarebytes and zero problems.What is your opinion on CCleaner? after running the cleaner I ran the Registry cleaner and did not delete all the files it found.The majority of which were described as invalid firewall rules: Scott

 

[Starbuck]

Hi Scott,

I'm afraid to use F10 to boot into safe mode the last few time it wouldn't let me.I can use F8 and get in that way.

Using the F8 key is a recognized way of entering Safe Mode.
So F8 is fine.

After using Speccy to locate the correct version and motherboard I went to Intel ,found the board BIOS for my motherboard/Chip set it is now dated 2006 the updated BIOS is dated 2007 I downloaded and ran it and it said it was not for my machine

Running a bios upgrade is fraught with danger.
It's so easy to mess up the bios doing this and unless you are experienced, it's not recommended.

After deleting the the suggested programs the PC is quieter and seems a lot better.

That's something then.

I ran ADWare and found zero problems ran Malwarebytes and zero problems

That's good.
I don't see that the problems you are experiencing are malware related.
The problems are either a conflict with software or file corruption.

What is your opinion on CCleaner? after running the cleaner I ran the Registry cleaner and did not delete all the files it found

CCleaner does have its uses, but I recommend staying away from the Registry section.
Although you may be told that the entries are invalid.... I'd take that with a pinch of salt.
Look on the registry as the 'Heart' of your system.
If you mess that up, you could kill your system.
The registry is quite robust and a few invalid entries won't make any difference.

I see that you have 'Windows Repair' (Tweaking.com) installed.
What options have you run with this program?
Have you run any repairs from the 'Repair' section?
It is a good program and one that we can use...... but I don't want to duplicate anything that you have already run.

 

[SPSpellman]

Man alive..ridiculous problems abound ,now. This AM cold start refused to start. ran Repair (1) root cause. Started up. Avast no longer runs and when I try to set it to Start Automatically or ANY other settings in Services it says Access Denied.#2 Second, I have No Restore points .I cannot use System Restore at all. I eventually get " Catastrophic Failure" 0x8000FFFF IN Safe Mode Command Prompt Run As Administrator sfc /scannow I get " Windows Resource Protection Could bot perform the requested operation". I read on line that with Command Prompt I should activate the Administrator so I did that yesterday with command prompt ...Now I have three user accounts when it starts..Administrator, MrBreeze and Scott.A Tech sales guy said he would send 5300 unbufferd RAM modules that was the suggested modules from the "Crucial scan" The date that Avast was Stopped was today at 1:05 PM..Im lost. Feels like I have zero control over this PC. Im thinking about re running Tweaking.coms latest version I donated $5.00 bucks yes I first ran it from disconnected power up into Safe Mode with Networking ran all the Repairs unchecked the Windows 8 10 boxes..I am overwhelmed. I have run Windows Repair two times in about 3 weeks but that was before I used the command prompt and opened up an Administrator user . Windows Repair was set to run on my Recovery partition disk D I pray that that was not infected or messed up.:confused2:

 

[Starbuck]

Hi Scott,

To be honest, with all the problems you are encountering.... now would be the time to consider a re-install of the OS.

 

[SPSpellman]

Hi Scott,

To be honest, with all the problems you are encountering.... now would be the time to consider a re-install of the OS.

Only this morning I had no problem starting it .It booted right up without a hitch. I am concerned about Windows Update showing no updates when I used recovery drive D the updates ran constantly. Can I be confident drive D has not been negatively effected by Tweaking.com All In One Repairs ? I do not have a or even understand how to create a recovery disk. Because this AM it booted and started without any problems showing is it safe "yet" to assume the RAM modules are the correct ones after one good start up ? Again, I can get the Crucial type modules as described in the scan. We will have to wait for them to come in the mail usually 3 business days. Thank you so much,Scott

 

[Starbuck]

Hi Scott,

is it safe "yet" to assume the RAM modules are the correct ones after one good start up ?

Incorrect Ram can cause all sorts of problems.... but I'd have thought that these problems would have been on going... not intermittent.
By all means wait for the correct Ram ( not sure why they didn't send the correct Ram to start with )

I am concerned about Windows Update showing no updates when I used recovery drive D the updates ran constantly. Can I be confident drive D has not been negatively effected by Tweaking.com All In One Repairs ?

So what exactly do you store on Drive D?

 

[SPSpellman]

D has Vista Home Basic restore 2006 , an old version of everything ,IE, and other outdated software I removed when my Dell 4600 hard drive crashed.

 

[Starbuck]

So if the problem isn't related to the Ram, you could run a reinstall from the restore... if needed?

 

[SPSpellman]

So if the problem isn't related to the Ram, you could run a reinstall from the restore... if needed?

 

[KenB]

Starbuck is on holiday for a while - I am sure he will pick this up on his return

 

[SPSpellman]

Thanks. I'd like to add, the Network settings and all that implies and includes are of great concern to me not having set them correctly.

 

[Starbuck]

Hi Scott,

Sorry for the delay.

The error code 80073712 may occur if the Component-Based Servicing (CBS) manifest is corrupted.
Try running the System Update Readiness tool and see if that corrects the issue.

 

[SPSpellman]

Installed it. Not sure it ran. I don't know how to run it manually. Nevertheless Windows Update fails. I do however have the correct RAM and there are no startup problems whatsoever and THANK YOU for resolving that issue. Maybe because I have Vista SP2 that all the available updates are installed ? Upgrading to Windows 7 Premium is what I would like to do being certain that would install without issues. Also, I would like to at some point address the network settings everywhere I have access and control that effects me.

 

[Starbuck]

Hi Scott,

Maybe because I have Vista SP2 that all the available updates are installed ?

Mainstream support for Vista finished on April 10, 2012.
The extended life support finishes next year....April 11th 2017
This means that there are no normal updates for Vista, only security fixes until end of life support.
After April next year M$ will no longer support Vista at all.

I would like to at some point address the network settings everywhere I have access and control that effects me.

I'm not sure that I understand..... what exactly do you mean?

 

[SPSpellman]

"Local Area Connection Properties" starts with "Client for Microsoft" I have photos I would love to upload but no matter how I resize them they won't upload that show the settings.