• Welcome to Free PC Help, a free PC Help forum to get help with your computer problems.

    Free PC Help is a community that offers free computer help and support for all users, all ages, worldwide.

    In order to start asking questions or contribute on someone else's post you will first need to register. Don't worry - it's quick and easy and once you have registered you will have instant access to the entire forum.

    If you do decide to join the forums you will not have the option to send Private Messages [ PMs ] or add a Signature until you have made 5 posts or more. This is an attempt to try to stop Spammers using the PM system or adding links to their Signature.

  • Due to the complexity and risks involved our formally trained malware staff will be the only ones allowed to help with malware removal advice. Thank you.

Problem with Vista

  • Thread starter
  • Admin
  • #1

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Location
Midlands, UK
PC Experience
Very Experienced
Hi Scott,

Ok, let's take a look at your system and see if anything throws some light on this.

As you are running a 32bit system..........

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.


  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator


  • When the tool opens click Yes to disclaimer.


  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.


  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.


If anything needs addressing I'll move the thread to the malware removal forum.
 

SPSpellman

Free PC Help Contributor
Joined
May 23, 2016
Location
Missouri
PC Experience
Some Experience
Additional scan result of Farbar Recovery Scan Tool (x86) Version:13-06-2016
Ran by MrBreeze (2016-06-13 16:15:31)
Running from C:\Users\MrBreeze\Downloads
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) (2016-04-05 20:52:52)
Boot Mode: Normal
==========================================================




==================== Accounts: =============================


Administrator (S-1-5-21-67880207-1905697065-243471585-500 - Administrator - Disabled)
Guest (S-1-5-21-67880207-1905697065-243471585-501 - Limited - Enabled)
MrBreeze (S-1-5-21-67880207-1905697065-243471585-1000 - Administrator - Enabled) => C:\Users\MrBreeze
Scott (S-1-5-21-67880207-1905697065-243471585-1005 - Limited - Enabled) => C:\Users\Scott


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


Ace Utilities (HKLM\...\Ace Utilities_is1) (Version: 6.1.0 - Acelogix Software)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Application Compatibility Toolkit (Version: 8.100.26641 - Microsoft) Hidden
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.2.2262 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
eMachines Recovery Center Installer (HKLM\...\{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}) (Version: 1.01.009 - eMachines)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.)
Intel(R) Network Connections 15.3.68.0 (HKLM\...\PROSetDX) (Version: 15.3.68.0 - Intel)
Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Kits Configuration Installer (Version: 8.100.25984 - Microsoft) Hidden
Local Administrator Password Solution (HKLM\...\{3C5FA570-168B-47B2-A4C9-8B59FFC28459}) (Version: 6.0.1.0 - Microsoft Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SharePoint 2010 Products OpsMgr 2007 MP en-us (HKLM\...\{7F52C251-8EB6-410D-9E84-45E8E4993A48}) (Version: 1.0.0.0 - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Registry Backup and Restore (HKLM\...\Registry Backup and Restore_is1) (Version: - Acelogix)
SafeZone Stable 1.48.2066.101 (Version: 1.48.2066.101 - Avast Software) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5205.0 - SigmaTel)
SnapShot (HKLM\...\SnapShot_is1) (Version: 1.0.6 - Bluefive software)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Toolkit Documentation (Version: 8.100.26866 - Microsoft) Hidden
Trend Micro RUBotted 2.0 Beta (HKLM\...\{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1) (Version: 2.0.0.1034 - Trend Micro, Inc.)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.9.1 - Tweaking.com)
Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 7.1.0 - Shark007)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Assessment and Deployment Kit for Windows 8.1 (HKLM\...\{e9e06304-a604-434b-b35f-d9beb94dc06d}) (Version: 8.100.26866 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {04C5732E-E4CC-4AE5-B8BF-8A56247766EC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-05-13] (Piriform Ltd)
Task: {256B542C-44C2-420A-BEF2-DFC720B9990A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-02] (AVAST Software)
Task: {30D25F1F-0D94-4911-B53A-76B996003FE2} - \SlimCleaner Run -> No File <==== ATTENTION
Task: {355BBC34-14C1-4E46-8C24-6BCC98BB416E} - System32\Tasks\AceUtilsSkipUAC => C:\Program Files\Ace Utilities\au.exe [2015-11-11] (Acelogix Software)
Task: {84DF11BB-C896-4B4A-B1EB-665321A19DCD} - System32\Tasks\SafeZone scheduled Autoupdate 1464899852 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {8653F2CB-0149-46C6-9B05-16F95F65211B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-06-13] (Google Inc.)
Task: {97AD9CE5-9A4A-478B-B492-807826D83D71} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-14] (Adobe Systems Incorporated)
Task: {ACE55B44-2D02-455E-977F-27AD60C7BBFD} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ab3ad222f4 => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-06-13] (Google Inc.)
Task: {C8C9EA8E-C6EB-4870-9135-1BA9E59AA1F7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-06-13] (Google Inc.)
Task: {FE20FBFD-023A-4365-9632-BB2E6A821F53} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com
Task: C:\Windows\Tasks\User_Feed_Synchronization-{40FE53E5-E223-4404-89E5-29209F69C377}.job => C:\Windows\system32\msfeedssync.exe


==================== Shortcuts =============================


(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\MrBreeze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Desktop US Weather Radar.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=acnkplahjeepjhacnmooibhpmdgfilkf


==================== Loaded Modules (Whitelisted) ==============


2016-06-02 15:20 - 2016-06-02 15:20 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-06-02 15:20 - 2016-06-02 15:20 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-06-13 15:03 - 2016-06-13 15:03 - 02932736 _____ () C:\Program Files\AVAST Software\Avast\defs\16061301\algo.dll
2016-06-02 15:20 - 2016-06-02 15:20 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-06-02 15:20 - 2016-06-02 15:20 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-06-12 13:36 - 2010-08-24 19:06 - 00085840 _____ () C:\Program Files\Trend Micro\RUBotted\hc_help.dll
2016-06-02 15:20 - 2016-06-02 15:20 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)


AlternateDataStreams: C:\ProgramData\TEMP:E965A533 [111]


==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\12527038.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\94872584.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\12527038.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\94872584.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"


==================== Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)




==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)


IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\100***links.com -> 100***links.com


There are 4788 more sites.




==================== Hosts content: ===============================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2006-11-02 05:23 - 2016-06-12 12:19 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts


127.0.0.1 localhost


==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-67880207-1905697065-243471585-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\eM1_Wide.bmp
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.


==================== MSCONFIG/TASK MANAGER disabled items ==


(Currently there is no automatic fix for this section.)


MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide


==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
FirewallRules: [{F2202704-7932-45F5-8D2C-8AC0AF83D78A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Restore Points =========================




==================== Faulty Device Manager Devices =============


Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.




==================== Event log errors: =========================


Application errors:
==================
Error: (06/13/2016 04:04:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application FRST.exe, version 13.6.2016.0, time stamp 0x575efd24, faulting module FRST.exe, version 13.6.2016.0, time stamp 0x575efd24, exception code 0xc0000005, fault offset 0x000211de,
process id 0x119c, application start time 0xFRST.exe0.


Error: (06/13/2016 03:16:52 PM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.


Context: Application, SystemIndex Catalog


Error: (06/13/2016 03:14:54 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Program Files\HitmanPro\HitmanPro.exe Files\HitmanPro\HitmanPro.exe" ; Descripton = ȃȃȃȃဃဂဂဂ  ဂȂဃဂဂဂဂĂဃĂ Ă  ဂဂဂဂဂဂဂȂဃȂ Ȃă䠃ဂဂဂဂဂဂဂဂဂሂဃဂ。ဂဂဂဂᐂᐂဂሂဃဂဂᐂሂဃဂဂဂဂĂăăăăăăăăăăăăăăăăăăăăăăဃ褂; Hr = 0x80070057).


Error: (06/13/2016 03:00:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application hmpsched.exe, version 3.7.0.5, time stamp 0x5732f7ec, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000,
process id 0x520, application start time 0xhmpsched.exe0.


Error: (06/13/2016 02:23:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5, exception code 0xc0000005, fault offset 0x00034ca2,
process id 0x874, application start time 0xExplorer.EXE0.


Error: (06/12/2016 01:44:21 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Program Files\HitmanPro\HitmanPro.exe Files\HitmanPro\HitmanPro.exe" /scan:boot /quiet /quick; Descripton = Checkpoint by HitmanPro; Hr = 0x8000ffff).


Error: (06/12/2016 01:44:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.




Operation:
Gathering Writer Data
Executing Asynchronous Operation


Context:
Execution Context: Requestor
Current State: GatherWriterMetadata


Error: (06/12/2016 01:44:20 PM) (Source: VSS) (EventID: 34) (User: )
Description: Volume Shadow Copy Service error: The VSS event class is not registered. This will prevent any
VSS writers from receiving events. This may be caused due to a setup failure or as a result of an
application's installer or uninstaller.




Operation:
Gathering Writer Data
Executing Asynchronous Operation


Context:
Execution Context: Requestor
Current State: GatherWriterMetadata


Error: (06/12/2016 12:20:45 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.


Error: (06/12/2016 12:20:45 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c




System errors:
=============
Error: (06/13/2016 04:06:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it.




Error: (06/13/2016 03:46:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it.




Error: (06/13/2016 03:02:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it.




Error: (06/13/2016 12:09:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it.




Error: (06/12/2016 04:35:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it.




Error: (06/12/2016 04:25:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it.




Error: (06/12/2016 04:20:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it.




Error: (06/12/2016 04:10:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it.




Error: (06/12/2016 01:58:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it.




Error: (06/12/2016 01:46:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it.






CodeIntegrity:
===================================
Date: 2016-06-12 13:18:44.176
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-06-12 13:18:44.020
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-06-12 13:18:43.833
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-06-12 13:18:43.630
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-06-12 13:13:44.297
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-06-12 13:13:44.017
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-06-12 13:13:43.751
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-06-12 13:13:43.611
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-06-02 16:49:51.471
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-06-02 16:49:51.346
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.




==================== Memory info ===========================


Processor: Intel(R) Celeron(R) D CPU 3.33GHz
Percentage of memory in use: 32%
Total physical RAM: 2037.32 MB
Available physical RAM: 1372.96 MB
Total Virtual: 5989.39 MB
Available Virtual: 5262.32 MB


==================== Drives ================================


Drive c: () (Fixed) (Total:103.29 GB) (Free:75.21 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:8.5 GB) (Free:3.61 GB) NTFS ==>[system with boot components (obtained from drive)]


==================== MBR & Partition Table ==================


========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: B1E04F8A)
Partition 1: (Not Active) - (Size=8.5 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=103.3 GB) - (Type=07 NTFS)


==================== End of Addition.txt ============================I have 2 user accounts I ran on each.These are the Administrator User account "MrBreeze"
 

SPSpellman

Free PC Help Contributor
Joined
May 23, 2016
Location
Missouri
PC Experience
Some Experience
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-06-2016
Ran by MrBreeze (administrator) on MRBREEZE-PC (13-06-2016 16:14:42)
Running from C:\Users\MrBreeze\Downloads
Loaded Profiles: MrBreeze (Available Profiles: MrBreeze & Scott)
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
(Microsoft Corporation) C:\WINDOWS\System32\CISVC.EXE
(Microsoft Corporation) C:\WINDOWS\System32\inetsrv\inetinfo.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
(SigmaTel, Inc.) C:\WINDOWS\System32\stacsv.exe
(Microsoft Corporation) C:\WINDOWS\System32\mqtgsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe




==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7405752 2016-06-10] (AVAST Software)
HKLM\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [NoDriveAutoRun-] 0
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun-] 0
HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\Policies\Explorer: [NoDriveAutoRun-] 0
HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\Policies\Explorer: [NoDriveTypeAutoRun-] 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-06-02] (AVAST Software)


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 209.55.27.13
Tcpip\..\Interfaces\{B5304D28-2BFF-47C8-89B2-44ED34F77672}: [DhcpNameServer] 8.8.8.8 8.8.4.4 209.55.27.13


Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-67880207-1905697065-243471585-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3604
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-67880207-1905697065-243471585-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/
HKU\S-1-5-21-67880207-1905697065-243471585-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {47B50246-2234-4B64-AAB2-296D71F49BDE} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1000 -> {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1000 -> {47B50246-2234-4B64-AAB2-296D71F49BDE} URL =
SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1000 -> {6A8CE798-58AC-47A5-A718-6335B9D1F4D8} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-02] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-02] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-02] (Oracle Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)


FireFox:
========
FF ProfilePath: C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\Profiles\8t3xh1at.default-1461110741824
FF DefaultSearchEngine.US: Google
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-14] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-02] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-13] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\Profiles\8t3xh1at.default-1461110741824\user.js [2016-06-07]
FF Extension: YouTube™ Enhancer Plus - C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\Profiles\8t3xh1at.default-1461110741824\extensions\firefoxaddon@youtubeenhancer.com.xpi [2016-05-01]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-02]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-06-02]


Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://www.google.de/search?q={searchTerms}?trackid=sp-006
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSuggestURL: Default -> hxxps://www.google.com/complete/search?client=chrome&q={searchTerms}
CHR Profile: C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2016-06-13]
CHR Extension: (Desktop US Weather Radar) - C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\acnkplahjeepjhacnmooibhpmdgfilkf [2016-06-13]
CHR Extension: (Google Drive) - C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-13]
CHR Extension: (Avast SafePrice) - C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-06-13]
CHR Extension: (Avast Online Security) - C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-13]
CHR Extension: (Poppit!) - C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2016-06-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MrBreeze\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-13]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-06-02]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-06-02]


==================== Services (Whitelisted) ========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-02] (AVAST Software)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [113632 2016-06-05] (SurfRight B.V.)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2008-01-19] (Microsoft Corporation)
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-04-21] (IObit)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [125952 2009-04-11] (Microsoft Corporation)
R2 RUBotSrv; C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
R2 STacSV; C:\Windows\system32\STacSV.exe [90112 2016-06-11] (SigmaTel, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)


===================== Drivers (Whitelisted) ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-06-02] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-06-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-06-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-06-02] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-06-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-06-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-06-02] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [187208 2016-06-02] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [67216 2016-06-02] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221368 2016-06-02] (AVAST Software)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2016-06-05] ()
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [323584 2016-06-11] (SigmaTel, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
U3 DFSR; no ImagePath
S3 ialm; system32\DRIVERS\igdkmd32.sys [X]
S3 igfx; system32\DRIVERS\igdkmd32.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
U4 UmRdpService; no ImagePath


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-06-13 16:04 - 2016-06-13 16:04 - 00000394 _____ C:\Users\MrBreeze\Downloads\Addition.txt
2016-06-13 16:03 - 2016-06-13 16:14 - 00012988 _____ C:\Users\MrBreeze\Downloads\FRST.txt
2016-06-13 16:03 - 2016-06-13 16:03 - 00000836 _____ C:\Users\MrBreeze\Desktop\FRST - Shortcut.lnk
2016-06-13 16:02 - 2016-06-13 16:02 - 01736192 _____ (Farbar) C:\Users\MrBreeze\Downloads\FRST.exe
2016-06-13 16:00 - 2016-06-13 16:00 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-06-13 15:57 - 2016-06-13 15:57 - 00001983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-13 15:57 - 2016-06-13 15:57 - 00001971 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-13 15:55 - 2016-06-13 16:08 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-13 15:55 - 2016-06-13 16:06 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-13 15:54 - 2016-06-13 15:55 - 00987728 _____ (Google Inc.) C:\Users\MrBreeze\Downloads\ChromeSetup (1).exe
2016-06-13 15:53 - 2016-06-13 15:55 - 00987728 _____ (Google Inc.) C:\Users\MrBreeze\Downloads\ChromeSetup.exe
2016-06-13 15:40 - 2016-06-13 15:40 - 00044608 _____ C:\Users\MrBreeze\Documents\FRST.txt
2016-06-13 15:40 - 2016-06-13 15:40 - 00028181 _____ C:\Users\MrBreeze\Documents\Addition.txt
2016-06-13 15:36 - 2016-06-13 15:37 - 00028181 _____ C:\Users\Scott\Downloads\Addition.txt
2016-06-13 15:35 - 2016-06-13 15:37 - 00044608 _____ C:\Users\Scott\Downloads\FRST.txt
2016-06-13 15:34 - 2016-06-13 16:14 - 00000000 ____D C:\FRST
2016-06-13 15:32 - 2016-06-13 15:32 - 01736192 _____ (Farbar) C:\Users\Scott\Downloads\FRST.exe
2016-06-13 15:32 - 2016-06-13 15:32 - 00000817 _____ C:\Users\Scott\Desktop\FRST - Shortcut.lnk
2016-06-13 15:20 - 2016-06-13 15:20 - 00987728 _____ (Google Inc.) C:\Users\Scott\Downloads\ChromeSetup.exe
2016-06-13 14:40 - 2016-06-13 14:40 - 00000514 _____ C:\Users\MrBreeze\Documents\hoses.txt
2016-06-12 16:13 - 2016-06-12 16:14 - 00000000 ____D C:\Users\MrBreeze\Desktop\UpDATERS
2016-06-12 13:36 - 2016-06-12 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
2016-06-12 13:36 - 2016-06-12 13:36 - 00000000 ____D C:\Program Files\Trend Micro
2016-06-12 13:26 - 2016-06-12 13:32 - 00000000 ____D C:\Users\Scott\Downloads\TMRBLog
2016-06-12 13:26 - 2016-06-12 13:26 - 00000000 ____D C:\Users\Scott\Downloads\log
2016-06-12 13:03 - 2016-06-12 13:03 - 00000000 ____D C:\Users\Scott\Downloads\lspfix
2016-06-12 13:02 - 2016-06-12 13:02 - 00183158 _____ C:\Users\Scott\Downloads\lspfix.zip
2016-06-12 12:58 - 2016-06-12 12:58 - 10078720 _____ (Trend Micro Inc.) C:\Users\Scott\Downloads\RootkitBusterV5.0-1198.exe
2016-06-12 12:57 - 2016-06-12 12:57 - 06229392 _____ (Trend Micro, Inc. ) C:\Users\Scott\Downloads\RUBottedSetup.exe
2016-06-12 12:56 - 2016-06-12 12:56 - 10467568 _____ (Akamai Technologies, Inc.) C:\Users\Scott\Downloads\installer.exe
2016-06-12 12:55 - 2016-06-12 12:55 - 02104376 _____ (Trend Micro Inc.) C:\Users\Scott\Downloads\HousecallLauncher.exe
2016-06-12 12:54 - 2016-06-12 12:54 - 00388608 _____ (Trend Micro Inc.) C:\Users\Scott\Downloads\HijackThis.exe
2016-06-12 12:25 - 2016-06-12 12:25 - 00000000 ___SD C:\Users\Scott\AppData\LocalLow\Temp
2016-06-12 12:24 - 2016-06-13 15:19 - 00000680 _____ C:\Users\Scott\AppData\Local\d3d9caps.dat
2016-06-11 14:25 - 2016-06-11 14:21 - 04939776 _____ (SigmaTel, Inc.) C:\Windows\system32\stacgui.cpl
2016-06-11 14:25 - 2016-06-11 14:21 - 00303104 _____ (SigmaTel, Inc.) C:\Windows\sttray.exe
2016-06-11 14:25 - 2016-06-11 14:21 - 00090112 _____ (SigmaTel, Inc.) C:\Windows\system32\stacsv.exe
2016-06-10 14:06 - 2016-06-10 14:06 - 00000000 ____D C:\Users\MrBreeze\.oracle_jre_usage
2016-06-09 13:18 - 2016-06-09 13:18 - 00000411 _____ C:\Users\MrBreeze\Documents\DJTrump.txt
2016-06-08 12:26 - 2016-06-08 12:26 - 00080437 _____ C:\Users\MrBreeze\Documents\Windows Updates text1.txt
2016-06-08 12:23 - 2016-06-08 12:23 - 00080437 _____ C:\Users\MrBreeze\Documents\Windows Updates text.txt
2016-06-07 18:55 - 2016-06-07 18:55 - 03677248 _____ C:\Users\MrBreeze\Downloads\adwcleaner_5.119.exe
2016-06-07 16:36 - 2016-06-07 16:39 - 00000000 ____D C:\Program Files\PCFixKit
2016-06-07 16:00 - 2016-06-07 16:00 - 00000000 ____D C:\Users\MrBreeze\AppData\Local\Acelogix
2016-06-07 15:58 - 2016-06-12 16:33 - 00000000 ____D C:\ProgramData\TEMP
2016-06-07 15:58 - 2016-06-07 15:58 - 00001922 _____ C:\Users\MrBreeze\Desktop\Ace Utilities.lnk
2016-06-07 15:58 - 2016-06-07 15:58 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Utilities
2016-06-07 15:58 - 2016-06-07 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace Utilities
2016-06-07 15:58 - 2016-06-07 15:58 - 00000000 ____D C:\Program Files\Ace Utilities
2016-06-07 15:55 - 2016-06-07 15:55 - 00000078 _____ C:\Windows\system32\MRBREEZE-PC.Windows Vista Home Basic, 32-bit Service Pack 2 (build 6002).txt
2016-06-07 15:55 - 2016-06-07 15:55 - 00000000 ____D C:\Windows\RegBak
2016-06-07 15:54 - 2016-06-07 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Backup and Restore
2016-06-07 15:54 - 2016-06-07 15:54 - 00000000 ____D C:\Program Files\Acelogix
2016-06-07 15:17 - 2016-06-07 15:18 - 06431728 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\OSGS14-WindowsUpgradeAssistant-32bitand64bit-ClientSKU-4141411.exe
2016-06-07 15:06 - 2016-06-07 15:06 - 00027095 _____ C:\Users\MrBreeze\Documents\Win 7.htm
2016-06-07 15:06 - 2016-06-07 15:06 - 00000000 ____D C:\Users\MrBreeze\Documents\img
2016-06-07 15:06 - 2016-06-07 14:42 - 00002640 _____ C:\Users\MrBreeze\Documents\WuaReports.css
2016-06-07 13:58 - 2016-06-12 16:16 - 00000000 ____D C:\Program Files\UnHackMe
2016-06-07 13:56 - 2016-06-13 14:04 - 00069840 _____ C:\Users\MrBreeze\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-07 13:48 - 2016-06-12 12:23 - 00293288 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-06 13:08 - 2016-06-06 13:16 - 00000680 _____ C:\Windows\system32\.crusader
2016-06-05 15:08 - 2016-06-05 15:10 - 01016592 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_15.08.26_log.txt
2016-06-05 15:05 - 2016-06-05 15:06 - 00172328 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_15.05.09_log.txt
2016-06-05 15:02 - 2016-06-05 15:03 - 00172162 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_15.02.26_log.txt
2016-06-05 13:59 - 2016-06-05 15:11 - 00000000 ____D C:\Program Files\HitmanPro
2016-06-05 13:59 - 2016-06-05 13:59 - 00001732 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-06-05 13:59 - 2016-06-05 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-06-05 13:58 - 2016-06-06 13:08 - 00000000 ____D C:\ProgramData\HitmanPro
2016-06-05 13:33 - 2016-06-12 16:18 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Enigma Software Group
2016-06-05 13:26 - 2016-06-05 13:26 - 00019984 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-06-05 13:25 - 2016-06-05 13:25 - 03482800 _____ (Enigma Software Group USA, LLC.) C:\Users\MrBreeze\Downloads\SpyHunter-Installer (1).exe
2016-06-05 13:19 - 2016-06-11 14:21 - 01601536 _____ (SigmaTel, Inc.) C:\Windows\system32\stlang.dll
2016-06-05 13:19 - 1999-12-31 19:00 - 05398528 _____ (SigmaTel, Inc.) C:\Windows\system32\IDTSG.cpl
2016-06-05 13:07 - 2016-06-05 13:07 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Bluefive software
2016-06-05 12:35 - 2016-06-05 12:36 - 00347816 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\MicrosoftFixit.wu.MATSKB.Run (1).exe
2016-06-04 11:34 - 2016-06-04 11:37 - 48418520 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\Windows-KB890830-V5.36.exe
2016-06-04 11:34 - 2016-06-04 11:37 - 38808920 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\FileFormatConverters (1).exe
2016-06-04 11:28 - 2016-06-04 11:28 - 00146308 _____ C:\Users\MrBreeze\Downloads\WS08_Vista_SP2_RTM_KBList (1).xlsx
2016-06-03 14:13 - 2016-06-03 14:16 - 75137189 _____ C:\Users\MrBreeze\Downloads\Windows6.0-KB947821-v4-x86.msu
2016-06-02 22:16 - 2016-06-02 22:32 - 02340040 _____ C:\Users\MrBreeze\Downloads\msxml6_SDK (1).msi
2016-06-02 22:16 - 2016-06-02 22:32 - 02324272 _____ C:\Users\MrBreeze\Downloads\msxml6_x64 (1).msi
2016-06-02 22:16 - 2016-06-02 22:32 - 02267192 _____ C:\Users\MrBreeze\Downloads\msxml6_ia64 (1).msi
2016-06-02 22:16 - 2016-06-02 22:32 - 01528320 _____ C:\Users\MrBreeze\Downloads\msxml6 (1).msi
2016-06-02 21:29 - 2016-06-02 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-06-02 21:29 - 2016-06-02 21:27 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-06-02 15:38 - 2016-06-02 15:38 - 00000896 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-06-02 15:38 - 2016-06-02 15:38 - 00000896 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-06-02 15:30 - 2016-06-02 15:30 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-06-02 15:23 - 2016-06-02 15:23 - 00000000 ____D C:\Users\Scott\AppData\Roaming\AVAST Software
2016-06-02 15:22 - 2016-06-02 15:22 - 00001829 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-06-02 15:22 - 2016-06-02 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-06-02 15:21 - 2016-06-02 15:20 - 00815792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-06-02 15:21 - 2016-06-02 15:20 - 00449640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-06-02 15:21 - 2016-06-02 15:20 - 00221368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-06-02 15:21 - 2016-06-02 15:20 - 00187208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2016-06-02 15:21 - 2016-06-02 15:20 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-06-02 15:21 - 2016-06-02 15:20 - 00067216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2016-06-02 15:21 - 2016-06-02 15:20 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2016-06-02 15:21 - 2016-06-02 15:20 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-06-02 15:21 - 2016-06-02 15:20 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-06-02 15:20 - 2016-06-02 15:20 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-06-02 15:20 - 2016-06-02 15:20 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-06-02 15:20 - 2016-06-02 15:20 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-06-02 15:17 - 2016-06-02 15:29 - 00000000 ____D C:\Program Files\AVAST Software
2016-06-02 15:11 - 2016-06-02 15:30 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-02 15:10 - 2016-06-02 15:11 - 05080352 _____ (AVAST Software) C:\Users\Scott\Downloads\avast_free_antivirus_setup_online.exe
2016-06-02 14:53 - 2016-06-02 14:53 - 00000391 _____ C:\Users\Scott\Downloads\Microsoft.Powershell.Host_56d66100-99a0-4ffc-a12d-eee9a6718aef_HelpInfo.xml
2016-06-02 14:35 - 2016-06-02 14:46 - 01756144 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\WindowsEmbeddedCompact2013.exe
2016-06-02 14:35 - 2016-06-02 14:35 - 01851544 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\WindowsEmbeddedCompact2013_Update22.exe
2016-06-02 14:35 - 2016-06-02 14:35 - 00112496 _____ C:\Users\Scott\Downloads\Windows Embedded Compact 2013_Update30.htm
2016-06-02 14:32 - 2016-06-02 14:32 - 00323688 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\WindowsServer2003-KB828028-x86-ENU.exe
2016-06-02 14:25 - 2016-06-02 14:25 - 00702840 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\Windows-KB943729-x86-ENU.exe
2016-06-02 14:22 - 2016-06-02 14:22 - 00000000 ____D C:\Program Files\LAPS
2016-06-02 14:19 - 2016-06-02 14:19 - 00954368 _____ C:\Users\Scott\Downloads\LAPS.x86.msi
2016-06-02 14:17 - 2016-06-02 14:17 - 00000238 _____ C:\Users\Scott\Documents\Fixit.txt
2016-06-02 14:04 - 2016-06-02 14:04 - 00347816 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\MicrosoftFixit.wu.Run.exe
2016-06-02 12:05 - 2016-06-02 12:05 - 00000000 ____D C:\Users\Scott\AppData\Roaming\ProductData
2016-06-01 21:18 - 2016-06-01 21:18 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-06-01 21:16 - 2016-06-01 21:18 - 21381936 _____ (Tweaking.com) C:\Users\MrBreeze\Downloads\tweaking.com_windows_repair_aio_setup.exe
2016-06-01 21:15 - 2016-06-01 21:15 - 00000286 _____ C:\Windows\Tasks\User_Feed_Synchronization-{40FE53E5-E223-4404-89E5-29209F69C377}.job
2016-06-01 19:35 - 2016-06-01 19:35 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2016-06-01 05:17 - 2016-06-01 19:50 - 32337920 _____ C:\Windows\system32\config\components.iobit
2016-06-01 05:17 - 2016-06-01 19:50 - 28155904 _____ C:\Windows\system32\config\software.iobit
2016-06-01 05:17 - 2016-06-01 19:50 - 01077248 _____ C:\Windows\system32\config\default.iobit
2016-06-01 05:17 - 2016-06-01 19:50 - 00090112 _____ C:\Windows\system32\config\sam.iobit
2016-06-01 05:17 - 2016-06-01 19:49 - 00028672 _____ C:\Windows\system32\config\security.iobit
2016-06-01 05:12 - 2016-06-01 05:12 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Apple Computer
2016-06-01 05:07 - 2016-06-01 16:51 - 00000000 ____D C:\ProgramData\ProductData
2016-06-01 05:03 - 2016-06-01 05:13 - 00000000 ____D C:\Users\MrBreeze\AppData\LocalLow\IObit
2016-06-01 05:03 - 2016-06-01 05:03 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2016-06-01 05:03 - 2016-06-01 05:03 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\ProductData
2016-06-01 05:02 - 2016-06-01 05:02 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
2016-06-01 05:01 - 2016-06-01 16:49 - 00000000 ____D C:\Program Files\Common Files\IObit
2016-06-01 04:58 - 2016-06-01 20:25 - 00000000 ____D C:\Program Files\IObit
2016-06-01 04:58 - 2016-06-01 16:49 - 00000000 ____D C:\ProgramData\IObit
2016-06-01 04:44 - 2016-06-01 04:52 - 43891792 _____ (IObit ) C:\Users\MrBreeze\Downloads\advanced-systemcare-setup.exe
2016-05-31 14:25 - 2016-05-31 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2016-05-31 10:47 - 2016-05-31 10:48 - 00231760 _____ C:\Users\MrBreeze\Downloads\CrucialScan.exe
2016-05-29 13:40 - 2016-06-05 15:11 - 00160840 _____ (SurfRight B.V.) C:\Windows\system32\LnkProtect.dll
2016-05-29 12:57 - 2016-05-29 12:57 - 00001933 _____ C:\Users\MrBreeze\Documents\EVIEW.txt
2016-05-29 12:50 - 2016-05-29 12:50 - 00001867 _____ C:\Users\MrBreeze\Documents\HITMAN EVENT VIEW.txt
2016-05-29 12:43 - 2016-05-29 12:44 - 00000534 _____ C:\Users\MrBreeze\Documents\admin event viewer.txt
2016-05-29 12:42 - 2016-05-29 12:42 - 00000615 _____ C:\Users\MrBreeze\Documents\eventviewerhitmanpro.txt
2016-05-26 19:11 - 2016-05-31 17:14 - 00000000 ____D C:\Windows\CryptoGuard
2016-05-26 15:51 - 2016-05-26 15:53 - 10451640 _____ (SurfRight B.V.) C:\Users\MrBreeze\Downloads\HitmanPro.exe
2016-05-25 19:51 - 2016-05-25 19:51 - 04614144 _____ C:\Users\Scott\Downloads\msxml6_SDK.msi
2016-05-25 19:51 - 2016-05-25 19:51 - 01528320 _____ C:\Users\Scott\Downloads\msxml6.msi
2016-05-25 18:56 - 2016-05-25 18:57 - 04614144 _____ C:\Users\MrBreeze\Downloads\msxml6_SDK.msi
2016-05-25 18:56 - 2016-05-25 18:57 - 03753472 _____ C:\Users\MrBreeze\Downloads\msxml6_ia64.msi
2016-05-25 18:56 - 2016-05-25 18:57 - 02721280 _____ C:\Users\MrBreeze\Downloads\msxml6_x64.msi
2016-05-25 18:56 - 2016-05-25 18:56 - 01528320 _____ C:\Users\MrBreeze\Downloads\msxml6.msi
2016-05-25 15:48 - 2016-05-25 15:48 - 00000000 ____D C:\Users\Default\AppData\Roaming\Sun
2016-05-25 15:48 - 2016-05-25 15:48 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Sun
2016-05-25 15:46 - 2016-05-25 15:46 - 00000000 ____D C:\ProgramData\Oracle
2016-05-25 14:51 - 2016-05-25 14:51 - 00000000 ____D C:\Users\MrBreeze\AppData\Local\Secunia PSI
2016-05-25 14:50 - 2016-05-25 14:50 - 00000000 ____D C:\Program Files\Secunia
2016-05-25 14:49 - 2016-05-25 14:50 - 05490752 _____ (Secunia) C:\Users\MrBreeze\Downloads\PSISetup.exe
2016-05-25 14:16 - 2016-05-25 14:19 - 00930472 _____ C:\TDSSKiller.3.1.0.9_25.05.2016_14.16.19_log.txt
2016-05-25 14:10 - 2016-05-25 14:12 - 00170114 _____ C:\TDSSKiller.3.1.0.9_25.05.2016_14.10.29_log.txt
2016-05-25 14:07 - 2016-05-25 14:08 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\MrBreeze\Downloads\tdsskiller.exe
2016-05-24 11:57 - 2016-05-24 11:57 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Bluefive software
2016-05-23 13:29 - 2016-05-23 13:29 - 00000844 _____ C:\Users\MrBreeze\Desktop\SnapShot.lnk
2016-05-23 13:29 - 2016-05-23 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SnapShot
2016-05-23 13:29 - 2016-05-23 13:29 - 00000000 ____D C:\Program Files\SnapShot
2016-05-23 13:29 - 2008-07-01 10:04 - 01064960 _____ (Chilkat Software, Inc.) C:\Windows\system32\ChilkatFtp2.dll
2016-05-23 13:29 - 2007-12-14 17:34 - 01388032 _____ (Chestysoft) C:\Windows\system32\csXImage.ocx
2016-05-23 13:29 - 2007-06-05 10:00 - 00311296 _____ (AdminSystem Software Limited) C:\Windows\system32\aosmtp.dll
2016-05-23 13:29 - 2004-03-08 23:00 - 00224016 _____ (Microsoft Corporation) C:\Windows\system32\tabctl32.ocx
2016-05-23 13:29 - 2002-02-10 20:28 - 00070144 _____ (Merrion Computing Ltd) C:\Windows\system32\MCLHotkey.ocx
2016-05-23 13:29 - 2001-08-23 13:00 - 01355776 _____ (Microsoft Corporation) C:\Windows\system32\msvbvm50.dll
2016-05-23 13:29 - 2000-07-09 18:15 - 00106496 _____ (Marco Bellinaso) C:\Windows\system32\mbprgbar.ocx
2016-05-23 13:29 - 2000-05-01 23:02 - 00110592 _____ (Common Controls Replacement Project (CCRP)) C:\Windows\system32\ccrpbds6.dll
2016-05-23 13:29 - 1998-06-24 00:00 - 00140096 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.ocx
2016-05-23 12:51 - 2016-05-23 12:51 - 00035114 _____ C:\Users\MrBreeze\Downloads\Extras.Txt
2016-05-23 12:49 - 2016-05-23 13:20 - 00119882 _____ C:\Users\MrBreeze\Downloads\OTL.Txt
2016-05-23 12:27 - 2016-05-23 12:27 - 00602112 _____ (OldTimer Tools) C:\Users\MrBreeze\Downloads\OTL.scr
2016-05-23 12:14 - 2016-05-23 12:14 - 00347816 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\MicrosoftFixit.wu.Run.exe
2016-05-23 10:31 - 2016-05-23 10:39 - 154546261 _____ C:\Users\MrBreeze\Downloads\Windows6.0-KB947821-v35-x86 (2).msu
2016-05-23 10:17 - 2016-05-23 10:17 - 00000000 ____D C:\Users\MrBreeze\Downloads\lspfix
2016-05-23 10:15 - 2016-05-23 10:16 - 00183158 _____ C:\Users\MrBreeze\Downloads\lspfix.zip
2016-05-23 10:05 - 2016-05-23 10:05 - 00000902 _____ C:\Users\Scott\Documents\Rolling Stone.txt
2016-05-22 12:43 - 2016-05-22 12:50 - 00000000 _____ C:\Windows\system32\procdump
2016-05-22 12:39 - 2016-05-22 12:39 - 00000000 ____D C:\Users\MrBreeze\Downloads\Procdump
2016-05-22 12:34 - 2016-05-22 12:34 - 00411028 _____ C:\Users\MrBreeze\Downloads\Procdump.zip
2016-05-21 14:36 - 2016-05-21 14:54 - 649877504 _____ C:\Users\Scott\Downloads\GRMWDK_EN_7600_1.ISO
2016-05-21 12:07 - 2016-05-21 12:07 - 00000000 _RSHD C:\comment.htt
2016-05-20 12:28 - 2016-05-20 12:28 - 00000000 ____D C:\Users\MrBreeze\Downloads\Autoruns
2016-05-20 11:35 - 2016-05-20 11:35 - 00001952 _____ C:\Users\Scott\Desktop\Tweaking.com - Windows Repair.lnk
2016-05-20 09:59 - 2016-05-20 09:59 - 00615478 _____ C:\Users\MrBreeze\Downloads\Autoruns.zip
2016-05-20 09:55 - 2016-05-20 09:56 - 21382440 _____ (Tweaking.com) C:\Users\MrBreeze\Downloads\tweaking.com_windows_repair_aio_setup (1).exe
2016-05-19 17:44 - 2016-05-19 17:44 - 00209432 _____ C:\Windows\RegBootClean.exe
2016-05-19 17:37 - 2016-05-19 17:44 - 00000000 ____D C:\ProgramData\AntiRansomware
2016-05-18 20:38 - 2016-05-18 20:38 - 00000000 ____D C:\e735d206fef05299b92e9a0a60a4a2df
2016-05-18 11:49 - 2016-05-18 11:49 - 00000000 ____D C:\ProgramData\Windows Genuine Advantage
2016-05-18 11:47 - 2016-05-18 11:48 - 00002628 _____ C:\Users\MrBreeze\Downloads\legitcheck.hta
2016-05-18 11:07 - 2016-05-18 11:07 - 00024576 _____ C:\Users\MrBreeze\Documents\EasyBCD Backup (2016-05-18).bcd
2016-05-18 11:07 - 2016-05-18 11:07 - 00000000 ____D C:\Users\MrBreeze\AppData\Local\NeoSmart_Technologies
2016-05-18 11:06 - 2016-05-18 20:38 - 00000000 ____D C:\Program Files\NeoSmart Technologies
2016-05-18 11:04 - 2016-05-18 11:04 - 01923704 _____ C:\Users\MrBreeze\Downloads\EasyBCD 2.3.exe
2016-05-18 10:56 - 2016-05-18 11:00 - 00021948 _____ C:\Windows\system32\sfcdetails.txt
2016-05-18 07:25 - 2016-05-23 13:58 - 00000562 _____ C:\Users\MrBreeze\Desktop\StartUp Failure.txt
2016-05-17 13:46 - 2016-05-18 12:40 - 00000000 ____D C:\ProgramData\BootRacer
2016-05-17 13:43 - 2016-05-18 12:39 - 00040960 _____ C:\Users\Public\Documents\bootracer.his
2016-05-17 13:40 - 2016-05-25 15:25 - 00000728 _____ C:\Users\Public\Documents\bootracer.ini
2016-05-17 13:00 - 2016-05-17 13:00 - 00000010 _____ C:\Users\Scott\Desktop\test.txt
2016-05-17 12:56 - 2016-05-17 12:56 - 00449569 _____ C:\Users\Scott\Desktop\regrunlog.txt
2016-05-17 12:18 - 2016-05-17 12:18 - 00000000 ____D C:\@RestoreQuarantine
2016-05-17 12:13 - 2016-06-07 14:05 - 00000000 ____D C:\Users\MrBreeze\Documents\RegRun2
2016-05-17 11:58 - 2016-06-12 14:00 - 00000370 _____ C:\Windows\system32\PARTIZAN.TXT
2016-05-17 11:39 - 2016-05-17 11:40 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Scott\Downloads\SpyHunter-Installer (1).exe
2016-05-17 11:37 - 2016-05-17 11:39 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Scott\Downloads\SpyHunter-Installer.exe
2016-05-17 11:18 - 2016-06-11 13:49 - 00000000 ____D C:\ProgramData\RegRun
2016-05-17 10:29 - 2016-06-11 13:49 - 00000000 ____D C:\Users\Public\Documents\regruninfo
2016-05-17 10:29 - 2016-06-07 13:58 - 00000002 RSHOT C:\Windows\winstart.bat
2016-05-17 10:29 - 2016-05-21 12:10 - 00000000 ____D C:\Users\Scott\Documents\RegRun2
2016-05-17 10:29 - 2016-04-05 15:17 - 00012808 _____ (Greatis Software, LLC.) C:\Windows\system32\Drivers\UnHackMeDrv.sys
2016-05-17 10:25 - 2016-05-17 10:25 - 00000000 ____D C:\Users\Scott\Downloads\unhackme
2016-05-17 10:23 - 2016-05-17 10:24 - 17475297 _____ C:\Users\Scott\Downloads\unhackme.zip
2016-05-17 10:23 - 2016-05-17 10:23 - 00000400 _____ C:\Users\Scott\Documents\100 cpu.txt
2016-05-16 11:19 - 2016-05-16 11:19 - 00000000 ____D C:\Users\MrBreeze\Downloads\!Safe_WinVista_Home_Basic_SP2_32_Start_v200
2016-05-16 11:09 - 2016-05-16 11:09 - 00146308 _____ C:\Users\MrBreeze\Downloads\WS08_Vista_SP2_RTM_KBList.xlsx
2016-05-16 10:54 - 2016-05-16 10:55 - 18005296 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\IE9-WindowsVista-x86-enu.exe
2016-05-16 10:49 - 2016-05-16 10:49 - 00347816 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\MicrosoftFixit.Performance.RNP.Run.exe
2016-05-16 09:03 - 2016-05-16 09:03 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Macromedia
2016-05-16 08:51 - 2016-05-16 08:51 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Adobe
2016-05-15 22:15 - 2016-05-15 22:15 - 00000000 ____D C:\MATS
2016-05-15 22:13 - 2016-05-15 22:13 - 00347816 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe
2016-05-15 20:28 - 2016-05-15 20:28 - 00000033 _____ C:\Users\MrBreeze\Documents\Knee.txt
2016-05-14 21:40 - 2016-05-14 21:40 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MRBREEZE-PC-Windows-Vista-(TM)-Home-Basic-(32-bit).dat
2016-05-14 21:40 - 2016-05-14 21:40 - 00000000 ____D C:\RegBackup
2016-05-14 19:29 - 2016-06-01 21:18 - 00001952 _____ C:\Users\MrBreeze\Desktop\Tweaking.com - Windows Repair.lnk
2016-05-14 19:29 - 2016-06-01 21:18 - 00000550 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2016-05-14 19:29 - 2016-05-14 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-05-14 19:29 - 2016-05-14 19:29 - 00000000 ____D C:\Program Files\Tweaking.com
2016-05-14 16:47 - 2016-05-14 16:47 - 00984576 _____ C:\Users\MrBreeze\Downloads\MicrosoftFixit50906.msi
2016-05-14 14:14 - 2016-05-14 14:14 - 01768236 _____ C:\Users\MrBreeze\Downloads\Windows6.0-KB942288-v2-x86 (1).msu
2016-05-14 14:14 - 2016-05-14 14:14 - 00000000 ____D C:\014e2b9b0cb56244da54
2016-05-14 10:20 - 2016-05-14 10:20 - 00000040 _____ C:\Users\MrBreeze\Documents\net.txt


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-06-13 16:11 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\inf
2016-06-13 16:11 - 2006-11-02 05:33 - 00796728 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-13 16:08 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\inetsrv
2016-06-13 16:07 - 2016-04-17 11:07 - 00001356 _____ C:\Users\MrBreeze\AppData\Local\d3d9caps.dat
2016-06-13 16:06 - 2006-11-02 07:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-13 16:06 - 2006-11-02 07:45 - 00004800 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-13 16:06 - 2006-11-02 07:45 - 00004800 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-13 16:05 - 2006-11-02 07:58 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-13 15:57 - 2016-04-29 19:44 - 00000000 ____D C:\Program Files\Google
2016-06-13 15:43 - 2016-04-29 19:45 - 00000000 ____D C:\Users\MrBreeze\AppData\Local\Google
2016-06-13 15:21 - 2016-05-04 22:26 - 00000000 ____D C:\Users\Scott\AppData\Local\Google
2016-06-12 13:24 - 2016-04-21 13:49 - 00346512 _____ C:\Users\MrBreeze\AppData\Local\census.cache
2016-06-12 13:24 - 2016-04-21 13:49 - 00297382 _____ C:\Users\MrBreeze\AppData\Local\ars.cache
2016-06-12 13:21 - 2016-04-19 01:48 - 00000010 _____ C:\Users\MrBreeze\AppData\Local\sponge.last.runtime.cache
2016-06-11 14:32 - 2016-04-05 17:44 - 00000000 ____D C:\Users\MrBreeze
2016-06-11 14:24 - 2016-04-05 12:59 - 00121232 _____ C:\Windows\system32\IScrNBR.bmp
2016-06-11 14:24 - 2016-04-05 12:59 - 00121232 _____ C:\Windows\system32\IScrNB.bmp
2016-06-11 14:23 - 2016-04-05 12:59 - 00319456 _____ (Microsoft Corporation) C:\Windows\system32\difxapi.dll
2016-06-11 14:21 - 2016-04-05 12:58 - 00142848 _____ (SigmaTel, Inc.) C:\Windows\system32\staco.dll
2016-06-11 14:21 - 2007-03-29 11:17 - 00562688 _____ (SigmaTel, Inc.) C:\Windows\system32\stapo.dll
2016-06-11 14:21 - 2007-03-29 11:17 - 00323584 _____ (SigmaTel, Inc.) C:\Windows\system32\Drivers\stwrt.sys
2016-06-11 14:21 - 2007-03-29 11:17 - 00316928 _____ (SigmaTel, Inc.) C:\Windows\system32\stcplx.dll
2016-06-11 14:21 - 2007-03-29 11:17 - 00243712 _____ (SigmaTel, Inc.) C:\Windows\system32\stapi32.dll
2016-06-07 20:34 - 2016-05-10 21:58 - 00000000 ____D C:\AdwCleaner
2016-06-07 16:39 - 2016-04-08 22:01 - 00000000 ___SD C:\Users\MrBreeze\AppData\LocalLow\Temp
2016-06-07 13:58 - 2006-11-02 05:23 - 00002577 _____ C:\Windows\system32\config.nt
2016-06-07 13:58 - 2006-11-02 05:23 - 00001688 _____ C:\Windows\system32\autoexec.nt
2016-06-05 11:45 - 2016-04-21 18:49 - 00000000 ____D C:\Users\MrBreeze\Downloads\backups
2016-06-04 19:31 - 2006-11-02 05:24 - 136686448 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-06-03 15:52 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\registration
2016-06-02 21:16 - 2016-04-05 13:07 - 00000000 ____D C:\Program Files\Java
2016-06-02 16:31 - 2016-05-04 21:39 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-02 15:17 - 2016-04-13 01:50 - 00001945 _____ C:\Windows\epplauncher.mif
2016-06-02 12:04 - 2016-05-06 17:45 - 00069840 _____ C:\Users\Scott\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-02 11:54 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_249
2016-06-01 21:41 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_687
2016-06-01 14:34 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_555
2016-06-01 05:33 - 2016-04-29 22:30 - 00000000 ____D C:\Windows\Panther
2016-05-27 12:15 - 2016-04-10 13:32 - 00000000 ____D C:\Windows\Minidump
2016-05-25 19:28 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_428
2016-05-25 13:19 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_219
2016-05-23 11:53 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_626
2016-05-22 22:08 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_183
2016-05-20 12:04 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_408
2016-05-20 09:33 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_570
2016-05-18 11:49 - 2006-11-02 06:18 - 00000000 ___SD C:\Windows\Downloaded Program Files
2016-05-16 11:16 - 2016-04-29 22:51 - 00000000 ____D C:\Users\MrBreeze\AppData\Local\ElevatedDiagnostics
2016-05-16 10:56 - 2016-05-04 22:26 - 00000949 _____ C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-16 10:14 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_366
2016-05-15 23:19 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_286
2016-05-15 21:50 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_527
2016-05-15 16:25 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_19
2016-05-14 22:19 - 2016-04-19 18:39 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-05-14 22:19 - 2016-04-19 18:39 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-05-14 22:10 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_584
2016-05-14 18:09 - 2016-05-10 12:33 - 00000000 ____D C:\363c9100431405d757f164504b44b3
2016-05-14 18:07 - 2016-04-29 21:50 - 00000000 ____D C:\2de5ecb5eb1f30c5571f293ed367
2016-05-14 14:08 - 2006-11-02 05:22 - 32768000 _____ C:\Windows\system32\config\components.bak
2016-05-14 14:08 - 2006-11-02 05:22 - 30146560 _____ C:\Windows\system32\config\software.bak
2016-05-14 14:08 - 2006-11-02 05:22 - 23068672 _____ C:\Windows\system32\config\system.bak
2016-05-14 14:08 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\security.bak
2016-05-14 14:08 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\sam.bak
2016-05-14 14:08 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\default.bak


==================== Files in the root of some directories =======


2016-04-21 13:49 - 2016-06-12 13:24 - 0297382 _____ () C:\Users\MrBreeze\AppData\Local\ars.cache
2016-04-21 13:49 - 2016-06-12 13:24 - 0346512 _____ () C:\Users\MrBreeze\AppData\Local\census.cache
2016-04-17 11:07 - 2016-06-13 16:07 - 0001356 _____ () C:\Users\MrBreeze\AppData\Local\d3d9caps.dat
2016-04-05 18:11 - 2016-04-26 13:28 - 0005120 _____ () C:\Users\MrBreeze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-04-19 01:19 - 2016-04-19 01:19 - 0000036 _____ () C:\Users\MrBreeze\AppData\Local\housecall.guid.cache
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\MrBreeze\AppData\Local\setup.txt
2016-04-19 01:48 - 2016-06-12 13:21 - 0000010 _____ () C:\Users\MrBreeze\AppData\Local\sponge.last.runtime.cache


==================== Bamital & volsnap =================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed




LastRegBack: 2016-06-13 16:12


==================== End of FRST.txt ============================
 

SPSpellman

Free PC Help Contributor
Joined
May 23, 2016
Location
Missouri
PC Experience
Some Experience
THIS IS THE STANDARD USER ACCOUNT:Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-06-2016Ran by MrBreeze (administrator) on MRBREEZE-PC (13-06-2016 15:35:05)
Running from C:\Users\Scott\Downloads
Loaded Profiles: MrBreeze & Scott (Available Profiles: MrBreeze & Scott)
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
(Microsoft Corporation) C:\WINDOWS\System32\CISVC.EXE
(Microsoft Corporation) C:\WINDOWS\System32\inetsrv\inetinfo.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
(SigmaTel, Inc.) C:\WINDOWS\System32\stacsv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\WINDOWS\System32\mqtgsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\System32\msiexec.exe
(Microsoft Corporation) C:\WINDOWS\System32\UI0Detect.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.30.3\GoogleCrashHandler.exe




==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7405752 2016-06-10] (AVAST Software)
HKLM\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [NoDriveAutoRun-] 0
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun-] 0
HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\Policies\Explorer: [NoDriveAutoRun-] 0
HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\Policies\Explorer: [NoDriveTypeAutoRun-] 0
HKU\S-1-5-21-67880207-1905697065-243471585-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6690008 2016-05-13] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-06-02] (AVAST Software)


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 209.55.27.13
Tcpip\..\Interfaces\{B5304D28-2BFF-47C8-89B2-44ED34F77672}: [DhcpNameServer] 8.8.8.8 8.8.4.4 209.55.27.13


Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-67880207-1905697065-243471585-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-67880207-1905697065-243471585-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3604
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-67880207-1905697065-243471585-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/
HKU\S-1-5-21-67880207-1905697065-243471585-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-67880207-1905697065-243471585-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-67880207-1905697065-243471585-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {47B50246-2234-4B64-AAB2-296D71F49BDE} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1000 -> {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1000 -> {47B50246-2234-4B64-AAB2-296D71F49BDE} URL =
SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1000 -> {6A8CE798-58AC-47A5-A718-6335B9D1F4D8} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1005 -> DefaultScope {E19A97FE-292B-4418-A384-BCCF107983E6} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1005 -> {47B50246-2234-4B64-AAB2-296D71F49BDE} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1005 -> {E19A97FE-292B-4418-A384-BCCF107983E6} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-02] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-02] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-02] (Oracle Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)


FireFox:
========
FF ProfilePath: C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\Profiles\8t3xh1at.default-1461110741824
FF DefaultSearchEngine.US: Google
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-14] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-02] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-13] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\Profiles\8t3xh1at.default-1461110741824\user.js [2016-06-07]
FF Extension: YouTube™ Enhancer Plus - C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\Profiles\8t3xh1at.default-1461110741824\extensions\firefoxaddon@youtubeenhancer.com.xpi [2016-05-01]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-02]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-06-02]


Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-06-02]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-06-02]


==================== Services (Whitelisted) ========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-02] (AVAST Software)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [113632 2016-06-05] (SurfRight B.V.)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2008-01-19] (Microsoft Corporation)
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-04-21] (IObit)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [125952 2009-04-11] (Microsoft Corporation)
R2 RUBotSrv; C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
R2 STacSV; C:\Windows\system32\STacSV.exe [90112 2016-06-11] (SigmaTel, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)


===================== Drivers (Whitelisted) ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-06-02] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-06-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-06-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-06-02] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-06-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-06-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-06-02] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [187208 2016-06-02] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [67216 2016-06-02] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221368 2016-06-02] (AVAST Software)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2016-06-05] ()
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [323584 2016-06-11] (SigmaTel, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
U3 DFSR; no ImagePath
S3 ialm; system32\DRIVERS\igdkmd32.sys [X]
S3 igfx; system32\DRIVERS\igdkmd32.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
U4 UmRdpService; no ImagePath


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-06-13 15:35 - 2016-06-13 15:35 - 00013014 _____ C:\Users\Scott\Downloads\FRST.txt
2016-06-13 15:34 - 2016-06-13 15:35 - 00000000 ____D C:\FRST
2016-06-13 15:32 - 2016-06-13 15:32 - 01736192 _____ (Farbar) C:\Users\Scott\Downloads\FRST.exe
2016-06-13 15:32 - 2016-06-13 15:32 - 00000817 _____ C:\Users\Scott\Desktop\FRST - Shortcut.lnk
2016-06-13 15:23 - 2016-06-13 15:23 - 00001983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-13 15:23 - 2016-06-13 15:23 - 00001971 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-13 15:21 - 2016-06-13 15:32 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-13 15:21 - 2016-06-13 15:32 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-13 15:20 - 2016-06-13 15:20 - 00987728 _____ (Google Inc.) C:\Users\Scott\Downloads\ChromeSetup.exe
2016-06-13 14:40 - 2016-06-13 14:40 - 00000514 _____ C:\Users\MrBreeze\Documents\hoses.txt
2016-06-12 16:13 - 2016-06-12 16:14 - 00000000 ____D C:\Users\MrBreeze\Desktop\UpDATERS
2016-06-12 13:36 - 2016-06-12 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
2016-06-12 13:36 - 2016-06-12 13:36 - 00000000 ____D C:\Program Files\Trend Micro
2016-06-12 13:26 - 2016-06-12 13:32 - 00000000 ____D C:\Users\Scott\Downloads\TMRBLog
2016-06-12 13:26 - 2016-06-12 13:26 - 00000000 ____D C:\Users\Scott\Downloads\log
2016-06-12 13:03 - 2016-06-12 13:03 - 00000000 ____D C:\Users\Scott\Downloads\lspfix
2016-06-12 13:02 - 2016-06-12 13:02 - 00183158 _____ C:\Users\Scott\Downloads\lspfix.zip
2016-06-12 12:58 - 2016-06-12 12:58 - 10078720 _____ (Trend Micro Inc.) C:\Users\Scott\Downloads\RootkitBusterV5.0-1198.exe
2016-06-12 12:57 - 2016-06-12 12:57 - 06229392 _____ (Trend Micro, Inc. ) C:\Users\Scott\Downloads\RUBottedSetup.exe
2016-06-12 12:56 - 2016-06-12 12:56 - 10467568 _____ (Akamai Technologies, Inc.) C:\Users\Scott\Downloads\installer.exe
2016-06-12 12:55 - 2016-06-12 12:55 - 02104376 _____ (Trend Micro Inc.) C:\Users\Scott\Downloads\HousecallLauncher.exe
2016-06-12 12:54 - 2016-06-12 12:54 - 00388608 _____ (Trend Micro Inc.) C:\Users\Scott\Downloads\HijackThis.exe
2016-06-12 12:25 - 2016-06-12 12:25 - 00000000 ___SD C:\Users\Scott\AppData\LocalLow\Temp
2016-06-12 12:24 - 2016-06-13 15:19 - 00000680 _____ C:\Users\Scott\AppData\Local\d3d9caps.dat
2016-06-11 14:25 - 2016-06-11 14:21 - 04939776 _____ (SigmaTel, Inc.) C:\Windows\system32\stacgui.cpl
2016-06-11 14:25 - 2016-06-11 14:21 - 00303104 _____ (SigmaTel, Inc.) C:\Windows\sttray.exe
2016-06-11 14:25 - 2016-06-11 14:21 - 00090112 _____ (SigmaTel, Inc.) C:\Windows\system32\stacsv.exe
2016-06-10 14:06 - 2016-06-10 14:06 - 00000000 ____D C:\Users\MrBreeze\.oracle_jre_usage
2016-06-09 13:18 - 2016-06-09 13:18 - 00000411 _____ C:\Users\MrBreeze\Documents\DJTrump.txt
2016-06-08 12:26 - 2016-06-08 12:26 - 00080437 _____ C:\Users\MrBreeze\Documents\Windows Updates text1.txt
2016-06-08 12:23 - 2016-06-08 12:23 - 00080437 _____ C:\Users\MrBreeze\Documents\Windows Updates text.txt
2016-06-07 18:55 - 2016-06-07 18:55 - 03677248 _____ C:\Users\MrBreeze\Downloads\adwcleaner_5.119.exe
2016-06-07 16:36 - 2016-06-07 16:39 - 00000000 ____D C:\Program Files\PCFixKit
2016-06-07 16:00 - 2016-06-07 16:00 - 00000000 ____D C:\Users\MrBreeze\AppData\Local\Acelogix
2016-06-07 15:58 - 2016-06-12 16:33 - 00000000 ____D C:\ProgramData\TEMP
2016-06-07 15:58 - 2016-06-07 15:58 - 00001922 _____ C:\Users\MrBreeze\Desktop\Ace Utilities.lnk
2016-06-07 15:58 - 2016-06-07 15:58 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Utilities
2016-06-07 15:58 - 2016-06-07 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace Utilities
2016-06-07 15:58 - 2016-06-07 15:58 - 00000000 ____D C:\Program Files\Ace Utilities
2016-06-07 15:55 - 2016-06-07 15:55 - 00000078 _____ C:\Windows\system32\MRBREEZE-PC.Windows Vista Home Basic, 32-bit Service Pack 2 (build 6002).txt
2016-06-07 15:55 - 2016-06-07 15:55 - 00000000 ____D C:\Windows\RegBak
2016-06-07 15:54 - 2016-06-07 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Backup and Restore
2016-06-07 15:54 - 2016-06-07 15:54 - 00000000 ____D C:\Program Files\Acelogix
2016-06-07 15:17 - 2016-06-07 15:18 - 06431728 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\OSGS14-WindowsUpgradeAssistant-32bitand64bit-ClientSKU-4141411.exe
2016-06-07 15:06 - 2016-06-07 15:06 - 00027095 _____ C:\Users\MrBreeze\Documents\Win 7.htm
2016-06-07 15:06 - 2016-06-07 15:06 - 00000000 ____D C:\Users\MrBreeze\Documents\img
2016-06-07 15:06 - 2016-06-07 14:42 - 00002640 _____ C:\Users\MrBreeze\Documents\WuaReports.css
2016-06-07 13:58 - 2016-06-12 16:16 - 00000000 ____D C:\Program Files\UnHackMe
2016-06-07 13:56 - 2016-06-13 14:04 - 00069840 _____ C:\Users\MrBreeze\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-07 13:48 - 2016-06-12 12:23 - 00293288 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-06 13:08 - 2016-06-06 13:16 - 00000680 _____ C:\Windows\system32\.crusader
2016-06-05 15:08 - 2016-06-05 15:10 - 01016592 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_15.08.26_log.txt
2016-06-05 15:05 - 2016-06-05 15:06 - 00172328 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_15.05.09_log.txt
2016-06-05 15:02 - 2016-06-05 15:03 - 00172162 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_15.02.26_log.txt
2016-06-05 13:59 - 2016-06-05 15:11 - 00000000 ____D C:\Program Files\HitmanPro
2016-06-05 13:59 - 2016-06-05 13:59 - 00001732 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-06-05 13:59 - 2016-06-05 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-06-05 13:58 - 2016-06-06 13:08 - 00000000 ____D C:\ProgramData\HitmanPro
2016-06-05 13:33 - 2016-06-12 16:18 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Enigma Software Group
2016-06-05 13:26 - 2016-06-05 13:26 - 00019984 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-06-05 13:25 - 2016-06-05 13:25 - 03482800 _____ (Enigma Software Group USA, LLC.) C:\Users\MrBreeze\Downloads\SpyHunter-Installer (1).exe
2016-06-05 13:19 - 2016-06-11 14:21 - 01601536 _____ (SigmaTel, Inc.) C:\Windows\system32\stlang.dll
2016-06-05 13:19 - 1999-12-31 19:00 - 05398528 _____ (SigmaTel, Inc.) C:\Windows\system32\IDTSG.cpl
2016-06-05 13:07 - 2016-06-05 13:07 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Bluefive software
2016-06-05 12:35 - 2016-06-05 12:36 - 00347816 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\MicrosoftFixit.wu.MATSKB.Run (1).exe
2016-06-04 11:34 - 2016-06-04 11:37 - 48418520 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\Windows-KB890830-V5.36.exe
2016-06-04 11:34 - 2016-06-04 11:37 - 38808920 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\FileFormatConverters (1).exe
2016-06-04 11:28 - 2016-06-04 11:28 - 00146308 _____ C:\Users\MrBreeze\Downloads\WS08_Vista_SP2_RTM_KBList (1).xlsx
2016-06-03 14:13 - 2016-06-03 14:16 - 75137189 _____ C:\Users\MrBreeze\Downloads\Windows6.0-KB947821-v4-x86.msu
2016-06-02 22:16 - 2016-06-02 22:32 - 02340040 _____ C:\Users\MrBreeze\Downloads\msxml6_SDK (1).msi
2016-06-02 22:16 - 2016-06-02 22:32 - 02324272 _____ C:\Users\MrBreeze\Downloads\msxml6_x64 (1).msi
2016-06-02 22:16 - 2016-06-02 22:32 - 02267192 _____ C:\Users\MrBreeze\Downloads\msxml6_ia64 (1).msi
2016-06-02 22:16 - 2016-06-02 22:32 - 01528320 _____ C:\Users\MrBreeze\Downloads\msxml6 (1).msi
2016-06-02 21:29 - 2016-06-02 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-06-02 21:29 - 2016-06-02 21:27 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-06-02 15:38 - 2016-06-02 15:38 - 00000896 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-06-02 15:38 - 2016-06-02 15:38 - 00000896 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-06-02 15:30 - 2016-06-02 15:30 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-06-02 15:23 - 2016-06-02 15:23 - 00000000 ____D C:\Users\Scott\AppData\Roaming\AVAST Software
2016-06-02 15:22 - 2016-06-02 15:22 - 00001829 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-06-02 15:22 - 2016-06-02 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-06-02 15:21 - 2016-06-02 15:20 - 00815792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-06-02 15:21 - 2016-06-02 15:20 - 00449640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-06-02 15:21 - 2016-06-02 15:20 - 00221368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-06-02 15:21 - 2016-06-02 15:20 - 00187208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2016-06-02 15:21 - 2016-06-02 15:20 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-06-02 15:21 - 2016-06-02 15:20 - 00067216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2016-06-02 15:21 - 2016-06-02 15:20 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2016-06-02 15:21 - 2016-06-02 15:20 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-06-02 15:21 - 2016-06-02 15:20 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-06-02 15:20 - 2016-06-02 15:20 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-06-02 15:20 - 2016-06-02 15:20 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-06-02 15:20 - 2016-06-02 15:20 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-06-02 15:17 - 2016-06-02 15:29 - 00000000 ____D C:\Program Files\AVAST Software
2016-06-02 15:11 - 2016-06-02 15:30 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-02 15:10 - 2016-06-02 15:11 - 05080352 _____ (AVAST Software) C:\Users\Scott\Downloads\avast_free_antivirus_setup_online.exe
2016-06-02 14:53 - 2016-06-02 14:53 - 00000391 _____ C:\Users\Scott\Downloads\Microsoft.Powershell.Host_56d66100-99a0-4ffc-a12d-eee9a6718aef_HelpInfo.xml
2016-06-02 14:35 - 2016-06-02 14:46 - 01756144 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\WindowsEmbeddedCompact2013.exe
2016-06-02 14:35 - 2016-06-02 14:35 - 01851544 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\WindowsEmbeddedCompact2013_Update22.exe
2016-06-02 14:35 - 2016-06-02 14:35 - 00112496 _____ C:\Users\Scott\Downloads\Windows Embedded Compact 2013_Update30.htm
2016-06-02 14:32 - 2016-06-02 14:32 - 00323688 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\WindowsServer2003-KB828028-x86-ENU.exe
2016-06-02 14:25 - 2016-06-02 14:25 - 00702840 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\Windows-KB943729-x86-ENU.exe
2016-06-02 14:22 - 2016-06-02 14:22 - 00000000 ____D C:\Program Files\LAPS
2016-06-02 14:19 - 2016-06-02 14:19 - 00954368 _____ C:\Users\Scott\Downloads\LAPS.x86.msi
2016-06-02 14:17 - 2016-06-02 14:17 - 00000238 _____ C:\Users\Scott\Documents\Fixit.txt
2016-06-02 14:04 - 2016-06-02 14:04 - 00347816 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\MicrosoftFixit.wu.Run.exe
2016-06-02 12:05 - 2016-06-02 12:05 - 00000000 ____D C:\Users\Scott\AppData\Roaming\ProductData
2016-06-01 21:18 - 2016-06-01 21:18 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-06-01 21:16 - 2016-06-01 21:18 - 21381936 _____ (Tweaking.com) C:\Users\MrBreeze\Downloads\tweaking.com_windows_repair_aio_setup.exe
2016-06-01 21:15 - 2016-06-01 21:15 - 00000286 _____ C:\Windows\Tasks\User_Feed_Synchronization-{40FE53E5-E223-4404-89E5-29209F69C377}.job
2016-06-01 19:35 - 2016-06-01 19:35 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2016-06-01 05:17 - 2016-06-01 19:50 - 32337920 _____ C:\Windows\system32\config\components.iobit
2016-06-01 05:17 - 2016-06-01 19:50 - 28155904 _____ C:\Windows\system32\config\software.iobit
2016-06-01 05:17 - 2016-06-01 19:50 - 01077248 _____ C:\Windows\system32\config\default.iobit
2016-06-01 05:17 - 2016-06-01 19:50 - 00090112 _____ C:\Windows\system32\config\sam.iobit
2016-06-01 05:17 - 2016-06-01 19:49 - 00028672 _____ C:\Windows\system32\config\security.iobit
2016-06-01 05:12 - 2016-06-01 05:12 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Apple Computer
2016-06-01 05:07 - 2016-06-01 16:51 - 00000000 ____D C:\ProgramData\ProductData
2016-06-01 05:03 - 2016-06-01 05:13 - 00000000 ____D C:\Users\MrBreeze\AppData\LocalLow\IObit
2016-06-01 05:03 - 2016-06-01 05:03 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2016-06-01 05:03 - 2016-06-01 05:03 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\ProductData
2016-06-01 05:02 - 2016-06-01 05:02 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
2016-06-01 05:01 - 2016-06-01 16:49 - 00000000 ____D C:\Program Files\Common Files\IObit
2016-06-01 04:58 - 2016-06-01 20:25 - 00000000 ____D C:\Program Files\IObit
2016-06-01 04:58 - 2016-06-01 16:49 - 00000000 ____D C:\ProgramData\IObit
2016-06-01 04:44 - 2016-06-01 04:52 - 43891792 _____ (IObit ) C:\Users\MrBreeze\Downloads\advanced-systemcare-setup.exe
2016-05-31 14:25 - 2016-05-31 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2016-05-31 10:47 - 2016-05-31 10:48 - 00231760 _____ C:\Users\MrBreeze\Downloads\CrucialScan.exe
2016-05-29 13:40 - 2016-06-05 15:11 - 00160840 _____ (SurfRight B.V.) C:\Windows\system32\LnkProtect.dll
2016-05-29 12:57 - 2016-05-29 12:57 - 00001933 _____ C:\Users\MrBreeze\Documents\EVIEW.txt
2016-05-29 12:50 - 2016-05-29 12:50 - 00001867 _____ C:\Users\MrBreeze\Documents\HITMAN EVENT VIEW.txt
2016-05-29 12:43 - 2016-05-29 12:44 - 00000534 _____ C:\Users\MrBreeze\Documents\admin event viewer.txt
2016-05-29 12:42 - 2016-05-29 12:42 - 00000615 _____ C:\Users\MrBreeze\Documents\eventviewerhitmanpro.txt
2016-05-26 19:11 - 2016-05-31 17:14 - 00000000 ____D C:\Windows\CryptoGuard
2016-05-26 15:51 - 2016-05-26 15:53 - 10451640 _____ (SurfRight B.V.) C:\Users\MrBreeze\Downloads\HitmanPro.exe
2016-05-25 19:51 - 2016-05-25 19:51 - 04614144 _____ C:\Users\Scott\Downloads\msxml6_SDK.msi
2016-05-25 19:51 - 2016-05-25 19:51 - 01528320 _____ C:\Users\Scott\Downloads\msxml6.msi
2016-05-25 18:56 - 2016-05-25 18:57 - 04614144 _____ C:\Users\MrBreeze\Downloads\msxml6_SDK.msi
2016-05-25 18:56 - 2016-05-25 18:57 - 03753472 _____ C:\Users\MrBreeze\Downloads\msxml6_ia64.msi
2016-05-25 18:56 - 2016-05-25 18:57 - 02721280 _____ C:\Users\MrBreeze\Downloads\msxml6_x64.msi
2016-05-25 18:56 - 2016-05-25 18:56 - 01528320 _____ C:\Users\MrBreeze\Downloads\msxml6.msi
2016-05-25 15:48 - 2016-05-25 15:48 - 00000000 ____D C:\Users\Default\AppData\Roaming\Sun
2016-05-25 15:48 - 2016-05-25 15:48 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Sun
2016-05-25 15:46 - 2016-05-25 15:46 - 00000000 ____D C:\ProgramData\Oracle
2016-05-25 14:51 - 2016-05-25 14:51 - 00000000 ____D C:\Users\MrBreeze\AppData\Local\Secunia PSI
2016-05-25 14:50 - 2016-05-25 14:50 - 00000000 ____D C:\Program Files\Secunia
2016-05-25 14:49 - 2016-05-25 14:50 - 05490752 _____ (Secunia) C:\Users\MrBreeze\Downloads\PSISetup.exe
2016-05-25 14:16 - 2016-05-25 14:19 - 00930472 _____ C:\TDSSKiller.3.1.0.9_25.05.2016_14.16.19_log.txt
2016-05-25 14:10 - 2016-05-25 14:12 - 00170114 _____ C:\TDSSKiller.3.1.0.9_25.05.2016_14.10.29_log.txt
2016-05-25 14:07 - 2016-05-25 14:08 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\MrBreeze\Downloads\tdsskiller.exe
2016-05-24 11:57 - 2016-05-24 11:57 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Bluefive software
2016-05-23 13:29 - 2016-05-23 13:29 - 00000844 _____ C:\Users\MrBreeze\Desktop\SnapShot.lnk
2016-05-23 13:29 - 2016-05-23 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SnapShot
2016-05-23 13:29 - 2016-05-23 13:29 - 00000000 ____D C:\Program Files\SnapShot
2016-05-23 13:29 - 2008-07-01 10:04 - 01064960 _____ (Chilkat Software, Inc.) C:\Windows\system32\ChilkatFtp2.dll
2016-05-23 13:29 - 2007-12-14 17:34 - 01388032 _____ (Chestysoft) C:\Windows\system32\csXImage.ocx
2016-05-23 13:29 - 2007-06-05 10:00 - 00311296 _____ (AdminSystem Software Limited) C:\Windows\system32\aosmtp.dll
2016-05-23 13:29 - 2004-03-08 23:00 - 00224016 _____ (Microsoft Corporation) C:\Windows\system32\tabctl32.ocx
2016-05-23 13:29 - 2002-02-10 20:28 - 00070144 _____ (Merrion Computing Ltd) C:\Windows\system32\MCLHotkey.ocx
2016-05-23 13:29 - 2001-08-23 13:00 - 01355776 _____ (Microsoft Corporation) C:\Windows\system32\msvbvm50.dll
2016-05-23 13:29 - 2000-07-09 18:15 - 00106496 _____ (Marco Bellinaso) C:\Windows\system32\mbprgbar.ocx
2016-05-23 13:29 - 2000-05-01 23:02 - 00110592 _____ (Common Controls Replacement Project (CCRP)) C:\Windows\system32\ccrpbds6.dll
2016-05-23 13:29 - 1998-06-24 00:00 - 00140096 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.ocx
2016-05-23 12:51 - 2016-05-23 12:51 - 00035114 _____ C:\Users\MrBreeze\Downloads\Extras.Txt
2016-05-23 12:49 - 2016-05-23 13:20 - 00119882 _____ C:\Users\MrBreeze\Downloads\OTL.Txt
2016-05-23 12:27 - 2016-05-23 12:27 - 00602112 _____ (OldTimer Tools) C:\Users\MrBreeze\Downloads\OTL.scr
2016-05-23 12:14 - 2016-05-23 12:14 - 00347816 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\MicrosoftFixit.wu.Run.exe
2016-05-23 10:31 - 2016-05-23 10:39 - 154546261 _____ C:\Users\MrBreeze\Downloads\Windows6.0-KB947821-v35-x86 (2).msu
2016-05-23 10:17 - 2016-05-23 10:17 - 00000000 ____D C:\Users\MrBreeze\Downloads\lspfix
2016-05-23 10:15 - 2016-05-23 10:16 - 00183158 _____ C:\Users\MrBreeze\Downloads\lspfix.zip
2016-05-23 10:05 - 2016-05-23 10:05 - 00000902 _____ C:\Users\Scott\Documents\Rolling Stone.txt
2016-05-22 12:43 - 2016-05-22 12:50 - 00000000 _____ C:\Windows\system32\procdump
2016-05-22 12:39 - 2016-05-22 12:39 - 00000000 ____D C:\Users\MrBreeze\Downloads\Procdump
2016-05-22 12:34 - 2016-05-22 12:34 - 00411028 _____ C:\Users\MrBreeze\Downloads\Procdump.zip
2016-05-21 14:36 - 2016-05-21 14:54 - 649877504 _____ C:\Users\Scott\Downloads\GRMWDK_EN_7600_1.ISO
2016-05-21 12:07 - 2016-05-21 12:07 - 00000000 _RSHD C:\comment.htt
2016-05-20 12:28 - 2016-05-20 12:28 - 00000000 ____D C:\Users\MrBreeze\Downloads\Autoruns
2016-05-20 11:35 - 2016-05-20 11:35 - 00001952 _____ C:\Users\Scott\Desktop\Tweaking.com - Windows Repair.lnk
2016-05-20 09:59 - 2016-05-20 09:59 - 00615478 _____ C:\Users\MrBreeze\Downloads\Autoruns.zip
2016-05-20 09:55 - 2016-05-20 09:56 - 21382440 _____ (Tweaking.com) C:\Users\MrBreeze\Downloads\tweaking.com_windows_repair_aio_setup (1).exe
2016-05-19 17:44 - 2016-05-19 17:44 - 00209432 _____ C:\Windows\RegBootClean.exe
2016-05-19 17:37 - 2016-05-19 17:44 - 00000000 ____D C:\ProgramData\AntiRansomware
2016-05-18 20:38 - 2016-05-18 20:38 - 00000000 ____D C:\e735d206fef05299b92e9a0a60a4a2df
2016-05-18 11:49 - 2016-05-18 11:49 - 00000000 ____D C:\ProgramData\Windows Genuine Advantage
2016-05-18 11:47 - 2016-05-18 11:48 - 00002628 _____ C:\Users\MrBreeze\Downloads\legitcheck.hta
2016-05-18 11:07 - 2016-05-18 11:07 - 00024576 _____ C:\Users\MrBreeze\Documents\EasyBCD Backup (2016-05-18).bcd
2016-05-18 11:07 - 2016-05-18 11:07 - 00000000 ____D C:\Users\MrBreeze\AppData\Local\NeoSmart_Technologies
2016-05-18 11:06 - 2016-05-18 20:38 - 00000000 ____D C:\Program Files\NeoSmart Technologies
2016-05-18 11:04 - 2016-05-18 11:04 - 01923704 _____ C:\Users\MrBreeze\Downloads\EasyBCD 2.3.exe
2016-05-18 10:56 - 2016-05-18 11:00 - 00021948 _____ C:\Windows\system32\sfcdetails.txt
2016-05-18 07:25 - 2016-05-23 13:58 - 00000562 _____ C:\Users\MrBreeze\Desktop\StartUp Failure.txt
2016-05-17 13:46 - 2016-05-18 12:40 - 00000000 ____D C:\ProgramData\BootRacer
2016-05-17 13:43 - 2016-05-18 12:39 - 00040960 _____ C:\Users\Public\Documents\bootracer.his
2016-05-17 13:40 - 2016-05-25 15:25 - 00000728 _____ C:\Users\Public\Documents\bootracer.ini
2016-05-17 13:00 - 2016-05-17 13:00 - 00000010 _____ C:\Users\Scott\Desktop\test.txt
2016-05-17 12:56 - 2016-05-17 12:56 - 00449569 _____ C:\Users\Scott\Desktop\regrunlog.txt
2016-05-17 12:18 - 2016-05-17 12:18 - 00000000 ____D C:\@RestoreQuarantine
2016-05-17 12:13 - 2016-06-07 14:05 - 00000000 ____D C:\Users\MrBreeze\Documents\RegRun2
2016-05-17 11:58 - 2016-06-12 14:00 - 00000370 _____ C:\Windows\system32\PARTIZAN.TXT
2016-05-17 11:39 - 2016-05-17 11:40 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Scott\Downloads\SpyHunter-Installer (1).exe
2016-05-17 11:37 - 2016-05-17 11:39 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Scott\Downloads\SpyHunter-Installer.exe
2016-05-17 11:18 - 2016-06-11 13:49 - 00000000 ____D C:\ProgramData\RegRun
2016-05-17 10:29 - 2016-06-11 13:49 - 00000000 ____D C:\Users\Public\Documents\regruninfo
2016-05-17 10:29 - 2016-06-07 13:58 - 00000002 RSHOT C:\Windows\winstart.bat
2016-05-17 10:29 - 2016-05-21 12:10 - 00000000 ____D C:\Users\Scott\Documents\RegRun2
2016-05-17 10:29 - 2016-04-05 15:17 - 00012808 _____ (Greatis Software, LLC.) C:\Windows\system32\Drivers\UnHackMeDrv.sys
2016-05-17 10:25 - 2016-05-17 10:25 - 00000000 ____D C:\Users\Scott\Downloads\unhackme
2016-05-17 10:23 - 2016-05-17 10:24 - 17475297 _____ C:\Users\Scott\Downloads\unhackme.zip
2016-05-17 10:23 - 2016-05-17 10:23 - 00000400 _____ C:\Users\Scott\Documents\100 cpu.txt
2016-05-16 11:19 - 2016-05-16 11:19 - 00000000 ____D C:\Users\MrBreeze\Downloads\!Safe_WinVista_Home_Basic_SP2_32_Start_v200
2016-05-16 11:09 - 2016-05-16 11:09 - 00146308 _____ C:\Users\MrBreeze\Downloads\WS08_Vista_SP2_RTM_KBList.xlsx
2016-05-16 10:54 - 2016-05-16 10:55 - 18005296 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\IE9-WindowsVista-x86-enu.exe
2016-05-16 10:49 - 2016-05-16 10:49 - 00347816 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\MicrosoftFixit.Performance.RNP.Run.exe
2016-05-16 09:03 - 2016-05-16 09:03 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Macromedia
2016-05-16 08:51 - 2016-05-16 08:51 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Adobe
2016-05-15 22:15 - 2016-05-15 22:15 - 00000000 ____D C:\MATS
2016-05-15 22:13 - 2016-05-15 22:13 - 00347816 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe
2016-05-15 20:28 - 2016-05-15 20:28 - 00000033 _____ C:\Users\MrBreeze\Documents\Knee.txt
2016-05-14 21:40 - 2016-05-14 21:40 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MRBREEZE-PC-Windows-Vista-(TM)-Home-Basic-(32-bit).dat
2016-05-14 21:40 - 2016-05-14 21:40 - 00000000 ____D C:\RegBackup
2016-05-14 19:29 - 2016-06-01 21:18 - 00001952 _____ C:\Users\MrBreeze\Desktop\Tweaking.com - Windows Repair.lnk
2016-05-14 19:29 - 2016-06-01 21:18 - 00000550 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2016-05-14 19:29 - 2016-05-14 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-05-14 19:29 - 2016-05-14 19:29 - 00000000 ____D C:\Program Files\Tweaking.com
2016-05-14 16:47 - 2016-05-14 16:47 - 00984576 _____ C:\Users\MrBreeze\Downloads\MicrosoftFixit50906.msi
2016-05-14 14:14 - 2016-05-14 14:14 - 01768236 _____ C:\Users\MrBreeze\Downloads\Windows6.0-KB942288-v2-x86 (1).msu
2016-05-14 14:14 - 2016-05-14 14:14 - 00000000 ____D C:\014e2b9b0cb56244da54
2016-05-14 10:20 - 2016-05-14 10:20 - 00000040 _____ C:\Users\MrBreeze\Documents\net.txt


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-06-13 15:23 - 2016-04-29 19:44 - 00000000 ____D C:\Program Files\Google
2016-06-13 15:21 - 2016-05-04 22:26 - 00000000 ____D C:\Users\Scott\AppData\Local\Google
2016-06-13 15:16 - 2016-04-29 19:45 - 00000000 ____D C:\Users\MrBreeze\AppData\Local\Google
2016-06-13 15:06 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\inf
2016-06-13 15:06 - 2006-11-02 05:33 - 00796728 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-13 15:04 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\inetsrv
2016-06-13 15:02 - 2006-11-02 07:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-13 15:02 - 2006-11-02 07:45 - 00004800 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-13 15:02 - 2006-11-02 07:45 - 00004800 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-13 15:01 - 2006-11-02 07:58 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-13 14:55 - 2016-04-17 11:07 - 00001356 _____ C:\Users\MrBreeze\AppData\Local\d3d9caps.dat
2016-06-12 13:24 - 2016-04-21 13:49 - 00346512 _____ C:\Users\MrBreeze\AppData\Local\census.cache
2016-06-12 13:24 - 2016-04-21 13:49 - 00297382 _____ C:\Users\MrBreeze\AppData\Local\ars.cache
2016-06-12 13:21 - 2016-04-19 01:48 - 00000010 _____ C:\Users\MrBreeze\AppData\Local\sponge.last.runtime.cache
2016-06-11 14:32 - 2016-04-05 17:44 - 00000000 ____D C:\Users\MrBreeze
2016-06-11 14:24 - 2016-04-05 12:59 - 00121232 _____ C:\Windows\system32\IScrNBR.bmp
2016-06-11 14:24 - 2016-04-05 12:59 - 00121232 _____ C:\Windows\system32\IScrNB.bmp
2016-06-11 14:23 - 2016-04-05 12:59 - 00319456 _____ (Microsoft Corporation) C:\Windows\system32\difxapi.dll
2016-06-11 14:21 - 2016-04-05 12:58 - 00142848 _____ (SigmaTel, Inc.) C:\Windows\system32\staco.dll
2016-06-11 14:21 - 2007-03-29 11:17 - 00562688 _____ (SigmaTel, Inc.) C:\Windows\system32\stapo.dll
2016-06-11 14:21 - 2007-03-29 11:17 - 00323584 _____ (SigmaTel, Inc.) C:\Windows\system32\Drivers\stwrt.sys
2016-06-11 14:21 - 2007-03-29 11:17 - 00316928 _____ (SigmaTel, Inc.) C:\Windows\system32\stcplx.dll
2016-06-11 14:21 - 2007-03-29 11:17 - 00243712 _____ (SigmaTel, Inc.) C:\Windows\system32\stapi32.dll
2016-06-07 20:34 - 2016-05-10 21:58 - 00000000 ____D C:\AdwCleaner
2016-06-07 16:39 - 2016-04-08 22:01 - 00000000 ___SD C:\Users\MrBreeze\AppData\LocalLow\Temp
2016-06-07 13:58 - 2006-11-02 05:23 - 00002577 _____ C:\Windows\system32\config.nt
2016-06-07 13:58 - 2006-11-02 05:23 - 00001688 _____ C:\Windows\system32\autoexec.nt
2016-06-05 11:45 - 2016-04-21 18:49 - 00000000 ____D C:\Users\MrBreeze\Downloads\backups
2016-06-04 19:31 - 2006-11-02 05:24 - 136686448 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-06-03 15:52 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\registration
2016-06-02 21:16 - 2016-04-05 13:07 - 00000000 ____D C:\Program Files\Java
2016-06-02 16:31 - 2016-05-04 21:39 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-02 15:17 - 2016-04-13 01:50 - 00001945 _____ C:\Windows\epplauncher.mif
2016-06-02 12:04 - 2016-05-06 17:45 - 00069840 _____ C:\Users\Scott\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-02 11:54 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_249
2016-06-01 21:41 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_687
2016-06-01 14:34 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_555
2016-06-01 05:33 - 2016-04-29 22:30 - 00000000 ____D C:\Windows\Panther
2016-05-27 12:15 - 2016-04-10 13:32 - 00000000 ____D C:\Windows\Minidump
2016-05-25 19:28 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_428
2016-05-25 13:19 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_219
2016-05-23 11:53 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_626
2016-05-22 22:08 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_183
2016-05-20 12:04 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_408
2016-05-20 09:33 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_570
2016-05-18 11:49 - 2006-11-02 06:18 - 00000000 ___SD C:\Windows\Downloaded Program Files
2016-05-16 11:16 - 2016-04-29 22:51 - 00000000 ____D C:\Users\MrBreeze\AppData\Local\ElevatedDiagnostics
2016-05-16 10:56 - 2016-05-04 22:26 - 00000949 _____ C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-16 10:14 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_366
2016-05-15 23:19 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_286
2016-05-15 21:50 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_527
2016-05-15 16:25 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_19
2016-05-14 22:19 - 2016-04-19 18:39 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-05-14 22:19 - 2016-04-19 18:39 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-05-14 22:10 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_584
2016-05-14 18:09 - 2016-05-10 12:33 - 00000000 ____D C:\363c9100431405d757f164504b44b3
2016-05-14 18:07 - 2016-04-29 21:50 - 00000000 ____D C:\2de5ecb5eb1f30c5571f293ed367
2016-05-14 14:08 - 2006-11-02 05:22 - 32768000 _____ C:\Windows\system32\config\components.bak
2016-05-14 14:08 - 2006-11-02 05:22 - 30146560 _____ C:\Windows\system32\config\software.bak
2016-05-14 14:08 - 2006-11-02 05:22 - 23068672 _____ C:\Windows\system32\config\system.bak
2016-05-14 14:08 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\security.bak
2016-05-14 14:08 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\sam.bak
2016-05-14 14:08 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\default.bak


==================== Files in the root of some directories =======


2016-04-21 13:49 - 2016-06-12 13:24 - 0297382 _____ () C:\Users\MrBreeze\AppData\Local\ars.cache
2016-04-21 13:49 - 2016-06-12 13:24 - 0346512 _____ () C:\Users\MrBreeze\AppData\Local\census.cache
2016-04-17 11:07 - 2016-06-13 14:55 - 0001356 _____ () C:\Users\MrBreeze\AppData\Local\d3d9caps.dat
2016-04-05 18:11 - 2016-04-26 13:28 - 0005120 _____ () C:\Users\MrBreeze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-04-19 01:19 - 2016-04-19 01:19 - 0000036 _____ () C:\Users\MrBreeze\AppData\Local\housecall.guid.cache
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\MrBreeze\AppData\Local\setup.txt
2016-04-19 01:48 - 2016-06-12 13:21 - 0000010 _____ () C:\Users\MrBreeze\AppData\Local\sponge.last.runtime.cache


==================== Bamital & volsnap =================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed




LastRegBack: 2016-06-13 15:09


==================== End of FRST.txt ============================
 

SPSpellman

Free PC Help Contributor
Joined
May 23, 2016
Location
Missouri
PC Experience
Some Experience
Standard User Account: Scott

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-06-2016
Ran by MrBreeze (administrator) on MRBREEZE-PC (13-06-2016 15:35:05)
Running from C:\Users\Scott\Downloads
Loaded Profiles: MrBreeze & Scott (Available Profiles: MrBreeze & Scott)
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
(Microsoft Corporation) C:\WINDOWS\System32\CISVC.EXE
(Microsoft Corporation) C:\WINDOWS\System32\inetsrv\inetinfo.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
(SigmaTel, Inc.) C:\WINDOWS\System32\stacsv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\WINDOWS\System32\mqtgsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\System32\msiexec.exe
(Microsoft Corporation) C:\WINDOWS\System32\UI0Detect.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.30.3\GoogleCrashHandler.exe




==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7405752 2016-06-10] (AVAST Software)
HKLM\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [NoDriveAutoRun-] 0
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun-] 0
HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\Policies\Explorer: [NoDriveAutoRun-] 0
HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\Policies\Explorer: [NoDriveTypeAutoRun-] 0
HKU\S-1-5-21-67880207-1905697065-243471585-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6690008 2016-05-13] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-06-02] (AVAST Software)


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 209.55.27.13
Tcpip\..\Interfaces\{B5304D28-2BFF-47C8-89B2-44ED34F77672}: [DhcpNameServer] 8.8.8.8 8.8.4.4 209.55.27.13


Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-67880207-1905697065-243471585-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-67880207-1905697065-243471585-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3604
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-67880207-1905697065-243471585-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/
HKU\S-1-5-21-67880207-1905697065-243471585-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-67880207-1905697065-243471585-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-67880207-1905697065-243471585-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {47B50246-2234-4B64-AAB2-296D71F49BDE} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1000 -> {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1000 -> {47B50246-2234-4B64-AAB2-296D71F49BDE} URL =
SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1000 -> {6A8CE798-58AC-47A5-A718-6335B9D1F4D8} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1005 -> DefaultScope {E19A97FE-292B-4418-A384-BCCF107983E6} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1005 -> {47B50246-2234-4B64-AAB2-296D71F49BDE} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-67880207-1905697065-243471585-1005 -> {E19A97FE-292B-4418-A384-BCCF107983E6} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-02] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-02] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-02] (Oracle Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)


FireFox:
========
FF ProfilePath: C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\Profiles\8t3xh1at.default-1461110741824
FF DefaultSearchEngine.US: Google
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-14] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-02] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-13] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\Profiles\8t3xh1at.default-1461110741824\user.js [2016-06-07]
FF Extension: YouTube™ Enhancer Plus - C:\Users\MrBreeze\AppData\Roaming\Mozilla\Firefox\Profiles\8t3xh1at.default-1461110741824\extensions\firefoxaddon@youtubeenhancer.com.xpi [2016-05-01]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-02]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-06-02]


Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-06-02]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-06-02]


==================== Services (Whitelisted) ========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-02] (AVAST Software)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [113632 2016-06-05] (SurfRight B.V.)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2008-01-19] (Microsoft Corporation)
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-04-21] (IObit)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [125952 2009-04-11] (Microsoft Corporation)
R2 RUBotSrv; C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
R2 STacSV; C:\Windows\system32\STacSV.exe [90112 2016-06-11] (SigmaTel, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)


===================== Drivers (Whitelisted) ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-06-02] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-06-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-06-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-06-02] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-06-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-06-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-06-02] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [187208 2016-06-02] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [67216 2016-06-02] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221368 2016-06-02] (AVAST Software)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2016-06-05] ()
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [323584 2016-06-11] (SigmaTel, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
U3 DFSR; no ImagePath
S3 ialm; system32\DRIVERS\igdkmd32.sys [X]
S3 igfx; system32\DRIVERS\igdkmd32.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
U4 UmRdpService; no ImagePath


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-06-13 15:35 - 2016-06-13 15:35 - 00013014 _____ C:\Users\Scott\Downloads\FRST.txt
2016-06-13 15:34 - 2016-06-13 15:35 - 00000000 ____D C:\FRST
2016-06-13 15:32 - 2016-06-13 15:32 - 01736192 _____ (Farbar) C:\Users\Scott\Downloads\FRST.exe
2016-06-13 15:32 - 2016-06-13 15:32 - 00000817 _____ C:\Users\Scott\Desktop\FRST - Shortcut.lnk
2016-06-13 15:23 - 2016-06-13 15:23 - 00001983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-13 15:23 - 2016-06-13 15:23 - 00001971 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-13 15:21 - 2016-06-13 15:32 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-13 15:21 - 2016-06-13 15:32 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-13 15:20 - 2016-06-13 15:20 - 00987728 _____ (Google Inc.) C:\Users\Scott\Downloads\ChromeSetup.exe
2016-06-13 14:40 - 2016-06-13 14:40 - 00000514 _____ C:\Users\MrBreeze\Documents\hoses.txt
2016-06-12 16:13 - 2016-06-12 16:14 - 00000000 ____D C:\Users\MrBreeze\Desktop\UpDATERS
2016-06-12 13:36 - 2016-06-12 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
2016-06-12 13:36 - 2016-06-12 13:36 - 00000000 ____D C:\Program Files\Trend Micro
2016-06-12 13:26 - 2016-06-12 13:32 - 00000000 ____D C:\Users\Scott\Downloads\TMRBLog
2016-06-12 13:26 - 2016-06-12 13:26 - 00000000 ____D C:\Users\Scott\Downloads\log
2016-06-12 13:03 - 2016-06-12 13:03 - 00000000 ____D C:\Users\Scott\Downloads\lspfix
2016-06-12 13:02 - 2016-06-12 13:02 - 00183158 _____ C:\Users\Scott\Downloads\lspfix.zip
2016-06-12 12:58 - 2016-06-12 12:58 - 10078720 _____ (Trend Micro Inc.) C:\Users\Scott\Downloads\RootkitBusterV5.0-1198.exe
2016-06-12 12:57 - 2016-06-12 12:57 - 06229392 _____ (Trend Micro, Inc. ) C:\Users\Scott\Downloads\RUBottedSetup.exe
2016-06-12 12:56 - 2016-06-12 12:56 - 10467568 _____ (Akamai Technologies, Inc.) C:\Users\Scott\Downloads\installer.exe
2016-06-12 12:55 - 2016-06-12 12:55 - 02104376 _____ (Trend Micro Inc.) C:\Users\Scott\Downloads\HousecallLauncher.exe
2016-06-12 12:54 - 2016-06-12 12:54 - 00388608 _____ (Trend Micro Inc.) C:\Users\Scott\Downloads\HijackThis.exe
2016-06-12 12:25 - 2016-06-12 12:25 - 00000000 ___SD C:\Users\Scott\AppData\LocalLow\Temp
2016-06-12 12:24 - 2016-06-13 15:19 - 00000680 _____ C:\Users\Scott\AppData\Local\d3d9caps.dat
2016-06-11 14:25 - 2016-06-11 14:21 - 04939776 _____ (SigmaTel, Inc.) C:\Windows\system32\stacgui.cpl
2016-06-11 14:25 - 2016-06-11 14:21 - 00303104 _____ (SigmaTel, Inc.) C:\Windows\sttray.exe
2016-06-11 14:25 - 2016-06-11 14:21 - 00090112 _____ (SigmaTel, Inc.) C:\Windows\system32\stacsv.exe
2016-06-10 14:06 - 2016-06-10 14:06 - 00000000 ____D C:\Users\MrBreeze\.oracle_jre_usage
2016-06-09 13:18 - 2016-06-09 13:18 - 00000411 _____ C:\Users\MrBreeze\Documents\DJTrump.txt
2016-06-08 12:26 - 2016-06-08 12:26 - 00080437 _____ C:\Users\MrBreeze\Documents\Windows Updates text1.txt
2016-06-08 12:23 - 2016-06-08 12:23 - 00080437 _____ C:\Users\MrBreeze\Documents\Windows Updates text.txt
2016-06-07 18:55 - 2016-06-07 18:55 - 03677248 _____ C:\Users\MrBreeze\Downloads\adwcleaner_5.119.exe
2016-06-07 16:36 - 2016-06-07 16:39 - 00000000 ____D C:\Program Files\PCFixKit
2016-06-07 16:00 - 2016-06-07 16:00 - 00000000 ____D C:\Users\MrBreeze\AppData\Local\Acelogix
2016-06-07 15:58 - 2016-06-12 16:33 - 00000000 ____D C:\ProgramData\TEMP
2016-06-07 15:58 - 2016-06-07 15:58 - 00001922 _____ C:\Users\MrBreeze\Desktop\Ace Utilities.lnk
2016-06-07 15:58 - 2016-06-07 15:58 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Utilities
2016-06-07 15:58 - 2016-06-07 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace Utilities
2016-06-07 15:58 - 2016-06-07 15:58 - 00000000 ____D C:\Program Files\Ace Utilities
2016-06-07 15:55 - 2016-06-07 15:55 - 00000078 _____ C:\Windows\system32\MRBREEZE-PC.Windows Vista Home Basic, 32-bit Service Pack 2 (build 6002).txt
2016-06-07 15:55 - 2016-06-07 15:55 - 00000000 ____D C:\Windows\RegBak
2016-06-07 15:54 - 2016-06-07 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Backup and Restore
2016-06-07 15:54 - 2016-06-07 15:54 - 00000000 ____D C:\Program Files\Acelogix
2016-06-07 15:17 - 2016-06-07 15:18 - 06431728 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\OSGS14-WindowsUpgradeAssistant-32bitand64bit-ClientSKU-4141411.exe
2016-06-07 15:06 - 2016-06-07 15:06 - 00027095 _____ C:\Users\MrBreeze\Documents\Win 7.htm
2016-06-07 15:06 - 2016-06-07 15:06 - 00000000 ____D C:\Users\MrBreeze\Documents\img
2016-06-07 15:06 - 2016-06-07 14:42 - 00002640 _____ C:\Users\MrBreeze\Documents\WuaReports.css
2016-06-07 13:58 - 2016-06-12 16:16 - 00000000 ____D C:\Program Files\UnHackMe
2016-06-07 13:56 - 2016-06-13 14:04 - 00069840 _____ C:\Users\MrBreeze\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-07 13:48 - 2016-06-12 12:23 - 00293288 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-06 13:08 - 2016-06-06 13:16 - 00000680 _____ C:\Windows\system32\.crusader
2016-06-05 15:08 - 2016-06-05 15:10 - 01016592 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_15.08.26_log.txt
2016-06-05 15:05 - 2016-06-05 15:06 - 00172328 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_15.05.09_log.txt
2016-06-05 15:02 - 2016-06-05 15:03 - 00172162 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_15.02.26_log.txt
2016-06-05 13:59 - 2016-06-05 15:11 - 00000000 ____D C:\Program Files\HitmanPro
2016-06-05 13:59 - 2016-06-05 13:59 - 00001732 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-06-05 13:59 - 2016-06-05 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-06-05 13:58 - 2016-06-06 13:08 - 00000000 ____D C:\ProgramData\HitmanPro
2016-06-05 13:33 - 2016-06-12 16:18 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Enigma Software Group
2016-06-05 13:26 - 2016-06-05 13:26 - 00019984 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-06-05 13:25 - 2016-06-05 13:25 - 03482800 _____ (Enigma Software Group USA, LLC.) C:\Users\MrBreeze\Downloads\SpyHunter-Installer (1).exe
2016-06-05 13:19 - 2016-06-11 14:21 - 01601536 _____ (SigmaTel, Inc.) C:\Windows\system32\stlang.dll
2016-06-05 13:19 - 1999-12-31 19:00 - 05398528 _____ (SigmaTel, Inc.) C:\Windows\system32\IDTSG.cpl
2016-06-05 13:07 - 2016-06-05 13:07 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Bluefive software
2016-06-05 12:35 - 2016-06-05 12:36 - 00347816 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\MicrosoftFixit.wu.MATSKB.Run (1).exe
2016-06-04 11:34 - 2016-06-04 11:37 - 48418520 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\Windows-KB890830-V5.36.exe
2016-06-04 11:34 - 2016-06-04 11:37 - 38808920 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\FileFormatConverters (1).exe
2016-06-04 11:28 - 2016-06-04 11:28 - 00146308 _____ C:\Users\MrBreeze\Downloads\WS08_Vista_SP2_RTM_KBList (1).xlsx
2016-06-03 14:13 - 2016-06-03 14:16 - 75137189 _____ C:\Users\MrBreeze\Downloads\Windows6.0-KB947821-v4-x86.msu
2016-06-02 22:16 - 2016-06-02 22:32 - 02340040 _____ C:\Users\MrBreeze\Downloads\msxml6_SDK (1).msi
2016-06-02 22:16 - 2016-06-02 22:32 - 02324272 _____ C:\Users\MrBreeze\Downloads\msxml6_x64 (1).msi
2016-06-02 22:16 - 2016-06-02 22:32 - 02267192 _____ C:\Users\MrBreeze\Downloads\msxml6_ia64 (1).msi
2016-06-02 22:16 - 2016-06-02 22:32 - 01528320 _____ C:\Users\MrBreeze\Downloads\msxml6 (1).msi
2016-06-02 21:29 - 2016-06-02 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-06-02 21:29 - 2016-06-02 21:27 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-06-02 15:38 - 2016-06-02 15:38 - 00000896 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-06-02 15:38 - 2016-06-02 15:38 - 00000896 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-06-02 15:30 - 2016-06-02 15:30 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-06-02 15:23 - 2016-06-02 15:23 - 00000000 ____D C:\Users\Scott\AppData\Roaming\AVAST Software
2016-06-02 15:22 - 2016-06-02 15:22 - 00001829 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-06-02 15:22 - 2016-06-02 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-06-02 15:21 - 2016-06-02 15:20 - 00815792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-06-02 15:21 - 2016-06-02 15:20 - 00449640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-06-02 15:21 - 2016-06-02 15:20 - 00221368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-06-02 15:21 - 2016-06-02 15:20 - 00187208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2016-06-02 15:21 - 2016-06-02 15:20 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-06-02 15:21 - 2016-06-02 15:20 - 00067216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2016-06-02 15:21 - 2016-06-02 15:20 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2016-06-02 15:21 - 2016-06-02 15:20 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-06-02 15:21 - 2016-06-02 15:20 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-06-02 15:20 - 2016-06-02 15:20 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-06-02 15:20 - 2016-06-02 15:20 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-06-02 15:20 - 2016-06-02 15:20 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-06-02 15:17 - 2016-06-02 15:29 - 00000000 ____D C:\Program Files\AVAST Software
2016-06-02 15:11 - 2016-06-02 15:30 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-02 15:10 - 2016-06-02 15:11 - 05080352 _____ (AVAST Software) C:\Users\Scott\Downloads\avast_free_antivirus_setup_online.exe
2016-06-02 14:53 - 2016-06-02 14:53 - 00000391 _____ C:\Users\Scott\Downloads\Microsoft.Powershell.Host_56d66100-99a0-4ffc-a12d-eee9a6718aef_HelpInfo.xml
2016-06-02 14:35 - 2016-06-02 14:46 - 01756144 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\WindowsEmbeddedCompact2013.exe
2016-06-02 14:35 - 2016-06-02 14:35 - 01851544 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\WindowsEmbeddedCompact2013_Update22.exe
2016-06-02 14:35 - 2016-06-02 14:35 - 00112496 _____ C:\Users\Scott\Downloads\Windows Embedded Compact 2013_Update30.htm
2016-06-02 14:32 - 2016-06-02 14:32 - 00323688 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\WindowsServer2003-KB828028-x86-ENU.exe
2016-06-02 14:25 - 2016-06-02 14:25 - 00702840 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\Windows-KB943729-x86-ENU.exe
2016-06-02 14:22 - 2016-06-02 14:22 - 00000000 ____D C:\Program Files\LAPS
2016-06-02 14:19 - 2016-06-02 14:19 - 00954368 _____ C:\Users\Scott\Downloads\LAPS.x86.msi
2016-06-02 14:17 - 2016-06-02 14:17 - 00000238 _____ C:\Users\Scott\Documents\Fixit.txt
2016-06-02 14:04 - 2016-06-02 14:04 - 00347816 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\MicrosoftFixit.wu.Run.exe
2016-06-02 12:05 - 2016-06-02 12:05 - 00000000 ____D C:\Users\Scott\AppData\Roaming\ProductData
2016-06-01 21:18 - 2016-06-01 21:18 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-06-01 21:16 - 2016-06-01 21:18 - 21381936 _____ (Tweaking.com) C:\Users\MrBreeze\Downloads\tweaking.com_windows_repair_aio_setup.exe
2016-06-01 21:15 - 2016-06-01 21:15 - 00000286 _____ C:\Windows\Tasks\User_Feed_Synchronization-{40FE53E5-E223-4404-89E5-29209F69C377}.job
2016-06-01 19:35 - 2016-06-01 19:35 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2016-06-01 05:17 - 2016-06-01 19:50 - 32337920 _____ C:\Windows\system32\config\components.iobit
2016-06-01 05:17 - 2016-06-01 19:50 - 28155904 _____ C:\Windows\system32\config\software.iobit
2016-06-01 05:17 - 2016-06-01 19:50 - 01077248 _____ C:\Windows\system32\config\default.iobit
2016-06-01 05:17 - 2016-06-01 19:50 - 00090112 _____ C:\Windows\system32\config\sam.iobit
2016-06-01 05:17 - 2016-06-01 19:49 - 00028672 _____ C:\Windows\system32\config\security.iobit
2016-06-01 05:12 - 2016-06-01 05:12 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Apple Computer
2016-06-01 05:07 - 2016-06-01 16:51 - 00000000 ____D C:\ProgramData\ProductData
2016-06-01 05:03 - 2016-06-01 05:13 - 00000000 ____D C:\Users\MrBreeze\AppData\LocalLow\IObit
2016-06-01 05:03 - 2016-06-01 05:03 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2016-06-01 05:03 - 2016-06-01 05:03 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\ProductData
2016-06-01 05:02 - 2016-06-01 05:02 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
2016-06-01 05:01 - 2016-06-01 16:49 - 00000000 ____D C:\Program Files\Common Files\IObit
2016-06-01 04:58 - 2016-06-01 20:25 - 00000000 ____D C:\Program Files\IObit
2016-06-01 04:58 - 2016-06-01 16:49 - 00000000 ____D C:\ProgramData\IObit
2016-06-01 04:44 - 2016-06-01 04:52 - 43891792 _____ (IObit ) C:\Users\MrBreeze\Downloads\advanced-systemcare-setup.exe
2016-05-31 14:25 - 2016-05-31 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2016-05-31 10:47 - 2016-05-31 10:48 - 00231760 _____ C:\Users\MrBreeze\Downloads\CrucialScan.exe
2016-05-29 13:40 - 2016-06-05 15:11 - 00160840 _____ (SurfRight B.V.) C:\Windows\system32\LnkProtect.dll
2016-05-29 12:57 - 2016-05-29 12:57 - 00001933 _____ C:\Users\MrBreeze\Documents\EVIEW.txt
2016-05-29 12:50 - 2016-05-29 12:50 - 00001867 _____ C:\Users\MrBreeze\Documents\HITMAN EVENT VIEW.txt
2016-05-29 12:43 - 2016-05-29 12:44 - 00000534 _____ C:\Users\MrBreeze\Documents\admin event viewer.txt
2016-05-29 12:42 - 2016-05-29 12:42 - 00000615 _____ C:\Users\MrBreeze\Documents\eventviewerhitmanpro.txt
2016-05-26 19:11 - 2016-05-31 17:14 - 00000000 ____D C:\Windows\CryptoGuard
2016-05-26 15:51 - 2016-05-26 15:53 - 10451640 _____ (SurfRight B.V.) C:\Users\MrBreeze\Downloads\HitmanPro.exe
2016-05-25 19:51 - 2016-05-25 19:51 - 04614144 _____ C:\Users\Scott\Downloads\msxml6_SDK.msi
2016-05-25 19:51 - 2016-05-25 19:51 - 01528320 _____ C:\Users\Scott\Downloads\msxml6.msi
2016-05-25 18:56 - 2016-05-25 18:57 - 04614144 _____ C:\Users\MrBreeze\Downloads\msxml6_SDK.msi
2016-05-25 18:56 - 2016-05-25 18:57 - 03753472 _____ C:\Users\MrBreeze\Downloads\msxml6_ia64.msi
2016-05-25 18:56 - 2016-05-25 18:57 - 02721280 _____ C:\Users\MrBreeze\Downloads\msxml6_x64.msi
2016-05-25 18:56 - 2016-05-25 18:56 - 01528320 _____ C:\Users\MrBreeze\Downloads\msxml6.msi
2016-05-25 15:48 - 2016-05-25 15:48 - 00000000 ____D C:\Users\Default\AppData\Roaming\Sun
2016-05-25 15:48 - 2016-05-25 15:48 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Sun
2016-05-25 15:46 - 2016-05-25 15:46 - 00000000 ____D C:\ProgramData\Oracle
2016-05-25 14:51 - 2016-05-25 14:51 - 00000000 ____D C:\Users\MrBreeze\AppData\Local\Secunia PSI
2016-05-25 14:50 - 2016-05-25 14:50 - 00000000 ____D C:\Program Files\Secunia
2016-05-25 14:49 - 2016-05-25 14:50 - 05490752 _____ (Secunia) C:\Users\MrBreeze\Downloads\PSISetup.exe
2016-05-25 14:16 - 2016-05-25 14:19 - 00930472 _____ C:\TDSSKiller.3.1.0.9_25.05.2016_14.16.19_log.txt
2016-05-25 14:10 - 2016-05-25 14:12 - 00170114 _____ C:\TDSSKiller.3.1.0.9_25.05.2016_14.10.29_log.txt
2016-05-25 14:07 - 2016-05-25 14:08 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\MrBreeze\Downloads\tdsskiller.exe
2016-05-24 11:57 - 2016-05-24 11:57 - 00000000 ____D C:\Users\MrBreeze\AppData\Roaming\Bluefive software
2016-05-23 13:29 - 2016-05-23 13:29 - 00000844 _____ C:\Users\MrBreeze\Desktop\SnapShot.lnk
2016-05-23 13:29 - 2016-05-23 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SnapShot
2016-05-23 13:29 - 2016-05-23 13:29 - 00000000 ____D C:\Program Files\SnapShot
2016-05-23 13:29 - 2008-07-01 10:04 - 01064960 _____ (Chilkat Software, Inc.) C:\Windows\system32\ChilkatFtp2.dll
2016-05-23 13:29 - 2007-12-14 17:34 - 01388032 _____ (Chestysoft) C:\Windows\system32\csXImage.ocx
2016-05-23 13:29 - 2007-06-05 10:00 - 00311296 _____ (AdminSystem Software Limited) C:\Windows\system32\aosmtp.dll
2016-05-23 13:29 - 2004-03-08 23:00 - 00224016 _____ (Microsoft Corporation) C:\Windows\system32\tabctl32.ocx
2016-05-23 13:29 - 2002-02-10 20:28 - 00070144 _____ (Merrion Computing Ltd) C:\Windows\system32\MCLHotkey.ocx
2016-05-23 13:29 - 2001-08-23 13:00 - 01355776 _____ (Microsoft Corporation) C:\Windows\system32\msvbvm50.dll
2016-05-23 13:29 - 2000-07-09 18:15 - 00106496 _____ (Marco Bellinaso) C:\Windows\system32\mbprgbar.ocx
2016-05-23 13:29 - 2000-05-01 23:02 - 00110592 _____ (Common Controls Replacement Project (CCRP)) C:\Windows\system32\ccrpbds6.dll
2016-05-23 13:29 - 1998-06-24 00:00 - 00140096 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.ocx
2016-05-23 12:51 - 2016-05-23 12:51 - 00035114 _____ C:\Users\MrBreeze\Downloads\Extras.Txt
2016-05-23 12:49 - 2016-05-23 13:20 - 00119882 _____ C:\Users\MrBreeze\Downloads\OTL.Txt
2016-05-23 12:27 - 2016-05-23 12:27 - 00602112 _____ (OldTimer Tools) C:\Users\MrBreeze\Downloads\OTL.scr
2016-05-23 12:14 - 2016-05-23 12:14 - 00347816 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\MicrosoftFixit.wu.Run.exe
2016-05-23 10:31 - 2016-05-23 10:39 - 154546261 _____ C:\Users\MrBreeze\Downloads\Windows6.0-KB947821-v35-x86 (2).msu
2016-05-23 10:17 - 2016-05-23 10:17 - 00000000 ____D C:\Users\MrBreeze\Downloads\lspfix
2016-05-23 10:15 - 2016-05-23 10:16 - 00183158 _____ C:\Users\MrBreeze\Downloads\lspfix.zip
2016-05-23 10:05 - 2016-05-23 10:05 - 00000902 _____ C:\Users\Scott\Documents\Rolling Stone.txt
2016-05-22 12:43 - 2016-05-22 12:50 - 00000000 _____ C:\Windows\system32\procdump
2016-05-22 12:39 - 2016-05-22 12:39 - 00000000 ____D C:\Users\MrBreeze\Downloads\Procdump
2016-05-22 12:34 - 2016-05-22 12:34 - 00411028 _____ C:\Users\MrBreeze\Downloads\Procdump.zip
2016-05-21 14:36 - 2016-05-21 14:54 - 649877504 _____ C:\Users\Scott\Downloads\GRMWDK_EN_7600_1.ISO
2016-05-21 12:07 - 2016-05-21 12:07 - 00000000 _RSHD C:\comment.htt
2016-05-20 12:28 - 2016-05-20 12:28 - 00000000 ____D C:\Users\MrBreeze\Downloads\Autoruns
2016-05-20 11:35 - 2016-05-20 11:35 - 00001952 _____ C:\Users\Scott\Desktop\Tweaking.com - Windows Repair.lnk
2016-05-20 09:59 - 2016-05-20 09:59 - 00615478 _____ C:\Users\MrBreeze\Downloads\Autoruns.zip
2016-05-20 09:55 - 2016-05-20 09:56 - 21382440 _____ (Tweaking.com) C:\Users\MrBreeze\Downloads\tweaking.com_windows_repair_aio_setup (1).exe
2016-05-19 17:44 - 2016-05-19 17:44 - 00209432 _____ C:\Windows\RegBootClean.exe
2016-05-19 17:37 - 2016-05-19 17:44 - 00000000 ____D C:\ProgramData\AntiRansomware
2016-05-18 20:38 - 2016-05-18 20:38 - 00000000 ____D C:\e735d206fef05299b92e9a0a60a4a2df
2016-05-18 11:49 - 2016-05-18 11:49 - 00000000 ____D C:\ProgramData\Windows Genuine Advantage
2016-05-18 11:47 - 2016-05-18 11:48 - 00002628 _____ C:\Users\MrBreeze\Downloads\legitcheck.hta
2016-05-18 11:07 - 2016-05-18 11:07 - 00024576 _____ C:\Users\MrBreeze\Documents\EasyBCD Backup (2016-05-18).bcd
2016-05-18 11:07 - 2016-05-18 11:07 - 00000000 ____D C:\Users\MrBreeze\AppData\Local\NeoSmart_Technologies
2016-05-18 11:06 - 2016-05-18 20:38 - 00000000 ____D C:\Program Files\NeoSmart Technologies
2016-05-18 11:04 - 2016-05-18 11:04 - 01923704 _____ C:\Users\MrBreeze\Downloads\EasyBCD 2.3.exe
2016-05-18 10:56 - 2016-05-18 11:00 - 00021948 _____ C:\Windows\system32\sfcdetails.txt
2016-05-18 07:25 - 2016-05-23 13:58 - 00000562 _____ C:\Users\MrBreeze\Desktop\StartUp Failure.txt
2016-05-17 13:46 - 2016-05-18 12:40 - 00000000 ____D C:\ProgramData\BootRacer
2016-05-17 13:43 - 2016-05-18 12:39 - 00040960 _____ C:\Users\Public\Documents\bootracer.his
2016-05-17 13:40 - 2016-05-25 15:25 - 00000728 _____ C:\Users\Public\Documents\bootracer.ini
2016-05-17 13:00 - 2016-05-17 13:00 - 00000010 _____ C:\Users\Scott\Desktop\test.txt
2016-05-17 12:56 - 2016-05-17 12:56 - 00449569 _____ C:\Users\Scott\Desktop\regrunlog.txt
2016-05-17 12:18 - 2016-05-17 12:18 - 00000000 ____D C:\@RestoreQuarantine
2016-05-17 12:13 - 2016-06-07 14:05 - 00000000 ____D C:\Users\MrBreeze\Documents\RegRun2
2016-05-17 11:58 - 2016-06-12 14:00 - 00000370 _____ C:\Windows\system32\PARTIZAN.TXT
2016-05-17 11:39 - 2016-05-17 11:40 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Scott\Downloads\SpyHunter-Installer (1).exe
2016-05-17 11:37 - 2016-05-17 11:39 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Scott\Downloads\SpyHunter-Installer.exe
2016-05-17 11:18 - 2016-06-11 13:49 - 00000000 ____D C:\ProgramData\RegRun
2016-05-17 10:29 - 2016-06-11 13:49 - 00000000 ____D C:\Users\Public\Documents\regruninfo
2016-05-17 10:29 - 2016-06-07 13:58 - 00000002 RSHOT C:\Windows\winstart.bat
2016-05-17 10:29 - 2016-05-21 12:10 - 00000000 ____D C:\Users\Scott\Documents\RegRun2
2016-05-17 10:29 - 2016-04-05 15:17 - 00012808 _____ (Greatis Software, LLC.) C:\Windows\system32\Drivers\UnHackMeDrv.sys
2016-05-17 10:25 - 2016-05-17 10:25 - 00000000 ____D C:\Users\Scott\Downloads\unhackme
2016-05-17 10:23 - 2016-05-17 10:24 - 17475297 _____ C:\Users\Scott\Downloads\unhackme.zip
2016-05-17 10:23 - 2016-05-17 10:23 - 00000400 _____ C:\Users\Scott\Documents\100 cpu.txt
2016-05-16 11:19 - 2016-05-16 11:19 - 00000000 ____D C:\Users\MrBreeze\Downloads\!Safe_WinVista_Home_Basic_SP2_32_Start_v200
2016-05-16 11:09 - 2016-05-16 11:09 - 00146308 _____ C:\Users\MrBreeze\Downloads\WS08_Vista_SP2_RTM_KBList.xlsx
2016-05-16 10:54 - 2016-05-16 10:55 - 18005296 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\IE9-WindowsVista-x86-enu.exe
2016-05-16 10:49 - 2016-05-16 10:49 - 00347816 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\MicrosoftFixit.Performance.RNP.Run.exe
2016-05-16 09:03 - 2016-05-16 09:03 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Macromedia
2016-05-16 08:51 - 2016-05-16 08:51 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Adobe
2016-05-15 22:15 - 2016-05-15 22:15 - 00000000 ____D C:\MATS
2016-05-15 22:13 - 2016-05-15 22:13 - 00347816 _____ (Microsoft Corporation) C:\Users\MrBreeze\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe
2016-05-15 20:28 - 2016-05-15 20:28 - 00000033 _____ C:\Users\MrBreeze\Documents\Knee.txt
2016-05-14 21:40 - 2016-05-14 21:40 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MRBREEZE-PC-Windows-Vista-(TM)-Home-Basic-(32-bit).dat
2016-05-14 21:40 - 2016-05-14 21:40 - 00000000 ____D C:\RegBackup
2016-05-14 19:29 - 2016-06-01 21:18 - 00001952 _____ C:\Users\MrBreeze\Desktop\Tweaking.com - Windows Repair.lnk
2016-05-14 19:29 - 2016-06-01 21:18 - 00000550 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2016-05-14 19:29 - 2016-05-14 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-05-14 19:29 - 2016-05-14 19:29 - 00000000 ____D C:\Program Files\Tweaking.com
2016-05-14 16:47 - 2016-05-14 16:47 - 00984576 _____ C:\Users\MrBreeze\Downloads\MicrosoftFixit50906.msi
2016-05-14 14:14 - 2016-05-14 14:14 - 01768236 _____ C:\Users\MrBreeze\Downloads\Windows6.0-KB942288-v2-x86 (1).msu
2016-05-14 14:14 - 2016-05-14 14:14 - 00000000 ____D C:\014e2b9b0cb56244da54
2016-05-14 10:20 - 2016-05-14 10:20 - 00000040 _____ C:\Users\MrBreeze\Documents\net.txt


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-06-13 15:23 - 2016-04-29 19:44 - 00000000 ____D C:\Program Files\Google
2016-06-13 15:21 - 2016-05-04 22:26 - 00000000 ____D C:\Users\Scott\AppData\Local\Google
2016-06-13 15:16 - 2016-04-29 19:45 - 00000000 ____D C:\Users\MrBreeze\AppData\Local\Google
2016-06-13 15:06 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\inf
2016-06-13 15:06 - 2006-11-02 05:33 - 00796728 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-13 15:04 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\inetsrv
2016-06-13 15:02 - 2006-11-02 07:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-13 15:02 - 2006-11-02 07:45 - 00004800 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-13 15:02 - 2006-11-02 07:45 - 00004800 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-13 15:01 - 2006-11-02 07:58 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-13 14:55 - 2016-04-17 11:07 - 00001356 _____ C:\Users\MrBreeze\AppData\Local\d3d9caps.dat
2016-06-12 13:24 - 2016-04-21 13:49 - 00346512 _____ C:\Users\MrBreeze\AppData\Local\census.cache
2016-06-12 13:24 - 2016-04-21 13:49 - 00297382 _____ C:\Users\MrBreeze\AppData\Local\ars.cache
2016-06-12 13:21 - 2016-04-19 01:48 - 00000010 _____ C:\Users\MrBreeze\AppData\Local\sponge.last.runtime.cache
2016-06-11 14:32 - 2016-04-05 17:44 - 00000000 ____D C:\Users\MrBreeze
2016-06-11 14:24 - 2016-04-05 12:59 - 00121232 _____ C:\Windows\system32\IScrNBR.bmp
2016-06-11 14:24 - 2016-04-05 12:59 - 00121232 _____ C:\Windows\system32\IScrNB.bmp
2016-06-11 14:23 - 2016-04-05 12:59 - 00319456 _____ (Microsoft Corporation) C:\Windows\system32\difxapi.dll
2016-06-11 14:21 - 2016-04-05 12:58 - 00142848 _____ (SigmaTel, Inc.) C:\Windows\system32\staco.dll
2016-06-11 14:21 - 2007-03-29 11:17 - 00562688 _____ (SigmaTel, Inc.) C:\Windows\system32\stapo.dll
2016-06-11 14:21 - 2007-03-29 11:17 - 00323584 _____ (SigmaTel, Inc.) C:\Windows\system32\Drivers\stwrt.sys
2016-06-11 14:21 - 2007-03-29 11:17 - 00316928 _____ (SigmaTel, Inc.) C:\Windows\system32\stcplx.dll
2016-06-11 14:21 - 2007-03-29 11:17 - 00243712 _____ (SigmaTel, Inc.) C:\Windows\system32\stapi32.dll
2016-06-07 20:34 - 2016-05-10 21:58 - 00000000 ____D C:\AdwCleaner
2016-06-07 16:39 - 2016-04-08 22:01 - 00000000 ___SD C:\Users\MrBreeze\AppData\LocalLow\Temp
2016-06-07 13:58 - 2006-11-02 05:23 - 00002577 _____ C:\Windows\system32\config.nt
2016-06-07 13:58 - 2006-11-02 05:23 - 00001688 _____ C:\Windows\system32\autoexec.nt
2016-06-05 11:45 - 2016-04-21 18:49 - 00000000 ____D C:\Users\MrBreeze\Downloads\backups
2016-06-04 19:31 - 2006-11-02 05:24 - 136686448 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-06-03 15:52 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\registration
2016-06-02 21:16 - 2016-04-05 13:07 - 00000000 ____D C:\Program Files\Java
2016-06-02 16:31 - 2016-05-04 21:39 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-02 15:17 - 2016-04-13 01:50 - 00001945 _____ C:\Windows\epplauncher.mif
2016-06-02 12:04 - 2016-05-06 17:45 - 00069840 _____ C:\Users\Scott\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-02 11:54 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_249
2016-06-01 21:41 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_687
2016-06-01 14:34 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_555
2016-06-01 05:33 - 2016-04-29 22:30 - 00000000 ____D C:\Windows\Panther
2016-05-27 12:15 - 2016-04-10 13:32 - 00000000 ____D C:\Windows\Minidump
2016-05-25 19:28 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_428
2016-05-25 13:19 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_219
2016-05-23 11:53 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_626
2016-05-22 22:08 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_183
2016-05-20 12:04 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_408
2016-05-20 09:33 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_570
2016-05-18 11:49 - 2006-11-02 06:18 - 00000000 ___SD C:\Windows\Downloaded Program Files
2016-05-16 11:16 - 2016-04-29 22:51 - 00000000 ____D C:\Users\MrBreeze\AppData\Local\ElevatedDiagnostics
2016-05-16 10:56 - 2016-05-04 22:26 - 00000949 _____ C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-16 10:14 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_366
2016-05-15 23:19 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_286
2016-05-15 21:50 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_527
2016-05-15 16:25 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_19
2016-05-14 22:19 - 2016-04-19 18:39 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-05-14 22:19 - 2016-04-19 18:39 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-05-14 22:10 - 2006-11-02 05:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_584
2016-05-14 18:09 - 2016-05-10 12:33 - 00000000 ____D C:\363c9100431405d757f164504b44b3
2016-05-14 18:07 - 2016-04-29 21:50 - 00000000 ____D C:\2de5ecb5eb1f30c5571f293ed367
2016-05-14 14:08 - 2006-11-02 05:22 - 32768000 _____ C:\Windows\system32\config\components.bak
2016-05-14 14:08 - 2006-11-02 05:22 - 30146560 _____ C:\Windows\system32\config\software.bak
2016-05-14 14:08 - 2006-11-02 05:22 - 23068672 _____ C:\Windows\system32\config\system.bak
2016-05-14 14:08 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\security.bak
2016-05-14 14:08 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\sam.bak
2016-05-14 14:08 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\default.bak


==================== Files in the root of some directories =======


2016-04-21 13:49 - 2016-06-12 13:24 - 0297382 _____ () C:\Users\MrBreeze\AppData\Local\ars.cache
2016-04-21 13:49 - 2016-06-12 13:24 - 0346512 _____ () C:\Users\MrBreeze\AppData\Local\census.cache
2016-04-17 11:07 - 2016-06-13 14:55 - 0001356 _____ () C:\Users\MrBreeze\AppData\Local\d3d9caps.dat
2016-04-05 18:11 - 2016-04-26 13:28 - 0005120 _____ () C:\Users\MrBreeze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-04-19 01:19 - 2016-04-19 01:19 - 0000036 _____ () C:\Users\MrBreeze\AppData\Local\housecall.guid.cache
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\MrBreeze\AppData\Local\setup.txt
2016-04-19 01:48 - 2016-06-12 13:21 - 0000010 _____ () C:\Users\MrBreeze\AppData\Local\sponge.last.runtime.cache


==================== Bamital & volsnap =================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed




LastRegBack: 2016-06-13 15:09


==================== End of FRST.txt ============================
 

SPSpellman

Free PC Help Contributor
Joined
May 23, 2016
Location
Missouri
PC Experience
Some Experience
Standard User Account: Scott

Additional scan result of Farbar Recovery Scan Tool (x86) Version:13-06-2016
Ran by MrBreeze (2016-06-13 15:36:09)
Running from C:\Users\Scott\Downloads
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) (2016-04-05 20:52:52)
Boot Mode: Normal
==========================================================




==================== Accounts: =============================


Administrator (S-1-5-21-67880207-1905697065-243471585-500 - Administrator - Disabled)
Guest (S-1-5-21-67880207-1905697065-243471585-501 - Limited - Enabled)
MrBreeze (S-1-5-21-67880207-1905697065-243471585-1000 - Administrator - Enabled) => C:\Users\MrBreeze
Scott (S-1-5-21-67880207-1905697065-243471585-1005 - Limited - Enabled) => C:\Users\Scott


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


Ace Utilities (HKLM\...\Ace Utilities_is1) (Version: 6.1.0 - Acelogix Software)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Application Compatibility Toolkit (Version: 8.100.26641 - Microsoft) Hidden
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.2.2262 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
eMachines Recovery Center Installer (HKLM\...\{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}) (Version: 1.01.009 - eMachines)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.)
Intel(R) Network Connections 15.3.68.0 (HKLM\...\PROSetDX) (Version: 15.3.68.0 - Intel)
Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Kits Configuration Installer (Version: 8.100.25984 - Microsoft) Hidden
Local Administrator Password Solution (HKLM\...\{3C5FA570-168B-47B2-A4C9-8B59FFC28459}) (Version: 6.0.1.0 - Microsoft Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SharePoint 2010 Products OpsMgr 2007 MP en-us (HKLM\...\{7F52C251-8EB6-410D-9E84-45E8E4993A48}) (Version: 1.0.0.0 - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Registry Backup and Restore (HKLM\...\Registry Backup and Restore_is1) (Version: - Acelogix)
SafeZone Stable 1.48.2066.101 (Version: 1.48.2066.101 - Avast Software) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5205.0 - SigmaTel)
SnapShot (HKLM\...\SnapShot_is1) (Version: 1.0.6 - Bluefive software)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Toolkit Documentation (Version: 8.100.26866 - Microsoft) Hidden
Trend Micro RUBotted 2.0 Beta (HKLM\...\{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1) (Version: 2.0.0.1034 - Trend Micro, Inc.)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.9.1 - Tweaking.com)
Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 7.1.0 - Shark007)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Assessment and Deployment Kit for Windows 8.1 (HKLM\...\{e9e06304-a604-434b-b35f-d9beb94dc06d}) (Version: 8.100.26866 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {04C5732E-E4CC-4AE5-B8BF-8A56247766EC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-05-13] (Piriform Ltd)
Task: {15A33922-2CF4-4FE9-B6AE-384EEC7578EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-06-13] (Google Inc.)
Task: {256B542C-44C2-420A-BEF2-DFC720B9990A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-02] (AVAST Software)
Task: {30D25F1F-0D94-4911-B53A-76B996003FE2} - \SlimCleaner Run -> No File <==== ATTENTION
Task: {355BBC34-14C1-4E46-8C24-6BCC98BB416E} - System32\Tasks\AceUtilsSkipUAC => C:\Program Files\Ace Utilities\au.exe [2015-11-11] (Acelogix Software)
Task: {84DF11BB-C896-4B4A-B1EB-665321A19DCD} - System32\Tasks\SafeZone scheduled Autoupdate 1464899852 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {8673CFDB-7B4D-4D75-AFD9-0A3B2215628C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-06-13] (Google Inc.)
Task: {97AD9CE5-9A4A-478B-B492-807826D83D71} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-14] (Adobe Systems Incorporated)
Task: {ACE55B44-2D02-455E-977F-27AD60C7BBFD} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ab3ad222f4 => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-06-13] (Google Inc.)
Task: {FE20FBFD-023A-4365-9632-BB2E6A821F53} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com
Task: C:\Windows\Tasks\User_Feed_Synchronization-{40FE53E5-E223-4404-89E5-29209F69C377}.job => C:\Windows\system32\msfeedssync.exe


==================== Shortcuts =============================


(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============


2016-06-02 15:20 - 2016-06-02 15:20 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-06-02 15:20 - 2016-06-02 15:20 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-06-13 12:11 - 2016-06-13 12:11 - 02932736 _____ () C:\Program Files\AVAST Software\Avast\defs\16061300\algo.dll
2016-06-02 15:20 - 2016-06-02 15:20 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-06-13 15:03 - 2016-06-13 15:03 - 02932736 _____ () C:\Program Files\AVAST Software\Avast\defs\16061301\algo.dll
2016-06-02 15:20 - 2016-06-02 15:20 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-06-12 13:36 - 2010-08-24 19:06 - 00085840 _____ () C:\Program Files\Trend Micro\RUBotted\hc_help.dll
2016-06-02 15:20 - 2016-06-02 15:20 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)


AlternateDataStreams: C:\ProgramData\TEMP:E965A533 [111]


==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\12527038.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\94872584.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\12527038.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\94872584.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"


==================== Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)




==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)


IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-67880207-1905697065-243471585-1000\...\100***links.com -> 100***links.com


There are 4788 more sites.




==================== Hosts content: ===============================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2006-11-02 05:23 - 2016-06-12 12:19 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts


127.0.0.1 localhost


==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-67880207-1905697065-243471585-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\eM1_Wide.bmp
HKU\S-1-5-21-67880207-1905697065-243471585-1005\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.


==================== MSCONFIG/TASK MANAGER disabled items ==


(Currently there is no automatic fix for this section.)


MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide


==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
FirewallRules: [{68C83C52-ED98-4037-BB19-F9CD8048B21C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Restore Points =========================




==================== Faulty Device Manager Devices =============


Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.




==================== Event log errors: =========================


Application errors:
==================
Error: (06/13/2016 03:16:52 PM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.


Context: Application, SystemIndex Catalog


Error: (06/13/2016 03:14:54 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Program Files\HitmanPro\HitmanPro.exe Files\HitmanPro\HitmanPro.exe" ; Descripton = ȃȃȃȃဃဂဂဂ  ဂȂဃဂဂဂဂĂဃĂ Ă  ဂဂဂဂဂဂဂȂဃȂ Ȃă䠃ဂဂဂဂဂဂဂဂဂሂဃဂ。ဂဂဂဂᐂᐂဂሂဃဂဂᐂሂဃဂဂဂဂĂăăăăăăăăăăăăăăăăăăăăăăဃ褂; Hr = 0x80070057).


Error: (06/13/2016 03:00:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application hmpsched.exe, version 3.7.0.5, time stamp 0x5732f7ec, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000,
process id 0x520, application start time 0xhmpsched.exe0.


Error: (06/13/2016 02:23:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5, exception code 0xc0000005, fault offset 0x00034ca2,
process id 0x874, application start time 0xExplorer.EXE0.


Error: (06/12/2016 01:44:21 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Program Files\HitmanPro\HitmanPro.exe Files\HitmanPro\HitmanPro.exe" /scan:boot /quiet /quick; Descripton = Checkpoint by HitmanPro; Hr = 0x8000ffff).


Error: (06/12/2016 01:44:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.




Operation:
Gathering Writer Data
Executing Asynchronous Operation


Context:
Execution Context: Requestor
Current State: GatherWriterMetadata


Error: (06/12/2016 01:44:20 PM) (Source: VSS) (EventID: 34) (User: )
Description: Volume Shadow Copy Service error: The VSS event class is not registered. This will prevent any
VSS writers from receiving events. This may be caused due to a setup failure or as a result of an
application's installer or uninstaller.




Operation:
Gathering Writer Data
Executing Asynchronous Operation


Context:
Execution Context: Requestor
Current State: GatherWriterMetadata


Error: (06/12/2016 12:20:45 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.


Error: (06/12/2016 12:20:45 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c


Error: (06/12/2016 12:20:30 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.




System errors:
=============
Error: (06/13/2016 03:02:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it.




Error: (06/13/2016 12:09:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it.




Error: (06/12/2016 04:35:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it.




Error: (06/12/2016 04:25:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it.




Error: (06/12/2016 04:20:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it.




Error: (06/12/2016 04:10:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it.




Error: (06/12/2016 01:58:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it.




Error: (06/12/2016 01:46:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it.




Error: (06/12/2016 01:39:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it.




Error: (06/12/2016 01:28:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing ServiceThe service cannot be started, either because it is disabled or because it has no enabled devices associated with it.






CodeIntegrity:
===================================
Date: 2016-06-12 13:18:44.176
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-06-12 13:18:44.020
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-06-12 13:18:43.833
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-06-12 13:18:43.630
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-06-12 13:13:44.297
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-06-12 13:13:44.017
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-06-12 13:13:43.751
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-06-12 13:13:43.611
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-06-02 16:49:51.471
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-06-02 16:49:51.346
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.




==================== Memory info ===========================


Processor: Intel(R) Celeron(R) D CPU 3.33GHz
Percentage of memory in use: 36%
Total physical RAM: 2037.32 MB
Available physical RAM: 1293.96 MB
Total Virtual: 5989.36 MB
Available Virtual: 5197.12 MB


==================== Drives ================================


Drive c: () (Fixed) (Total:103.29 GB) (Free:75.11 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:8.5 GB) (Free:3.61 GB) NTFS ==>[system with boot components (obtained from drive)]


==================== MBR & Partition Table ==================


========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: B1E04F8A)
Partition 1: (Not Active) - (Size=8.5 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=103.3 GB) - (Type=07 NTFS)


==================== End of Addition.txt ============================
 
  • Thread starter
  • Admin
  • #7

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Location
Midlands, UK
PC Experience
Very Experienced
Hi Scott,

FRST only needs to be run on the main administrator account.
No need to run it on a standard user account.
Fixes won't work on a Standard account anyway as it will require Admin privledges to work.

There's a lot of security programs coming on and off this system.
This isn't always a good thing.
Too much security is just as bad as too little.

Recommendation.

I recommend that you remove the following:

Ace Utilities
Anything that states that it will Optimize and fine tune your PC ... is something to steer clear of.
Registry cleaners have been known to cause more problems than they cure.
No staff member here will ever recommend this type of software.

Hitman Pro
Unless you have paid for this... it's only a 30 day trial, so once it's been run there's not really much point in keeping it around.
It's only using resources.

Trend Micro RUBotted
Once it's been run, it's basically done it's job.
It'll only alert you anyway... it won't remove anything.
Any program that just alerts you and then requires you to install another program from Trend Micro to finish the job... isn't worth having in my book.


Step 1

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
Avast should have disabled this.... the 2 will conflict.

  • Click Start >> Control Panel >> Windows Defender or launch from the system tray icon.
  • Click on Tools & Settings >> Options.
  • Under Real-time protection options, uncheck the "Real-time protection" check box.
  • Click Save.


Step 2

Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\MrBreeze\Downloads .
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.



The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply.


Step 3

Can you please add these reports in your next reply as well.

C:\Users\MrBreeze\Downloads\Extras.Txt
C:\Users\MrBreeze\Downloads\OTL.Txt


In your next reply, please submit:
Fixlog.txt
Extras.txt
Otl.txt


Thanks.
 

Attachments

Top Bottom