[SOLVED] sfc /scannow cannot fix file

Hello,

Referring to the instructions below, please open the Event Viewer.
Opening Event Viewer - Windows Help

From here, please do the following.

  • Once opened, click the arrow next to Windows Logs and click Security log.
  • Right-click Security Log and click Save All Events As....
  • Select your Desktop as the location and enter Security as the File name. Click Save.
  • If you are using a language on your machine other than English, please ensure to select Display information for English and click OK. Otherwise, simply click OK.
  • Right-click Security.evtx on your Desktop and click Send to, followed by Compressed (zipped) folder.
  • Please upload Security.zip to a service such as Dropbox, One Drive or SendSpace and provide a direct download link in your next reply.
 
Hello,

Thank you. Unfortunately however, your Event Log indicates it was cleared. This means pertinent information generated from configuring the audit earlier is not present. Do you know of any reason why your Event Log was cleared?

Code: 
Log Name:      Security
Source:        Microsoft-Windows-Eventlog
Date:          5/13/2016 12:36:08 PM
Event ID:      1102
Task Category: Log clear
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      boatman-PC
Description:
The audit log was cleared.
 
I think i can answer that, when i up loaded security log i tried to open it with notepad just too see the report, but nothing readable could be read,so i have to reset that file too open to the default before i use notepad. here is the way security report originally looks.
 

Attachments

Hello,

Unfortunately, the second file uploaded does not contain any information of value either. We may need to repeat the earlier process of replacing the missing folders and re-designating the audit. However, I would first like to review the logs generated from running the following diagnostic scan.

xlK5Hdb.png
Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Right-click FRST64.exe and select
    AVOiBNU.jpg
    Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
 
here goes the logsScan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-05-2016Ran by boatman (administrator) on BOATMAN-PC (15-05-2016 15:24:37)
Running from C:\Users\boatman\Desktop
Loaded Profiles: boatman (Available Profiles: boatman)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(SecurityCoverage, Inc.) C:\Program Files\SecureIT\bin\SCManager.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Mixesoft Project) C:\Users\boatman\AppData\Local\Mixesoft\AppNHost\appnhost.exe
(SecurityCoverage, Inc.) C:\Program Files\SecureIT\bin\SCFileMonitor.exe
(SecurityCoverage, Inc.) C:\Program Files\SecureIT\bin\SCFirewall.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(SecurityCoverage Inc.) C:\Program Files\SecureIT\bin\bin32\SCControlPanel.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe




==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-05] (Ruiware)
HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\Run: [appnhost] => C:\Users\boatman\AppData\Local\Mixesoft\AppNHost\appnhost.exe [453176 2014-08-08] (Mixesoft Project)
HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)
HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\Policies\Explorer: [NoInternetIcon] 0
Startup: C:\Users\boatman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SCControlPanel.exe [2015-05-11] (SecurityCoverage Inc.)
BootExecute: autocheck autochk * 


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{75F77CA8-68DF-4362-915C-B7505E272488}: [NameServer] 129.250.35.250,129.250.35.251
Tcpip\..\Interfaces\{75F77CA8-68DF-4362-915C-B7505E272488}: [DhcpNameServer] 192.168.254.254


Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2635827895-2309199263-1268892210-1000 -> DefaultScope {37E43FFA-3D32-4DC3-8D9F-804C736A8CDF} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2635827895-2309199263-1268892210-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2635827895-2309199263-1268892210-1000 -> {37E43FFA-3D32-4DC3-8D9F-804C736A8CDF} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2635827895-2309199263-1268892210-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-2635827895-2309199263-1268892210-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)


FireFox:
========
FF ProfilePath: C:\Users\boatman\AppData\Roaming\Mozilla\Firefox\Profiles\zf5n9wfa.default
FF DefaultSearchEngine.US: Google
FF Homepage: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-14] ()
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2635827895-2309199263-1268892210-1000: @citrixonline.com/appdetectorplugin -> C:\Users\boatman\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-02-27] (Citrix Online)
FF user.js: detected! => C:\Users\boatman\AppData\Roaming\Mozilla\Firefox\Profiles\zf5n9wfa.default\user.js [2016-03-22]
FF Extension: Click&Clean - C:\Users\boatman\AppData\Roaming\Mozilla\Firefox\Profiles\zf5n9wfa.default\extensions\clickclean@hotcleaner.com [2016-05-02]
FF Extension: Adblock Plus - C:\Users\boatman\AppData\Roaming\Mozilla\Firefox\Profiles\zf5n9wfa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-02]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-08-27] [not signed]


Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\boatman\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x64\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Users\boatman\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.216\pepflashplayer.dll ()
CHR Profile: C:\Users\boatman\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTubeâ„¢) - C:\Users\boatman\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2016-05-11]
CHR Extension: (Google Drive) - C:\Users\boatman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\boatman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-16]
CHR Extension: (Adblock Plus) - C:\Users\boatman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-09]
CHR Extension: (Google Search) - C:\Users\boatman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google News) - C:\Users\boatman\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2015-10-16]
CHR Extension: (Google Calendar) - C:\Users\boatman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-16]
CHR Extension: (Click&Clean) - C:\Users\boatman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2016-04-28]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\boatman\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2015-10-16]
CHR Extension: (Google Maps) - C:\Users\boatman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-10-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\boatman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\boatman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-16]


==================== Services (Whitelisted) ========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


S4 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [821024 2015-08-05] (IObit)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S4 ETService; C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed]
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [107912 2008-10-09] ()
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R3 SecureIT2011FileMonitor; C:\Program Files\SecureIT\bin\SCFileMonitor.exe [377480 2015-11-23] (SecurityCoverage, Inc.)
R3 SecureIT2011Firewall; C:\Program Files\SecureIT\bin\SCFirewall.exe [322488 2015-11-23] (SecurityCoverage, Inc.)
R2 SecureIT2011Manager; C:\Program Files\SecureIT\bin\SCManager.exe [1078760 2015-11-23] (SecurityCoverage, Inc.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S4 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [254904 2016-04-18] (RaMMicHaeL)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580144 2015-08-06] (WiseCleaner.com)


===================== Drivers (Whitelisted) ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11904 2015-08-27] (Advanced Micro Devices Inc.)
R1 BdfNdisf; c:\program files\secureit\bin\bdfndisf6.sys [93600 2014-11-19] (BitDefender LLC)
R3 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [431176 2011-06-15] (BitDefender)
R1 bdftdif; C:\Program Files\SecureIT\bin\bdftdif.sys [119888 2011-10-25] (BitDefender LLC)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-08-29] (Glarysoft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-08-27] (REALiX(tm))
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36568 2013-09-30] (IObit)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26200 2015-08-27] (JMicron Technology Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32568 2015-08-16] (EldoS Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-04-24] ()
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [477272 2015-11-12] (BitDefender S.R.L.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2016-01-24] (wisecleaner.com)


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-05-15 15:24 - 2016-05-15 15:25 - 00015192 _____ C:\Users\boatman\Desktop\FRST.txt
2016-05-15 15:24 - 2016-05-15 15:24 - 00000000 ____D C:\FRST
2016-05-15 15:23 - 2016-05-15 15:23 - 02382336 _____ (Farbar) C:\Users\boatman\Desktop\FRST64.exe
2016-05-15 10:16 - 2016-05-15 10:16 - 00109104 _____ C:\Users\boatman\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-15 09:28 - 2016-05-15 15:03 - 00027972 _____ C:\Windows\ntbtlog.txt
2016-05-15 09:28 - 2016-05-15 09:29 - 00402704 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-15 08:13 - 2016-05-15 08:13 - 00000000 ____D C:\Users\boatman\AppData\Local\{A3298D9D-52F2-41DE-B023-DB1E67886AB1}
2016-05-14 14:11 - 2016-05-14 14:11 - 00000000 ____D C:\Users\boatman\AppData\Local\{06A7F0C6-D242-4876-8E20-1F8F6CA74615}
2016-05-14 10:10 - 2016-05-14 10:11 - 00000000 ____D C:\Users\boatman\AppData\Local\{9E1D5AD0-F4C9-4969-BA4A-1ACAE9420DFF}
2016-05-13 15:15 - 2016-05-13 15:15 - 00000000 ____D C:\Users\boatman\AppData\Local\{BD59AAA7-B1AD-4A83-BD2D-2A690A506B94}
2016-05-13 13:18 - 2016-05-13 13:18 - 00000000 ____D C:\Users\boatman\AppData\Local\{16B57BA9-F4AE-469E-B74D-3529B5BE30CD}
2016-05-13 01:06 - 2016-05-13 01:06 - 00000000 ____D C:\Users\boatman\AppData\Local\{172AE3BB-8E0F-4D41-AA8F-43D789C10053}
2016-05-12 08:10 - 2016-05-12 08:10 - 00000680 _____ C:\Users\boatman\AppData\Local\d3d9caps.dat
2016-05-12 07:58 - 2016-05-12 07:58 - 00000000 ____D C:\RegBackup
2016-05-11 21:01 - 2016-04-09 17:17 - 00975360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 21:01 - 2016-04-09 16:48 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-11 21:01 - 2016-04-09 16:12 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 21:01 - 2016-04-09 16:01 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 21:01 - 2016-04-09 15:07 - 00486912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 21:01 - 2016-04-09 14:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-11 21:00 - 2016-04-09 17:33 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 21:00 - 2016-04-09 16:53 - 00901352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 21:00 - 2016-04-09 16:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 21:00 - 2016-04-09 16:34 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 20:49 - 2016-04-09 16:19 - 02801664 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 20:47 - 2016-04-09 17:39 - 04692200 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 15:02 - 2016-04-23 13:29 - 00887296 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 15:02 - 2016-04-23 13:29 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 15:02 - 2016-04-23 13:29 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-11 15:02 - 2016-04-23 13:29 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-11 15:02 - 2016-04-23 13:03 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-11 15:02 - 2016-04-23 13:00 - 01831424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 15:02 - 2016-04-23 12:59 - 00711168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 15:02 - 2016-04-23 12:59 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 15:02 - 2016-04-23 12:59 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-11 15:01 - 2016-04-23 13:33 - 17974784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 15:01 - 2016-04-23 13:30 - 10888192 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 15:01 - 2016-04-23 13:30 - 02265600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 15:01 - 2016-04-23 13:30 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-11 15:01 - 2016-04-23 13:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-11 15:01 - 2016-04-23 13:29 - 02129920 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 15:01 - 2016-04-23 13:29 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 15:01 - 2016-04-23 13:29 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 15:01 - 2016-04-23 13:29 - 01295872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 15:01 - 2016-04-23 13:29 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 15:01 - 2016-04-23 13:29 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-11 15:01 - 2016-04-23 13:29 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-11 15:01 - 2016-04-23 13:29 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-05-11 15:01 - 2016-04-23 13:29 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-11 15:01 - 2016-04-23 13:29 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-11 15:01 - 2016-04-23 13:29 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-05-11 15:01 - 2016-04-23 13:29 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-05-11 15:01 - 2016-04-23 13:29 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-05-11 15:01 - 2016-04-23 13:03 - 12858880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 15:01 - 2016-04-23 13:01 - 09729536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 15:01 - 2016-04-23 13:00 - 01436160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-11 15:01 - 2016-04-23 13:00 - 01094656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 15:01 - 2016-04-23 13:00 - 01089024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 15:01 - 2016-04-23 13:00 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2016-05-11 15:01 - 2016-04-23 13:00 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-11 15:01 - 2016-04-23 12:59 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-11 15:01 - 2016-04-23 12:59 - 01789952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 15:01 - 2016-04-23 12:59 - 00615424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-11 15:01 - 2016-04-23 12:59 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-11 15:01 - 2016-04-23 12:59 - 00217088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-11 15:01 - 2016-04-23 12:59 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-11 15:01 - 2016-04-23 12:59 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-11 15:01 - 2016-04-23 12:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2016-05-11 15:01 - 2016-04-23 12:59 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2016-05-11 15:01 - 2016-04-23 12:59 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2016-05-11 13:28 - 2016-05-11 13:44 - 312417626 _____ C:\Users\boatman\Downloads\ps priscilla hearing the voice of God.mp4
2016-05-10 20:25 - 2016-05-10 20:25 - 00000000 ____D C:\Users\boatman\AppData\Local\{D3BE4969-2986-4CCB-8426-4529D7EDDA7D}
2016-05-10 19:25 - 2016-05-15 14:33 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d108809e1d5c9d.job
2016-05-10 19:25 - 2016-05-10 19:25 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d108809e1d5c9d
2016-05-09 23:57 - 2016-05-10 00:16 - 322857229 _____ C:\Users\boatman\Downloads\confession.mp4
2016-05-07 14:30 - 2016-05-07 14:30 - 00000000 ____D C:\Users\boatman\AppData\Roaming\Wise PC 1stAid
2016-05-07 14:29 - 2016-05-07 14:29 - 04267264 _____ (WiseCleaner.com ) C:\Users\boatman\Downloads\WPCASetup.exe
2016-05-07 14:29 - 2016-05-07 14:29 - 00000996 _____ C:\Users\Public\Desktop\Wise PC 1stAid.lnk
2016-05-07 14:29 - 2016-05-07 14:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise PC 1stAid
2016-05-06 22:13 - 2016-05-07 01:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-05 13:16 - 2016-05-05 13:16 - 00448512 _____ (OldTimer Tools) C:\Users\boatman\Downloads\TFC.exe
2016-05-04 18:21 - 2016-05-04 18:27 - 218486747 _____ C:\Users\boatman\Downloads\Windows6.0-KB947821-v35-x64.msu
2016-05-02 12:32 - 2016-05-02 12:32 - 00068534 _____ C:\Users\boatman\Downloads\Solved_ GPEdit missing items _ Tech Support Guy.html
2016-04-29 07:46 - 2016-04-29 07:46 - 00000111 _____ C:\Users\boatman\Documents\sfcscannow.bat
2016-04-29 00:55 - 2016-04-29 00:55 - 00000000 ____H C:\asc_rdflag
2016-04-28 23:33 - 2016-04-28 23:33 - 00142744 _____ C:\Users\boatman\Downloads\vtuploader2.2.exe
2016-04-28 23:33 - 2016-04-28 23:33 - 00001938 _____ C:\Users\boatman\Desktop\VirusTotal Uploader 2.2.lnk
2016-04-28 23:33 - 2016-04-28 23:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2
2016-04-28 23:33 - 2016-04-28 23:33 - 00000000 ____D C:\Program Files (x86)\VirusTotalUploader2
2016-04-26 14:30 - 2016-05-12 08:44 - 00000000 ____D C:\Program Files (x86)\System Ninja
2016-04-26 14:30 - 2016-04-26 14:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Ninja
2016-04-26 14:29 - 2016-04-26 14:29 - 02338610 _____ (SingularLabs ) C:\Users\boatman\Downloads\ninja-setup-3.1.3_.exe
2016-04-24 19:21 - 2016-04-24 19:21 - 00000000 ____D C:\Users\boatman\AppData\Roaming\Sun
2016-04-24 18:50 - 2016-04-24 18:50 - 00852798 _____ C:\Users\boatman\Downloads\SecurityCheck.exe
2016-04-20 20:01 - 2016-04-20 20:01 - 00000000 ____D C:\Users\boatman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
2016-04-20 15:45 - 2016-04-20 15:45 - 00172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: hxxp://www.jcomsoft.com) C:\Windows\SysWOW64\AniGIF.ocx
2016-04-20 13:48 - 2016-04-20 13:48 - 00660480 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-20 13:48 - 2016-04-20 13:48 - 00501760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-18 08:01 - 2016-04-18 08:01 - 01443600 _____ (RaMMicHaeL) C:\Users\boatman\Downloads\unchecky_setup.exe
2016-04-18 08:01 - 2016-04-18 08:01 - 00000860 _____ C:\Users\Public\Desktop\Unchecky.lnk
2016-04-18 08:01 - 2016-04-18 08:01 - 00000000 ____D C:\ProgramData\Unchecky
2016-04-18 08:01 - 2016-04-18 08:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2016-04-18 08:01 - 2016-04-18 08:01 - 00000000 ____D C:\Program Files (x86)\Unchecky


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-05-15 14:40 - 2015-10-16 22:07 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-15 14:33 - 2016-01-24 00:56 - 00000000 ____D C:\Users\boatman\AppData\Roaming\Wise Care 365
2016-05-15 14:33 - 2006-11-02 11:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-15 14:33 - 2006-11-02 11:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-15 14:32 - 2006-11-02 11:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-15 11:45 - 2006-11-02 11:42 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-15 11:29 - 2015-10-16 22:07 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d108809ecd825d.job
2016-05-15 09:04 - 2015-08-30 03:34 - 00000000 ____D C:\Users\boatman\AppData\Roaming\vlc
2016-05-14 21:26 - 2015-08-26 22:06 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-14 15:15 - 2015-08-25 23:34 - 00007168 _____ C:\Users\boatman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-05-14 15:02 - 2015-09-19 15:10 - 00000732 _____ C:\Users\boatman\AppData\Local\d3d9caps64.dat
2016-05-14 10:03 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\system32\Msdtc
2016-05-14 09:27 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\inf
2016-05-14 09:27 - 2006-11-02 08:46 - 00762298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-13 14:52 - 2015-08-25 19:10 - 00000000 ____D C:\Users\boatman
2016-05-13 14:51 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\system32\spool
2016-05-13 14:51 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\registration
2016-05-13 14:51 - 2006-11-02 08:33 - 80216064 _____ C:\Windows\system32\config\software_previous
2016-05-13 14:51 - 2006-11-02 08:33 - 49545216 _____ C:\Windows\system32\config\components_previous
2016-05-13 14:51 - 2006-11-02 08:33 - 36962304 _____ C:\Windows\system32\config\system_previous
2016-05-13 14:51 - 2006-11-02 08:33 - 00524288 _____ C:\Windows\system32\config\default_previous
2016-05-13 14:51 - 2006-11-02 08:33 - 00053248 _____ C:\Windows\system32\config\sam_previous
2016-05-13 14:51 - 2006-11-02 08:33 - 00024576 _____ C:\Windows\system32\config\security_previous
2016-05-13 14:24 - 2015-10-13 03:24 - 00000000 ____D C:\Users\boatman\AppData\LocalLow\Adobe
2016-05-13 14:24 - 2015-08-25 23:18 - 00000000 ____D C:\Users\boatman\AppData\Roaming\Adobe
2016-05-13 01:04 - 2016-04-11 16:24 - 00000000 ____D C:\AdwCleaner
2016-05-12 08:43 - 2015-10-14 18:22 - 00000000 ____D C:\Program Files\Defraggler
2016-05-12 08:43 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\SysWOW64\Msdtc
2016-05-11 22:07 - 2015-08-26 21:03 - 00000000 ____D C:\Windows\system32\MRT
2016-05-11 21:56 - 2006-11-02 08:35 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-05-11 21:07 - 2006-11-02 11:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-10 19:25 - 2015-10-16 22:07 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d108809ecd825d
2016-05-07 14:29 - 2016-01-24 01:13 - 00000000 ____D C:\Windows\System32\Tasks\WiseCleaner
2016-05-07 14:29 - 2016-01-24 00:56 - 00000000 ____D C:\Program Files (x86)\Wise
2016-05-07 11:39 - 2015-08-26 21:36 - 00002798 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-05-07 02:59 - 2015-10-06 11:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-06 09:46 - 2016-01-19 23:03 - 00000000 ____D C:\Users\boatman\AppData\Local\niemiro
2016-05-02 15:03 - 2016-03-27 03:41 - 00274432 _____ C:\Windows\system32\config\default.rhk
2016-05-02 15:03 - 2016-03-27 03:41 - 00053248 _____ C:\Windows\system32\config\sam.rhk
2016-05-02 15:03 - 2016-03-17 19:07 - 76910592 _____ C:\Windows\system32\config\software.rhk
2016-05-02 14:59 - 2016-03-27 03:36 - 00024576 _____ C:\Windows\system32\config\security.rhk
2016-04-29 10:19 - 2016-02-25 12:03 - 00000000 ____D C:\Users\boatman\AppData\Roaming\TeamViewer
2016-04-29 00:56 - 2015-09-05 12:08 - 78200832 _____ C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2016-04-29 00:56 - 2015-09-05 12:08 - 48623616 _____ C:\Windows\system32\config\COMPONENTS.iodefrag.bak
2016-04-29 00:56 - 2015-09-05 12:08 - 00274432 _____ C:\Windows\system32\config\DEFAULT.iodefrag.bak
2016-04-29 00:56 - 2015-09-05 12:08 - 00053248 _____ C:\Windows\system32\config\SAM.iodefrag.bak
2016-04-29 00:56 - 2015-09-05 12:08 - 00024576 _____ C:\Windows\system32\config\SECURITY.iodefrag.bak
2016-04-26 08:25 - 2006-11-02 11:07 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-04-25 17:20 - 2016-04-11 12:13 - 00000000 ____D C:\Program Files (x86)\CleanUp!
2016-04-24 19:30 - 2015-10-17 20:18 - 00003662 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2016-04-24 19:21 - 2016-04-05 21:54 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-04-24 19:21 - 2016-04-05 21:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-24 19:21 - 2016-01-19 16:54 - 00000000 ____D C:\Users\boatman\.oracle_jre_usage
2016-04-24 19:20 - 2016-04-05 21:53 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-24 13:36 - 2015-08-29 19:45 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-04-24 03:14 - 2015-08-29 23:42 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-20 17:10 - 2015-08-29 16:15 - 00000000 ____D C:\ProgramData\HitmanPro
2016-04-20 16:29 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\Help
2016-04-18 19:19 - 2015-08-30 03:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-04-18 08:29 - 2016-02-21 22:38 - 00000000 ____D C:\Users\boatman\AppData\Roaming\dvdcss
2016-04-18 08:29 - 2015-08-25 22:58 - 00000000 ____D C:\Windows\pss
2016-04-17 20:25 - 2015-08-27 02:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-17 20:16 - 2015-08-27 02:33 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-17 20:16 - 2015-08-27 02:33 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-17 20:16 - 2015-08-27 02:33 - 00003684 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-17 20:13 - 2015-10-11 12:27 - 00000000 ____D C:\ProgramData\ProductData


==================== Files in the root of some directories =======


2016-05-12 08:10 - 2016-05-12 08:10 - 0000680 _____ () C:\Users\boatman\AppData\Local\d3d9caps.dat
2015-09-19 15:10 - 2016-05-14 15:02 - 0000732 _____ () C:\Users\boatman\AppData\Local\d3d9caps64.dat
2015-08-25 23:34 - 2016-05-14 15:15 - 0007168 _____ () C:\Users\boatman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini


==================== Bamital & volsnap =================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed




LastRegBack: 2016-05-15 14:38


==================== End of FRST.txt ============================Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-05-2016
Ran by boatman (administrator) on BOATMAN-PC (15-05-2016 15:24:37)
Running from C:\Users\boatman\Desktop
Loaded Profiles: boatman (Available Profiles: boatman)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(SecurityCoverage, Inc.) C:\Program Files\SecureIT\bin\SCManager.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Mixesoft Project) C:\Users\boatman\AppData\Local\Mixesoft\AppNHost\appnhost.exe
(SecurityCoverage, Inc.) C:\Program Files\SecureIT\bin\SCFileMonitor.exe
(SecurityCoverage, Inc.) C:\Program Files\SecureIT\bin\SCFirewall.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(SecurityCoverage Inc.) C:\Program Files\SecureIT\bin\bin32\SCControlPanel.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe




==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-05] (Ruiware)
HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\Run: [appnhost] => C:\Users\boatman\AppData\Local\Mixesoft\AppNHost\appnhost.exe [453176 2014-08-08] (Mixesoft Project)
HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)
HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\Policies\Explorer: [NoInternetIcon] 0
Startup: C:\Users\boatman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SCControlPanel.exe [2015-05-11] (SecurityCoverage Inc.)
BootExecute: autocheck autochk * 


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{75F77CA8-68DF-4362-915C-B7505E272488}: [NameServer] 129.250.35.250,129.250.35.251
Tcpip\..\Interfaces\{75F77CA8-68DF-4362-915C-B7505E272488}: [DhcpNameServer] 192.168.254.254


Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2635827895-2309199263-1268892210-1000 -> DefaultScope {37E43FFA-3D32-4DC3-8D9F-804C736A8CDF} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2635827895-2309199263-1268892210-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2635827895-2309199263-1268892210-1000 -> {37E43FFA-3D32-4DC3-8D9F-804C736A8CDF} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2635827895-2309199263-1268892210-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-2635827895-2309199263-1268892210-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)


FireFox:
========
FF ProfilePath: C:\Users\boatman\AppData\Roaming\Mozilla\Firefox\Profiles\zf5n9wfa.default
FF DefaultSearchEngine.US: Google
FF Homepage: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-14] ()
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2635827895-2309199263-1268892210-1000: @citrixonline.com/appdetectorplugin -> C:\Users\boatman\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-02-27] (Citrix Online)
FF user.js: detected! => C:\Users\boatman\AppData\Roaming\Mozilla\Firefox\Profiles\zf5n9wfa.default\user.js [2016-03-22]
FF Extension: Click&Clean - C:\Users\boatman\AppData\Roaming\Mozilla\Firefox\Profiles\zf5n9wfa.default\extensions\clickclean@hotcleaner.com [2016-05-02]
FF Extension: Adblock Plus - C:\Users\boatman\AppData\Roaming\Mozilla\Firefox\Profiles\zf5n9wfa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-02]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-08-27] [not signed]


Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\boatman\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x64\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Users\boatman\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.216\pepflashplayer.dll ()
CHR Profile: C:\Users\boatman\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTubeâ„¢) - C:\Users\boatman\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2016-05-11]
CHR Extension: (Google Drive) - C:\Users\boatman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\boatman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-16]
CHR Extension: (Adblock Plus) - C:\Users\boatman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-09]
CHR Extension: (Google Search) - C:\Users\boatman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google News) - C:\Users\boatman\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2015-10-16]
CHR Extension: (Google Calendar) - C:\Users\boatman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-16]
CHR Extension: (Click&Clean) - C:\Users\boatman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2016-04-28]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\boatman\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2015-10-16]
CHR Extension: (Google Maps) - C:\Users\boatman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-10-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\boatman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\boatman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-16]


==================== Services (Whitelisted) ========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


S4 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [821024 2015-08-05] (IObit)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S4 ETService; C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed]
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [107912 2008-10-09] ()
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R3 SecureIT2011FileMonitor; C:\Program Files\SecureIT\bin\SCFileMonitor.exe [377480 2015-11-23] (SecurityCoverage, Inc.)
R3 SecureIT2011Firewall; C:\Program Files\SecureIT\bin\SCFirewall.exe [322488 2015-11-23] (SecurityCoverage, Inc.)
R2 SecureIT2011Manager; C:\Program Files\SecureIT\bin\SCManager.exe [1078760 2015-11-23] (SecurityCoverage, Inc.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S4 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [254904 2016-04-18] (RaMMicHaeL)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580144 2015-08-06] (WiseCleaner.com)


===================== Drivers (Whitelisted) ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11904 2015-08-27] (Advanced Micro Devices Inc.)
R1 BdfNdisf; c:\program files\secureit\bin\bdfndisf6.sys [93600 2014-11-19] (BitDefender LLC)
R3 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [431176 2011-06-15] (BitDefender)
R1 bdftdif; C:\Program Files\SecureIT\bin\bdftdif.sys [119888 2011-10-25] (BitDefender LLC)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-08-29] (Glarysoft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-08-27] (REALiX(tm))
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36568 2013-09-30] (IObit)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26200 2015-08-27] (JMicron Technology Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32568 2015-08-16] (EldoS Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-04-24] ()
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [477272 2015-11-12] (BitDefender S.R.L.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2016-01-24] (wisecleaner.com)


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-05-15 15:24 - 2016-05-15 15:25 - 00015192 _____ C:\Users\boatman\Desktop\FRST.txt
2016-05-15 15:24 - 2016-05-15 15:24 - 00000000 ____D C:\FRST
2016-05-15 15:23 - 2016-05-15 15:23 - 02382336 _____ (Farbar) C:\Users\boatman\Desktop\FRST64.exe
2016-05-15 10:16 - 2016-05-15 10:16 - 00109104 _____ C:\Users\boatman\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-15 09:28 - 2016-05-15 15:03 - 00027972 _____ C:\Windows\ntbtlog.txt
2016-05-15 09:28 - 2016-05-15 09:29 - 00402704 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-15 08:13 - 2016-05-15 08:13 - 00000000 ____D C:\Users\boatman\AppData\Local\{A3298D9D-52F2-41DE-B023-DB1E67886AB1}
2016-05-14 14:11 - 2016-05-14 14:11 - 00000000 ____D C:\Users\boatman\AppData\Local\{06A7F0C6-D242-4876-8E20-1F8F6CA74615}
2016-05-14 10:10 - 2016-05-14 10:11 - 00000000 ____D C:\Users\boatman\AppData\Local\{9E1D5AD0-F4C9-4969-BA4A-1ACAE9420DFF}
2016-05-13 15:15 - 2016-05-13 15:15 - 00000000 ____D C:\Users\boatman\AppData\Local\{BD59AAA7-B1AD-4A83-BD2D-2A690A506B94}
2016-05-13 13:18 - 2016-05-13 13:18 - 00000000 ____D C:\Users\boatman\AppData\Local\{16B57BA9-F4AE-469E-B74D-3529B5BE30CD}
2016-05-13 01:06 - 2016-05-13 01:06 - 00000000 ____D C:\Users\boatman\AppData\Local\{172AE3BB-8E0F-4D41-AA8F-43D789C10053}
2016-05-12 08:10 - 2016-05-12 08:10 - 00000680 _____ C:\Users\boatman\AppData\Local\d3d9caps.dat
2016-05-12 07:58 - 2016-05-12 07:58 - 00000000 ____D C:\RegBackup
2016-05-11 21:01 - 2016-04-09 17:17 - 00975360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 21:01 - 2016-04-09 16:48 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-11 21:01 - 2016-04-09 16:12 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 21:01 - 2016-04-09 16:01 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 21:01 - 2016-04-09 15:07 - 00486912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 21:01 - 2016-04-09 14:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-11 21:00 - 2016-04-09 17:33 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 21:00 - 2016-04-09 16:53 - 00901352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 21:00 - 2016-04-09 16:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 21:00 - 2016-04-09 16:34 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 20:49 - 2016-04-09 16:19 - 02801664 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 20:47 - 2016-04-09 17:39 - 04692200 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 15:02 - 2016-04-23 13:29 - 00887296 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 15:02 - 2016-04-23 13:29 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 15:02 - 2016-04-23 13:29 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-11 15:02 - 2016-04-23 13:29 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-11 15:02 - 2016-04-23 13:03 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-11 15:02 - 2016-04-23 13:00 - 01831424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 15:02 - 2016-04-23 12:59 - 00711168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 15:02 - 2016-04-23 12:59 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 15:02 - 2016-04-23 12:59 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-11 15:01 - 2016-04-23 13:33 - 17974784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 15:01 - 2016-04-23 13:30 - 10888192 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 15:01 - 2016-04-23 13:30 - 02265600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 15:01 - 2016-04-23 13:30 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-11 15:01 - 2016-04-23 13:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-11 15:01 - 2016-04-23 13:29 - 02129920 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 15:01 - 2016-04-23 13:29 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 15:01 - 2016-04-23 13:29 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 15:01 - 2016-04-23 13:29 - 01295872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 15:01 - 2016-04-23 13:29 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 15:01 - 2016-04-23 13:29 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-11 15:01 - 2016-04-23 13:29 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-11 15:01 - 2016-04-23 13:29 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-05-11 15:01 - 2016-04-23 13:29 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-11 15:01 - 2016-04-23 13:29 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-11 15:01 - 2016-04-23 13:29 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-05-11 15:01 - 2016-04-23 13:29 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-05-11 15:01 - 2016-04-23 13:29 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-05-11 15:01 - 2016-04-23 13:03 - 12858880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 15:01 - 2016-04-23 13:01 - 09729536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 15:01 - 2016-04-23 13:00 - 01436160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-11 15:01 - 2016-04-23 13:00 - 01094656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 15:01 - 2016-04-23 13:00 - 01089024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 15:01 - 2016-04-23 13:00 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2016-05-11 15:01 - 2016-04-23 13:00 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-11 15:01 - 2016-04-23 12:59 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-11 15:01 - 2016-04-23 12:59 - 01789952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 15:01 - 2016-04-23 12:59 - 00615424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-11 15:01 - 2016-04-23 12:59 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-11 15:01 - 2016-04-23 12:59 - 00217088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-11 15:01 - 2016-04-23 12:59 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-11 15:01 - 2016-04-23 12:59 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-11 15:01 - 2016-04-23 12:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2016-05-11 15:01 - 2016-04-23 12:59 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2016-05-11 15:01 - 2016-04-23 12:59 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2016-05-11 13:28 - 2016-05-11 13:44 - 312417626 _____ C:\Users\boatman\Downloads\ps priscilla hearing the voice of God.mp4
2016-05-10 20:25 - 2016-05-10 20:25 - 00000000 ____D C:\Users\boatman\AppData\Local\{D3BE4969-2986-4CCB-8426-4529D7EDDA7D}
2016-05-10 19:25 - 2016-05-15 14:33 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d108809e1d5c9d.job
2016-05-10 19:25 - 2016-05-10 19:25 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d108809e1d5c9d
2016-05-09 23:57 - 2016-05-10 00:16 - 322857229 _____ C:\Users\boatman\Downloads\confession.mp4
2016-05-07 14:30 - 2016-05-07 14:30 - 00000000 ____D C:\Users\boatman\AppData\Roaming\Wise PC 1stAid
2016-05-07 14:29 - 2016-05-07 14:29 - 04267264 _____ (WiseCleaner.com ) C:\Users\boatman\Downloads\WPCASetup.exe
2016-05-07 14:29 - 2016-05-07 14:29 - 00000996 _____ C:\Users\Public\Desktop\Wise PC 1stAid.lnk
2016-05-07 14:29 - 2016-05-07 14:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise PC 1stAid
2016-05-06 22:13 - 2016-05-07 01:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-05 13:16 - 2016-05-05 13:16 - 00448512 _____ (OldTimer Tools) C:\Users\boatman\Downloads\TFC.exe
2016-05-04 18:21 - 2016-05-04 18:27 - 218486747 _____ C:\Users\boatman\Downloads\Windows6.0-KB947821-v35-x64.msu
2016-05-02 12:32 - 2016-05-02 12:32 - 00068534 _____ C:\Users\boatman\Downloads\Solved_ GPEdit missing items _ Tech Support Guy.html
2016-04-29 07:46 - 2016-04-29 07:46 - 00000111 _____ C:\Users\boatman\Documents\sfcscannow.bat
2016-04-29 00:55 - 2016-04-29 00:55 - 00000000 ____H C:\asc_rdflag
2016-04-28 23:33 - 2016-04-28 23:33 - 00142744 _____ C:\Users\boatman\Downloads\vtuploader2.2.exe
2016-04-28 23:33 - 2016-04-28 23:33 - 00001938 _____ C:\Users\boatman\Desktop\VirusTotal Uploader 2.2.lnk
2016-04-28 23:33 - 2016-04-28 23:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2
2016-04-28 23:33 - 2016-04-28 23:33 - 00000000 ____D C:\Program Files (x86)\VirusTotalUploader2
2016-04-26 14:30 - 2016-05-12 08:44 - 00000000 ____D C:\Program Files (x86)\System Ninja
2016-04-26 14:30 - 2016-04-26 14:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Ninja
2016-04-26 14:29 - 2016-04-26 14:29 - 02338610 _____ (SingularLabs ) C:\Users\boatman\Downloads\ninja-setup-3.1.3_.exe
2016-04-24 19:21 - 2016-04-24 19:21 - 00000000 ____D C:\Users\boatman\AppData\Roaming\Sun
2016-04-24 18:50 - 2016-04-24 18:50 - 00852798 _____ C:\Users\boatman\Downloads\SecurityCheck.exe
2016-04-20 20:01 - 2016-04-20 20:01 - 00000000 ____D C:\Users\boatman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
2016-04-20 15:45 - 2016-04-20 15:45 - 00172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: hxxp://www.jcomsoft.com) C:\Windows\SysWOW64\AniGIF.ocx
2016-04-20 13:48 - 2016-04-20 13:48 - 00660480 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-20 13:48 - 2016-04-20 13:48 - 00501760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-18 08:01 - 2016-04-18 08:01 - 01443600 _____ (RaMMicHaeL) C:\Users\boatman\Downloads\unchecky_setup.exe
2016-04-18 08:01 - 2016-04-18 08:01 - 00000860 _____ C:\Users\Public\Desktop\Unchecky.lnk
2016-04-18 08:01 - 2016-04-18 08:01 - 00000000 ____D C:\ProgramData\Unchecky
2016-04-18 08:01 - 2016-04-18 08:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2016-04-18 08:01 - 2016-04-18 08:01 - 00000000 ____D C:\Program Files (x86)\Unchecky


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-05-15 14:40 - 2015-10-16 22:07 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-15 14:33 - 2016-01-24 00:56 - 00000000 ____D C:\Users\boatman\AppData\Roaming\Wise Care 365
2016-05-15 14:33 - 2006-11-02 11:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-15 14:33 - 2006-11-02 11:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-15 14:32 - 2006-11-02 11:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-15 11:45 - 2006-11-02 11:42 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-15 11:29 - 2015-10-16 22:07 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d108809ecd825d.job
2016-05-15 09:04 - 2015-08-30 03:34 - 00000000 ____D C:\Users\boatman\AppData\Roaming\vlc
2016-05-14 21:26 - 2015-08-26 22:06 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-14 15:15 - 2015-08-25 23:34 - 00007168 _____ C:\Users\boatman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-05-14 15:02 - 2015-09-19 15:10 - 00000732 _____ C:\Users\boatman\AppData\Local\d3d9caps64.dat
2016-05-14 10:03 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\system32\Msdtc
2016-05-14 09:27 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\inf
2016-05-14 09:27 - 2006-11-02 08:46 - 00762298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-13 14:52 - 2015-08-25 19:10 - 00000000 ____D C:\Users\boatman
2016-05-13 14:51 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\system32\spool
2016-05-13 14:51 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\registration
2016-05-13 14:51 - 2006-11-02 08:33 - 80216064 _____ C:\Windows\system32\config\software_previous
2016-05-13 14:51 - 2006-11-02 08:33 - 49545216 _____ C:\Windows\system32\config\components_previous
2016-05-13 14:51 - 2006-11-02 08:33 - 36962304 _____ C:\Windows\system32\config\system_previous
2016-05-13 14:51 - 2006-11-02 08:33 - 00524288 _____ C:\Windows\system32\config\default_previous
2016-05-13 14:51 - 2006-11-02 08:33 - 00053248 _____ C:\Windows\system32\config\sam_previous
2016-05-13 14:51 - 2006-11-02 08:33 - 00024576 _____ C:\Windows\system32\config\security_previous
2016-05-13 14:24 - 2015-10-13 03:24 - 00000000 ____D C:\Users\boatman\AppData\LocalLow\Adobe
2016-05-13 14:24 - 2015-08-25 23:18 - 00000000 ____D C:\Users\boatman\AppData\Roaming\Adobe
2016-05-13 01:04 - 2016-04-11 16:24 - 00000000 ____D C:\AdwCleaner
2016-05-12 08:43 - 2015-10-14 18:22 - 00000000 ____D C:\Program Files\Defraggler
2016-05-12 08:43 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\SysWOW64\Msdtc
2016-05-11 22:07 - 2015-08-26 21:03 - 00000000 ____D C:\Windows\system32\MRT
2016-05-11 21:56 - 2006-11-02 08:35 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-05-11 21:07 - 2006-11-02 11:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-10 19:25 - 2015-10-16 22:07 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d108809ecd825d
2016-05-07 14:29 - 2016-01-24 01:13 - 00000000 ____D C:\Windows\System32\Tasks\WiseCleaner
2016-05-07 14:29 - 2016-01-24 00:56 - 00000000 ____D C:\Program Files (x86)\Wise
2016-05-07 11:39 - 2015-08-26 21:36 - 00002798 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-05-07 02:59 - 2015-10-06 11:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-06 09:46 - 2016-01-19 23:03 - 00000000 ____D C:\Users\boatman\AppData\Local\niemiro
2016-05-02 15:03 - 2016-03-27 03:41 - 00274432 _____ C:\Windows\system32\config\default.rhk
2016-05-02 15:03 - 2016-03-27 03:41 - 00053248 _____ C:\Windows\system32\config\sam.rhk
2016-05-02 15:03 - 2016-03-17 19:07 - 76910592 _____ C:\Windows\system32\config\software.rhk
2016-05-02 14:59 - 2016-03-27 03:36 - 00024576 _____ C:\Windows\system32\config\security.rhk
2016-04-29 10:19 - 2016-02-25 12:03 - 00000000 ____D C:\Users\boatman\AppData\Roaming\TeamViewer
2016-04-29 00:56 - 2015-09-05 12:08 - 78200832 _____ C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2016-04-29 00:56 - 2015-09-05 12:08 - 48623616 _____ C:\Windows\system32\config\COMPONENTS.iodefrag.bak
2016-04-29 00:56 - 2015-09-05 12:08 - 00274432 _____ C:\Windows\system32\config\DEFAULT.iodefrag.bak
2016-04-29 00:56 - 2015-09-05 12:08 - 00053248 _____ C:\Windows\system32\config\SAM.iodefrag.bak
2016-04-29 00:56 - 2015-09-05 12:08 - 00024576 _____ C:\Windows\system32\config\SECURITY.iodefrag.bak
2016-04-26 08:25 - 2006-11-02 11:07 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-04-25 17:20 - 2016-04-11 12:13 - 00000000 ____D C:\Program Files (x86)\CleanUp!
2016-04-24 19:30 - 2015-10-17 20:18 - 00003662 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2016-04-24 19:21 - 2016-04-05 21:54 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-04-24 19:21 - 2016-04-05 21:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-24 19:21 - 2016-01-19 16:54 - 00000000 ____D C:\Users\boatman\.oracle_jre_usage
2016-04-24 19:20 - 2016-04-05 21:53 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-24 13:36 - 2015-08-29 19:45 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-04-24 03:14 - 2015-08-29 23:42 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-20 17:10 - 2015-08-29 16:15 - 00000000 ____D C:\ProgramData\HitmanPro
2016-04-20 16:29 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\Help
2016-04-18 19:19 - 2015-08-30 03:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-04-18 08:29 - 2016-02-21 22:38 - 00000000 ____D C:\Users\boatman\AppData\Roaming\dvdcss
2016-04-18 08:29 - 2015-08-25 22:58 - 00000000 ____D C:\Windows\pss
2016-04-17 20:25 - 2015-08-27 02:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-17 20:16 - 2015-08-27 02:33 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-17 20:16 - 2015-08-27 02:33 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-17 20:16 - 2015-08-27 02:33 - 00003684 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-17 20:13 - 2015-10-11 12:27 - 00000000 ____D C:\ProgramData\ProductData


==================== Files in the root of some directories =======


2016-05-12 08:10 - 2016-05-12 08:10 - 0000680 _____ () C:\Users\boatman\AppData\Local\d3d9caps.dat
2015-09-19 15:10 - 2016-05-14 15:02 - 0000732 _____ () C:\Users\boatman\AppData\Local\d3d9caps64.dat
2015-08-25 23:34 - 2016-05-14 15:15 - 0007168 _____ () C:\Users\boatman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini


==================== Bamital & volsnap =================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed




LastRegBack: 2016-05-15 14:38


==================== End of FRST.txt ============================
 
here is the additionAdditional scan result of Farbar Recovery Scan Tool (x64) Version:14-05-2016Ran by boatman (2016-05-15 15:25:47)
Running from C:\Users\boatman\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) (2015-08-26 02:00:40)
Boot Mode: Normal
==========================================================




==================== Accounts: =============================


Administrator (S-1-5-21-2635827895-2309199263-1268892210-500 - Administrator - Enabled)
boatman (S-1-5-21-2635827895-2309199263-1268892210-1000 - Administrator - Enabled) => C:\Users\boatman
Guest (S-1-5-21-2635827895-2309199263-1268892210-501 - Limited - Disabled)


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: SecureIT Antivirus (Enabled - Up to date) {0747466B-19D7-3030-6700-2436BBE1D6D5}
AS: SecureIT Antivirus (Enabled - Up to date) {BC26A78F-3FED-3FBE-5DB0-1F44C0669C68}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: SecureIT Firewall (Enabled) {3F7CC74E-53B8-3168-4C5F-8D03453291AE}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.4.0 - IObit)
Agere Systems PCI-SV92PP Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
Anvi Browser Repair Tool (HKLM-x32\...\Anvi Browser Repair Tool) (Version: 2.0 - Anvisoft)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AppNHost 1.0.5.1 (HKLM-x32\...\{A8CB86C7-CD4C-4C4F-AF6A-33D1CAC63562}) (Version: 1.0.5.1 - Mixesoft Project)
ATI Catalyst Install Manager (HKLM\...\{816EB8D3-C431-5997-8A7B-99EED8D88C99}) (Version: 3.0.685.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MP Navigator EX 2.1 (HKLM-x32\...\MP Navigator EX 2.1) (Version: - )
Canon MX330 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX330_series) (Version: - )
Canon MX330 series User Registration (HKLM-x32\...\Canon MX330 series User Registration) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
Catalyst Control Center - Branding (HKLM-x32\...\{3594EE90-B157-4519-9E82-8B6F4711A0A1}) (Version: 1.00.0000 - ATI)
ccc-core-static (x32 Version: 2008.0722.2135.36815 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
CleanUp! (HKLM-x32\...\CleanUp!) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.0.3111 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
DirectCONNECT (HKLM-x32\...\{75B23FA8-FEA5-47E4-9326-9B4FA9A9ACEE}) (Version: 7.7.581 - LogMeIn, Inc.)
Driver Booster 2.4 (HKLM-x32\...\Driver Booster_is1) (Version: 2.4 - IObit)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Free Window Registry Repair (HKLM-x32\...\Free Window Registry Repair) (Version: - )
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.0.52 - WildTangent)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3003 - Acer Incorporated)
Glary Utilities PRO 5.40 (HKLM-x32\...\Glary Utilities 5) (Version: 5.40.0.60 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GSmartControl (HKLM-x32\...\GSmartControl) (Version: 0.8.7 - Alexander Shaduri)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.245 - SurfRight B.V.)
iFreeUp 1.0 (HKLM-x32\...\iFreeUp_is1) (Version: 1.0.11 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.3.0.5 - IObit)
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1 - IObit)
iTunes (HKLM\...\{CEC7613B-E286-4A31-BEE3-3F7798488D9F}) (Version: 12.1.3.6 - Apple Inc.)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KB0817 Keyboard Driver (HKLM-x32\...\{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}) (Version: 1.30.0000 - Gateway)
Launchy 2.5 (HKLM-x32\...\Launchy_21344213_is1) (Version: - Code Jelly)
Little Registry Cleaner (HKLM-x32\...\Little Registry Cleaner) (Version: - Little Apps)
LSI PCI-SV92PP Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 10.63.5.3 - Marvell)
Mavis Beacon Teaches Typing 15 (HKLM-x32\...\{A1F2EF0E-1EE5-4F0B-8A31-EE875EBD3F01}) (Version: - Broderbund LLC)
Microsoft Money Essentials (HKLM-x32\...\Money2007b) (Version: 16 - Microsoft)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Miro (HKLM-x32\...\Miro) (Version: 6.0 - Participatory Culture Foundation)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7634 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
SecureIT (HKLM\...\SecureIT_is1) (Version: 20150522 - SecurityCoverage, Inc.)
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Should I Remove It (HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Skins (x32 Version: 2008.0722.2135.36815 - ATI) Hidden
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.2 - IObit)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
System Ninja version 3.1.3 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.1.3 - SingularLabs)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.8.6 - Tweaking.com)
Unchecky v0.4.3 (HKLM-x32\...\Unchecky) (Version: 0.4.3 - RaMMicHaeL)
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wise Care 365 3.95 (HKLM-x32\...\Wise Care 365_is1) (Version: 3.95 - WiseCleaner.com, Inc.)
Wise Memory Optimizer 3.43 (HKLM-x32\...\Wise Memory Optimizer_is1) (Version: 3.43 - WiseCleaner.com, Inc.)
Wise PC 1stAid 1.47 (HKLM-x32\...\Wise PC 1stAid_is1) (Version: 1.47 - WiseCleaner.com, Inc.)


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {16306B33-F109-44B0-817F-661C0494F939} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {226F77BA-418A-4E45-8FD8-36622E93DF86} - \Driver Booster Update -> No File <==== ATTENTION
Task: {4351D528-C411-4309-9F7A-1E7A915783BF} - System32\Tasks\GoogleUpdateTaskMachineUA1d108809ecd825d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-16] (Google Inc.)
Task: {44FA1FB9-F56A-4244-AFE5-6564FD54BA3A} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-12-07] (Glarysoft Ltd)
Task: {470D6D70-10A9-4CBF-AA7D-90541AE68469} - \Uninstaller_SkipUac_boatman -> No File <==== ATTENTION
Task: {4ECD5E87-0392-4647-97CF-7EBD7BF7ABA6} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {527A9B5F-0EFC-4409-AE3B-36002C044B49} - System32\Tasks\GoogleUpdateTaskMachineCore1d108809e1d5c9d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-16] (Google Inc.)
Task: {5ECCE34F-636F-4D89-A95E-5D2803D315A3} - System32\Tasks\MHotkey => C:\Windows\MHotKey.exe [2008-05-30] ()
Task: {663DAC2A-95D7-4240-A9D2-A0422F957093} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {707D7B98-C594-41D8-9884-3C1489BC915D} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
Task: {7743507E-7D68-4C3C-999D-2F496631DF7C} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {9056B46B-4CA1-49EA-8D35-916DD792154D} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2015-12-18] (WiseCleaner.COM)
Task: {99EAE42E-7EF2-453E-9528-704A4A77E019} - System32\Tasks\ASC8_SkipUac_boatman => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-08-17] (IObit)
Task: {A5624C64-A649-4240-BA31-4CBCAD0F4E88} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-17] (Adobe Systems Incorporated)
Task: {A74827D5-F0A0-4F23-9BD1-F77695AD190A} - System32\Tasks\WiseCleaner\WMOSkipUAC => C:\Program Files (x86)\Wise\Wise Memory Optimizer\WiseMemoryOptimzer.exe [2016-01-20] (WiseCleaner.com)
Task: {AC52174D-3537-4BD7-A94B-656C6C36E7F8} - \Driver Booster SkipUAC (boatman) -> No File <==== ATTENTION
Task: {B1D2D9E7-AB94-4241-8FFD-C099F73D61AC} - System32\Tasks\GlaryOneClickOptimizer 5 => C:\Program Files (x86)\Glary Utilities 5\OneClickMaintenance.exe [2015-12-07] (Glarysoft Ltd)
Task: {C5F39D67-A156-4FF4-97C9-E4D5FD333BA6} - System32\Tasks\WiseCleaner\AidSkipUAC => C:\Program Files (x86)\Wise\Wise PC 1stAid\WisePCAid.exe [2016-02-04] (WiseCleaner.com)
Task: {C5F7DE25-AA74-4096-A718-653C7AD829D3} - \Driver Booster Scan -> No File <==== ATTENTION
Task: {C720E5D2-1C7B-4B36-BD50-CF8659EA281C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {E1350DE4-C1E2-40A9-A92F-BE95B67B5B4C} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {E1AC2A17-F8A7-49AE-85E9-7482CEBF8BC3} - \SlimCleaner Run -> No File <==== ATTENTION
Task: {E42FEA16-9E2C-4915-B602-901E20DF6E9E} - \AviraSpeedup -> No File <==== ATTENTION
Task: {FC5CE412-D399-4265-9605-E148D9CE9906} - System32\Tasks\iFreeUp_SkipUac_boatman => C:\Program Files (x86)\IObit\iFreeUp\iFreeUp.exe [2015-08-27] (IObit)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Driver Booster SkipUAC (boatman).job => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d108809e1d5c9d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d108809ecd825d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe


==================== Shortcuts =============================


(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============


2015-08-27 02:25 - 2015-08-27 02:25 - 00026112 _____ () C:\Windows\system32\atitmp64.dll
2015-08-26 20:22 - 2011-03-23 10:54 - 00243712 _____ () C:\Program Files\SecureIT\bin\bdfltlib.dll
2015-08-26 20:22 - 2011-11-14 12:17 - 00156936 _____ () C:\Program Files\SecureIT\bin\bdfwcore.dll
2015-08-26 20:24 - 2015-02-10 15:42 - 00784712 _____ () C:\Program Files\SecureIT\database\x64\onlinethreats\ashttpbr.mdl
2015-08-26 20:24 - 2015-02-10 15:42 - 00573544 _____ () C:\Program Files\SecureIT\database\x64\onlinethreats\ashttpdsp.mdl
2015-08-26 20:24 - 2015-02-10 15:42 - 02657264 _____ () C:\Program Files\SecureIT\database\x64\onlinethreats\ashttpph.mdl
2015-08-26 20:24 - 2015-02-10 15:42 - 01331648 _____ () C:\Program Files\SecureIT\database\x64\onlinethreats\ashttprbl.mdl
2015-08-26 20:24 - 2015-02-10 14:35 - 00784712 _____ () C:\Program Files\SecureIT\database\x64\webfilter\ashttpbr.mdl
2015-08-26 20:24 - 2015-02-10 14:35 - 00573544 _____ () C:\Program Files\SecureIT\database\x64\webfilter\ashttpdsp.mdl
2015-08-26 20:24 - 2015-02-10 14:35 - 03083184 _____ () C:\Program Files\SecureIT\database\x64\webfilter\ashttpf.mdl
2015-08-26 20:24 - 2015-02-10 14:35 - 01331648 _____ () C:\Program Files\SecureIT\database\x64\webfilter\ashttprbl.mdl
2015-08-26 20:24 - 2011-02-25 22:47 - 01533899 _____ () C:\Program Files\SecureIT\bin\bin32\libeay32.dll
2015-08-26 20:24 - 2011-02-25 22:47 - 00314053 _____ () C:\Program Files\SecureIT\bin\bin32\ssleay32.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)




==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SecureIT2011FileMonitor => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SecureIT2011Firewall => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SecureIT2011Manager => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureIT2011FileMonitor => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureIT2011Firewall => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureIT2011Manager => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"


==================== Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,-153 <===== ATTENTION


==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)


IE restricted site: HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\...\100sexlinks.com -> 100sexlinks.com


There are 4788 more sites.




==================== Hosts content: ===============================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2016-04-15 04:40 - 2016-04-20 16:02 - 00000002 ____A C:\Windows\system32\Drivers\etc\hosts






==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-2635827895-2309199263-1268892210-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 129.250.35.250 - 129.250.35.251
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.


==================== MSCONFIG/TASK MANAGER disabled items ==


(Currently there is no automatic fix for this section.)


MSCONFIG\Services: a2AntiMalware => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdvancedSystemCareService8 => 3
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: EMDMgmt => 3
MSCONFIG\Services: IJPLMSVC => 3
MSCONFIG\Services: MBAMService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: WiseBootAssistant => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher =>
MSCONFIG\startupreg: appnhost => C:\Users\boatman\AppData\Local\Mixesoft\AppNHost\appnhost.exe
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => "C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" /logon
MSCONFIG\startupreg: ccApp =>
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LchDrvKey => LchDrvKey.exe
MSCONFIG\startupreg: LedKey => CNYHKey.exe
MSCONFIG\startupreg: osCheck => "c:\Program Files (x86)\Norton 360\osCheck.exe"
MSCONFIG\startupreg: P2Go_Menu =>
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: SecureIT Control Panel => C:\Program Files\SecureIT\bin\bin32\SCControlPanel.exe
MSCONFIG\startupreg: Spybot-S&D Cleaning => "I:\PortableApps\SpybotPortable\App\Spybot\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TP CfgWiz =>


==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{8FA36C45-1ED2-4CD0-909C-C36A5EDC7AD0}] => (Allow) LPort=80
FirewallRules: [{748261D0-DA55-468F-ADC8-E23850A1A96C}] => (Allow) LPort=80
FirewallRules: [{B06FBC60-5AC9-4C9C-AEE7-45A6E600D1C6}] => (Allow) LPort=80
FirewallRules: [{3CA6E9D1-DC6C-45FC-B60D-1869704DB35A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{28B433F4-BF8A-4629-8303-060449D1F141}] => (Allow) LPort=2869
FirewallRules: [{87582AE7-4B0F-4D42-9858-77AE1DD73184}] => (Allow) LPort=1900


==================== Restore Points =========================


ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.




==================== Faulty Device Manager Devices =============




==================== Event log errors: =========================


Application errors:
==================
Error: (05/15/2016 03:09:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19373_none_151129cef4086113.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19373_none_151129cef4086113.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19373_none_151129cef4086113.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19373_none_151129cef4086113.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19373_none_5cbe60a608848a19.manifest.


Error: (05/15/2016 02:33:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Error: (05/15/2016 09:29:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003




System errors:
=============
Error: (05/15/2016 02:33:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt


Error: (05/15/2016 02:33:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: int15%%31


Error: (05/15/2016 09:29:19 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt


Error: (05/15/2016 09:29:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: int15%%31




CodeIntegrity:
===================================
Date: 2016-05-15 15:25:09.534
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-05-15 15:25:09.191
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-05-15 15:25:08.848
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-05-15 15:25:08.503
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-05-14 21:58:15.178
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-05-14 21:58:14.773
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-05-14 21:58:14.367
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-05-14 21:58:13.961
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-05-14 21:58:13.556
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-05-14 21:58:13.135
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.




==================== Memory info ===========================


Processor: AMD Phenom(tm) 9150e Quad-Core Processor
Percentage of memory in use: 40%
Total physical RAM: 3838.27 MB
Available physical RAM: 2300.35 MB
Total Virtual: 9868.75 MB
Available Virtual: 8415.68 MB


==================== Drives ================================


Drive c: (OS) (Fixed) (Total:586.4 GB) (Free:527.16 GB) NTFS ==>[drive with boot components (obtained from BCD)]


==================== MBR & Partition Table ==================


========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 83E6D949)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=586.4 GB) - (Type=07 NTFS)


==================== End of Addition.txt ============================
 
Hello,

Thank you for the logs. Please uninstall the following software listed below. I recommend reading the following articles on registry cleaners and optimization software.


Use of such software is likely the source of the issue you are experiencing.

6JO0hXH.png
Revo Uninstaller

  • Open Revo Uninstaller.
  • From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
    • Advanced SystemCare 8
    • Anvi Browser Repair Tool
    • CleanUp!
    • Driver Booster 2.4
    • Free Window Registry Repair
    • Glary Utilities PRO 5.40
    • iFreeUp 1.0
    • Little Registry Cleaner
    • System Ninja version 3.1.3
    • Tweaking.com - Windows Repair
    • Wise Care 365 3.95
    • Wise Memory Optimizer 3.43
    • Wise PC 1stAid 1.47
  • ​Double-click the programme.
  • When prompted if you want to uninstall click Yes.
  • Ensure the Moderate option is selected and click Next.
  • The programme uninstaller will run. If prompted again click Yes.
  • Work your way through the uninstaller, ensuring you read each page thoroughly.
  • Note: If you are offered the choice to install additional software, ensure you decline.
  • Once the built-in uninstaller is finished click Next.
  • Once the programme has searched for leftovers click Next.
  • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
  • When prompted click Yes, followed by Next.
  • Click Select all, followed by Delete.
  • When prompted click Yes, followed by Next.
  • Upon completion, click Finish.
  • In your next reply, confirm you were successful in uninstalling all programmes listed above.

In addition, please temporarily uninstall CCleaner and WinPatrol.

Please let me know once the aforementioned software is uninstalled.
 
i am back and did a total system recovery that took everything off the computer so that the computer is back to it's pristine state ,all the utilities are off. I performed a sfc /scannow and the only thing i see that shows up side by side which is common in vista here is the scan results what shall we do from here?
 

Attachments

Hello,

Let's address the one file reported as corrupt. Please execute the SFCFix Script below.

bMTzsQ3.png
SFCFix Script (.zip)

Warning: This fix is intended for use on this particular machine. Do not use this fix on any other machine; doing so may cause damage to your Operating System. If you are not the original poster and require assistance, please start your own topic.

  • Please download View attachment SFCFix.zip and save the file to your Desktop.
  • Note: Ensure this file is named SFCFix.zip. Do not rename the file.
  • Close all open windows.
  • SFCFix.exe
    bMTzsQ3.png
    and SFCFix.zip
    49i66Jv.png
    should both be present on your Desktop.
  • Drag the file SFCFix.zip onto the file SFCFix.exe and release it.
  • SFCFix will now process the script. Upon completion, a file (SFCFix.txt) will be created on your Desktop.
  • Copy the contents of the file and paste in your next reply.
 
disregard the previous response i used my creativity and used other thread sfc.exe . since you are looking into my situation my update has an error c8000266 windows could not search for new updates lets take care of this also shall we? here is the log.SFCFix version 3.0.0.0 by niemiro.Start time: 2016-06-19 11:57:36.530
Microsoft Windows Vista Service Pack 2 - amd64
Using .zip script file at C:\Users\boatman\Desktop\SFCFix.zip [0]








PowerCopy::
Successfully took permissions for file or folder C:\Windows\winsxs\amd64_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6002.18005_none_2ce6c04cdc275758\settings.ini


Successfully copied file C:\Users\boatman\AppData\Local\niemiro\Archive\amd64_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6002.18005_none_2ce6c04cdc275758\settings.ini to C:\Windows\winsxs\amd64_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6002.18005_none_2ce6c04cdc275758\settings.ini.


Successfully restored ownership for C:\Windows\winsxs\amd64_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6002.18005_none_2ce6c04cdc275758\settings.ini
Successfully restored permissions on C:\Windows\winsxs\amd64_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6002.18005_none_2ce6c04cdc275758\settings.ini
PowerCopy:: directive completed successfully.








Successfully processed all directives.
SFCFix version 3.0.0.0 by niemiro has completed.
Currently storing 1 datablocks.
Finish time: 2016-06-19 11:58:08.449
Script hash: mS9JXgmChN/QVTuER1Uq1BDJZVg1tJC0o7vbBQwAECM=
----------------------EOF-----------------------
 
Hi Carl,

Let's run through a fresh set of scans - then we will look a little closer into the failing updates.

MgeHyNE.png
SFC /Scannow

  • Press the Windows Key
    pdKOQKY.png
    + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the bold lines below and paste into the Notepad document:

    sfc /scannow
    timeout /t 120 /nobreak
    copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\CBS.txt"
    del %0

  • Click Format. Ensure Wordwrap is unchecked.
  • Click File, Save As and name the file sfcscannow.bat.
  • Select All Files as the Save as type. Save the file to your Desktop.
  • Locate sfcscannow.bat
    lmRDSkT.png
    on your Desktop. Right-click the file and click
    AVOiBNU.jpg
    Run as administrator.
  • Upon completion, a file (CBS.txt) will be created on your Desktop. Attach this file in your next reply.
  • Note: If the file is too large to attach, upload to a service such as Dropbox, One Drive or SendSpace and provide a direct download link in your next reply.
 
i ran a sfc /scannow right before i saw your response it look like i still have the corrupt files. here is the attachment you requested.
 

Attachments

what"s up? the sfc / scannow files are fixed and the cbs logs finds no corruption i am waiting to fix the updates being stuck on checking for updates. once that is taken care of i will be straight. I am still waiting for your assistance.
 
Hi Carl a - Sorry for the delay. Please do the following so I can verify some information.

Step#1 - System Update Readiness Tool (SUR)
1. Download and run the following file.
2. When it asks you if you wish to install, please answer yes. Note: It could take 15 minutes or more to run. Please don't cancel.
3. You will get an Installation Complete screen when it's done running.
4. Please attach the log from the following location. C:\Windows\Logs\CBS\CheckSUR.log
Please Note:: if the file is too big to upload to your next post please upload via a service such as Dropbox or One Drive or SendSpace and just provide the link.
 
Good morning Brian the checking for updates in clean boot have not cease it have been running over 12 hours now.
 
Understood. If possible, continue to let it run for a few more hours. Can you tell me which Antivirus you have?

Also, do you have your Vista SP2 media?
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top